Emulating A Remote Control Ceiling Fan Transmitter In An FPGA

[Joel] has a remote control ceiling fan. It’s nothing special, the controller has a low-power 350MHz transmitter and a Holtek encoder to send commands by keying the transmitter’s output. Desiring something a little better, he set about reverse engineering the device’s protocol and implementing it on a Lattice iCE40 FPGA.

To decode the device’s packets he reached for his RTL-SDR receiver and took a look at it in software. GQRX confirmed the presence of the carrier and allowed him to record a raw I/Q file, which he could then supply to Inspectrum to analyse the packet structure. He found it to be a simple on-off keying scheme, with bits expressed through differing pulse widths. He was then able to create a Gnu Radio project to read and decode them in real time.

Emulating the transmitter was then a fairly straightforward process of generating a 350MHz clock using the on-board PLL and gating it with his generated data stream to provide modulation. The result was able to control his fan with a short wire antenna, indeed he was worried that it might also be doing so for other similar fans in his apartment complex. You can take a look at his source code on GitHub if you would like to try something similar.

It’s worth pointing out that a transmitter like this will radiate a significant amount of harmonics at multiples of its base frequency, and thus without a filter on its output is likely to cause interference. It will also be breaking all the rules set out by whoever the spectrum regulator is where you live, despite its low power. However it’s an interesting project to read, with its reverse engineering and slightly novel use of an FPGA.

Wireless remote hacking seems to be a favorite pastime here in the Hackaday community. We’ve had 2.4GHz hacks and plenty of wireless mains outlet hacks.

Die Photos Of A Runner’s RFID Chip

A mass participation sporting event such as a road race presents a significant problem for its record keepers. It would be impossible to have ten thousand timekeepers hovering over stopwatches at the finish line, so how do they record each runner’s time? The answer lies in an RFID chip attached to the inside of the bib each runner wears, which is read as the runner crosses the line to ensure that their time is recorded among the hundreds of other participants.

[Ken Shirriff] got his hands on a bib from San Francisco’s “Bay to Breakers” race, and set about a teardown to lay bare its secrets.

The foil antenna pattern.
The foil antenna pattern.

Stripping away the foam covering of the RFID assembly revealed a foil antenna for the 860-960MHz UHF band with the tiny RFID chip at its centre. The antenna is interesting, it’s a rather simple wideband dipole folded over with what looks like a matching stub arrangement and an arrow device incorporated into the fold that is probably for aesthetic rather than practical purposes. He identified the chip as an Impinj Monza 4, whose data sheet contains reference designs for antennas we’d expect to deliver a better performance.

After some trial-by-fire epoxy removal the tiny chip was revealed and photographed. It’s a device of three parts, the power scavenging and analog radio section, the non-volatile memory that carries the payload, and a finite-state logic machine to do the work. This isn’t a proper processor, instead it contains only the logic required to do the one task of returning the payload.

He finishes off with a comparison photograph of the chip — which is about the size of a grain of salt — atop a 1980s 8051-series microcontroller to show both its tiny size and the density advancements achieved over those intervening decades.

Since RFID devices are becoming a ubiquitous part of everyday life it is interesting to learn more about them through teardowns like this one. The chip here is a bit different to those you’ll find in more mundane applications in that it uses a much higher frequency, we’d be interested to know the RF field strength required at the finish line to activate it. It would also be interesting to know how the system handles collisions, with many runners passing the reader at once there must be a lot of RFID chatter on the airwaves.

We’ve featured [Ken]’s work before, among many others in his reverse engineering of Clive Sinclair’s 1974 scientific calculator, and his explanation of the inner workings of the TL431 voltage reference. Though we’ve had many RFID projects on these pages, this appears to be the first teardown of one we’ve covered.

Get Set For SAQ On Alexanderson Day With These Active Antennas

If you need to generate a radio frequency electrical signal, you will make some form of electronic oscillator. We’ll probably all be used to oscillators using transistors, tubes, logic gates or a host of other electronic technologies. Similarly if you need to generate radio frequencies at high powers, you’ll couple your oscillator to an amplifier, a relatively simple task with today’s electronic parts bin.

