Reverse engineering a wireless protocol

logic

Like all good tinkerers, [Andrew] decided to figure out how his wireless security system worked. Yes, it’s an exercise in reverse engineering, and one of the best we’ve seen to date.

After breaking out the handheld spectrum analyzer and TV tuner SDR, [Andrew] cracked open a few devices and had a gander at the circuit boards. The keypad, PIR sensor, and base station all used a TI radio chip – the CC11xx series – that uses SPI to communicate with a microcontroller.

Attaching a logic analyzer directly to the radio chip and reading the bits directly, [Andrew] started getting some very good, if hard to understand data. From the security system specs, he knew it used a ’20-bit code’, but the packets he was reading off the SPI bus were 48 bits long. The part of this code was probably the system’s address, but how exactly does the system read its sensors?

The easiest way to figure this out was to toggle a few of the sensors and look at the data being transmitted. With a good bit of reasoning, [Andrew] figured out how the alarm system’s code worked. This theory was tested by connecting one of the radios up to an Arduino and having his suspicions confirmed.

While [Andrew]‘s adventure in reverse engineering is only a benefit for people with this model of security system, it’s a wonderful insight into how to tear things apart and understand them.

An XBMC controller built for Grandma

10-finished-controller

Is your grandmother cool enough to use XBMC? Maybe it’s a testament to the functionality of the wildly popular home entertainment suite rather than the hipness of your elders. But indeed, [Brian's] grandmother is an XBMC user who needed a controller with larger buttons to accommodate her. This is what he built. He sent us a set of photos and a description of the build, both of which you can see below. He was inspired to get in touch after reading about the custom controller which [Caleb] has been working on for [Thomas].

[Brian] didn’t get bogged down with electronics. He went with the simple, cheap, and popular solution of gutting a wireless keyboard. After tracing out the keys he needed he got rid of everything except the PCB. A wiring harness was crafted by soldering jumper wires to the PCB traces and terminating them with crimping slide connectors. The arcade buttons he used have terminals for the connectors which will make it simple to mate the electronics with the mechanics.

The enclosure is a little wooden hobby box. It originally had a lid with a mirror. [Brian] broke open the lid’s frame to replace it with a thin piece of plywood which hosts the buttons. Inside you’ll find a battery power source. These keyboards last a long time on one set of batteries so he just needs to remember to preemptively replace them from time to time. The finishing touch was to add decals so that granny can figure out what each button does.

[Read more...]

RF wireless kernel module for Raspberry Pi, BeagleBone and others

rfm12b-kernel-module

If you’ve done any wireless work with hobby electronics you probably recognize this part. The green PCB is an RFM12B wireless board. They come in a few different operating bandwidths, the 433 MHz is probably the most common. They’re super easy to interface with a small microcontroller but what about an embedded Linux board? That is the focus of this project, which builds a kernel driver for the RF module.

You can get your own RFM12B for a few bucks. They’re quite versatile when paired, but a lot of inexpensive wireless consumer goods operate on this band so the board can be used to send commands to wireless outlets, light fixtures, etc. [Georg] has been working with the BeagleBone, BeagleBone Black, and Raspberry Pi. His software package lets you build a kernel module to add an entry for the device into the /dev directory of a Linux system. So far the three boards listed are all that’s supported, but if you have five I/O pins available it should be a snap to tailor this to other hardware.

Wondering what else you can do with the setup? This will get the receiving end of a text-messaging doorbell up and running in no time.

[Read more...]

Build a waterproof music controller on the cheap

shower-controller-for-music-playback

[Aaron] wrote in to show off the waterproof music controller (translated) he just finished building. He uses it in the shower — which makes us wonder how long he’s spending in there. We could also see it being useful by the pool, on the beach, or anywhere else that you need a cheap and easy control system.

His computer plays tunes while he’s getting ready for the day. This means he was able to use an inexpensive wireless keyboard for control. The donor keyboard has dedicated music control keys which he carefully traced to the PCB before removing the flexible sheets that detect key presses. Next he found a water tight food container and sized his protoboard to fit. You can see his button layout above. Holes were cut in the lid of the container, with a plastic membrane glued on the underside. This will keep the water out while still allowing him to actuate the momentary push switches.

Most mobile devices will work with wireless keyboards. If your car is nearby just hook your phone to the stereo and control it with this rather than building a dedicated beach stereo system.

Wireless microcontroller/PC interface for $3

uc

Sending data from a microcontroller to a PC usually requires some sort of serial connection, either through fiddly on-chip USB, FTDI chips, or expensive radio ICs. [Scott] didn’t want to deal with this when creating a network of wireless temperature sensors, so he hacked up a few cheap 433 MHz radio transmitters and receivers to transmit data to a PC for about $3.

After sensor data is collected on a microcontroller and sent over radio, there’s still the issue of getting it into a PC. For this, [Scott] piped the data into the microphone port of a cheap USB sound card. We’ve seen this trick before both in the world of microcontrollers and loading programs onto a Commodore 64 via a cassette interface.

Once the data is sent into the sound card, it’s decoded with a a small Python app. Given the range and quality of the RF transmitters and receivers  [Scott] says it’s not an extremely reliable way to send data to a PC. It is cheap, though, and if you need to read sensors wirelessly on a budget, it’s hard to do much better.

Check out [Scott]‘s demo of his creation below.

Wireless doorbell battery monitor

wireless-doorbell-battery-monitor

We know exactly what [Dan] is going through. We also bought a cheap wireless doorbell and are plagued by the batteries running down. When that happens, the only way you know is when people start pounding on the door because you’re not answering the bell. Well no more for [Dan]. He built a backup system which monitors the voltage of the batteries on the chime unit.

You can see the small bit of protoboard he used to house the microcontroller and the UI. It’s an ATtiny13 along with a green LED and a single push button. The idea is to use the chip’s ADC to monitor the voltage level of the pair of batteries which power the chime. When it drops below 3V the green LED will come on.

First off, we wish these things would come with better power supply circuits. For instance, we just replaced the CR2032 in an Apple TV remote and measured the voltage at 2.7V. That remote and the chime both run from a 3V source. Can’t they be made to work down to 1.8V? But we digress.

In addition to monitoring voltage [Dan's] rig also counts the number of times the chime has rung. Every eight seconds it flashes the count in binary, unless he presses the red button to clear the count. This is shown in the video after the break. We guess he wants to know how many times this thing can be used before running the batteries down.

Seriously though, for a rarely used item like this how hard would it be to use ambient light harvesting to help save the batteries? Looking at some indoor solar harvesting numbers shows it might be impossible to only power this from PV, but what if there was a super-cap which would be topped off with a trickle from the panels but would still use the batteries when that runs down?

[Read more...]

Finally, TI is producing simple, cheap WiFi modules

TI

Ever responsive to the hobbyist market, Texas Instruments is releasing a very inexpensive, very simple WiFi module specifically designed for that Internet of Things.

The TI SimpleLink TI CC3000 WiFi module is a single-chip solution to putting 802.11b/g WiFi in just about every project you can dream up. Just about everything needed to put the Internet in a microcontroller is included in this chip – there’s a TCP/IP stack included on the chip, along with all the security stuff needed to actually connect to a network.

The inexpensive micocontroller WiFi solutions we’ve seen – including the very cool Electric Imp – had difficult, or at least odd, means of putting WiFi credentials such as the SSID and password onto the device. TI is simplifying this with SmartConfig, an app running on a phone, tablet, or PC that automagically takes care of setting up a link in a wireless network.

Best of all, the CC3000 only costs $10 in quantities of 1000. Compare that to other Internet of Things WiFi solutions, and it looks like we might be seeing and easy and cheap way to connect a project to the internet this year.

Follow

Get every new post delivered to your Inbox.

Join 96,678 other followers