mightymos / RF-Bridge-OB38S003

Alternative firmware for the OB38S003 and EFM8BB1 microcontrollers present in Sonoff radio to wifi bridges.
BSD 2-Clause "Simplified" License
39 stars 3 forks source link

Advanced bridge commands sniffing/bucket #11

Open zd3sf opened 1 month ago

zd3sf commented 1 month ago

Advanced commands that Portisch firmware uses (advanced sniffing , stop advanced sniffing, bucket transmit, bucket sniffing) are not available for OB38S003. It would be great if they can be implemented because they work well with ESPhome RF bridge component

Bridge: Sonoff RF bridge 2.2 (white) RF chip: main_rcswitch_OB38S003.hex (Jul 02) ESP: esphome 2024.8.3

zd3sf commented 1 month ago

Specifically commands 0xB0 and 0xB1 are very important for variable timing protocol. It would be greatly appreciated! And I can donate an RF bridge if you want!

mightymos commented 1 month ago

It is unlikely that I would work on this, mainly because it's uncertain how successful the effort would be. I was able to get a fork of Portisch to compile using the SDCC compiler for the original EFM8BB1 (black sonoff case): https://github.com/mightymos/SonOfPortisch Porting over to the OBS38S003 would be possible but would require more abstraction in the code.

But even for the port I had to remove support for protocols/features so that code and ram memory were not over capacity. And the compiler does not give much information when it goes over capacity and so it makes development difficult.

Possibly more to the point I really still do not understand how the bucket sniffing works. I did learn more about different microcontroller architectures and compilers but the rcswitch decoding is much more straightforward to understand (i.e. basically just measuring and comparing timings using hardware capture module).

For decoding truly unknown radio protocols, people seem to prefer other projects: https://github.com/merbanan/rtl_433 https://github.com/NorthernMan54/rtl_433_ESP

The cost of that hardware or a USB RTL SDR is probably comparable.

mightymos commented 1 month ago

You can also use the pass through firmware or hardware hack bypass along with ESPHome which supports raw decoding. However, I can't be sure how well it works but it appears to be available: https://esphome.io/components/remote_receiver.html

zd3sf commented 1 month ago

Thank you for your effort in the development. The difficulties of developing firmware are understandable. I have tried the passthrough mode first and I was able to capture some raw data, but none of which was complete or useful as the signal was drowned in raw dumps. No matter the settings, the output was just drowned in a insane amount of data, none of which can be attributed to any of my devices. I am still trying to understand how the parameters below can be tweaked, but hours passed and no luck, and I reverted to rcswitch.hex firmware.

tolerance: 60% filter: 10us idle: 5ms

If there is renewed interest in pursuing bucket sniffing, please let me know. For now, i'd really like to thank you again for your efforts.

mightymos commented 2 weeks ago

I'm still running into issues with the Portisch port, but am looking into it again. I am able to get output using standard decoding and sniffing.

I am not sure that the sniffing output is correct/useful because I think it's reporting 4 buckets, but there should only be 3. However, can you decode this 0xB1 result with the tool and tell me the result?

AA B1 04 01 9A 03 8E 00 FA 27 D8 38 18 19 29 28 19 28 19 28 19 29 29 28 18 19 28 18 18 18 18 19 28 19 28 18 55