RF Remote Made Easy

The 433 MHz spectrum is a little bit of an oddball. It’s one of the few areas of the radio spectrum which is nearly universally unlicensed Outside of the US, it’s an open playground for devices that adhere to the power restrictions and other guidelines about best practices. IoT devices operate here, as well as security systems and, of course, remote controls. And, using a few off-the-shelf parts [hesam.moshiri] shows us how to take advantage of this piece of spectrum by designing and building a programmable and versatile 4-channel 433 MHz remote control.

Built around an ATmega8 microcontroller, making it easy to work with Arduino sketches, and with a 2×8 character LCD for ease-of-use when not connected to a computer, the wireless switching device can store up to 80 remote control codes in its EEPROM memory. This was one of the harder parts for [hesam] to sort out, but using structures to store the data for the codes eventually solved the problems. A simple GUI makes using it with whatever remote happens to be on hand fairly straightforward, including the ability to record codes from existing remotes on the fly and also to associate those codes with specific actions.

Schematics and a bill of materials are available on the project’s page, making this fairly accessible to those looking to add some wireless connectivity to a project, home automation system, or IoT device. It’s mainly set up as a switching device, but with some modifications could be put to work doing more complex tasks. The 433 MHz spectrum is an exciting place to be, too, and things like setting up entire security systems using it are not too far removed from a switching device like this.

[Editor’s note: As many mentioned in the comments, 433 MHz is a licensed ham band in the USA (ITU Region 2), so you can’t use it without a license. (Get one, it’s easy.)  In the USA, the equivalent band is at 315 MHz, which is why garage door remotes usually come with a 315/433 choice. Either way, check your local laws before you transmit.]

Continue reading “RF Remote Made Easy”

Decoding 433 MHz Signals With Arduino & Raspberry Pi

433 MHz radio signals are all around us. They’re used for things like smart power plugs, garage door openers, and home weather stations. Decoding these signals can allow you to interface and work with these devices on your own terms. To help in those efforts, [Joonas Pihlajamaa] has written a three-part tutorial on decoding these signals.

A soundcard makes for a very cheap oscilloscope.

The focus of the tutorials is decoding the signals of a Nexa radio-controlled smart plug. [Joonas] first explores using an Arduino to do the job, paired with a RFM210LCF-433D radio receiver module. This setup dumps out data to a computer over serial for decoding. [Joonas] then tried an alternative strategy, using a soundcard as a “poor man’s oscilloscope” to do the same job, using the same radio module and using Audacity for signal analysis. Finally, [Joonas] brought out the big guns, hooking up a Picoscope digital oscilloscope to a Raspberry Pi 4 for a more deluxe attempt at decoding the signals.

The tutorial goes to show that higher-end tools can make such a job much easier. However, the cheaper techniques are a great way of showing what can be done with the bare minimum in tools. We’re hoping for an exciting fourth part to [Joonas’s] work, where he instructs us on how to decode 433 MHz signals by drinking huge amounts of caffeine and staring at a very fast blinking LED. If you’ve got your own nifty signal analysis (or SIGINT!) hacks, be a good sport and drop them into the tipsline!

 

Low-Cost 433 MHz Door Sensors Get Open Firmware

It’s an unfortunate reality these days that if you see a cheap piece of consumer electronics, there’s a good chance its only cheap because it’s designed to lock you into some ecosystem where you’ll either end up paying a subscription, or worse, have your personal information sold behind your back. One of the best tools we have against these sort of anti-consumer practices is the development of open source firmware replacements that put control of the device into the hands of the community, rather than a corporation.

Now, thanks to the work of [Jonathan Armstrong] we have such a firmware for the 433 MHz magnetic door and window sensors that you can pick up on AliExpress for $4 USD a piece. The new firmware not only ensures you can use these sensors with a wide array of receivers, but adds a number of new features over their stock configuration. Continue reading “Low-Cost 433 MHz Door Sensors Get Open Firmware”

Unintentional Emissions

First, it was the WiFi router: my ancient WRT54G that had given me nearly two decades service. Something finally gave out in the 2.4 GHz circuitry, and it would WiFi no more. Before my tears could dry, our thermometer went on the fritz. It’s one of those outdoor jobbies that transmits the temperature to an indoor receiver. After that, the remote for our office lights stopped working, but it was long overdue for a battery change.

Meanwhile, my wife had ordered a new outdoor thermometer, and it too was having trouble keeping a link. Quality control these days! Then, my DIY coffee roaster fired up once without any provocation. This thing has worked quasi-reliably for ten years, and I know the hardware and firmware as if I had built them myself – there was no way one of my own tremendously sophisticated creations would be faulty. (That’s a joke, folks.) And then the last straw: the batteries in the office light remote tested good.

We definitely had a poltergeist, a radio poltergeist. And the root cause would turn out to be one of those old chestnuts from the early days of CMOS ICs – never leave an input floating that should have a defined logic level. Let me explain.

The WRT54G was the hub of my own home automation system, an accretion of ESP8266 and other devices that all happily speak MQTT to each other. When it went down, none of the little WiFi nodes could boot up right. One of them, described by yours truly in this video, is an ESP8266 connected to a 433 MHz radio transmitter. Now it gets interesting – the thermometers and the coffee roaster and the office lights all run on 433 MHz.

Here’s how it went down. The WiFi-to-433 bridge failed to connect to the WiFi and errored out before the part of the code where it initialized GPIO pins. The 433 MHz transmitter was powered, but its digital input was left flopping in the breeze, causing it to spit out random data all the time, with a pretty decent antenna. This jammed everything in the house, and apparently even once came up with the command to turn on the coffee roaster, entirely by chance. Anyway, unplugging the bridge fixed everything.

