EEVblog Electronics Community Forum

Electronics => Beginners => Topic started by: rthorntn on October 15, 2013, 06:04:18 am

Title: The best way to decipher a wireless protocol
Post by: rthorntn on October 15, 2013, 06:04:18 am

Hi

Looking for ideas and this has always been a very helpful forum.

I want integrate a 433Mhz siren in to Arduino (specifically the Arduino present on the BeagleBone cape that ships with the Ninja Block) so as far as I can tell this is all about rc-switch (warning big phone cam images):

https://dl.dropbox.com/u/2436853/alarm.jpg
https://dl.dropboxusercontent.com/u/2436853/alarm2.jpg

There is an atmega48v on there, the RX says 9931A on the PCB and has a cd4069ubm hex inverter being used I assume for the receiver.

Basically I have the remote and the siren, the remote actuates the siren, rc-switch sees the button press as a 24bit code, I can see it but when I try to use the code to actuate the siren using rc-switch nothing happens, I believe RX and TX are implemented in different parts of rc-switch and so there could be stuff that RX OK but that doesn't TX properly.

I want to decode what's going on both to get a better understanding of electronics and to get this flipping siren working.  I have no idea where to start, I have access to a scope, logic analyzer and sdr (I would be a beginner on all of them) as well as lots of Arduino boards and breakouts including 433Mhz, can somebody point me in the right direction please?

Thanks.

Rich

Title: Re: The best way to decipher a wireless protocol
Post by: adam1213 on October 15, 2013, 07:40:37 am

How do you know that the "rc-switch sees the button press as a 24bit code" - is this in the specifications or did you measure this.

A good way to start is by looking at the requirements for the siren:

• It needs to be possible to have multiple sirens of the same type near each other without them conflicting. Due to this the siren has a learn mode.
• An attacker should not be able to disable the siren. e.g. the data sent each time might change. Try checking if it changes e.g. try recording the data transmitted / looking at it on a logic analzer or scope

Title: Re: The best way to decipher a wireless protocol
Post by: rthorntn on October 15, 2013, 08:13:13 am

Thanks adam1213!

The ninja block sees the remote button press and it has a UI that shows the code but the actuate function using the observed code does not work.

The siren does have a learn button.

I didn't think about some sort of anti-sniffing technique.

How would I record the press, I could build an arduino with 433mhz radio and probe the radio pins, would a scope or logic analyzer be better, I could also setup the SDR and sniff at 433mhz watching the gnu radio scope...?

Thanks again.

Richard

Title: Re: The best way to decipher a wireless protocol
Post by: adam1213 on October 15, 2013, 11:53:09 am

What code shows up / at least the start of the code?

I suggest you probe a 433mhz receiver and look at:

• what the remote sends - is it always the same message for on / off or does the message change on multiple button presses / how much of the message changes.
• how what the ninja block sends compares against the remote

Setup:
433mhz receiver - connect to power, probe output pin. ** note: you can use the receiver that is part of the ninjablock and probe it.