You’d be forgiven for occasionally looking at a project, especially one that involves reverse engineering an unknown communication protocol, and thinking it might be out of your league. We’ve all been there. But as more and more of the devices that we use are becoming wireless black boxes, we’re all going to have to get a bit more comfortable with jumping into the deep end from time to time. Luckily, there are no shortage of success stories out there that we can look at for inspiration.
A case in point are the wireless blinds that [Stuart Hinson] decided would be a lot more useful if he could control them with his Amazon Alexa. There’s plenty of documentation on how to get Alexa to do your bidding, so he wasn’t worried about that. The tricky part was commanding the wireless blinds, as all he had to go on was the frequency printed on the back of the remote.
Luckily, in the era of cheap RTL-SDR devices, that’s often all you need. [Stuart] plugged in his receiver and fired up the incredibly handy Universal Radio Hacker. Since he knew the frequency, it was just a matter of tuning in and hitting the button on the remote a couple times to get a good capture. The software then broke it down to the binary sequence the remote was sending out.
Now here’s where [Stuart] lucked out. The manufacturers took the easy way out and didn’t include any sort of security features, or even bother with acknowledging that the signal had been received. All he needed to do was parrot out the binary sequence with a standard 433MHz transmitter hooked up to an ESP8266, and the blinds took the bait. This does mean that anyone close enough can take control of these particular blinds, but that’s a story for another time.
We took a look at the Universal Radio Hacker a year or so back, and it’s good to see it picking up steam. We’ve also covered the ins and outs of creating your own Alexa skills, if you want to get a jump on that side of the project.
Temperature is a delicate thing. Our bodies have acclimated to a tight comfort band, so it is no wonder that we want to measure and control it accurately. Plus, heating and cooling are expensive. Measuring a single point in a dwelling may not be enough, especially if there are multiple controlled environments like a terrarium, pet enclosure, food storage, or just the garage in case the car needs to warm up. [Tim Leland] wanted to monitor commercially available sensors in several rooms of his house to track and send alerts.
The sensors of choice in this project are weather resistant and linked in his project page. Instead of connecting them to a black box, they are linked to a Raspberry Pi so your elaborate home automation schemes can commence. [Tim] learned how to speak the thermometer’s language from [Ray] who posted about it a few years ago.
The system worked well, but range from the receiver was only 10 feet. Thanks to some suggestions from his comments section, [Tim] switched the original 433MHz receiver for a superheterodyne version. Now the sensors can be a hundred feet from the hub. The upgraded receiver is also linked on his page.
We’ve delved into thermocouple reading recently, and we’ve featured [Tim Leland] and his 433MHz radios before.
If you wanted to name a few things that hackers love, you couldn’t go wrong by listing off vintage console controllers, the ESP system-on-chip platform, and pocket tools for signal capture and analysis. Combine all of these, and you get the ESP32Thang.
At its heart, the ESP32Thang is based around a simple concept – take an ESP32, wire up a bunch of interesting sensors and modules, add an LCD, and cram it all in a NES controller which helpfully provides some buttons for input. [Mighty Breadboard] shows off the device’s basic functionality by using an RFM69HW module to allow the recording and replay of simple OOK signals on the 433 MHz band. This is a band typically used by all sorts of unlicenced radio gear – think home IoT devices, wireless doorbells and the like. If you want to debug these systems when you’re out and about, this is the tool for you.
This is a fairly straightforward build at the lower end of complexity, but it gets the job done with style. The next natural step up is a Raspberry Pi with a full software defined radio attached, built into a Nintendo DS. If you build one, be sure to let us know. This project might serve as some inspiration.
With the wide availability of SPI and I2C modules these days, combined with the ease of programming provided by the Arduino environment, this is a project that just about any hacker could tackle after passing the blinking LED stage. The fact that integrating such hardware is so simple these days is truly a testament to the fact that we are standing on the shoulders of giants.
[Jean-Christophe Rona] found himself with some free time and decided to finish a project he started two years ago, reverse engineering cheap 433MHz home automation equipment. He hopes to control his space heaters remotely, in preparation for a cold and, now, robotic winter.
In a previous life, he had reverse engineered the protocol these cheap wireless plugs, garage doors, and electric window shutters all use. This eventually resulted in a little library called rf-ctrl that can toggle and read GPIO pins in the correct way to control these objects. He has a few of the more popular protocols built into the library and even wrote a guide on how to do the reverse engineering yourself if you have need.
