search

flipperdevices / flipperzero-firmware

Flipper Zero firmware source code
https://flipperzero.one
GNU General Public License v3.0
12.7k stars 2.7k forks source link

[Sub-GHz] Request support for gate remote: 318Mhz, AM, static code #3920

Open frifox opened 2 weeks ago

frifox commented 2 weeks ago

Mighty Mule gate opener remote. Sold at Home Depot.

  1. Frequency: 318 Mhz
  2. Modulation: ASK/OOK
  3. Static code
  4. Signal dumps for 3 remotes + 1 car:

FCC: I6H-MMT103

pcb_front

pcb_back

front

back

frifox commented 1 week ago

Updated first post with new trimmed dumps, made with Universal Radio Hacker. The signal is repeated for as long as you hold down the button.

Short bit can be anywhere between 750us - 950us.

Bits:

car button        = 010101010101011010101010101010010110101010011001010101010110101010011010101010100110

remote 1 button 1 = 010101010101011010101010011001100101010101010110010101100101101010011010101010101001
remote 1 button 2 = 010101010101011010101010011001100101010101010110010101100101101010011010101010100110
remote 1 button 3 = 010101010101011010101010011001100101010101010110010101100101101010011010101010100101

remote 2 button 1 = 010101010101011010101010011010100110100110101010100110100110101010011010101010101001
remote 2 button 2 = 010101010101011010101010011010100110100110101010100110100110101010011010101010100110
remote 2 button 3 = 010101010101011010101010011010100110100110101010100110100110101010011010101010100101

remote 3 button 1 = 010101010101011010101010100110101001011010100110011001101001101010011010101010101001
remote 3 button 2 = 010101010101011010101010100110101001011010100110011001101001101010011010101010100110
remote 3 button 3 = 010101010101011010101010100110101001011010100110011001101001101010011010101010100101

Then, if I assume manchester IEEE802 encoding, signals seem to consist of:

Decoded:

car button        = 111111100000 000110000101111110 0001000000 10

remote 1 button 1 = 111111100000 101011111110111011 0001000000 01
remote 1 button 2 = 111111100000 101011111110111011 0001000000 10
remote 1 button 3 = 111111100000 101011111110111011 0001000000 11

remote 2 button 1 = 111111100000 100010010000010010 0001000000 01
remote 2 button 2 = 111111100000 100010010000010010 0001000000 10
remote 2 button 3 = 111111100000 100010010000010010 0001000000 11

remote 3 button 1 = 111111100000 010001100010101001 0001000000 01
remote 3 button 2 = 111111100000 010001100010101001 0001000000 10
remote 3 button 3 = 111111100000 010001100010101001 0001000000 11
Skorpionm commented 1 day ago

You decrypted almost everything yourself. What's wrong with this protocol's reception in binraw?

frifox commented 1 day ago

Protocol works well via Read Raw. Main goal here is not to just replay, but have SubGhz detect/parse the protocol and display DeviceID/ButtonID as plain-text.

For me, there are 2 reasons for that:

  1. Help with switching car's remote to proper protocol before going to the gate opener to pair it.
  2. I think it just too cool when you can simply "read" the remote without parsing raw dumps.

For #1, most of my cars come with remotes that support multiple protocols. You have to press+hold each button to switch to next supported protocol and hope it matches your gate opener. If I can use flipperzero/subghz to confirm car remote is switched to proper protocol and is transmitting properly, that would save a ton of time having to constantly run between the car and the gate opener after every protocol switch, for each button, hoping you've matched up.