It's a wireless technology that operates in a frequency band lower than 1 GHz. Usually from 300-928 MHz. This is where the name of the technology comes from. This technology typically has a longer range than other higher frequency transmissions like Bluetooth or Wi-Fi.

LoRa (short for long range) is a spread spectrum modulation technique derived from chirp spread spectrum (CSS) technology. This is a proprietary technology from Semtech.

LoRa signals can reach much farther than other wireless technologies like Bluetooth. In ideal conditions, they can travel over 6 miles (ca. 10 km). One of LoRa's big advantages is that it uses very little power. This makes it perfect for battery-powered devices that need to last for a long time.

This Add-On allows you to analyze and view IoT traffic in the Sub-GHz band. In addition to adding an extra CC1101 to our beloved Flipper adds a LoRa SX1262 chip. Both chips are used as transceivers. You will be able to analyze the traffic of the signals and even replicate it to the final device meant to execute a task. This Add-On specifically works with SX1262 firmware.

The low-cost CC1101 sub-1 GHz transceiver is developed for very low-power wireless applications.

A highly customizable baseband modem is included inside the RF transceiver. With a programmable data rate of up to 600 Kbps, the modem supports a number of modulation types.

This device offers exceptional RF performance with high sensitivity (-116 dBm at 433 MHz and 0.6 kBaud, -112 dBm at 868 MHz and 1.2 kBaud) and low current consumption (14.7 mA at 868 MHz and 1.2 kBaud).

Frequency bands covered are 300-348 MHz, 387-464 MHz, and 779-928 MHz, and it allows programmable output power up to +12 dBm for all supported frequencies.

Read more of its characteristics in the datasheet.

This Semtech device is a Long Range, Low Power, sub-GHz half-duplex RF Transceiver. Designed for long battery life with just 4.2 mA of active receive current consumption. It is able to transmit up to +22 dBm thanks to its integrated power amplifiers. The continuous frequency coverage from 150 MHz to 960 MHz allows the support of all major sub-GHz ISM bands around the world.

This device is designed to comply with the physical layer requirements of the LoRaWAN specification released by the LoRa Alliance.

You can read more about all its features on its datasheet.

Find the schematics here →FLIPPER_Subg

This Add-On allows you to analyze and view IoT traffic in the Sub-GHz band. In addition to adding an extra CC1101 to our beloved Flipper adds a LoRa SX1262 chip. Both chips are used as transceivers. You will be able to analyze the traffic of the signals and even replicate it to the final device meant to execute a task. This Add-On specifically works with SX1262 firmware.

Use the pin headers to plug your Add-On to your Flipper.

The first step for testing the applications included in the flashed firmware is configuring your flipper to work with the Add-On.

1. Open the SubGHz app in the Flipper
2. Open the Read function. This will allow Flipper to initialize the internal radio but also start looking for external antennas, the Add-On.
3. While in the Read menu, connect the Add-On, ensuring there are no gaps between the Flipper and the board.
4. Go back and open the Radio settings menu.
5. In the Module field, change to External. If needed, go back to the main menu and open the Radio Settings again to refresh the Module option.
6. Once selected, go back to the Read option in the main menu and verify is using the External module; you should see "Ext" in the top left side of the screen.

Here is a video for better visualization:

How.to.correctly.set.up.SubGHz.Add-On.mp4

Now you are all set to test your Sub-GHz Add-On. Let's start with the Spectrum Analyzer. You need to navigate through Apps > Sub-GHz > Spectrum Analyzer. You will see the following screen:

You can use the arrow buttons on the panel to move through the different frequencies. In this example case, we are analyzing a known 315 GHz signal being sent by a second device, so we moved to this value on the graph shown in the Flipper. Once the second device sends the signal, it is shown in the Spectrum Analyzer graph of the Flipper:

Now that we have confirmed the second device is sending signals near 315 MHz frequency. Let's try with another app then. Let's suppose we want to confirm that a TPMS sensor is sending messages properly over the same frequency we just read before. We can test the TPMS reader: Apps > Sub-GHz > TPMS Reader.

A 433.92 MHz frequency is set by default, but it can be changed by going to Config (press the left arrow on the panel):

In the menu above, we set the frequency to the known one. Then, going back to the scanning screen, the signal is triggered:

Watch data traveling through the specific LoRa settings. Use the right key in the D-pad to start sniffing.

• The first 8 bytes of the LoRa messages received will be displayed according to the established parameters and their ASCII representation if available. Use the central key in the D-pad to start/stop recording LoRa messages to log file.

Send a file containing LoRa messages to any peripheral listening on the network. Use the central key in the D-pad to start the Browser.

• Browse in your files, look for a log file and send it.