Having successfully interfaced with the plugs to use with his space heaters, [Jean-Christophe] went about converting a cheap TP Link router into a command center for them. Since TP Link never expected anyone to hammer their square peg into a mismatched hole, it takes a careful hand at soldering and some enamel wire to break out the GPIO pins, but it’s well within the average skill set.
The end result is a nicely contained blue box with a little antenna hanging out of it, and we hope, a warm abode for the coming winter.
The Internet of Things has been presented as the future of consumer electronics for the better part of a decade now. Billions have been invested, despite no one actually knowing what the Internet of Things will do. Those billions need to go somewhere, and in the case of Texas Instruments, it’s gone straight into the next generation of microcontrollers with integrated sub-GHz radios. [M.daSilva]’s entry to the 2016 Hackaday Prize turns these small, cheap, radios into a portable communicator.
This ‘modem for the 400 MHz band’ consists simply of an ATmega microcontroller, TI’s CC1101 sub-GHz transceiver, an OLED display, and a UHF power amplifier. As far as radios radios go, this is as bare bones as it gets, but with the addition of a USB to serial chip and a small program this radio can send messages to anyone or anything in range. It’s a DIY pager with a couple chips and some firmware, and already the system works.
[M.daSilva] has two use cases in mind for this device. The first is an amateur radio paging system, where a base station with a big power amp transmits messages to many small modules. The second use is a flexible mdoule that links PCs together, using Ham radio’s data modes. With so many possibilities, this is one of the best radio builds we’ve seen in this year’s Hackaday Prize.
[Simon] has been using his home alarm system for over six years now. The system originally came with a small RF remote control, but after years of use and abuse it was finally falling apart. After searching for replacement parts online, he found that his alarm system is the “old” model and remotes are no longer available for purchase. The new system had similar RF remotes, but supposedly they were not compatible. He decided to dig in and fix his remote himself.
He cracked open the remote’s case and found an 8-pin chip labeled HCS300. This chip handles all of the remote’s functions, including reading the buttons, flashing the LED, and providing encoded output to the 433MHz transmitter. The HCS300 also uses KeeLoq technology to protect the data transmission with a rolling code. [Simon] did some research online and found the thew new alarm system’s remotes also use the same KeeLoq technology. On a hunch, he went ahead and ordered two of the newer model remotes.
He tried pairing them up with his receiver but of course it couldn’t be that simple. After opening up the new remote he found that it also used the HCS300 chip. That was a good sign. The manufacturer states that each remote is programmed with a secret 64-bit manufacturer’s code. This acts as the encryption key, so [Simon] would have to somehow crack the key on his original chip and re-program the new chip with the old key. Or he could take the simpler path and swap chips.
A hot air gun made short work of the de-soldering and soon enough the chips were in place. Unfortunately, the chips have different pinouts, so [Simon] had to cut a few traces and fix them with jumper wire. With the case back together and the buttons in place, he gave it a test. It worked. Who needs to upgrade their entire alarm system when you can just hack the remote?
High schooler [Vlad] spent about a year building up his battery-operated, wireless weather station. Along the way, not only has he learnt a lot and picked up useful skills, but also managed to blog his progress.
The station measures temperature, humidity, pressure and battery voltage, and he plans to add sensors for wind speed, wind direction and rainfall soon. It is powered via a solar panel and can run on a charged battery for a full month. The sensor module transmits data to a remote receiver connected to a computer from where it is published to the internet. Barometric pressure is measured using the BMP180 and the DHT22 provides temperature and humidity values. The link between the transmit and receive sections uses a 433MHz Superhetrodyne RF Kit which gives [Vlad] a range of 50m. There’s an ATMega328 on the transmitter and receiver side. He’s taking measurements once every 12 minutes, and putting the micro controller in low power mode using the Rocket Scream Low Power Library. A 5W, 12V solar panel charges the 6V Lead Acid battery via a LM317 based charge circuit. This ensures the battery gets charged even when the solar panel is not receiving optimal radiation. One hour of sunlight provides enough charge to keep it going for 2 days. And a fully charged battery will keep it running for a full month even when there’s no sunlight.
The server software consists of two parts. The first pushes serial data to a mySQL database. This is written in Visual Studio C# using help from Oracle mySQL connector. The second part publishes the entries in the mySQL database to the web server. This is written in php, and uses Libchart for graphing. He’s got the code, schematics, parts list and a lot of other information available for download on his blog. There’s a couple of items pending on his to-do list, so if you have any tips to offer post your comments below.