Reverse Engineering Radio Controlled Power Outlets with Help from the RTL-SDR

Radio controlled electricity power outlets are outlets that can be turned on or off using a wireless radio controlled remote. Over on the blog the author has written an article showing how he was able to reverse engineer the wireless power outlets radio protocol.

The author used an RTL-SDR and SDR# to listen to the outlets wireless AM transmissions at 434 MHz. He then recorded the signal audio and then used audacity to view the waveform. By analyzing the audio output he discovered that the signal was a Non-Return-To-Zero (NRZ), pulse width modulated (PWM), Amplitude Shift Keying / On Off Keying (ASK/OOK) signal.

Later he was also able to use the RFCat USB dongle to transmit an on off signal from his computer. RFCat is an USB dongle that is capable of transmitting on 433 MHz.

RTL-SDR Software Radio used to Reverse Engineer the Wireless Power Outlet
RTL-SDR RTL2832U Software Radio Audio output Analyzed in Audacity for Reverse Engineering a Wireless Power Outlet
Remote Control Outlet Replay With RFCat

Source Hackaday

Notify of

Inline Feedbacks
View all comments