Tagged: home automation

Creating Smart Home Automation Devices with Wireless Power Plugs, an RTL-SDR and RPiTX

Over on his YouTube channel ModernHam has created a video showing him using an RTL-SDR and Raspberry Pi with RPiTX to record and replay the signal generated by the remote of a wireless power plug. A wireless power plug allows you to turn an AC wall outlet on/of remotely via a remote control. Controlling them with a Raspberry Pi can be a simple way to add home automation. One example ModernHam gives is that he hopes to use RPiTX and the wireless power plugs to create a smart coffee pot that will automatically turn on at 7 am, and turn off at 9 am.

In the past we have created a similar tutorial here, but new updates to RPiTX now make this process much easier and more reliable and ModernHam's video shows the new procedure. The new process is simply to look up the FCC frequency of the remote control transmitter, record an IQ file of the transmissions for the ON and OFF buttons, and then use the RPiTX sendiq command to replay the signal. You can then use simple Linux shell scripts to create automation.

Replay Attack with Remote Plugs for Home Automation with the Raspberry PI

Reverse Engineering Honeywell 345 MHz Home Automation Sensors with an RTL-SDR

OpenHAB is an open source home automation software program which is designed to interface and manage all the various sensors and systems in an automated house. One problem however, is that many wireless sensors and actuators utilize a proprietary communications protocol that is not supported by OpenHAB.

In his home, Dan Englender had several Honeywell 5800 series 345 MHz wireless security door sensors, all of which interface using a proprietary protocol that is not yet implemented in OpenHAB. In order to get around this, Dan decided to reverse engineer the protocol and implement a decoder into OpenHAB himself. 

Dan’s four part write up covers the RF capture & demodulation, protocol reverse engineering and implementation into OpenHAB. First he looked up the frequency and bandwidth of the signal via the FCC filing information on fcc.io. Then he captured some packets from a door sensor using his RTL-SDR and GNU Radio, and then wrote a short Python program to decode the protocol and transmit the door open/closed information to OpenHAB. In the future he hopes to optimize the decoder so that it can comfortably run on a Raspberry Pi as the GNU Radio script uses quite a bit of computing power.

The final project is called decode345 and the code is available over on his GitHub.

Honeywell 345 MHz Door Sensor
Honeywell 345 MHz Door Sensor
Custom Door Sensor Status in OpenHAB
Custom Door Sensor Status in OpenHAB

[Also seen on Hackaday]


Hacking the Z-Wave Protocol with a HackRF

Z-wave is a wireless protocol that is used often in applications like smart home and industrial automation. It essentially allows various wireless nodes to connect and talk to one another within your house, using 900 MHz wireless technology. Some common examples of Z-wave node products might be wireless controlled lights, door locks, thermostats and other security devices like motion detectors.

Recently at Shmoocon 2016 (a yearly hacking and security themed conference), presenters Joseph Hall and Ben Ramsey showed how they were able to use a HackRF software defined radio and some GNU Radio based software to not only sniff Z-wave packets, but to also control Z-wave devices. What’s also interesting is that they found that encryption on z-wave devices was rarely enabled, except for five out of nine door locks that they tested where it was enabled by default.

See the full story at Hackaday and have a look at their code on GitHub.

Joseph and Ben holding a HackRF and z-wave controlled light.
Presenters Joseph and Ben holding a HackRF and z-wave controlled light.