Hacker News new | comments | show | ask | jobs | submit login
Decoding an air conditioner control's checksum with differential cryptanalysis (righto.com)
174 points by kogir 9 days ago | hide | past | web | favorite | 13 comments





Nice writeup! I'm going to be decoding a variety of air conditioner remotes in the future so this will be a good reference.

If anyone is interested in the process of reverse engineering an infrared remote from "I have a raspberry pi and some electronics" to "I can decode and encode infrared signals to control my stuff", I have an article on that:

https://blog.bschwind.com/2016/05/29/sending-infrared-comman...

There are better ways to do what I've described there but it's a good start.


This is fantastic. It's well written and a pleasure to read, and I learned a ton along the way. I look forward to trying this when I have some downtime. Thanks for taking the time to research, write, and share it.

Thanks for reading! If you decide to do a project with IR communication, be sure to research things like signal interrupts and hardware support for generating waveforms. On the Pi I'm basically using a busy loop to decode the signal in Python. It's not too elegant or efficient but it can usually get you what you need.

A more accurate (and more efficient) approach would be to either use a microcontroller that can record timestamps during pin interrupts from the IR receiver, or use a chip that has hardware support for receiving signals. The ESP32 has a nice peripheral for sending and receiving IR signals without tying up the main processor(s):

https://esp-idf.readthedocs.io/en/v1.0/api/rmt.html

But if you just need to decode and send a few different signals and only have a Pi, my approach works well. Been using it for close 1.5 years now without any trouble.


Used your library to smarten up my window AC. Didn't notice the ESP32 RMT, I may just upgrade my current setup, thanks!

>You can see if an infrared LED is emitting light by looking at it through your phone camera

Do you or anyone else happen to know the sensitivities of phone cameras to infrared bleeding into the visible spectrum, esp under interference from the rest of the visible spectrum?


Disclosure: not an expert. IR/UV bleeding depends mostly on 3 things: sensor sensitivity, materials of and coatings on lenses, raw sensor data processing. Professional cameras are usually equipped with IR blocking filters and UV filter is "standard practice". Results can vary drastically from seeing under clothes [1] to barely registering IR lighting.

[1]: http://abcnews.go.com/GMA/story?id=126782&page=1


I don't have any hard science for you, but I have noticed that iPhones do a significantly better job at filtering infrared compared to the Android phones I own (mostly older Nexus devices). I typically use an Android to see if LEDs are emitting instead of my iPhone because it's so much fainter on the iPhone.

The photo in my article was taken with an Olympus mirrorless camera.


Coming from a statistics background, this kind of work is totally unfamiliar and very fascinating. This kind of high dimensional, complex data seems like it would admit some very interesting machine learning. And I wonder if the techniques described here could be adapted outside of cryptography for inference or other data processing applications.

This is a little scary. I'm in the middle of doing this exact same thing. Not sure if it's compatible or if I'll have to do the same thing.

Nice read, it reminds me of CrcRevEng[1], it was really useful several times when I needed to find what CRC algorithm a vendor used. The most fun was when I tried to RE disassembled function named crc_512. Turns out it was a checksum of 4 bytes.

[1] http://reveng.sourceforge.net/


Wow sounds like whoever engineered that checksum was a missy elliot fan: https://xkcd.com/153/

I wonder if you could use a machine learning algorithm, trained on the samples provided, to correctly predict the outcome of another input

Great read! Thanks!



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: