ksmiller99
commented
8 years ago Could this be used to quickly profile new transmitters and generate (part of) a device file?
Open jynik opened 9 years ago
ksmiller99
commented
8 years ago Could this be used to quickly profile new transmitters and generate (part of) a device file?
jynik
commented
8 years ago That's kind of the intent -- accelerating the time from first TX to writing a device file. ;)
Certainly, it's not going to automatically spit out a device file, but I just wanted something a little more organized to run stats on some bit durations/intervals as opposed to manually recording & running samples through some MATLAB functions, as I had been doing in the past.
Always open to ideas!
jynik
commented
8 years ago And always open to seeing some samples from whatever you're reversing! ;)
ksmiller99
commented
8 years ago I was trying to do something like this with a bladeRF and Simulink or GnuRadio Companion, but not getting very far. I don't have any specific device in mind, but I have a collection of doorbells, garage door openers, etc. My original idea for this (school) project was to detect one transmitter, jam it before it completed, and then transmit a different message. I now think it's way over my head. I'm an old analog guy (just a technician - not an engineer) and this is my first deep look at DSP, and it's very confusing. I thought OOK would be an easy introduction but I'm really stuck.
jynik
commented
8 years ago Ah - I sent some advice your way on the bladeRF forums with those issues... we'll have you up and running soon! :) I'm actually up late now looking at some of the Cypress driver backend regressions.
I've found garage door openers and wireless temperature systems to be generally pretty simple -- those would be a good start. For both of these, you can generally get away with blindly replaying messages. (Sadly, this is the case for lock/unlock keyfobs for some $400-$600 home security systems I've seen, too.)
I'd say the first step would be to record some samples using the bladeRF-cli and get them plotted in MATLAB. Feel free to shoot me an email if you want a second pair of eyes.
ksmiller99
commented
8 years ago Thanks - that would be great! One of the doorbells is very well documented in the FCC docs - waveforms, scope plots, schematics, block diagrams, etc. I attached the FCC docs as well as the datasheet for the microprocessor mentioned in the FCC docs as being "very similar" to the one used in this doorbell. I also included a scope plot I made for this doorbell using GRC and an RTL, as well as a plot I made using MATLAB and the bladeRF-cli using the "getting started" wiki instructions. The sample rate 8Mhz and the pulse widths and frequencies match those in the FCC Circuit Description. One of my problems is that when I calculated the pulse widths from the GRC scope plot, it is off by a factor of 10. I don't think it's an aliasing problem because those would be a off by a multiple of 2 - right?
In the vein of making life easier, I'd like to see a feature that reports the duration of and time between pulses in real time and logs this information.
When the program is ended, I'd like to be able to: