Reverse Engineering a RF Controlled Ceiling Fan with the RTL-SDR

Using an RTL-SDR Clayton Smith was able to reverse engineer his remote controlled ceiling fan. To do this he first used his BladeRF to determine that the remote control was transmitting a signal at 303.747 MHz. He then used a simple GNU Radio flow graph with the RTL-SDR to plot the amplitude of the signal over time which suggested that the signal was using on-off keying. From the plot he was then able to visually determine the bit pattern sent from each button on the ceiling fan remote.

Next he used his bladeRF and another GNU Radio flowgraph to replicate and transmit the the bit pattern which was able to control the ceiling fan from the PC.

Clayton notes that all this reverse engineering was done in half an hour, demonstrating the power of software defined radio.

Ceiling Fan Bit Pattern Recovered with an RTL-SDR and GNU Radio
Ceiling Fan Bit Pattern Recovered with an RTL-SDR and GNU Radio
Tweet
Share11
Reddit
Vote
Email
11 Shares

Related posts:

  1. Reverse Engineering Radio Controlled Power Outlets with Help from the RTL-SDR
  2. Reverse Engineering Radio Controlled Bus Stop Displays
  3. Transmitting DVB-T with the BladeRF and Receiving it on a RTL-SDR
  4. Reverse Engineering Bus Telemetry Data with an RTL-SDR
  5. Reverse Engineering Wireless Mobile Traffic Lights with an RTL-SDR
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments