How to hack a doorbell and connect it to Twitter - Part 2: Sniffing a wireless RF signal

The first thing to do is detecting which signal is sent when pressing the doorbell button. For this purpose, we connect the RF receiver to the LINE IN connection of a PC and record the received signals with Audacity. This way, the PC acts like a kind of occiloscope, which I think is very cool. I was really suprised when it turned out that this really works!

First, build the following circuit:

You will need two resistors: 39 KOhm and 10 KOhm (which act as voltage dividers) and an audio cable with 3 segments on its plug. I stripped the 3 wires inside the cable and soldered it to 3 pins, so I could easily plug it into a breadboard. The power (5V) is supplied by the Arduino.

IMG_20130627_203811

IMG_20130627_205752

Now download and install Audacity. Audactity is a free to use audio editor. With this program, you can record the signal from the LINE IN input of your PC. While recording, press the doorbell button. The signal I recorded looks like this:

Schermafdruk van 2013-07-16 09:06:07

You can clearly see the moment on which I pressed the doorbell button.

Zooming in reveals that the same signal is repeated over and over again, with a long, low "sync" signal inbetween:

Schermafdruk van 2013-07-16 09:07:44

Zooming even further:

Schermafdruk van 2013-07-16 09:08:27

You can see that that this signal is built from just two different "building blocks":

  • a long high pulse, followed by a short low pulse. We will encode this as a "1" in our Arduino sketch later on;
  • a short high pulse, followed by a long low pulse. We will encode this as a "0" in our Arduino sketch.

This means that the code sent by the doorbell button is 0101 1111 0110 0010 0000 1000. The following question is: what is the duration of each pulse? When you zoom in even further, the sample points become visible as dots:

Schermafdruk van 2013-07-16 09:20:38

By counting the dots and noticing the sample rate at the lower left screen of the window, you can calculate the duration of the high and low pulses.

For example: when the recorded signal has a frequenct of 48000 Hz (samples per second) and you count 25 samples in the short signal, this signal has a duration of 25/48000 = (approximately) 520 microseconds.

Also notice that a long pulse is 3 times as long as a short pulse.

Sources:

Share Button

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *

Deze website gebruikt Akismet om spam te verminderen. Bekijk hoe je reactie-gegevens worden verwerkt.