Skip to content

Instantly share code, notes, and snippets.

@wouterds

wouterds/gist:e96211df8d405090dd23974bf17b4200

Created March 10, 2020 17:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wouterds/e96211df8d405090dd23974bf17b4200 to your computer and use it in GitHub Desktop.
Save wouterds/e96211df8d405090dd23974bf17b4200 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
This method also works with wireless doorbells and other similar systems.
We're gonna need a RTL-SDR, which is basically a radio dongle and a cheap radio transmitter.
We will also need a microcontroller to interface with the transmitter, any Arduino would do it.
You can get one for less than 8$ on Ebay, a 433MHz radio transmitter for less than 1$ and any kind of arduino clone for less than 3$.
Let's start...
First you need to install the drivers for the RTL-SDR, the Arduino IDE if you don't already have it,
the Audacity Audio Analyser/Editor and finally a spectrum analyzer, you can use http://airspy.com/?ddownload=3130 SDR# or https://github.com/pothosware/pothos/wiki/Downloads GQRX in Windows and https://github.com/pothosware/pothos/wiki/Downloads GQRX on linux.
To install the drivers on windows, you need to open Zadig (which comes with SDR# or GQRX) and select "Bulk-In, Interface" in the dropdown box and WinUSB in the Driver area,
then click "Replace Driver". On linux you just need to install the rtl-sdr package.
After this you will open your spectrum analyser, I'm using GQRX.
After you choose RTL2832U (aka RTL-SDR) for the device input, you will see this...
https://i.imgur.com/20SA5LT.png
Now we need to find your keyfob working frequency, usually it's 433MHz or 310~315MHz. To do this you will need to navigate to these frequencies and look for something like this.
https://i.imgur.com/kzNBFRW.jpg
(obviously the signal will only show when the keyfob is pressed)
After you identify the signal, you need to be able to read it. Usually garagedoors (and other simple rf systems) use ASK/OOK modulation so we will choose AM for the demodulation mode.
This will demodulate the signal in an audio waveform. So what do we do? We go to the audio tab and record the signal. After this we will open it with Audacity. It will look like this.
https://i.imgur.com/E4bIhdi.png
Then we zoom in...
https://i.imgur.com/X2IkmNd.png
https://i.imgur.com/b7VFV81.png
Now we just need to read the binary data that we see. How we do that?
The signal has some spikes as you can see, some of them are longer than the others, the longer ones represent 1 and the small ones represent 0. Like this.
https://i.imgur.com/1AXpBra.png
Now we have the data that was sent. This binary code is the key, or in other words, the password... when the receiver listen this key, it will open the garagedoor.
So, how we send it?
To send this code, we will use an arduino with a 433MHz radio transmitter (if your signal has other frequency, you will need to use the correspondent model).
Let's code then!
First we need to install the https://github.com/sui77/rc-switch RCSwitch library, this can be done be going to Sketch>Include Library>Add .ZIP Library and choosing one of the releases available on the github page.
Then the wiring...
https://i.imgur.com/pSfYwMO.png
(different arduino boards can have different wiring)
Now, the magic!
#include <RCSwitch.h>
RCSwitch mySwitch = RCSwitch();
void setup() {
mySwitch.enableTransmit(10); // The PIN you're using to connect the transmitter
}
void loop() {
mySwitch.send("0011110000100"); // The code we found previously
delay(1000);
}
To send it to your board, connect it via USB and go to the Tools Menu and select the Board, Processor and Clock (some board don't need to specify the clock) and finally, the COM port (if you don't know wich it is, try all of them).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment