EEVblog #506 - IR Remote Control Arduino Protocol Tutorial

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi in a previous video I showed a very rudimentary hack of one of these infrared learning remote controls and how you could hack in and directly drive one of the buttons which can pre-program from something like an Arduino microcontroller or anything else it could be some other external switch or some other external circuitry and that was incredibly simple and rudimentary hack but there are quite a few people who wanted to know how to do that directly from a microcontroller like an Arduino for example itself instead of having to hack a remote control why can't we just can we just put an infrared LED on one of the output pins of the microcontroller and transmit the code directly well yes we can do that and it's not entirely difficult at all so that's what I'm going to show you today how we're actually going to receive a code from my Canon wld 89 remote control for my video camera here and how we're going to capture that on our oscilloscope and then program it into this Arduino now there are of course many different ways to skin this cat I mean you don't have to use an oscilloscope like we're going to use today you could use a logic analyzer like this Sayle logic analyzer or you could use the Arduino itself for example you can get libraries that actually read in infrared code from an infrared receiver and play it back we've got a in for us be dangerous prototypes USB infra red toy IR toy here which were actually going to be using to capture the data but that can stream it to a PC and then you can analyze the data on the PC and know exactly what it is and you can get all sorts of open source libraries on the PC to do that you just hook up an infrared receiver to it and there's you know many many different ways to do this but we're going to do it the old-fashioned way we're going to actually get our digital scope and we're going to capture the waveform coming out of the IR receiver we're going to get the individual bits from it and timing and then we're going to program that into our microcontroller so that then we can spit out the IR code now there's two devices you can actually use to receive the infrared code from the remote control one is just your basic art photodiode infrared photodiode /up photo transistor and they can either come in to lead or three lead configurations like this one here and these are fairly art limited devices but what they allow you to do is to get the actual raw carrier frequency out of the infrared remote control as we'll see but there's also these other three pin devices which are these proper infrared receiving modules and they've actually got circuitry in there that are decode and D modulate the carrier frequency and give you a direct data out and we'll see this on the oscilloscope in a second so the good thing about this USB infrared toy we can actually probe both of these sensors and see the different types of data coming out now the good thing about these little light infrared modules is that you pretty much never have to buy them because you should have them in your junk bin because pretty much any bit of that surplus consumer gear for example I've got a set-top box PVR when I was PVR recorders here and if you you know any old bit of gear an old CD player or anything that you salvage will have one of these in it check it out rip it out reuse it not a problem and just be aware that there are different carrier frequency modules but the most common type that you're going to deal with is the 38 kilohertz carrier frequency and will actually be able to measure that because we will be getting the raw data carrier data out of this start photodiode here okay we're going to use our oscilloscope to capture first of all on channel 1 here we're going to capture the output data from the IR module so this is the one that has the demodulator built in it'll take out the carrier frequency as you'll see and we'll just get the raw 1 0 data out of it now what you want to do this is a 5 volt one so you want to set it to one volt per division roughly let's put it down here you want to set it maybe 50 milliseconds per division a fairly you know slowish time base so we can capture the entire packet and the zooming later and this is where an oscilloscope with a deep memory is going to come in so you know you don't want to use an old-school oscilloscope with you know 2k of sample memory or something like that a nice good deep memory scope especially if you're capturing more than one packet so we'll take a look at that but here we go I've got my infrared remote control I'll get channel one hooked up to the output of that IR module which you can salvage from any bit of gear you want and I'm going to push my start/stop button which is the one I want to capture and bingo there it is we've captured that I had it set to what single-shot mode of course triggering needs are somewhere in the middle there and let's there it is and we can zoom in you can see the data coming out of that bingo we've captured that packet now look what happens if I do that again and I press the button for a bit longer hold it down for a bit there we go look we actually captured five packets there because if you hold down the button it will continually send the packet and then your product that you're actually you know pointing this out can actually decode that you've pressed that button for like your three seconds or something like that for example like a to go into the playback mode on my video camera I've got to push this button here for like three seconds hold it down and then it will go into playback mode so it just sits there counting those packet decodes them and counts it and it knows I've pushed that for three seconds now as you can see here the output of the module is normally high and then it goes low like this so we're getting a zero out of that but what that means that zero is that it's actually receiving because it's a logic low output when it receives a carrier frequency we'll see this in a second when we probe our photodiode directly so there's that means that the infrared when this is low when our signal is low it means our infrared lead is transmitting so when we decode this data and program it in to our microcontroller decode the ones and zeros a zero here it means switch on the LED at the carrier frequency rate and likewise when we've got a logic one up here then that means the lead is switched off it's receiving nothing now what I'm going to do is switch on channel two here and I've got channel two hooked up to the other the phototransistor down there which is going to give us the direct data from the transmitter here and of course we still got channel one hooked up to our infrared module there so here we go I'm going to press the same button again and we'll capture that data packet there we go so as you can see channel 2 here from that infrared photo transistor there's a big block there and what that is is the carrier frequency we can zoom in on that see it's practically identical and almost lined up as we'll see so let's zoom in on that so let's move our position over here and zoom in on that first bit it goes low bingo there's our carrier frequency and if we check out our frequency down here it's decoded that there you go thirty eight point four kilohertz it's going to vary it's not going to be spot-on but it's roughly that thirty-eight kilohertz carrier frequency so when we program that into our microcontroller we need our microcontroller to not just go low and turn on the lead or go high and turn on the lead it needs to generate that 38 kilohertz carrier frequency for that amount of time you'll notice it's done exactly the same thing over here exactly the same carrier frequency and you'll also note that the this blue waveform here is the raw data coming out of our trends infrared transmitter here so you can see that it starts transmitting it takes a few cycles for that infrared receiver module to actually decode that and then give our low output and it extends past there as well but it's basically the same time period as that whole packet there so there's just two ways at looking at the same data so it doesn't matter where view whether you've got just a photodiode photo transistor or whether or not you've got one of the proper arm infrared receiver modules if you've got just got the module here just assume that the carrier frequency is in there when that's low and when it's high you get nothing and if you've got the carrier frequency if you just got the infrared diode well you can just decode it exactly the same way you notice the time of our burst there we're on 50 microseconds per division is just over five hundred and fifty microseconds so we can get that exact value it doesn't have to be absolutely spot-on but it should be close so we'll measure that as accurately as we can and I've used both my cursors there and I'm measuring 562 microseconds for that burst and you'll notice that the dead period there where it's a well high but it's actually switched off is exactly the same 562 microseconds now you could be mistaken for thinking that these are individual 1 0 1 0 bits in here and then you've actually got three zeros here because if you actually go in there and measure it this period here is actually yes it is precisely three times that length there so you might think it's 1 and then 0 0 0 but that's not the case because I happen to know that this thing looks precisely like the Japanese protocol or sometimes better known as the NEC protocol now the unusual thing about the NSC protocol is it doesn't have a fixed bit link for both 1 and 0 it actually changes between those so let's take the example of like it's ordinarily high so let's say the start of the bit is here it goes low for that one will to call that one time period there then it goes back high like that and that represents a zero but a one is represented by it going low like that for that one time period and then going high again for three time periods like that so that in there so that from there to there is a zero and from there to there is a one so it's quite unusual but that's the NEC protocol and you don't have to think of it like that of course we if you're actually programming this into your microcontroller then you could think of it as you note one zero one zero zero zero if you really wanted to but and you could actually program it and implement it successfully that way but that just wouldn't be the correct way to do it because what we're going to find here is that in the total of all this we're going to actually have four bytes for a total of 32 bits now of course to decode that on your scope some scopes of course have serial protocol decoding but I have never seen one that actually has the NEC protocol built in and if you're a scope or your logic analyzer or whatever happened to have a custom protocol decoder for example then you might just be able to set that up to actually decode it and turn those different time lengths periods into zero and ones for you and spit out that full byte code that the NEC control code actually has but we don't have that capability here so we're just going to decode this manually so what we can do is go in here after our idle period and that's the start of our first bit there and we can see that that first one is a one because it's one time period with three blink time periods after that so that's a 1 1 and then 0 0 0 0 and that's called our pulse length encoding technique so we can go in there and just manually decode these not a problem whatsoever and we should get total out of that for different bytes and I've gone through and manually decoded that and this is what we get we get our 4 8-bit bytes there and the first two bytes are the address so there we go it sends those then it sends the command here and then the inverse of the command like that so you should if you've decoded it right this last byte should be an inverse of that one and that's exactly what we see on a bit by bit basis so now we've got this data we can program it into our micro Beauty now to throw a real spanner in the works something like the Philips rc5 IR protocol for example each time you press the key it can actually toggle that bit each time so what I'm what I've setup here is I've captured this waveform and there's that I've stored it as a reference waveform here so now I'll press it again and see if we get get an identical waveform let's have a look does it look identical it does so do that one more time no we don't have any toggle bit so it looks like it repeats the exact same code every time you've just got to be careful there otherwise are you know that could really ruin your day and changes the equation on how you're going to write your IR Driver and stuff like that and here's the source code the sketch I've written for this yeah I could have just used and off-the-shelf library IR code library some of them are quite simple some are quite complex there are a lot out there that's to support the NEC protocol we're actually after and a lot of them are complete ones that receive codes and do all sorts of stuff but I wanted to write my own because well that's the spirit of this thing and as it turns out it's very very simple so I wrote it from load the source code for this from a link down below the video here so I'll be very brief on this I've set up my lead and my infrared LED on that pin you can just define which pin of the Arduino you've got I've got my bit time 562 microseconds as we saw on the oscilloscope and then I define the infra red code that I want to send in this case it's that four byte 32-bit code that we retrieve reverse-engineered from the oscilloscope so then in binary form I've got it as one big 32-bit word there so that's all set up you could have multiple codes for any command button that you wanted to send this one is just the reverse-engineered code for my Canon remote control record stop record button and then I've got a simple setup routine here that just sets up the pin as an output for the LED and then it switches the lead off to start with and I've got two simple routines and that's the entire code right there just in those two routines almost fit on that one screen a couple of dozen lines of code first one is the ir carrier and that generates 38 kilohertz carrier frequency all you do is pass at the time in microseconds that you want the carrier frequency to go for and then it just goes through a for loop and turns the lead off and on they're not a problem at all now it's got to divide that past time by 26 microseconds here because 26 microseconds is roughly the in of the 38 kilohertz carrier frequency that we got and then all it does is it sets the turns the LED on for half that period or 13 microseconds and then turns it off for 30 microseconds and it repeats as long as it needs to and then we've got another routine which sends the 32-bit code so users pass at the code here as a long 32-bit long value and then we have the let generate the leading pulse here as we saw on the oscilloscope nine nine thousand microseconds we turn the carrier on four that's nine milliseconds and then we turn the carrier off for 4.5 milliseconds there so it's we've generated our leading pulse and then all we do is we go in a for loop here and we send out all of our 32 bits or four bytes in sequence I'm just doing that using a mask here so I'm just masking the most significant bit and then shifting it one bit at a time at the end of it that's why I did it as a 32-bit word it's just easier that way then say for individual bytes saves a few lines of code and then of course are we well we start out by generating the one bit time 562 microseconds the carrier frequency and then we have to determine via that masking if our current bit is a high or a low if it's a high then of course we have to wait the three bit times dead time to signify a1 in the NSE protocol but if it's a zero then we only have to wait one extra bit time very very easy and that's it it just repeats for all 32 bits and one thing I forgot to mention on the oscilloscope capture is I also noticed a stop bit at the end of it so it was actually had a 33rd bit on there just a stop bit of one bit time so I've added that in there at the end and then I've just got a main routine here all it does is cause the setup defines the pins and then it sends my infrared code to switch the record mode on my camera on it waits five seconds and then I send the code to stop recording easy and no surprises forgetting it didn't work for us go no it wasn't Murphy's Law as a matter of fact I kind of expected it to possibly not work first go and I'll show you why so what I've done is I've hooked up a my logic analyzer here because to analyze something like this we really need to look at that code output you can do it on an oscilloscope orbital logic analyzers easier we can capture it here now hooked up my Sayle logic analyzer to the LED output I'm going to sample at eight megahertz here more than fast enough one Meg samples good enough and negative edge trigger here so we'll start this and I'll press my reset button on my Arduino I've already downloaded the sketch and looky what we have here we have our code that's exactly the same as what we saw on the oscilloscope and if we go in here we can look at that carrier frequency of the leading pulse there and if you have a look on the right-hand side I can't move my cursor over but it says the pulse width is 16.8 microseconds and the frequency is twenty nine point nine kilohertz nowhere near the 38 kilohertz that we actually need no wonder it doesn't work why well it's up I'm pretty obvious and those people who are experienced with these sort of things probably already know because in my timing loop here my IR carrier loop I've assumed that's 26 microseconds okay I've rounded that down near enough to generate the loop timing in here that's not going to be a real major issue the major issue here is this delayed microseconds you see it's got 13 so we're expecting to get 13 