v0.5.4 — Signal Generator now radiates

v0.5.4 — Signal Generator now radiates

Fixed

• The NRF24 Signal Generator now actually transmits. Reworked the SPI/CE
  driving model (hold the external bus + CE high for the whole run, huuck-style
  double set_tx_mode ignition) and added a TX-FIFO flush before each
  ignition — so repeated starts / live mode-switches no longer fill the FIFO
  and silently drop the ignition payload. Verified on real hardware
  (RF_SETUP=0x9E, CFG=0x02, FIFO loaded — full-power continuous carrier).

Changed

• Honest power wording. Removed the on-screen +20 dBm label and the
  +20 dBm / "pilot-aware OFDM" / "room range" claims from the docs. The WiFi
  modes are continuous-carrier band hops; output power is intentionally kept
  conservative — the firmware does not drive the radio to its electrical
  maximum — to stay within a defensible envelope for the regulated 2.4 GHz band.

Note

• During a long continuous transmit run the multi-channel modes (BLE Adv /
  WiFi 1·6·11 / ALL / BLE React) may occasionally stop responding — hold
  Left + Back (~5 s) to reboot. CW Custom (single channel) is the most
  robust for sustained use; use the sweep modes in shorter bursts.

Install

Download pingequa_rf_toolkit.fap below → copy to /ext/apps/GPIO/ on your
Flipper (or use qFlipper). Works on Official, Momentum, Unleashed, RogueMaster.

v0.5.3 — Signal Generator rebrand

Changed

• Renamed the transmit feature from "Jammer" to "Signal Generator"
  on every user-facing surface — the main-menu item (NRF24 Signal Gen),
  the transmit-view header (SIGNAL GEN), the app description, and the
  exported-data surface. Functionality is unchanged.
  • Session-log directory …/pingequa/jammer → …/pingequa/siggen;
    filename prefix jam_… → siggen_….
  • CSV header Jammer Session → Signal Generator Session; field
    reactive_jams → reactive_events.
  • Settings file jammer.conf → siggen.conf.
  • One-time migration note: older jammer.conf and …/jammer/ logs
    are not read by the new build; jammer mode/channel resets to the
    default (CW Custom @ ch 42) once on first launch after updating.

v0.5.2 — Readable exports + About screen

Minor release — readable export filenames + meaningful jammer log fields + new About screen with drive-traffic QR codes.

Added

• About screen (main-menu → About). Three pages, Up/Down to navigate,
  Back to return. Right-edge progress-bar indicator shows current page.
  • Page 1 — Brand + Shop QR: title, version, hardware identifier,
    slogan "Precision Gear for Hackers", and a scannable QR encoding
    HTTPS://PINGEQUA.COM (offline-generated bit array, no QR library at
    runtime). Scan with any modern phone to open the shop.
  • Page 2 — GitHub QR: a separate QR encoding
    HTTPS://GITHUB.COM/PINGEQUALAB/RF-LAB so you can land on the
    source repo from a single scan.
  • Page 3 — Legal: concise authorized-testing notice + MIT license.

Changed

• Scanner CSV filenames now use wall-clock + peak channel:
  scan_<YYYY-MM-DD>_<HHMMSS>_ch<peak>.csv. Sorting by name in qFlipper
  = sorting by time; filename itself summarizes the export.
  • Falls back to scan_boot<tick>_ch<peak>.csv when RTC is not set
    (avoids 1970 garbage names).
  • Same-second collisions get _1.._99 suffix.
• Jammer session log filenames now: jam_<YYYY-MM-DD>_<HHMMSS>_<mode>_<dur>s.csv.
  Mode short-name and scene duration in seconds embedded in the filename.
• Jammer session log fields rebuilt for actual analysis value
  (was: 100% redundant # header section + key,value section duplicating
  every field; useless start_boot_ms / end_boot_ms / mode_index;
  misleading cw_channel written for non-CW modes).
  • Single key,value CSV section, no duplication.
  • New fields: datetime, engine (CW or Reactive), target_freq_mhz
    (e.g. 2405/2410/2414/2419 (WiFi ch1 pilots) derived from profile),
    scene_duration_s (one decimal, explicitly named so it isn't mistaken
    for TX-active time).
  • Conditional output: cw_channel + cw_freq_mhz only for CW Custom;
    reactive_jams only for BLE React.
  • Removed: redundant header block, mode_index, start/end_boot_ms,
    duration_ms, chunks (which reset per OK cycle, misleading).
• Scanner CSV header: added # Datetime line; dropped # Boot ms
  (boot-relative ms is meaningless once wall-clock is present).

Notes for users

• This release is purely additive on top of v0.5.1 — every existing
  feature is preserved (7-mode jammer, Scanner CSV export, settings
  persistence, OFW/Momentum/Unleashed/RogueMaster compatibility).
• If you parsed the old jammer log format programmatically, the column
  names changed. The new schema is documented in
  core/pq_jammer_log.h.

v0.5.1 — OFW compatibility + UI polish

Patch release. Broader firmware compatibility + small UI polish.

Fixed

• OFW compatibility: chip arbiter rewritten to single-handle SPI design.
  v0.5.0 referenced furi_hal_spi_bus_handle_external_extra which is a
  Momentum-only symbol — caused Symbols not resolved link error on OFW
  SDK so the FAP wouldn't launch. Now uses only the standard external
  handle and manually toggles PA4/PC3 CS lines. SPI timing, command
  framing, W_TX_PAYLOAD latch all preserved. Real-device regression
  passed: BLE/WiFi jamming + Scanner + Sub-GHz clean exit all work.
• Jammer view spacing: 2402/26/80MHz and @080 2480MHz N358 rows
  had only 1px gap. Bumped TAG_BASELINE 48→50 and BTM_DIV_Y 51→52 for 3px
  breathing room (@ character no longer cramped).
• Scanner CSV cosmetic: # Peak channel: 14 (2414 MHz, 32 hits)
  comment line was split into two columns by Excel CSV importer.
  Replaced inline comma with semicolon.

Changed

• CI: actions/checkout v4→v5, actions/setup-python v5→v6 (Node.js
  24 — Node 20 deprecated, full removal Sep 2026).
• Internal: removed stray module.elf.c artifact from repo root.

Who should upgrade

• OFW / Unleashed / RogueMaster users on v0.5.0 → ★ upgrade required
  (v0.5.0 won't launch on these firmwares; v0.5.1 does).
• Momentum users on v0.5.0 → optional (v0.5.0 already works; v0.5.1
  has the same behavior + UI polish).

Install

1. Download pingequa_rf_toolkit.fap from this release
2. qFlipper file manager → drag to /ext/apps/GPIO/
3. On Flipper: Apps → GPIO → PINGEQUA RF Lab

Compatibility

Firmware	v0.5.0	v0.5.1
Momentum (mntm-dev)	✅	✅
Official Flipper firmware	❌ won't launch	✅
Unleashed	❌ won't launch	✅
RogueMaster	❌ won't launch	✅
Xtreme	❌ won't launch	✅

PINGEQUA RF Lab v0.5.0 — initial release

A 2.4 GHz spectrum analyzer + 7-mode NRF24 jammer for Flipper Zero.

Designed exclusively for the PINGEQUA 2-in-1 RF Devboard (nRF24L01P + integrated PA, +20 dBm).

📦 Install

Download pingequa_rf_toolkit.fap (40 KB) below and copy to /ext/apps/GPIO/ on your Flipper SD card. Or use qFlipper's file manager. Then launch from Apps → GPIO → PINGEQUA RF Lab.

📡 Channel Scanner

• 126-channel real-time RPD spectrum (2400–2525 MHz, ~17 sweeps/sec)
• Adjustable dwell 130–2000 µs
• Max-hold mode with auto-pause on saturation
• WiFi 1/6/11 + BLE adv 37/38/39 band markers
• Long-press OK exports current scan to CSV at /ext/apps_data/pingequa/scans/

🚫 NRF24 Jammer (7 modes)

Mode	What it does
CW Custom	Single user-selected channel CW
BLE Adv	Blind CW hop {37, 38, 39}
BLE React ⚡	RPD reactive jamming — listens for carrier, jams 2.5 ms CW on detection. First on Flipper Zero NRF24 platform. Concept from Brauer et al. IEEE 7785169 (2016).
WiFi 1 / 6 / 11	Pilot-aware OFDM jamming — targets the 4 OFDM pilot subcarriers per channel. +7.5 dB equivalent efficiency per Clancy 2011 (IEEE 5962467).
ALL 2.4G	Full-band CW sweep 0–125

• Real-device verified: BLE devices and 2.4G WiFi can be disconnected within room range
• Settings persistence (mode + channel)
• Auto session log to /ext/apps_data/pingequa/jammer/

⚙️ Architecture

• Three-layer: core/ (HW) + scenes/ (SceneManager) + views/ (custom)
• Custom chip arbiter — atomic NRF24/CC1101 SPI handoff, no leakage to other Flipper apps
• Worker thread (FuriThreadPriorityLow) for scanning/jamming, GUI thread never blocked
• All SPI access via callback-style pq_chip_with_nrf24 / pq_chip_with_cc1101

⚖️ Legal note

Active 2.4 GHz transmission is regulated (FCC §15 in US, ETSI EN 300 328 in EU, equivalent elsewhere). Use only for research / lab testing on your own devices and with appropriate authorization.

📚 Documentation

• README
• CHANGELOG
• Quickstart
• UI Guide
• FAQ
• Architecture