Hardware components | ||||||
 |
| × | 1 | |||
Software apps and online services | ||||||
 |
| |||||
The parking of my building is secured by a remote controlled gate and after one of the two remotes that I had broke down I thought to myself, why can't I control the gate from the Internet? Seems like an easy enough task to waste a few afternoons on. After trying out a few IoT boards and studying the amazing world of software defined radio I settled on the onion omega as the main board plus a cheap RF transmitter from deal extreme.
Sniffing the gate codeRF controlled gadgets and gates use a few different standards for encoding their codes, luckily for me, the specific gate in question uses a simple OOK (on/off keying) encoding. All you need to do is sniff it using an RF receiver, decode it, find the number of microseconds of on and off and replay it with a simple RF transmitter of the same frequency.
The sniffing part was done using a RTL SDR dongle (such as this one from eBay) and a readily available decoder application that runs on Linux. You can use various frequency scanners such as gqrx to get a raw look of the remote transmitted key and validate that the working frequency is 433MHz.
I'm not going to get into the details of using RTL SDR since there are many guides and material on the web, but in a few words you connect the dongle and run the ookdump
program inside the ook-decoder folder, press the remote signal and printed on screen should be the code in question.
0000018.000080s ### 53 pulses
num high low freq
1 2408uS 752uS -12.251kHz
2 460uS 760uS -18.478kHz
3 460uS 764uS -15.217kHz
4 456uS 764uS -18.092kHz
5 460uS 760uS -16.304kHz
6 456uS 768uS -16.447kHz
7 456uS 760uS -14.803kHz
8 456uS 764uS -14.254kHz
9 460uS 348uS -17.935kHz
10 840uS 752uS -14.583kHz
11 456uS 764uS -15.899kHz
12 452uS 352uS -17.146kHz
.
.
.
53 448uS 760uS -14.509kHz
You can see that you get the high time (transmission) and low time (no-transmission) for 53 pulses in this key example. Replaying the exact sequence over and over a few times will open the gate in case this is indeed a simple OOK remote.
Replaying the signalThe first thing I wanted to try is to validate that indeed all I have to do is buy a cheap RF transmitter and repeat the same on and off times to open the gate. So I picked up one of the Arduinos that I had lying around, bought the cheapest RF 433mhz transmitter that I found on deal extreme, connected the signal leg to one of the Arduino's digital outs and using the sketch below replayed the captured code. I was very surprised to see that it works, the gate to the my parking space opened like a charm. Range is also an important issue, luckily for me, my apartment if right above the gate so I just needed to find a secure location with an AC power socket near-by and a window overlooking the driveway in one of my rooms.
Arduino sample code for testingvoid pulse(int highMicros, int lowMicros)
{
digitalWrite(outPin, HIGH);
delayMicroseconds(highMicros);
digitalWrite(outPin, LOW);
delayMicroseconds(lowMicros);
}
void SendCode(void)
{
pulse(2616,808);
pulse( 472,812);
pulse( 468,816);
pulse( 468,808);
pulse( 476,808);
.
.
.
pulse( 900,8004);
}
void loop(void)
{
readVal = digitalRead(buttonPin);
if (readVal == LOW)
{
SendCode();
}
}
Since I needed micro-second precision, at first I thought that I must use a "hardcore" real time board such as an Arduino and this can't be done on a Linux based board like the onion-omega. But than I saw that the great guys from the omega team included a binary called fast-gpio that can control the board's GPIOs without the OS latency. It had support for using the GPIOs as PWMs but not for bit-banging a specific code. Since their tools are open-source it was a matter of forking and adding that option myself. Using my version of the fast-gpio binary version you can supply an external code file that specifies the on/off time for a specific GPIO, which basically bit-bang it in a specific rhythm. All that's left is to connect the RF transmitter signal leg to the omega GPIO and use the new fast-gpio binary as follows:
# fast-gpio pulses <gpio-num> <path_to_file> <loops>
The pulses file should look like this:
<up-time>,<down-time>
<up-time>,<down-time>
.
.
.
To be able to run the command over the internet you can use the incredibly easy API of he onion cloud. It's also easy enough to connect it to the IFTTT Do app using the maker channel and than with a simple press of the button on my phone I can open up the gate.
IFTTT Do button recipe- Make some kind of a temporary guest access for parents and friends that needs access to the parking space.
- Make the onion-omega guys merge my fast-gpio feature into the main onion-omega branch (already did a pull-request).
Comments