Tagged: 433 mhz

Wireless Door Bell 433 MHz ASK Signal Analysis with a HackRF

Paul Rascagneres, an RF experimenter has recently uploaded a document detailing his efforts at reverse engineering a wireless doorbell (pdf file) with a 433 MHz Amplitude Shift Keyed (ASK) signal with his HackRF software defined radio. The HackRF is a SDR similar to the RTL-SDR, but with a wider available bandwidth and transmit capabilities.

To reverse engineer the doorbell, Paul used GNU Radio with the Complex to Mag decoder block to receive and demodulate the ASK signal. Once demodulated he was able to visually see the binary modulated waveform, and manually obtain the serial bit stream. From there he went on to create a GNU Radio program that can automatically obtain the binary strings from the ASK waveform.

In order to replay the signal, Paul found that the simplest way was to use the hackrf_transfer program, which simply records a signal, and then replays it via the HackRF transmitter on demand. With this method Paul was able to ring his doorbell via the HackRF.

Paul also confirmed his SDR results with an Arduino and 433 MHz transceiver. He then took it a step further and used the Arduino to create a system that could automatically receive and replay signals at 433 MHz and 315 MHz.

Decoding an ASK modulated bitstream.
Decoding an ASK modulated bitstream.

Recovering 433MHz Messages with RTL-SDR and MATLAB

Recently RTL-SDR.com reader Ilias wrote in to let us know about a post he uploaded to his blog showing how he was able to decode data from a device transmitting at 433 MHz using an RTL-SDR and MATLAB. MATLAB is a technical computing language that can be used for signal analysis and processing. His post clearly explains the steps he took and is a great aide for anyone wanting to learn about decoding simple signals.

The goal of Ilias’ project was to be able to use the RTL-SDR and MATLAB to uncover the details of a 433 MHz transmitter he bought on Ebay. He wanted to see if he could determine the protocol and recover the data before even looking at the transmitter’s library code.

To do this he first used SDR# to record the data sent at 433 MHz. Then by looking at the waveform in the Audacity audio editor he was able to determine that the signal was on-off-key (OOK) modulated and from this knowledge he was able to manually recover the binary string. Next he used MATLAB to create a program that can automatically decode the received OOK signal. His post goes into further detail about the signal processing steps he took in MATLAB.

433 MHz OOK Transmitter
433 MHz OOK Transmitter

Looking at the 432 to 438 MHz ISM Band

Amateur radio hobbyist LA3ZA shows an image on his blog showing how busy the 70cm ISM band can be in his area in Norway. He uses a roof mounted 1.7 m long vertical antenna with 7.2dBi gain in the 70 cm band. Each signal burst may come from a remote car key, weather monitor, electricity monitor, or other telemetry device. Some of these signals may be decodeable with rtl_433.

Busy ISM Band
Busy ISM Band

Using an RTL-SDR and RTL_433 to Decode Various Devices

Over on his blog, Gough Lui has posted about his experiences with decoding various ASK/OOK devices on the unlicenced 433 MHz ISM band using an RTL-SDR and the command line program rtl_433.

Gough shows how he was able to receive and decode the data from an Aldi weather station device and a wireless doorbell transmitter. He also was able to modify the rtl_433 code slightly to produce a CSV log file of the temperatures that were received and decoded from the weather station.

rtl_433 output of the weather station
rtl_433 output of the weather station