Uploaded byraptor0102
PPTX, PDF281 views

Ir reverse engineering (1)

This document discusses reverse engineering infrared remote controls through analyzing the timing of infrared signals. It provides examples of decoding protocols for a Syma 107G helicopter, Syma 107N helicopter, and Lego car remote control. The protocols are broken down into header, data bits for controls like yaw, pitch and throttle, and footer bits. Decoding the signals allows generating code to replicate the controls with an Arduino and infrared LED.

Embed presentation

Download to read offline
IR REVERSE ENGINEERING Nadav Yahav, Asher Yanai
• Decoding infrared transmission using remote control signals. • Actually, we are using the decoder to “timing” all possible signals (bit 0/1, header, footer). • That’s allowed us to verify and graphs all of the possible control configuration, establishing a timing and command set for the device. • After understanding the graphs, and each transmission, we generate a code for the specific protocol. That code will replace the controller using the Arduino and IR LED transmitter. WHAT IS REVERSE ENGINREERING?
• IR frequency transmitter can transmit in wide range of frequencies(38 kHz, 50 kHz). • Usually at 38 kHz • Each bit represented by constant time of LED on and LED off. • We produced this frequency by turning on and off the LED for 13 microseconds. (this is just for the ON state) IR TRANSMIT
IR TRANSMIT
OSCILLOSCOPE EXAMPLE
DVD EXAMPLE PAGE-1
DVD EXAMPLE PAGE-2
DVD EXAMPLE PAGE-3
• DVD EXCEL SIGNALS EXAMPLE • DVD Example DVD EXAMPLE PAGE-4
107G HELICOPTER
107G HELICOPTER Protocol: • The Syma 107G is a 3-channel (Yaw, Pitch, Throttle) helicopter which utilizes Infrared (IR) • The transmission of a control packet is contingent on the application of throttle. • There are four passible symbols-Header , Footer , 0’s , 1’s.
107G HELICOPTER The IR Decoder results on the 107G remote controller. 107G
26 microsec 300 microsec- on 300 microsec- off 0 bit 107G HELICOPTER
26 microsec 300 microsec- on 700 microsec- off 1 bit 107G HELICOPTER
26 microsec 1960 microsec- on 1860 microsec- off header 107G HELICOPTER
26 microsec 300 microsec- on 1400 microsec- off footer 107G HELICOPTER
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 h e a d e r 0 yaw 0 pitch c h a n n e l Throttle 0 Trim f o o t e r The control packet consists of a header symbol, 32-bits of control information, and a footer symbol. 107G HELICOPTER
107G HELICOPTER • Protocol: • Yaw- represented by bits 0-7. • Yaw control the turning of the Helicopter- • Values between 0 and 127, centered on 63. • For example sharp turn left will send number of value 127.
107G HELICOPTER • Protocol: • Pitch - represented by bits 8-15. • Pitch control the flying forward and backwards - range: 0-127, • Bit number 16-Represent the Chanel of the Helicopter(AB).
107G HELICOPTER Protocol: Throttle is represented by bits 17-24 between 0 and 127. Throttle control the speed of the rotors (go up and down or hover).
107N HELICOPTER
107N HELICOPTER The only difference between the two helicopters is the timing of the 4 symbols represented. • Working with the same frequency (38 kHz) • Has the same protocol (3-channels, 32 bit package) 107n signals example 107n Code 107G Code
107N HELICOPTER Time off (µsec)Time on (µsec)symbol 19002060header 340440zero 740440one 24240440footer Time off (µsec)Time on (µsec)symbol 18801960header 300300zero 680300one 14000300footer
THE LEGO CAR
THE LEGO CAR The Remote control of the Lego car The IR receiver of the Lego car works with 4 channels, He receives a packet of 16 bits. Depending of the packet, he sends the commands to two engines working in synchronization. If a legal command is received, The receiver will blink yellow LED, indicates that the command in being executed.
0 1 2 3 0 1 2 3 4 5 6 7 0 1 2 3 header BBBB AAAA LLLL footer The control packet consists of a header symbol, 16-bits of control information, and a footer symbol. THE LEGO CAR channel Nibble 1 Nibble 2 Nibble 3 Error detectionConstant bits of 01 Engine B Engine A
THE LEGO CAR Protocol: BBBB- Left Engine: ACTUAL MOVEBITS No movement0000 Forward speed 10001 Forward speed 20010 Forward speed 30011 Forward speed 40100 Forward speed 50101 Forward speed 60110 Forward speed 70111 Brake1000 ACTUAL MOVEBITS Backward speed 71001 Backward speed 61010 Backward speed 51011 Backward speed 41100 Backward speed 31101 Backward speed 21110 Backward speed 11111
THE LEGO CAR Protocol: AAAA- Right Engine: ACTUAL MOVEBITS No movement0000 Forward speed 10001 Forward speed 20010 Forward speed 30011 Forward speed 40100 Forward speed 50101 Forward speed 60110 Forward speed 70111 Brake1000 ACTUAL MOVEBITS Backward speed 71001 Backward speed 61010 Backward speed 51011 Backward speed 41100 Backward speed 31101 Backward speed 21110 Backward speed 11111
THE LEGO CAR Protocol: LLLL- 4 bits of Error detection. The 4 bits will be – 0xF xor Nibble 1 xor Nibble 2 xor Nibble 3.
THE LEGO CAR Time off (µsec)Time on (µsec)symbol 960182header 230182zero 500182one 960182footer
THE LEGO CAR A code is added, writing by Nadav Yahav and Asher Yanai. Press here to get the code Press commands using the serial port: W- moving forward Z or X - moving backward A - turn left. D - turn right.
THE LEGO CAR
- THE END -

More Related Content

PPTX
FAR/MARS Avionics CDR
byCade Walton
 
PPTX
Traffic signal design study
byD A Diploma Engineering & Technology
 
PDF
555 timer
byNEW HORIZON COLLEGE OF ENGINEERING
 
PDF
Rf controlled pick up and drop robot
byAdityaBulbule1
 
PPT
IC fmaillies.ppt
byNarendrakumarAnnadur
 
PDF
74ls390
bykiennguyen1991
 
PPTX
a project on automatic traffic control using IC 555
byjack990315
 
DOC
Cataloge ge 3.control and_automation_dienhathe.com-4_05_vat300_e_c2-4_rev_b
byDien Ha The
 
FAR/MARS Avionics CDR
byCade Walton
 
Traffic signal design study
byD A Diploma Engineering & Technology
 
555 timer
byNEW HORIZON COLLEGE OF ENGINEERING
 
Rf controlled pick up and drop robot
byAdityaBulbule1
 
IC fmaillies.ppt
byNarendrakumarAnnadur
 
74ls390
bykiennguyen1991
 
a project on automatic traffic control using IC 555
byjack990315
 
Cataloge ge 3.control and_automation_dienhathe.com-4_05_vat300_e_c2-4_rev_b
byDien Ha The
 

What's hot

PDF
74 hc hct393
bykiennguyen1991
 
PDF
Omnibus Control Systems for Hydro Excavation
byVac-Con
 
PDF
Advanced motion controls dx60co8
byElectromate
 
PDF
abc song
bytriquyennhi1
 
DOCX
Digital clock
byAbi Malik
 
PDF
Steppert Motor Interfacing With Specific Angle Entered Through Keypad
byAbrar Amin
 
DOCX
8051 development board project report
byNt Arvind
 
PDF
Digital Counter Design
byGargiKhanna1
 
PPTX
77
byEkta Karol
 
DOC
93 appendix pic18(l)f2 x4xk22 (1)
byDevanshu Suman
 
PDF
Datasheet
bykellyjohanagaravito
 
PPTX
Applications of microcontroller(8051)
byvijaydeepakg
 
PDF
Dm74 ls164
byLITS IT Ltd,LASRC.SPACE,SAWDAGOR BD,FREELANCE BD,iREV,BD LAW ACADEMY,SMART AVI,HEA,HFSAC LTD.
 
DOC
Cataloge ge 3.control and_automation_dienhathe.com-4_15_vat300_e_c6-1_rev_d
byDien Ha The
 
PPTX
Blinds
byHenry Zhao
 
PDF
74xxx series IC
byTotal Project Solutions
 
PPTX
Micro Processor Mini Project,Electronic Quiz Table
bySubhashini Sundaram
 
PDF
Rf atp nibong tebal p00128 rev 1 30 nov2016
byewin aulia
 
74 hc hct393
bykiennguyen1991
 
Omnibus Control Systems for Hydro Excavation
byVac-Con
 
Advanced motion controls dx60co8
byElectromate
 
abc song
bytriquyennhi1
 
Digital clock
byAbi Malik
 
Steppert Motor Interfacing With Specific Angle Entered Through Keypad
byAbrar Amin
 
8051 development board project report
byNt Arvind
 
Digital Counter Design
byGargiKhanna1
 
77
byEkta Karol
 
93 appendix pic18(l)f2 x4xk22 (1)
byDevanshu Suman
 
Datasheet
bykellyjohanagaravito
 
Applications of microcontroller(8051)
byvijaydeepakg
 
Dm74 ls164
byLITS IT Ltd,LASRC.SPACE,SAWDAGOR BD,FREELANCE BD,iREV,BD LAW ACADEMY,SMART AVI,HEA,HFSAC LTD.
 
Cataloge ge 3.control and_automation_dienhathe.com-4_15_vat300_e_c6-1_rev_d
byDien Ha The
 
Blinds
byHenry Zhao
 
74xxx series IC
byTotal Project Solutions
 
Micro Processor Mini Project,Electronic Quiz Table
bySubhashini Sundaram
 
Rf atp nibong tebal p00128 rev 1 30 nov2016
byewin aulia
 

Viewers also liked

PPTX
Edt 620 inst. appl. technolgy fall 2015 there's an app for that ramona leddy ...
byramonaleddy
 
DOC
Doanh nhân thành đạt thường làm gì vào buổi sáng
byAction Vip
 
PPT
Unit 3 alphabets
byNgọc Như Huỳnh
 
PPTX
Overcoming racism 2015 debrief
byCatherine Dahlberg
 
PPTX
Presentacion tics u3 parte b
byAndres Fonseca avila
 
PPTX
Past simple
byДмитрий Калашников
 
PDF
Plan de lectura 2014-2015.
byEstado
 
PPTX
Face2 face
by15Khallam
 
DOC
New All Inclusive Resume
byKris Glenn
 
PPTX
5-minute ted talk on MCN's Principles and Practices resource development project
byCatherine Dahlberg
 
PDF
"Emolectura: vivir el instante".
byEstado
 
Edt 620 inst. appl. technolgy fall 2015 there's an app for that ramona leddy ...
byramonaleddy
 
Doanh nhân thành đạt thường làm gì vào buổi sáng
byAction Vip
 
Unit 3 alphabets
byNgọc Như Huỳnh
 
Overcoming racism 2015 debrief
byCatherine Dahlberg
 
Presentacion tics u3 parte b
byAndres Fonseca avila
 
Past simple
byДмитрий Калашников
 
Plan de lectura 2014-2015.
byEstado
 
Face2 face
by15Khallam
 
New All Inclusive Resume
byKris Glenn
 
5-minute ted talk on MCN's Principles and Practices resource development project
byCatherine Dahlberg
 
"Emolectura: vivir el instante".
byEstado
 

Similar to Ir reverse engineering (1)

PPTX
Surveillance Chopper
byAbheek Chakraborty
 
PPTX
lecture_I2C_SPI.pptx
byreemasajin1
 
PDF
Tutorial documento, wheef robotic arm car
byBillBolaosVelascoBvb
 
PPTX
Remote control
byRiaz_raj
 
PPTX
Fun with arduino
byRavikumar Tiwari
 
PDF
concurrency.cc OSHUG #3
byOmer Kilic
 
PDF
Syed IoT - module 5
bySyed Mustafa
 
PDF
Arte Y Robotica
bycampus party
 
PPT
8051 zigbee interface
byPantech ProLabs India Pvt Ltd
 
DOCX
All about ir arduino - cool
byVlada Stoja
 
PPTX
Day1
byAtul Uttam
 
PDF
Joral Non Contact Encoders Ppt
byjoralllc
 
PDF
Arduino spooky projects_class3
byAnil Yadav
 
PDF
Multi rotor drone small knowledge summary one
byAlbert2019
 
PPTX
Human robot interaction based on gesture identification
byRestin S Edackattil
 
PPT
RC Car detailed analysis
byMohd Akram
 
PDF
Making things sense-Day 2 (May 2011)
bymarkumoto
 
PPT
zigbee networks using xbee modules zigbee networks using xbee modules
byIndra Hermawan
 
PDF
Atmega tutorial
byRajan Gautam
 
PPTX
Basics of open source embedded development board (
byDhruwank Vankawala
 
Surveillance Chopper
byAbheek Chakraborty
 
lecture_I2C_SPI.pptx
byreemasajin1
 
Tutorial documento, wheef robotic arm car
byBillBolaosVelascoBvb
 
Remote control
byRiaz_raj
 
Fun with arduino
byRavikumar Tiwari
 
concurrency.cc OSHUG #3
byOmer Kilic
 
Syed IoT - module 5
bySyed Mustafa
 
Arte Y Robotica
bycampus party
 
8051 zigbee interface
byPantech ProLabs India Pvt Ltd
 
All about ir arduino - cool
byVlada Stoja
 
Day1
byAtul Uttam
 
Joral Non Contact Encoders Ppt
byjoralllc
 
Arduino spooky projects_class3
byAnil Yadav
 
Multi rotor drone small knowledge summary one
byAlbert2019
 
Human robot interaction based on gesture identification
byRestin S Edackattil
 
RC Car detailed analysis
byMohd Akram
 
Making things sense-Day 2 (May 2011)
bymarkumoto
 
zigbee networks using xbee modules zigbee networks using xbee modules
byIndra Hermawan
 
Atmega tutorial
byRajan Gautam
 
Basics of open source embedded development board (
byDhruwank Vankawala
 

Recently uploaded

PPT
Integer , Goal and Non linear Programming Model
byOcheriCyril2
 
PDF
CME397 SURFACE ENGINEERING UNIT 2 FULL NOTES
bykarthi keyan
 
PDF
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
PDF
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
PDF
Industrial Tools Manufacturers In India : Torso Tools
bytorsotools8
 
PDF
Shear Strength of Soil/Mohr Coulomb Failure Criteria-1.pdf
byMahmoodKhalid11
 
PDF
engineering management chapter 5 ppt presentation
byericaangelatoledo06
 
PPTX
ME3592 - Metrology and Measurements - Unit - 1 - Lecture Notes
bypprakash21252
 
PPTX
Designing Work for Humans, Not Machines: Human-Centered Maintenance Excellence
byMaintWiz Technologies Private Limited
 
PDF
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
PDF
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
PPTX
Day 3 Module 5_Optical fiber Network (operation and management).pptx
bySachayaG
 
PPT
Oracle Advanced subquery and types of subquery
bytejaswinikulkarni549
 
PPTX
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
PPT
Momentum and collisions in physics or engineering
byazizrahmanhakimi
 
PPTX
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
PPT
Ceramic Matrix Composites Slide from Composite Materials
byUsman635773
 
PPTX
operating_systems.pptx m,nm,nm,n,nm,n,nm,nikl
bykirthigaaiml
 
PPTX
A professional presentation on Cosmos Bank Heist
byssuser7f0075
 
PPTX
Batch-1(End Semester) Student Of Shree Durga Tech. PPT.pptx
byrashesw1122s
 
Integer , Goal and Non linear Programming Model
byOcheriCyril2
 
CME397 SURFACE ENGINEERING UNIT 2 FULL NOTES
bykarthi keyan
 
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
Industrial Tools Manufacturers In India : Torso Tools
bytorsotools8
 
Shear Strength of Soil/Mohr Coulomb Failure Criteria-1.pdf
byMahmoodKhalid11
 
engineering management chapter 5 ppt presentation
byericaangelatoledo06
 
ME3592 - Metrology and Measurements - Unit - 1 - Lecture Notes
bypprakash21252
 
Designing Work for Humans, Not Machines: Human-Centered Maintenance Excellence
byMaintWiz Technologies Private Limited
 
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
Day 3 Module 5_Optical fiber Network (operation and management).pptx
bySachayaG
 
Oracle Advanced subquery and types of subquery
bytejaswinikulkarni549
 
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
Momentum and collisions in physics or engineering
byazizrahmanhakimi
 
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
Ceramic Matrix Composites Slide from Composite Materials
byUsman635773
 
operating_systems.pptx m,nm,nm,n,nm,n,nm,nikl
bykirthigaaiml
 
A professional presentation on Cosmos Bank Heist
byssuser7f0075
 
Batch-1(End Semester) Student Of Shree Durga Tech. PPT.pptx
byrashesw1122s
 

Ir reverse engineering (1)

  • 1.
    IR REVERSE ENGINEERING NadavYahav, Asher Yanai
  • 2.
    • Decoding infraredtransmission using remote control signals. • Actually, we are using the decoder to “timing” all possible signals (bit 0/1, header, footer). • That’s allowed us to verify and graphs all of the possible control configuration, establishing a timing and command set for the device. • After understanding the graphs, and each transmission, we generate a code for the specific protocol. That code will replace the controller using the Arduino and IR LED transmitter. WHAT IS REVERSE ENGINREERING?
  • 3.
    • IR frequencytransmitter can transmit in wide range of frequencies(38 kHz, 50 kHz). • Usually at 38 kHz • Each bit represented by constant time of LED on and LED off. • We produced this frequency by turning on and off the LED for 13 microseconds. (this is just for the ON state) IR TRANSMIT
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
    • DVD EXCELSIGNALS EXAMPLE • DVD Example DVD EXAMPLE PAGE-4
  • 10.
  • 11.
    107G HELICOPTER Protocol: • TheSyma 107G is a 3-channel (Yaw, Pitch, Throttle) helicopter which utilizes Infrared (IR) • The transmission of a control packet is contingent on the application of throttle. • There are four passible symbols-Header , Footer , 0’s , 1’s.
  • 12.
    107G HELICOPTER The IRDecoder results on the 107G remote controller. 107G
  • 13.
    26 microsec 300 microsec-on 300 microsec- off 0 bit 107G HELICOPTER
  • 14.
    26 microsec 300 microsec-on 700 microsec- off 1 bit 107G HELICOPTER
  • 15.
    26 microsec 1960 microsec-on 1860 microsec- off header 107G HELICOPTER
  • 16.
    26 microsec 300 microsec-on 1400 microsec- off footer 107G HELICOPTER
  • 17.
    0 1 23 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 h e a d e r 0 yaw 0 pitch c h a n n e l Throttle 0 Trim f o o t e r The control packet consists of a header symbol, 32-bits of control information, and a footer symbol. 107G HELICOPTER
  • 18.
    107G HELICOPTER • Protocol: •Yaw- represented by bits 0-7. • Yaw control the turning of the Helicopter- • Values between 0 and 127, centered on 63. • For example sharp turn left will send number of value 127.
  • 19.
    107G HELICOPTER • Protocol: •Pitch - represented by bits 8-15. • Pitch control the flying forward and backwards - range: 0-127, • Bit number 16-Represent the Chanel of the Helicopter(AB).
  • 20.
    107G HELICOPTER Protocol: Throttle isrepresented by bits 17-24 between 0 and 127. Throttle control the speed of the rotors (go up and down or hover).
  • 21.
  • 22.
    107N HELICOPTER The onlydifference between the two helicopters is the timing of the 4 symbols represented. • Working with the same frequency (38 kHz) • Has the same protocol (3-channels, 32 bit package) 107n signals example 107n Code 107G Code
  • 23.
    107N HELICOPTER Time off(µsec)Time on (µsec)symbol 19002060header 340440zero 740440one 24240440footer Time off (µsec)Time on (µsec)symbol 18801960header 300300zero 680300one 14000300footer
  • 24.
  • 25.
    THE LEGO CAR TheRemote control of the Lego car The IR receiver of the Lego car works with 4 channels, He receives a packet of 16 bits. Depending of the packet, he sends the commands to two engines working in synchronization. If a legal command is received, The receiver will blink yellow LED, indicates that the command in being executed.
  • 26.
    0 1 23 0 1 2 3 4 5 6 7 0 1 2 3 header BBBB AAAA LLLL footer The control packet consists of a header symbol, 16-bits of control information, and a footer symbol. THE LEGO CAR channel Nibble 1 Nibble 2 Nibble 3 Error detectionConstant bits of 01 Engine B Engine A
  • 27.
    THE LEGO CAR Protocol: BBBB- Left Engine: ACTUALMOVEBITS No movement0000 Forward speed 10001 Forward speed 20010 Forward speed 30011 Forward speed 40100 Forward speed 50101 Forward speed 60110 Forward speed 70111 Brake1000 ACTUAL MOVEBITS Backward speed 71001 Backward speed 61010 Backward speed 51011 Backward speed 41100 Backward speed 31101 Backward speed 21110 Backward speed 11111
  • 28.
    THE LEGO CAR Protocol: AAAA- Right Engine: ACTUALMOVEBITS No movement0000 Forward speed 10001 Forward speed 20010 Forward speed 30011 Forward speed 40100 Forward speed 50101 Forward speed 60110 Forward speed 70111 Brake1000 ACTUAL MOVEBITS Backward speed 71001 Backward speed 61010 Backward speed 51011 Backward speed 41100 Backward speed 31101 Backward speed 21110 Backward speed 11111
  • 29.
    THE LEGO CAR Protocol: LLLL-4 bits of Error detection. The 4 bits will be – 0xF xor Nibble 1 xor Nibble 2 xor Nibble 3.
  • 30.
    THE LEGO CAR Timeoff (µsec)Time on (µsec)symbol 960182header 230182zero 500182one 960182footer
  • 31.
    THE LEGO CAR Acode is added, writing by Nadav Yahav and Asher Yanai. Press here to get the code Press commands using the serial port: W- moving forward Z or X - moving backward A - turn left. D - turn right.
  • 32.
  • 33.