This was a fun one to troubleshoot, if only because it crossed so many different devices at different times, some homebrew and some commercial, and all on different control systems. Until I put it together that everything on 433 MHz was failing, I hadn’t even thought of it as one event. And then it turns out to be a digital electronics classic – the dangling input!

Anyway, hope you enjoyed the ride. And spill some copper for the humble pull-down resistor.

Teardown: Impassa SCW9057G-433 Alarm System

This series of monthly teardowns was started in early 2018 as an experiment, and since you fine folks keep reading them, I keep making them. But in truth, finding a new and interesting gadget every month can sometimes be a chore. Which is why I’m always so thankful when a reader actually sends something in that they’d like to see taken apart, as it absolves me from having to make the decision myself. Of course it also means I can’t be blamed if you don’t like it, so keep that in mind as well.

Coming our way from the tropical paradise of Eastern Pennsylvania, this month’s subject is an ADT branded Impassa SCW9057G-433 alarm system that was apparently pulled off the wall when our kind patron was moving house. As you might have guessed from the model number, this unit uses 433 MHz to communicate with various sensors and devices throughout the home, and also includes a 3G cellular connection that allows it to contact the alarm monitoring service even if the phone line has been cut.

Diagram of Impassa home security setup
The alarm can connect to a wide array of 433 MHz devices.

From how many of these are on eBay, and the research I’ve done on some home alarm system forums, it appears that you can actually pick one of these up on the second-hand market and spin your own whole-house alarm system without going through a monitoring company like ADT. The extensive documentation from Impassa covers how to wire and configure the device, and as long as the system isn’t locked when you get it, it seems like wiping the configuration and starting from scratch isn’t a problem.

If it’s possible to put together your own homebrew alarm system with one of these units at the core, then it seems the least we can do is take it apart and see what kind of potentially modifiable goodies are waiting under that shiny plastic exterior.

Continue reading “Teardown: Impassa SCW9057G-433 Alarm System”

ESP8266 Adds WiFi To A 433 MHz Weather Station

There’s no shortage of cheap weather stations on the market that pull in data from several wireless sensors running in the 433 to 900 MHz range and present you with a slick little desktop display, but that’s usually where the flow of information stops. Looking to bridge the gap and bring all that local climate data onto the Internet, [Jonathan Diamond] decided to reverse engineer how his weather station worked.

The first phase of this project involved an RTL-SDR receiver, GNURadio, and a sprinkling of Python. [Jonathan] was able to lock onto the signal and piece together the data packets that reported variables such as temperature, wind speed, and rainfall. Each one of these was a small puzzle in itself, and in the end, there’s still a few bits which he hasn’t quite figured out. But he at least had enough to move onto the next step.

Tapping into the radio module.

Now at this point, he could have pulled the data right out of the air with his RTL-SDR. But looking to push his skills to the next level, [Jonathan] decided to open up the base station and isolate its receiver. Since he already decoded the packets on the RF side, he knew exactly what he was looking for with his oscilloscope and logic analyzer. Once he was tapped into the feed coming from the radio, the final step was writing some code for the ESP8266 that could listen on the line, interpret the data packets, and push the resulting variables out over the network.

In this case, [Jonathan] decided to funnel all the data into Weather Underground by way of the Personal Weather Station API. This not only let him view the data through their web interface and smartphone application, but brought their hyperlocal forecasting technology into the mix at no extra charge. If you’re not interested in sharing your info with the public, it would be a trivial matter to change the firmware so the data is published to a local MQTT broker, or whatever else floats your proverbial boat.

If you’re really lucky, your own weather station may already have an ESP8266 onboard and is dumping all its collected data to the serial port. But if not, projects like this one that break down how to reverse engineer a wireless signal can be a great source of inspiration and guidance should you decide to try and crack the code.

ESP32 Adds New Features To 1990s Home Alarm System

Given how fast technology is progressing, some consumer gadgets lend themselves to being replaced every few years. Mobile phones are a particularly good example of a device that you probably won’t want to hold onto for more than 4 years or so, with TVs not far behind them. On the other hand, something like a home alarm system can stay in the fight for decades. As long as it still goes off when somebody tries to pop a window, what more do you need?

Well if you’re like [Brett Laniosh], you might want the ability to arm the system and check its current status from your phone. But instead of getting a whole new system, he decided to upgrade his circa 1993 Gardiner Gardtec 800 alarm with an ESP32. As it so happens, the original panel has an expansion connector which he was able to tap into without making any modifications to the alarm itself. If you’ve got a similar panel, you might even be able to use his source code and circuit schematics to perform your own modification.

Optocouplers link the ESP and alarm panel.

Now we know what you’re thinking. Surely there’s a risk involved when trusting an ESP32 connected to the Internet with the ability to disarm your home alarm system. [Brett] has considered this, and made sure that the web server running on the microcontroller can only be accessed from the local network. If he does want to connect from beyond WiFi range, he does so through a VPN. In other words, his code is never directly exposed to the wilds of the Internet and is always hiding behind some kind of encryption.

The WiFi connection allows [Brett] to arm and disarm the alarm system remotely, check if it’s been triggered, and reset it if necessary, all from his smartphone. But he’s also added in a 433 MHz receiver so he can use simple handheld fobs to arm the system if he doesn’t want to go through the phone. Even if you dropped out the Internet connectivity, this alone is a pretty nice upgrade.

For those not afraid to take the more invasive route, you could potentially reverse engineer and reprogram your old alarm panel. Or you could even so the full DIY route and create your own low-cost alarm system using the ESP32 and off-the-shelf modules.