OSHUG #15Hacking Commodity Wireless Paul Tanner @paul_tanner slideshare.net/paul_tanner
Background ● Why make what you can buy? ● Proprietary tech but with benefits ● Very limited doc ● Not easy without sophisticated tools ● Lets mess around
Approach ● Observe the protocol ● Increase the doc ● Deduce the protocol ● Code and test ● Transmitter (easy) ● Receiver (hard) ● Iterate (potentially for ever :)
Nah! El-cheapo version ● Some of these devices use 433Mhz signalling ● In which case use audio recording ● PC or Mac + software e.g. Audacity ● Otherwise start saving up
RF-to-audio etc ● Ard. shield makes for convenient mounting ● Receiver has digital output and no embedded protocol ● Transmitter likewise ● Alternatives available ● Could add switches to power down when not in use.
Some ResultsSomewhat inconsistent snapshots but you get the idea
Get Measurements ● Simple program can capture pulse widths ● Inevitably theres noise – shield? ● Triggering needed for infrequent transmissions ● Then add decoder
Magic happens here ● Look for clues e.g Blogs etc ● Expect e.g. Manchester encoding ● Expect redundancy, e.g. checksums ● Hope for inspiration ● Test and iterate
Conclusion ● It can be done ● Most successful with output devices ● Very hard with devices that send infrequently ● Online help limited but does exist
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.