Home
CatSniffer (😼) is an innovative, multiprotocol, multiband circuit board for sniffing, communicating, and attacking IoT (Internet of Things) devices. It was designed as a highly portable USB stick that integrates TI CC1352, Semtech SX1262, and Microchip SAMD21E17 (V1.x and V2.x)/RP2040 (V3.x). This board is a Swiss Army knife for IoT security researchers, developers, and enthusiasts. It's highly versatile and compatible with a wide array of software.
Warning
CatSniffer is a wireless penetration testing tool intended solely for authorized security audits where applicable laws and regulations permit such usage. Before using this tool, it is essential to ensure compliance with all relevant legal requirements and obtain appropriate permissions from the relevant authorities. Electronic Cats/PWNLab holds no responsibility for any unauthorized tool use or resulting damages.
CatSniffer V3 Anatomy
---
title: v3.x Block Diagram
---
flowchart LR
A[USB] --- B[RP2040]
B-- SPI --- C[SX1262] ---E
B-- Serial ---D[CC1352P7]
B-- JTAG ---D---E
B-- GPIOs ---E[RF Switch]
CatSniffer can operate in 3 different technologies:
- LoRa
- Sub 1 GHz
- 2.4 GHz
Compatible Protocols:
- Thread
- Zigbee
- Bluetooth 5 Low Energy
- IEEE 802.15.4g
- 6LoWPAN (Work in progress)
- Sub-1 GHz and patented systems (Work in progress)
- LoRa/LoRaWAN
- Wi-SUN (Work in progress)
- Amazon Sidewalk (Work in progress)
- mioty® (Work in progress)
CatSniffer can work with a variety of first- and third-party software like
- PyCatSniffer
- Catnip Uploader
- Cativity
- Sniffle
- Texas Instruments' Smart RF Packet Sniffer 2
- Ubiqua Protocol Analyzer
- zigbee2mqtt
- Z-Stack-firmware
-
- Powerful 48-MHz Arm® Cortex®-M4F processor
- 704KB flash program memory
- 256KB of ROM for protocols and library functions
- 8KB of cache SRAM
- 144KB of ultra-low leakage SRAM with parity for high-reliability operation
- Dual-band Sub-1 GHz and 2.4 GHz operation
- Dynamic multiprotocol manager (DMM) driver
- Programmable radio includes support for 2-(G)FSK, 4-(G)FSK, MSK, OOK, Bluetooth® 5.2 Low Energy, IEEE 802.15.4 PHY and MAC
- Supports over-the-air upgrade (OTA)
-
- Dual ARM Cortex-M0+ @ 133MHz
- 264 kB on-chip SRAM in six independent banks
- Support for up to 16MB of off-chip Flash memory via dedicated QSPI bus
- DMA controller
- Fully-connected AHB crossbar
- Interpolator and integer divider peripherals
- On-chip programmable LDO to generate core voltage
- 2 on-chip PLLs to generate USB and core clocks
- 30 GPIO pins, 4 of which can be used as analogue inputs
- 2 UARTs
- 2 SPI controllers
- 2 I2C controllers
- 16 PWM channels
- USB 1.1 controller and PHY, with host and device support
- 8 PIO state machines
-
- LoRa and FSK Modem
- 170 dB maximum link budget (SX1262/68)
- +22dBm or +15dBm high efficiency PA
- Low RX current of 4.6 mA
- Integrated DC-DC converter and LDO
- Programmable bit rate up to 62.5 LoRa and kbps FSK
- High sensitivity: down to -148dBm
- 88dB blocking immunity at 1MHz offset
- Co-channel rejection of 19 in LoRa mode
- FSK, GFSK, MSK, GMSK, LoRa and Long Range FHSS modulations
- Built-in bit synchronizer for clock recovery
- Automatic Channel Activity Detection (CAD) with ultra-fast AFC
-
Supported antennas
- 433 MHz up to 13 dBm
- 2.4 GHz up to 10 dBm
All schematics for the board can be found in the hardware section of the main repository. You can open, inspect, and modify the schematics using KiCad or any similar software.
- What is CatSniffer?
- Firmware
- Supported Software
- Hands‐On
- Development Reference
- Useful Links
- IoT protocols
- Restore CC1352
- FAQs
- Legacy Documentation (CatSniffer v1.x and v2.x)