#209 How to Hack your 433 MHz Devices with a Raspberry and a RTL-SDR Dongle (Weather Station)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hacking of 433 megahertz devices is a human right for makers because these devices usually use proprietary protocols today we will give a treat especial to a so-called professional weather station from China and enable it to send its data via MQTT then we will hack the remote control of our outdoor awning and use an ESP 32 to build a fake twin which understands mqtt and we use the most sophisticated hacking equipment you can buy for $10 plus raspberry pi you will be astonished how professional this will get gritty youtubers here is the guy with the Swiss accent with the new episode and fresh ideas around sensors and micro controllers 433 megahertz devices are everywhere these days they are cheap and because they do not need a lot of power they run for years on one battery you get sensors and actuators unfortunately most of them are closed systems and only work in proprietary configurations like that they are useless for our projects but because we are makers we will change that the process to do it is always more or less the same for sensors we have to find out the transmission standard we have to hack the protocol and we have to build a receiver which can read the messages and send them we are MQTT and for actuators we also have to find out the transmission standard and hack the protocol and then we have to build a device which understands mqtt and can create fake 433 megahertz messages to kill two birds with one stone I will show you this process by repairing our automatic awning outdoor awnings do not like too much wind because it easily destroys them this is why you can buy them with motor and remote control as well as a small way the station which sends a retract signal if there is too much wind our awning worked for years and now the wind sends her died as usual I did not find a spare part and of course the system is entirely proprietary I did not find any information about it this is why I bought a weather station which sends data to a display this device is also entirely proprietary the plan is to read the wind sensor data and create a signal for the motor if it has too much wind the plant system will have a receiver which reads the 433 megahertz messages from the weather station and creates MQTT messages these messages will be sent to my note read where I define the rules note read will then create a retract MQTT message if the wind speed is too high and send it to an ESB 32 which creates a 433 megahertz signal using one of these cheap transmitters but how can we hack these high frequency signals without expensive equipment we use a astonishing new technology called software-defined radio it enables us to read and decode any radio signal using software instead of hardware another dividend of the famous digitalization frequent viewers know that I plan to do an introduction to the topic for today we just use it we only need this tunnel and the Raspberry Pi as usual I prepared an image for your recipe if you write it to an SD card you are ready to go a special thank goes to Franck HP 9 f xq who wrote a manual for installing all the tools needed for today's hack and many more you can use this paper to install the tools either on your Linux box or in a virtual machine my raspberry image does not contain all software packages because it is too weak for the more elaborate stuff but for today's work it is perfect I know that my weather station and my owning motor use 433 megahertz this is why I use a software which is precisely made for hacking such devices it is called RTL underscore 433 and you started with this command fortunately the software knows already a lot of sensors and can decode its messages and I'm lucky that it also understands mine and it starts to display the messages and it also receives all signals from outdoor sensors of my neighborhood so if your neighbor already has a weather station you can save the money and piggyback to filter all unwanted sensors I select the make of my station like that RTL 433 only displays my messages and because our image already contains mosquito as an MQTT publisher we pipe the messages into mosquito pop using this command now we get a JSON message every minute or so here we see the message in nod rate if you do not know how to set up mosquito or no read maybe you want to watch my videos number 126 to 128 this was easy we were able to stand on the shoulders of some very skilled colleagues which shared their know-how thank you for all that effort will we be so lucky for our next step unfortunately not if I press the remote control of my owning RTL 433 does not show any message so we are on our own as with rockets we now have to fire up the second stage we have to close RTL 433 and start the universal radio hacker this tool can be used for all kinds of signals to record a signal we first have to detect the donnell and select the frequency next we press Start and press one of the buttons on the remote to create this signal then we press stop we see that the remote sends packages as long as we push the button now we can zoom into one packet and see that it consists of short and long pulses followed by gaps we save the signal and close the capture screen now we have to interpret what we captured because our signal is switched on and off it is called oh okay or on/off peeing another name for it is a s key or amplitude shift keying we select this modulation and get the universal hacker Auto detect the signal it shows us his proposed data content fortunately the remote always repeats the same code and does not change it more elaborated remotes use so-called rolling keys where keys are altered according to a cryptographic method there we do not have a big chance to get a clone working fortunately most of this cheap stuff is all so simple now we know the code of one button we do the same for all other commands and take notes the last step is to measure the times used by the signal we select a particular part of the signal and get the time hacking done next step build an ESP 32 which understands MQTT and creates precisely the required signals I used the example file of the async mqtt library as a base and added a few lines of code to generate the timing of the required signals if you have a closer look you see that it consists of short and long pulses and short and long gaps I named the short and long pulses s and L and the short and long gaps G and P the gap between signals gets the code in I discovered that I need three different signals protract extend and set the awning to manual operation you find the deafening here and here you see a small parser which reads these letters and creates the signal on pin 4 if I connect one of these cheap 433 megahertz transmitters to pin 4 I can steer the awning using mqtt commands exactly what I wanted summarized we used one of these cheap str RTL dongles together with the Raspberry Pi and a ready-made SD image to create our ultimate $10 hacking device we used our TL 433 to decode the protocol of our weather station fortunately it's protocol was known to the tool in the end we piped the weather station messages into mosquito pub and created MQTT messages these MQTT messages efficiently can be processed by a node rate next we had to hack the remote control this time the protocol was not known to RTL 433 and we had to use the universal radio hacker to decode the signal and it's timing for all needed commands then we wrote a small sketch for an ESP 32 to listen to the MQTT commands and create the signals required to move the awning as a last step AG 433 megahertz transmitter was added to create the message and send it to the awning now I only have to print a small housing for the ESP 32 and the transmitter and place it in the proximity of Wi-Fi and the awning and of course I can use the weather signals for all kinds of other things maybe you have some ideas one remark at the end I was not able to make the sketch run on an esp8266 it always crashed and I gave up I hope this video was useful or at least interesting for you if true please consider supporting the channel to secure its future existence you find the links in the description thank you bye

Info

Channel: Andreas Spiess

Views: 119,936

Rating: 4.9642782 out of 5

Keywords: greatscott, raspberry, diy, esp8266 datasheet, wemos, esp32 project, hacking, do-it-yourself, nodemcu, SRD dongle, SDR, esp32 datasheet, weather station hack, esp32 weather station, beginners, software defined radio, hobby, dongle Raspberry, esp32 tutorial, weather station, iot, projeect, lorawan, simple, eevblog, weather station project, esp32, 433mhz, electronics, hack, smart home, guide, awning, arduino, ttgo, wifi, 433, rtl-sdr, how to, esp8266, raspberry pi, remote control, rtl dongle

Id: L0fSEbGEY-Q

Channel Id: undefined

Length: 11min 16sec (676 seconds)

Published: Sat Jun 30 2018