A Guide to Using RPiTX and an RTL-SDR to Reverse Engineer and Control ASK/OOK Devices

Erhard E. has been experimenting with capturing, analyzing, reverse engineering and then transmitting new ASK/OOK signals with his RTL-SDR and Raspberry Pi running RPiTX. Erhard has written a very informative guide/tutorial (pdf) that explains how he did it for wireless doorbell and for remote control toy cars. RPiTX is software for the Raspberry Pi which allows it to transmit almost any signal via modulation of a GPIO pin. RPiTX related posts have been featured on this blog several times in the past.

First Erhard records a copy of the doorbell signal using his RTL-SDR and then views the waveform in Audacity. He then writes that you’ll need to find the waveform characteristics either manually using Audacity, or by using the rtl_433 decoder. In the tutorial he uses rtl_433 which automatically gives his the pulse width, gap width and pulse period.

Next in order to actually generate the signal using RPiTX he uses the waveform characteristics that he found out and manually creates a .ft hex file that describes the signal to be generated. Then using using the rpitx command, the .ft file can be transmitted.

Later in the tutorial he also shows how he performed the same reverse engineering process with a cheap RC car toy (forward/reverse commands only), which uses OOK encoding on the wireless controller.

The tutorial can be downloaded in PDF form here.

Showing the Pulse Width, Gap Width and Symbol Period of a signal in Audacity.
Showing the Pulse Width, Gap Width and Symbol Period of a signal in Audacity.
Tweet17
Share50
Reddit
Vote
Email
67 Shares

Related posts:

  1. Reverse Engineering and Controlling a Wireless Doorbell with an RTL-SDR and Arduino
  2. Reverse Engineering a Vintage Wireless Keypad with an RTL-SDR
  3. Creating Smart Home Automation Devices with Wireless Power Plugs, an RTL-SDR and RPiTX
  4. Reverse Engineering Radio Controlled Power Outlets with Help from the RTL-SDR
  5. Performing a Replay Attack on a Wireless Doorbell with a USRP SDR
Subscribe
Notify of
guest

7 Comments
Inline Feedbacks
View all comments
developerfromjokela
#195368

Good

0
Reply
hf2-d
#82985

Very Sad that he didn’t explained how to generate .ft files. Can’t find any tutorial on how to do that.. I wouldn’t have a problem with learning hard to achieve that, but now I’m feeling a bit demotivated and left behind.. Can maybe anybody help?

0
Reply
Ohan Smit
#82986

Like he said in the first paragraph, He assumed you have intermediate knowledge of SDR’s and the workings of RPiTx.

Instructions for your request can be found at the source of RPiTx.

https://github.com/F5OEO/rpitx

Cheers

0
Reply
Erhard E
#82990

3rd paragraph: … as well as some programming experience in order to generate the files which you’ll feed to rpitx to transmit.

0
Reply
piFUN
#82998

“These scripts create files which can be used by rpitx. Some output in IQ (like ssb) other in FT (like sstv).”

The ‘Manual’ is extremely short and does describe the output of each mode (example: ‘pisstv converts an RGB picture to an SSTV .ft file). However this tutorial does not explain how to output the .hex file as .ft file. Is there another app within this? I think it’s fair to simply explain things like this to promote knowledge. I would but I also lack the knowledge.

0
Reply
Erhard E
#83000

The hex screenshots which I placed in the document show you what the samples should look like when viewed in a hex editor. You need to write code which generates the samples at the “low level” (i.e byte level representation ). I can provide you with a java code sample if you need it.
[email protected]

0
Reply
Ohan Smit
#82975

Thanks for the guide sir.

Works like a chime… erm charm 😀

Keep up the good work

0
Reply