element14 Community
element14 Community
    Register Log In
  • Site
  • Search
  • Log In Register
  • Community Hub
    Community Hub
    • What's New on element14
    • Feedback and Support
    • Benefits of Membership
    • Personal Blogs
    • Members Area
    • Achievement Levels
  • Learn
    Learn
    • Ask an Expert
    • eBooks
    • element14 presents
    • Learning Center
    • Tech Spotlight
    • STEM Academy
    • Webinars, Training and Events
    • Learning Groups
  • Technologies
    Technologies
    • 3D Printing
    • FPGA
    • Industrial Automation
    • Internet of Things
    • Power & Energy
    • Sensors
    • Technology Groups
  • Challenges & Projects
    Challenges & Projects
    • Design Challenges
    • element14 presents Projects
    • Project14
    • Arduino Projects
    • Raspberry Pi Projects
    • Project Groups
  • Products
    Products
    • Arduino
    • Avnet Boards Community
    • Dev Tools
    • Manufacturers
    • Multicomp Pro
    • Product Groups
    • Raspberry Pi
    • RoadTests & Reviews
  • Store
    Store
    • Visit Your Store
    • Choose another store...
      • Europe
      •  Austria (German)
      •  Belgium (Dutch, French)
      •  Bulgaria (Bulgarian)
      •  Czech Republic (Czech)
      •  Denmark (Danish)
      •  Estonia (Estonian)
      •  Finland (Finnish)
      •  France (French)
      •  Germany (German)
      •  Hungary (Hungarian)
      •  Ireland
      •  Israel
      •  Italy (Italian)
      •  Latvia (Latvian)
      •  
      •  Lithuania (Lithuanian)
      •  Netherlands (Dutch)
      •  Norway (Norwegian)
      •  Poland (Polish)
      •  Portugal (Portuguese)
      •  Romania (Romanian)
      •  Russia (Russian)
      •  Slovakia (Slovak)
      •  Slovenia (Slovenian)
      •  Spain (Spanish)
      •  Sweden (Swedish)
      •  Switzerland(German, French)
      •  Turkey (Turkish)
      •  United Kingdom
      • Asia Pacific
      •  Australia
      •  China
      •  Hong Kong
      •  India
      •  Korea (Korean)
      •  Malaysia
      •  New Zealand
      •  Philippines
      •  Singapore
      •  Taiwan
      •  Thailand (Thai)
      • Americas
      •  Brazil (Portuguese)
      •  Canada
      •  Mexico (Spanish)
      •  United States
      Can't find the country/region you're looking for? Visit our export site or find a local distributor.
  • Translate
  • Profile
  • Settings
Personal Blogs
  • Community Hub
  • More
Personal Blogs
Gough Lui's Blog 433Mhz Reverse Engineering Part 2 - Burning Questions are Answered
  • Blog
  • Documents
  • Mentions
  • Sub-Groups
  • Tags
  • More
  • Cancel
  • New
  • Share
  • More
  • Cancel
Group Actions
  • Group RSS
  • More
  • Cancel
Engagement
  • Author Author: Gough Lui
  • Date Created: 13 Apr 2016 10:00 AM Date Created
  • Views 954 views
  • Likes 3 likes
  • Comments 7 comments
  • ook
  • 433.92mhz
  • security
  • remote control
  • radio
  • 433
  • remote
Related
Recommended

433Mhz Reverse Engineering Part 2 - Burning Questions are Answered

Gough Lui
Gough Lui
13 Apr 2016

I couldn't help but wonder, based on the previous posting and the discussion, exactly how did the 1 million combinations come about? Also, what are the functions of the fixed bits? Are they fixed pre-amble as my experience would suggest? Are there more hidden channels in the equipment than are used by the senders and that I know of? Can it cope with over-speed transmissions, shortened repetition delay times, less repetitions?

 

I embarked on a journey of "knowledge" by building myself a generic 433Mhz ASK/OOK transmitter that took a string of the following variables:

zero pre-low (us), zero high (us), zero low (us), one pre-low (us), one high (us), one low (us), delay (us), repetitions, data

 

I figured that, by using these timing variables, almost all my ASK/OOK fixed code protocols can be represented, thus a serial to ASK/OOK "universal" bridge was born. This was used to probe the switches and find the truth.

