Over-engineering Ding Dong Ditch

One day, [Samy]’s best friend [Matt] mentioned he had a wireless doorbell. Astonishing. Even more amazing is the fact that anyone can buy a software defined radio for $20, a small radio module from eBay for $4, and a GSM breakout board for $40. Connect these pieces together, and you have a device that can ring [Matt]’s doorbell from anywhere on the planet. Yes, it’s the ultimate over-engineered ding dong ditch, and a great example of how far you can take practical jokes if you know which end of a soldering iron to pick up.

Simply knowing [Matt] has a wireless doorbell is not enough; [Samy] needed to know the frequency, the modulation scheme, and what the doorbell was sending. Some of this information can be found by looking up the FCC ID, but [Samy] found a better way. When [Matt] was out of his house, [Samy] simply rang the doorbell a bunch of times while looking at the waterfall plot with an RTL-SDR TV tuner. There are a few common frequencies tiny, cheap remote controls will commonly use – 315 MHz, 433 MHz, and 900 MHz. Eventually, [Samy] found the frequency the doorbell was transmitting at – 433.8 MHz.

After capturing the radio signal from the doorbell, [Samy] looked at the audio waveform in Audacity. It looked like this doorbell used On-Off Keying, or just turning the radio on for a binary ‘1’ and off for a binary ‘0’. In Audacity, everything the doorbell transmits becomes crystal clear, and with a $4 434 MHz transmitter from SparkFun, [Samy] can replicate the output of the doorbell.

For the rest of the build, [Samy] is using a mini GSM cellular breakout board from Adafruit. This module listens for any text message containing the word ‘doorbell’ and sends a signal to an Arduino. The Arduino then sends out the doorbell code with the transmitter. It’s evil, and extraordinarily over-engineered.

Right now, the ding dong ditch project is set up somewhere across the street from [Matt]’s house. The device reportedly works great, and hopefully hasn’t been abused too much. Video below.

Continue reading “Over-engineering Ding Dong Ditch”

THP Entry: A 433MHz Packet Cloner

ookloneThe first generation of The Internet Of Things™ and Home Automation devices are out in the wild, and if there’s one question we can ask it’s, “why hasn’t anyone built a simple cracking device for them”. Never fear, because [texane] has your back with his cheap 433MHz OOK frame cloner.

A surprising number of the IoT and Home Automation devices on the market today use 433MHz radios, and for simplicity’s sake, most of them use OOK encoding. [Texane]’s entry for THP is a simple device with two buttons: one to record OOK frames, and a second to play them back.

Yes, this project can be replicated with fancy software defined radios, but [Texane]’s OOKlone costs an order of magnitude less than the (actually very awesome) HackRF SDR. He says he can build it for less than $20, and with further refinements to the project it could serve as a record and play swiss army knife for anything around 433MHz. Video demo of the device in action below.

Continue reading “THP Entry: A 433MHz Packet Cloner”