microseconds delay but look we don't we get sixteen point eight so there's another what a three point eight microseconds or there abouts added to that so it's not thirteen microseconds it's sixteen point eight but why because well let's assume that the delay microseconds routine is fairly accurate okay so I'm going to be absolutely you know spot-on but it's going to be near enough what's taking all the time well the only other code in here is this digital write routine and this digital write routine does actually take time in this case it takes a couple of microseconds to execute and this far two ways to do it but we're just using the digital write routine because that's the basic way in the Arduino so let's compensate tweak this thing I am holding my tongue at the right angle and let's take that's let's knock that you know three or four microseconds off let's change that to nine microseconds and let's upload that we've uploaded we can go back in here we can start this again go run run our dueƱo is running oops it's already captured up because I've got an auto start routine in there and you'll notice that the timing is different look at this twelve point seven five microseconds now and we're close to our 38 kilohertz we're now thirty nine point four kilohertz and as I said you don't have to be spot-on but that's going to be near enough and as it turns out this now works and sorry about the audio and video quality now I'm at home actually doing this I don't have my main camera so I'm shooting on my old compact it's not and well yeah it's not going to be very good anyway I have my Canon camcorder here I've got my free Tronics 11 down here I've got an infrared LED hooked up and pointed to it for a 220 ohm dropper resistor and if I press the reset button here it should start recording and then five seconds later should send the code again to switch it off so let's give it a go bingo started recording and it won't quite go to five because it took a second or two that boom but there you go works a treat and just a small trap for young players here with any sampling system like this the resolution is going to be dependent upon your sample rate now we're sampling an eight megahertz here and you'll notice that it's over on the right hand side there it's saying the pulse width is giving us that to three decimal places or one nanosecond resolution well that's obviously complete it's saying it's twelve point eight seven five microseconds it's not possible to get one and a second resolution on that but eight megahertz is more than good enough to get the timing requirement for this particular application but let's resample that at say a lower rate of 500 kilohertz now if you invert file let's start that capture it and here we go and if you invert 500 kilohertz of course you get our two microseconds you'll notice that there we go it's jumping between two and fourteen microseconds but it's still showing two decimal places beyond that that's the software not knowing what it's doing and this might be tricking you into thinking that pulse width is precisely 14.00 microseconds when it's not your resolution isn't good enough to determine that in this case this really isn't quite good enough for this particular system it's almost in the ballpark but not quite anyway just be aware of that trap for young players so that's it very very simple to write your own code reverse engineer a protocol you don't even need an oscilloscope you can do it using very simple and basic tools a PC or whatever so no complex test equipment required here to reverse engineer that NEC protocol and you know not much work at all very very simple so I hope you enjoyed that there are lots of stuff involved in this Scylla scopes reverse engineering and then we had a little a fail there in our source code and tweaking some logic analyzer stuff it's all happening fantastic so if you liked the video please give it a big thumbs up and as always if you want to discuss it jump on over to the eevblog forum and no correspondence will be entered into on the source code thank you very much catch you next time you you
Info
Channel: EEVblog
Views: 234,185
Rating: undefined out of 5
Keywords: infrared, ir code, remote control, arduino, arduino hack, remote control hack, hack, reverse engineering, nec protocol, rc5 protocol, bit pattern, logic analyser, oscilloscope, rigol, saleae logic, pulse length encoding, github, gist, source code, library, troubleshooting
Id: BUvFGTxZBG8
Channel Id: undefined
Length: 23min 56sec (1436 seconds)
Published: Sun Aug 11 2013
Related Videos
Using IR Remote Controls with the Arduino
DroneBot Workshop
709K
EEVblog #496 - What Is An FPGA?
EEVblog
640K
Arduino Tutorial 64: Understanding and Using the Infrared (IR) Remote to Control a Project
Paul McWhorter
52K
EEVblog #436 - Saleae USB Logic Analyser Review & Teardown
EEVblog
200K
Introduction to ESP32 - Getting Started
DroneBot Workshop
775K
#171 Arduino Guide to Infrared (IR) Communication also for ESP32 and ESP8266
Andreas Spiess
158K
EEVblog #1045 - How To Drive an LCD
EEVblog
83K
EEVblog 1439 - Analysing Veritasium's Electricity Misconceptions Video
EEVblog
457K
[001] Sigrok and Logic Analyzers
OpenTechLab
140K
#254 Infrared Remote Protocol Translator (Arduino Nano)
Andreas Spiess
36K
How to use the Atmel ATTINY10 Microcontroller
Ben Heck Hacks
504K
Arduino Tutorial 1: Setting Up and Programming the Arduino for Absolute Beginners
Paul McWhorter
1.2M
EEVblog #505 - IR Learning Remote Control Hack
EEVblog
120K
How It Works - Infrared Remote Control
Rick Osgood
176K
EEVblog 1427 - An INFURIATING Electronics Exam Question!
EEVblog
176K
Building Poor Man's Logic Analyzer with an Arduino - Reverse Engineering A/C Remote part 1
LiveOverflow
56K
Arduino Home Automation: Control Your TV, Air Conditioner, Fan, etc. with an Infrared Transmitter
upgrdman
66K
Arduino Tutorial 2: Understanding How Light Emitting Diodes (LEDs) Work
Paul McWhorter
407K
EEVblog 1442 - DON'T DO THIS!
EEVblog
116K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.