Skip to content
/ HackaCurtain Public
forked from adligeerik/HackaCurtain

"Hack" radio controlled curtains with a SDR

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

thanht32/HackaCurtain

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits

decode

decode

 
 

decoded_data

decoded_data

 
 

gnuradio

gnuradio

 
 

plot_script

plot_script

 
 

plots

plots

 
 

script

script

 
 

send2Curtain

send2Curtain

 
 

sniffer

sniffer

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

cut_samples.sh

cut_samples.sh

 
 

decoding_short.sh

decoding_short.sh

 
 

plot_simple.py

plot_simple.py

 
 

Repository files navigation

HackaCurtain

This repo contains tools for listening and transmitting messages for the somfy curtains system. Smofy transmitts on 433.42Mhz and uses amplitude shift key for modulation (ASK/OOK), and encodes it with Manchester code.

Hardware used

  • HackRF One
  • Homemade antennas

Getting started

  • Install gnu radio companion
apt install gnuradio
  • Install osmocom (hackrf one)
git clone https://git.osmocom.org/gr-gsm
cd gr-gsm
mkdir build
cd build
cmake ..
mkdir $HOME/.grc_gnuradio/ $HOME/.gnuradio/
make
make install
ldconfig
  • Instal custom block
cd gr-trigger/build
make ../
make
sudo make install
sudo ldconfig

How to use

"Hacking"

This part is used to control a curtain

When the address is known run hack_roll_code.py, it will run through the rolling code with an interval specefied. Example with command 2 (up) address 985e5c and invervall of 50 for the rolling code:

python2 hack_roll_code.py -c 2 -a 985E5C -s 0000 -i 50

hack_roll_code.py calls top_block_transmit.py and generates a new test code every second and transmit it untill the next code is made. Depending on how large the rolling code is it will take between a few seconds upp till 15 minutes to "hack" a curtain.

Sniffing

This part is used to listen to other curtains and decode the messages they contain

In the folder sniffer/, run python top_block_sniffer.py, it will listen on 433.42Mhz and save one second of samples when it is triggered. The script saves samples in the same folder with extension ".dat". To decode the samples run ./sniffer.sh 2> /dev/null, the script calls the decoder_man.py and pipes the output from the python script in to "log.txt". In the log file the decoded messages will be displayed with as rolling code, address and command.

Scripts

scope.grc

Records on 433.42Mhz processes it with a threshold for high and low. Then saves it

decode_man.py

Takes the recorded file and decodes the Manchestercoding, then de-obfuscation and check the checksum

manchester_encoding.py

Obfuscation the message calculates the checksum and encodes the message with Manchester and adds the preamble

synt_v2.grc

Sends a message on 433.42Mhz

Results and plots

With this code we mananged to hack (our own) curtains to move up and down, we manage to control them from the ground about 100 meters away, and that with just a hackrf on and some (allot of) time :).

Recorded message with decoded edges (stars)

Recorded message with decoded edges (stars)

Recorded message over time

Recorded message over time

Comparison between different remotes, up/down

Comparison between different remotes, up/down

About

"Hack" radio controlled curtains with a SDR

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 98.7%
  • Shell 1.3%