This week I decided to share something interesting with you folks i.e. I will describe and show a simple method to sniff radio packets, transmitted by any 433 MHz wireless sensors, keys or any other modules.
This is a very powerful method, using which I have been able to decode and hack protocols of wireless sensors manufactured by some of the world’s best companies, and have integrated them into my system. By using this technique, I was even able to unlock the radio locking system of a couple of vehicles such as Skoda and Maruthi, that communicate at 433 MHz bands.
Working Principle of this Method: The 433 Mhz receiver module detects the high-frequency radio signals and converts it to a lower frequency audio signal i.e. Less than 20 KHz, this signal is detected by our sound card and recorded to be viewed using the Gold Wave software.
Before I share the details of this approach, you will need some utilities and tools for it as described below:
– Download and install this audio editing software called GoldWave v6 from here.
– A USB based PC sound card like the one here.
– A 455 MHz RF receiver module like the one here. To be specific, as shown in Fig 1.
– A 5V power supply to power the radio receiver module or you can simply power it up from a board, such as an Arduino UNO.
– A 433 MHz RF remote used for transmitting radio packets as shown in Fig 1. You can buy it from here, this was the only one I found to be less expensive compared to others, but it serves the purpose.
Hardware Setup & Circuit Diagram
Set up the sniffing environment as shown in the above image. Once this is done, we have to test if the sound card is detected, functioning properly and is able to interact with the Gold Wave software. The below is a short video tutorial that shows how to perform this test.
Once you have tested the sound card to be working with the Gold Wave software, we can now trigger some radio packets by pressing the buttons on the RF remote key and record these packets through the sound card to view them on Gold Wave. The Fig below shows one of the 10 radio packets that were transmitted by the RF remote key.
The below is a video tutorial that shows the process and demo of how to record these packets triggered by the 433 Mhz RF device.
Once you are done with the timing analysis of the sniffed packets, you can then write the embedded software for detecting and decoding these radio packets, which is a totally different ball game. If you interested in knowing how to do this, stay tuned to Deeply Embedded by subscribing or following us ;).