IR Remote Transforms To RF

Most consumer remote controls operate using infrared light. This works well assuming the piece of equipment has a line of sight to the remote. But if you have, say a receiver in a cabinet or closet, the IR remote signal can’t reach the sensor. Some equipment has remote receivers that you can leave poking out, but it is still not very handy. That’s why some equipment now uses RF remotes. [Xtropie] used a pair of inexpensive 433 MHz RF modules to convert an IR system to RF. You can see a short video about the project below.

We might have been tempted to simply put an IR LED on the receiver so it could feed IR into the device sensor, but [Xtropie] took a different approach. He found the IR sensor and tied the RF receiver directly into its output. It seems to work, but we probably would have removed the IR sensor to make sure there were no conflicts.

Continue reading “IR Remote Transforms To RF”

Remote control PCB next to its shell, with a breadboarded analog switch connected to the remote's onboard microcontroller, soldered to the pins responsible for button reading

Reusing Proprietary Wireless Sockets Without Wireless Hacking

Bending various proprietary devices to our will is a hacker’s rite of passage. When it comes to proprietary wall sockets, we’d often reverse-engineer and emulate their protocol – but you can absolutely take a shortcut and, like [oaox], spoof the button presses on the original remote! Buttons on such remotes tend to be multiplexed and read as a key matrix (provided there’s more than four of them), so you can’t just pull one of the pads to ground and expect to not confuse the microcontroller inside the remote. While reading a key matrix, the controller will typically drive rows one-by-one and read column states, and a row or column driven externally will result in the code perceiving an entire group of keys as “pressed” – however, a digitally-driven “switch” doesn’t have this issue!

One way to achieve this would be to use a transistor, but [oaox] played it safe and went for a 4066 analog multiplexer, which has a higher chance of working with any remote no matter the button configuration, for instance, even when the buttons are wired as part of a resistor network. As a bonus, the remote will still work, and you will still be able to use its buttons for the original purpose – as long as you keep your wiring job neat! When compared to reverse-engineering the protocol and using a wireless transmitter, this also has the benefit of being able to consistently work with even non-realtime devices like Raspberry Pi, and other devices that run an OS and aren’t able to guarantee consistent operation when driving a cheap GPIO-operated RF transmitter.

In the past, we’ve seen people trying to tackle this exact issue, resorting to RF protocol hacking in the end. We’ve talked about analog multiplexers and switches in the past, if you’d like figure out more ways to apply them to solve your hacking problems! Taking projects like these as your starting point, it’s not too far until you’re able to replace the drift-y joysticks on your Nintendo Switch with touchpads!

Cloned Gate Remote Does It (Slightly) Better

Ever make something just to see if you could? Yeah, we thought so. [serverframework] wanted to see if he could clone the remote that opens his neighborhood gate, inspired by the long distance ding-dong-ditch efforts of [Samy Kamkar].

This clone uses an ATtiny85 and an RF module to emulate and send the frequency that the gate is waiting for. To accomplish that, [serverframework] had to figure out both the operating frequency and the timing used by the remote. The crystal inside seemed to indicate 295 MHz, and a quick check of the device’s FCC registration confirmed it. Then he used an SDR dongle to watch the data coming across when he pressed the button, and ran it through Audacity to figure out the timing.

Unfortunately, the 295 MHz crystal is a rare beast, so [serverframework] had to transplant the original to the donor RF module. Then it was just a matter of programming the ATtiny85 to send the frequency with the right timing. It actually does a better job since the original has no timing crystal, and the ‘tiny is clocked with a standard 16 kHz oscillator. The code is available within [serverframework]’s excellent write-up, and you can see a tiny demo after the break.

There’s more than one way to clone a gate remote. This one leverages MQTT to turn friends’ phones into remotes.

Continue reading “Cloned Gate Remote Does It (Slightly) Better”

How To: Hack Your Way Into Your Own Gated Community

RF Signal Decryption and Emulation

Does your Gated Community make you feel secure due to the remote-controlled gate keeping the riffraff out? Residents of such Gated Communities in Poland are now shaking in fear since [Tomasz] has hacked into his own neighborhood by emulating the signal that opens the entrance gate. Shockingly, this only took about 4 hours from start to finish and only about $20 in parts.

Most of these type of systems use RF communication and [Tomasz’s] is no difference. The first step was to record the signal sent out by his remote. A USB Software Defined Radio transmitter/receiver coupled with a program called SDR# read and recorded the signal without a hitch. [Tomasz] was expecting a serialized communication but after recording and analyzing the signal from several people entering the community it became clear that there was only one code transmitted by everyone’s remote.

Now that he knows the code, [Tomasz] has to figure out a way to send that signal to the receiver. He has done this by making an RF transmitter from just a handful of parts, the meat and potatoes being a Colpitts oscillator and a power amplifier. This simple transmitter is connected to a DISCOVERY board that is responsible for the modulation tasks. [Tomasz] was nice enough to make his code available on his site for anyone that is interested in stopping by for a visit.