
Reverse Engineering a 433MHz Motorised Blind RF Protocol - wolframio
https://nickwhyte.com/post/2017/reversing-433mhz-raex-motorised-rf-blinds/
======
bbayer
Nice read but I would use rtl-sdr and SDR tools to reverse engineer this kind
of stuff. There are lots of good tools can be used for this purpose in SDR
community like this one:

[http://www.rtl-sdr.com/waveconverter-an-open-source-rf-
rever...](http://www.rtl-sdr.com/waveconverter-an-open-source-rf-reverse-
engineering-tool/)

------
rupellohn
Nice write-up! - I strongly recommend looking at dspectrum for those
interested in reversing these kind of devices:

[https://github.com/tresacton/dspectrumgui](https://github.com/tresacton/dspectrumgui)

"The goal of this app is to make it trivial to demodulate common RF signals,
and provide a digital worksheet for your reverse engineering efforts."

~~~
tomyws
The author identified a similar workflow for breaking down these packet
capture bits, and linked to other potential methods. I'd say his process was
an interesting read!

------
ReverseCold
This guy did it the hard way, I automated my lights in a similar way with
simple command line tools (./listen <pin> to get code and ./send <pin> to
send.)

See here: [https://home-assistant.io/](https://home-assistant.io/)

~~~
nickw444
Hey there, I'm actually the author of the linked post. Yes whilst you're right
about doing this the hard way, this wasn't really what I was wanting to do.

In the post I actually outlined that I had actually captured enough data from
a handful of remotes that I could have replayed these captures to control the
blinds (and I even had a rig set up to do this).

But that's not what I wanted to do. I was interested in working out what was
happening with these remotes and being able to generate as many arbitrary
remote codes as I wanted.

Going the step further to reverse engineer the protocol is something I did as
a learning (and fun and challenging) exercise. I've definitely picked up
skills through this process that I can apply in similar projects later down
the track.

~~~
corysama
Hey there yourself! Great article. I posted it to
[https://www.reddit.com/r/ReverseEngineering/comments/6nmu43/...](https://www.reddit.com/r/ReverseEngineering/comments/6nmu43/reverse_engineering_a_433mhz_motorised_blind_rf/)

------
j45
Nice write up! I wanted to do this in my place and have one less reason not to

~~~
nickw444
Thanks, feel free to hit me up on Twitter (@nickw444) if you happen to have
any questions :)

~~~
j45
Will do, currently have smaller 1" roller blinds so have to find the tubular
motors that fit inside of them.

Rollertrol.com carries some but they are quite a bit pricier than the full
radius ones elsewhere.