If you needed to do the same thing with a high power radio signal in the early years of the 20th century, none of these options were open to you. There were no transistors or integrated circuits, and the tubes of the day could not produce high power outputs. Radio engineers back then had to employ other solutions to the problem, one of which was the Alexanderson alternator. It’s old news we’ve covered here before at Hackaday, a high frequency alternator capable of generating hundreds of kilowatts in the VLF radio frequency range.

There is one operational Alexanderson alternator remaining in the world at the Varberg radio station at Grimeton in Sweden. It is no longer in constant use, but as a World Heritage Site and museum it is put on air a few times a year including the Sunday closest to the 2nd of July, known as Alexanderson Day. We come now to the point of this article: this year’s 3rd of July Alexanderson Day transmission is fast approaching, and since last time we covered it we signed off with a plea for a good VLF antenna design we should post a solution in good time to allow our readers to receive this year’s signal.

G3XBM's e-field VLF antenna
G3XBM’s e-field VLF antenna

Fixing up a receiver is easy enough, we linked to the original SAQrx VLF Receiver and the extended version in our previous coverage. Both pieces of software use your computer’s sound card as the front end of a software defined radio to receive the 17.2kHz from Grimeton. The antenna though presents a problem. You might think that attaching a long piece of wire to the microphone input would be enough, but the problem is that due to the huge wavelength of the VLF signal any reasonable long wire you might be able to assemble simply wouldn’t be long enough to deliver a good result. Clearly a different antenna is required, and the solution comes courtesy of a high-impedance active e-field antenna. This uses a FET input and a surprisingly small patch antenna to deliver a low noise floor at VLF frequencies rather than to be the amplifier you might expect.

We’ve found a couple of designs for you to look at. The first is a two transistor version you will find in various different guises on many sites. This one uses an MPF102 FET, but you should be able to substitute a J310. The second design is a little more surprising, while it is the same idea of a FET input amplifier it uses a TL071 op-amp as its active device. This is in no way an IC you’d normally expect to find in an RF circuit, however the frequency in question is not that of your normal RF.

If you build either of these antennas we hope you’ll be able to hear the Alexanderson Day transmission. The point of a high power VLF transmitter is that it has a huge coverage area, so it should be possible to receive it across all of Europe and perhaps into the eastern United States. If you are out of range though, never fear. You can always try to pick it up through a handy webSDR receiver closer to the source.

Alexanderson alternator picture By Gunther Tschuch (Own work) [ CC BY 2.5 ], via Wikimedia Commons.


Effortlessly Send Antenna Wires Skywards With A Spud Gun

The heroes of action films always make it look so easy. Need to climb a tall building? Simply fire a grapnel hook from a handy harpoon gun, it’ll always land exactly where you want it and gain a perfect purchase so you can shin up the rope and arrive at the top barely having raised a sweat. If Hackaday ran Q Branch, we can tell you, we’d make ’em work a bit harder. If only because nobody likes a smartass.

If you’ve ever had to get a real line over something tall, you’ll know it’s a lot more difficult than that. You can only make it work with the lightest of lines that you can then use to pull up something more substantial, and you would be amazed how poor a thrower you are when you’re trying to throw upwards. Try attaching fishing line to a weight, try a bow and arrow, and nine times out of ten you won’t make it. There’s a serious amount of skill and luck involved in this line-throwing game.

[WB5CXC] has an interesting solution to this problem, at least as far as the application of throwing antenna wires over tall obstacles. He’s made a spud gun from PVC pipe, powered by compressed air. It takes the form of a U-shaped tube with one side of the U being a pressure vessel separated from the other by a ball valve.. Place a close-fitting puck with your wire attached in the open side with the valve closed, pump the pressure vessel full of air with a bicycle pump, and open the valve to send both puck and wire skywards. He says it will clear 100′ trees, counsels the user not to go higher than 100psi, and warns that the speeding puck can be dangerous. We like it already.

We’ve covered many spud guns here at Hackaday in the past, but it seems this is the first wire launching one. We’ve had a steam one for example, or this bolt-action spud gun, but pride of place has to go to the spud gun to end all spud guns.

Via DXZone.

GPS And SDR Combine Forces

Software-defined radio (or SDR) is a relatively new (to average tinkerers, at least) way of sending and receiving radio signals. The interest in SDR exploded recently with the realization that cheap USB TV tuner cards could be used to start exploring the frequency spectrum at an extremely reduced cost. One of the reasons that this is so advantageous is because of all of the options that a general-purpose computer opens up that go beyond transmitting and receiving, as [Chris] shows with his project that ties SDR together with GPS.

The goal of the project was to automatically tune a radio to the local police department’s frequency, regardless of location. To do this, a GPS receiver on a computer reports information about the current location. A JavaScript program feeds the location data to the SDR, which automatically tunes to the local emergency services frequencies. Of course, this relies on good data for what those frequencies are, but this is public information in most cases (at least in the US).

There are a lot of opportunities here for anyone with SDR. Maybe an emergency alert system that can tune to weather broadcasts if there’s a weather alert, or any of a number of other captivating projects. As for this project, [Chris] plans to use Google’s voice recognition software to transcribe the broadcasts as well. The world of SDR is at your fingertips to do anything you can imagine! And, if you’re looking to get started in it, be sure to check out the original post covering those USB TV tuner dongles.

Hackaday Prize Entry: BLE Beacon Library

While faking BLE advertising beacons using an nRF24L01+ module is nothing new, it’s become a heck of a lot easier now that [Pranav Gulati] has written some library code and a few examples for it.

[Pranav]’s work is based on [Dmitry Grinberg]’s epic bit-banging BLE research that we featured way back in 2013. And while the advertisement channel in BLE is limited in the amount of data it can send, a $1 nRF24 module and a power-thrifty microcontroller would be great for a battery-powered device that needs to send small amount of data infrequently for a really long time.

We’re not 100% sure where [Pranav] is going to take this project. Honestly, the library looks like it’s ready to use right now. If you’ve been holding off on making your own BLE-enabled flock of birds, or even if you just want to mess around with the protocol, your life has gotten a lot easier.

The HackadayPrize2016 is Sponsored by:

FCC to Investigate Raised RF Noise Floor

If you stand outside on a clear night, can you see the Milky Way? If you live too close to a conurbation the chances are all you’ll see are a few of the brighter stars, the full picture is only seen by those who live in isolated places. The problem is light pollution, scattered light from street lighting and other sources hiding the stars.

The view of the Milky Way is a good analogy for the state of the radio spectrum. If you turn on a radio receiver and tune to a spot between stations, you’ll find a huge amount more noise in areas of human habitation than you will if you do the same thing in the middle of the countryside. The RF noise emitted by a significant amount of cheaper modern electronics is blanketing the airwaves and is in danger of rendering some frequencies unusable.

Can these logos really be trusted? By Moppet65535 (Own work) [CC BY-SA 3.0], via Wikimedia Commons
Can these logos really be trusted? By Moppet65535 (Own work) [CC BY-SA 3.0], via Wikimedia Commons
If you have ever designed a piece of electronics to comply with regulations for sale you might now point out that the requirements for RF interference imposed by codes from the FCC, CE mark etc. are very stringent, and therefore this should not be a significant problem. The unfortunate truth is though that a huge amount of equipment is finding its way into the hands of consumers which may bear an FCC logo or a CE mark but which has plainly had its bill-of-materials cost cut to the point at which its compliance with those rules is only notional. Next to the computer on which this is being written for example is a digital TV box from a well-known online retailer which has all the appropriate marks, but blankets tens of megahertz of spectrum with RF when it is in operation. It’s not faulty but badly designed, and if you pause to imagine hundreds or thousands of such devices across your city you may begin to see the scale of the problem.

This situation has prompted the FCC Technological Advisory Council to investigate any changes to the radio noise floor to determine the scale of the problem. To this end they have posted a public notice (PDF) in which they have invited interested parties to respond with any evidence they may have.

We hope that quantifying the scale of the RF noise problem will result in some action to reduce its ill-effects. It is also to be hoped though that the response will not be an ever-tighter set of regulations but greater enforcement of those that already exist. It has become too easy to make, import, or sell equipment made with scant regard to RF emissions, and simply making the requirements tougher for those designers who make the effort to comply will not change anything.

This is the first time we’ve raised the problem of the ever-rising radio noise floor here at Hackaday. We have covered a possible solution though, if stray RF is really getting to you perhaps you’d like to move to the National Radio Quiet Zone.

[via Southgate amateur radio news]