Jee Labs Talk

This forum has moved to forum.jeelabs.net - this read-only archive is for reference only!

1. tankslappa
   

   Sorry if this has been covered before, I did look, honest! Is there a central repository and idiots guide to hacking/cracking the wireless protocol used by other devices? My brother has recently installed security lighting which has wireless PIR sensors and wireless operated lamps, he said he thinks they are 868Mhz, so it would be nice to have a play with them and hopefully share the source of these with anyone who is interested.

   Posted 25/05/2010 20:14:06

2. jcw
   

   Take one and a half frog legs, add a dash of hazelnut syrup, sprinkle with... oh, wait, wrong forum :)

   It's a lot of guesswork. That's why I went through so much trouble setting up the OOK scope. Basic idea is: try to identify the two or three pulse widths occurring in a transmission. Then capture a couple of those and try looking for patterns. I used some ad-hoc scripting to convert the range of pulse widths I was interested in into ... don't laugh ... ASCII chars such as H and L or - and | and then tried to split the stuff into lines, rearranging them until some patterns line up, i.e. successive packets.

   Then you need to figure out what the sync pattern might be, what the size of each unit is (4.. 9 bits), whether there are parity bits every N bits, what looks like an xor or checksum of all the data bytes. And then what the payload bits might all mean.

   I spent a few days on end dabbling in this stuff. It can be pretty frustrating, but sometimes it works out and things fall into place.

   I don't think you'll find many fixed "recipes" or "howtos" for this, each case can be completely different. Vendors no doubt don't want others to be able to figure it out, but often the resources in the transmitter are probably too limited to do much obfuscation.

   Posted 25/05/2010 20:34:15

3. tankslappa
   

   I had a nasty feeling you were going to say something like that... OOK scope time it is then, although I might try to take the lid off one of the units to see if I can get some kind of clue from any IC on the board.

   The lights and PIR sensors have a couple of dip switches to select different channels, so they sound like they could be quite useful little units... If nothing else I can have great fun annoying my brother by making his security lights turn on and off at random!

   Posted 25/05/2010 21:15:34