 

The answers are in my blog post at http://goughlui.com/2016/04/13/reverse-eng-pt-2-watts-clever-easy-off-wsmart-box-es-aus1103/

  • Sign in to reply

Top Comments

  • mcb1
    mcb1 over 9 years ago in reply to Gough Lui +1
    I never tried the 'fixed' bits as there were plenty available for the purpose. It was found that bit 25 , namely the last fixed bit, appears to be a do-not-care bit. No matter whether it is 0 or 1, regardless…
  • mcb1
    mcb1 over 9 years ago in reply to Gough Lui +1
    I'm guessing it wasn't entirely inexpensive? No it wasn't. Not sure if it was old stock when we brought it way up at Coloundra a few years back. Looks like they might have these http://www.bunnings.com…
  • mcb1
    mcb1 over 9 years ago in reply to mcb1 +1
    A little more searching found these useful links Reverse engineering the RF protocol on a Kambrook Power Point Controller - BeyondLogic Kambrook Remote Power Outlet & Arduino - working https://discuss…
  • mcb1
    mcb1 over 9 years ago in reply to Gough Lui

    because we now require double-pole switching

    That is the most stupid legislation to be enacted.

     

    Now they have created a potential death trap.

    You switch off the appliance assuming it to be off, when in fact the phase part of the switch is stuck on and the whole thing is live.

    It appears to be off because the neutral is gone.

     

    Sorry but some things are just not right when we have mains voltages tied to ground.

     

    Mark

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • Gough Lui
    Gough Lui over 9 years ago in reply to mcb1

    I suppose the Kambrook is not too hard to emulate even with my "universal" 433Mhz ASK bridge code, as the signal formats and rough timings for zero/one symbols are known which is a good thing.

     

    Not game to go out and fill the house with lots of various different devices, but it's good to see it's getting more inexpensive by the day. Less people DIYing their own is definitely a good thing. Makes me wonder how the Sonoff/Slampher stuff mentioned a while back would compare - their drawcard was price, but that's being quickly eroded. I wonder if they are truly rolling code type control ... or whether it's another fixed code system.

     

    I also found out that the switches I have can't be sold in NSW after 28th April because we now require double-pole switching, which is sure to impact on lots of products requiring at least a DPST relay, where most products, even branded ones, only currently switch the active with a SPDT/SPST relay. Other states are apparently allowed to run-out their existing inventories but are not permitted to import any more single-pole switching devices.

     

    - Gough

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • mcb1
    mcb1 over 9 years ago in reply to mcb1

    A little more searching found these useful links

    Reverse engineering the RF protocol on a Kambrook Power Point Controller - BeyondLogic

     

    Kambrook Remote Power Outlet & Arduino - working

     

    https://discuss.ninjablocks.com/t/remote-power-points-in-au/152

     

    So I might need to look at some alternative versions next week ...image

    • Cancel
    • Vote Up +1 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • mcb1
    mcb1 over 9 years ago in reply to Gough Lui

    I'm guessing it wasn't entirely inexpensive?

    No it wasn't.

     

    Not sure if it was old stock when we brought it way up at Coloundra a few years back.

     

    Looks like they might have these

    http://www.bunnings.com.au/arlec-remote-control-power-outlet-3-pack_p4331240

     

     

    I found this while searching if they are still available.

    Might help someone with a RPi they want to use to automate.

    Controlling Kambrook Wireless Outlets using an... - Addicted to Pi Tech Blog

     

    Mark

    • Cancel
    • Vote Up +1 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • Gough Lui
    Gough Lui over 9 years ago in reply to mcb1

    I don't think my versions were available with Night Light, as the SMART Box it comes paired with always sets the bit to 1. That being said, either zero or one actuates the main relay, so I would suspect if it was for night-light, it probably shouldn't have the same effect (i.e. toggles a not-connected output instead).

     

    Interesting - I've never even realized Kambrook had this 4 banks x 5 channels system, although I can't find it from my local Bunnings, I'm guessing it wasn't entirely inexpensive?

     

    - Gough

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
>
element14 Community

element14 is the first online community specifically for engineers. Connect with your peers and get expert answers to your questions.

  • Members
  • Learn
  • Technologies
  • Challenges & Projects
  • Products
  • Store
  • About Us
  • Feedback & Support
  • FAQs
  • Terms of Use
  • Privacy Policy
  • Legal and Copyright Notices
  • Sitemap
  • Cookies

An Avnet Company © 2025 Premier Farnell Limited. All Rights Reserved.

Premier Farnell Ltd, registered in England and Wales (no 00876412), registered office: Farnell House, Forge Lane, Leeds LS12 2NE.

ICP 备案号 10220084.

Follow element14

  • X
  • Facebook
  • linkedin
  • YouTube