aomanchuria
commented
6 years ago basically from: 010111000010101110011010110011011110111011111000101111101010001011 the last part repeats: 11110111011111000101111101010-0010-1-1 first 1 belongs to the encrypted part, this is my serial code: 1110111011111000101111101010 the button 0010 my battery is good, and it is a repeated message so I am pressing the same button continuously for a few seconds: 1-1
I haven't been able to actually get these remotes to work. the ALEKO hardware for the sliding gate is good, but the motherboard fails all the time. They suck at motherboards. So I want to replace it with an Rpie, an RF receiver and a Pololu motor controller. So far, I can make the receiver react to my pressing the buttons, but its all garbage in the receive script. today, i decided to do some work to show the 0's and 1's and see if they indeed look like the KEELOQ description in HCS301 specs sheet. it seems like it does. I plan on ignoring the encrypted part and make my system "unsecure" because if you figure out how to open my gate, you will meet my love and comprehension (that is what I call my sledge hammer and my 20lb javelin for digging)
hope someone can use this info to create a new protocol or help me create one for Aleko keyfobs. these have a HCS301 Aleko sliding gate key fob signal analysis: 50% signal preamble = 390us ~ 400us each step = Te (matches specs of HCS301) total preamble = 9055us (a 23Te 50% cycle wave) (23Te=9200us per spec) total low after preamble = 3960us (a 10Te pause) (10Te = 10*400 = 4000 per spec) zero = 2 highs, 1 low (1te each step) one = 1 high, 2 lows (1te each step)
Some traces using piscope(ignore last bit for now since its to mark repeats): 101011111000011111110100100010101110111011100000101111101010010011<-has noise error 000111010111111100100011011010111110111011111000101111101010010011 000111010111111100100011011010111110111011111000101111101010010011
The leyend I used below doesn't sync on here, but maybe you can copy and paste to Spyder or Notepad to see the 1:1 correspontace of the 1's and 0's to the *,s,b,S etc markings my rental house keyfob: button A 100001010000000000110111001110011110111011111000101111100110010011 100001010000000000110111001110011110111011111000101111101010010011 100001010000000000110111001110011110111011111000101111101010010011 button B 010111000010101110011010110011011110111011111000101111101010001011 010111000010101110011010110011011110111011111000101111101010001011 ****ssssssssssssssssssssssssssssbbbbSS *-encrypted bits s-serial code b-button SS-status
same rental house keyfob again(d= delta, s= same as before): button A 010110110010111100110011001101111110111011111000101111101010010011 100001010000000000110111001110011110111011111000101111101010010011<-previous run dddddddddddddddddddddddddddddddsssssssssssssssssssssssssssssssssss button B 100010010000111100010100010011111110111011111000101111101010001011 010111000010101110011010110011011110111011111000101111101010001011<-previous run dddddddddddddddddddddddddddddddsssssssssssssssssssssssssssssssssss
seems like the encrypted portion ends in a 1 each time
button C 111100111010110110010000010000101110111011111000101111101010001111 111100111010110110010000010000101110111011111000101111101010001111 ****ssssssssssssssssssssssssssssbbbbSS button D 100011111011011000000011101101111110111011111000101111101010000111 100011111011011000110111101101111110111011111000101111101010000111 ****ssssssssssssssssssssssssssssbbbbSS
buttons A to D 0100 0010 0011 0001
the last two bits are for battery low in voltage and code repeated it seems that when you press the button it always repeats the same code until you depress it. Vlow is 0 at 6.6volts 1 at 13v. Confirmed that code repeat is 0 the first message, 1 the rest of the repeats.