You’d be forgiven for occasionally looking at a project, especially one that involves reverse engineering an unknown communication protocol, and thinking it might be out of your league. We’ve all been there. But as more and more of the devices that we use are becoming wireless black boxes, we’re all going to have to get a bit more comfortable with jumping into the deep end from time to time. Luckily, there are no shortage of success stories out there that we can look at for inspiration.
A case in point are the wireless blinds that [Stuart Hinson] decided would be a lot more useful if he could control them with his Amazon Alexa. There’s plenty of documentation on how to get Alexa to do your bidding, so he wasn’t worried about that. The tricky part was commanding the wireless blinds, as all he had to go on was the frequency printed on the back of the remote.
Luckily, in the era of cheap RTL-SDR devices, that’s often all you need. [Stuart] plugged in his receiver and fired up the incredibly handy Universal Radio Hacker. Since he knew the frequency, it was just a matter of tuning in and hitting the button on the remote a couple times to get a good capture. The software then broke it down to the binary sequence the remote was sending out.
Now here’s where [Stuart] lucked out. The manufacturers took the easy way out and didn’t include any sort of security features, or even bother with acknowledging that the signal had been received. All he needed to do was parrot out the binary sequence with a standard 433MHz transmitter hooked up to an ESP8266, and the blinds took the bait. This does mean that anyone close enough can take control of these particular blinds, but that’s a story for another time.
We took a look at the Universal Radio Hacker a year or so back, and it’s good to see it picking up steam. We’ve also covered the ins and outs of creating your own Alexa skills, if you want to get a jump on that side of the project.
Interesting… I setup my alexa/SmartThings to control my adjustable bed. In that case it used a CC2500 transmitter, so it was easier to capture the data.
I have a fan that uses a similar frequency. This might be a good way to go about controlling it.
Combine the fan with the bed, Alexa, fly me to the store.
You can also sniff the pulse train of a 433MHz LIPD transmitter by attaching your scope probes to the output of the receiver board, often found in cheap doorbell sender/receiver products.
Conversely, a wireless doorbell transmitter is able to be fed with a pulse train from a micro, too…
Cool hack.
That receiver that he’s got in a breadboard is part of a $1 eBay deal, if you don’t already have the doorbell kit on hand. Just hook up a scope/logic analyzer to the output, and you’re sniffing 433 MHz.
433 MHz is the hello world of interesting radio hacking, IMO, and I’m still running half of our home automation on 433 MHz switches that run through an ESP8266 as an MQTT bridge. Super easy, and immensely powerful / extensible.
If you haven’t dorked around with unknown IR or 433 MHz protocols, you’re missing a world of fun. :)
Now where you’ve gotta be careful is if you’ve got other robots using learning neural nets and wandering around with lasers and you’re bothered by the sun one day and just yell “Maximum blind!”
*shudder* reminds me of the laser eye surgery scene from Final Destination 5.
Cool hack/reverse engineering…
I have a question about the very thing itself: why are people gloming onto Alexa when it sends control of your devices to Amazon and not local? This seems like proprietary centralization that ferries your voice data to a not-so-nice entity.
I’m surprised that we don’t see more of open source here: https://en.wikipedia.org/wiki/List_of_speech_recognition_software . I know the refrain… why don’t I build it myself? It’s not that. Why are hackers spending time on Alexa/Amazon?
Convenience. It’s already a working environment that isn’t too hard to connect to, and it works much better than anything I could possibly build myself. It’s a $30 device that does voice recognition and actions VERY VERY well. even if i could build something myself, it would require much more than $30 in hardware to get it working, only work in 1 room, and take me hours to get setup. Even then, alexa would work much better, and have 10 more features next year, without any input from me.
I’ve automated some devices using a Paricle to work through smartThings, which can be controlled from alexa. There’s probably 3 hops of cloud services to make it work, but now I have 3 different ways I can control it, and coding it all to work took maybe half an hour. The delay is maybe, 1 second.
I get that Amazon has made a convenient and shiny platform. My problem is that I don’t trust cloud vendors, especially with listening posts. We had books about this (1984). The only difference is, instead of government, its a for-profit corporation.
I would also love to have a voice interface with my integrations. But I want my voice and surrounding audio to start and end with that device. I don’t want “voice analytic samples” to be ferried to elsewhere, unless I explicitly send a voice message or open up 2-way comms.
It does mean that I don’t use platforms like that.
I totally understand. I don’t get why amazon keeps the recordings forever. It should be process and delete. Keep for a day max.
As far as I know, it doesn’t send any audio until you say alexa. Of the devices I have in my house, the alexa device is not that chatty. Looking at the history of data that my router recorded for it, it’s not that much and doesn’t seem to be sending data in the days I didn’t use it.
If you’re paranoid, you could get an amazon Tap or a dash wand. Those only record and transmit when you push the button.
At this point , I trust alexa more than google home. If you’re concerned about privacy, don’t look at google account history.
there is a nice hak5 episode where the sniff and decode (and replay) these kind of signals with an SDR https://youtu.be/F3bISk5t8cA