CuVoodoo

the sorcery of copper

User Tools

Site Tools

Trace:
megacode

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
megacode [2014/12/28 19:47] – [protocol] kingkevinmegacode [2014/12/28 20:08] – [sdr] kingkevin
Line 1: Line 1:
 The [[http://www.linearcorp.com/|Linear]] [[http://www.linearcorp.com/radio_control.php|remote control]] solution from the [[http://www.linearcorp.com/radio_control.php#megacode|MegaCode series]] was used in the facility complex I was living for a short while, and I wanted to know how secure it is. Thus I reverse engineered it. The [[http://www.linearcorp.com/|Linear]] [[http://www.linearcorp.com/radio_control.php|remote control]] solution from the [[http://www.linearcorp.com/radio_control.php#megacode|MegaCode series]] was used in the facility complex I was living for a short while, and I wanted to know how secure it is. Thus I reverse engineered it.
  
-===== transmitter =====+In [[https://www.cuvoodoo.info/?post_type=podcast&p=69|episode #004]] I presented how the transmitting part works, and how to clone the radio remote controls. In [[https://www.cuvoodoo.info/?post_type=podcast&p=41|episode #005]] I presented how the receiving part works, so to record codes and analyze them.
  
-In [[https://www.cuvoodoo.info/?post_type=podcast&p=69|episode #004]] I presented how the transmitting part works, and how to clone the radio remote controls.+===== transmitter =====
  
 ==== ACT-34B ==== ==== ACT-34B ====
Line 42: Line 42:
 The PICkit2 programmer does support the PIC12F family because it's flash based. The PICkit2 programmer does support the PIC12F family because it's flash based.
 But code and data protection were. But code and data protection were.
-===== receiver ===== 
  
-In [[https://www.cuvoodoo.info/?post_type=podcast&p=41|episode #005]] I presented how the receiving part works, so to record codes and analyze them.+===== receiver =====
  
 ==== MDR ==== ==== MDR ====
Line 101: Line 100:
 The first bit frame is used as sync frame and is always a 1. The first bit frame is used as sync frame and is always a 1.
 It is followed by 20 system code bits and 3 data bits. It is followed by 20 system code bits and 3 data bits.
 +
 +===== software defined radio =====
 +
 +This signal can be recorded using a software defined radio (SDR).
 +I used the inexpensive USB DVB stick [[https://sdr.osmocom.org/trac/wiki/rtl-sdr|RTL-SDR]].
 +
 +First find the exact frequency at which the remote transmits using an FFT software, such as [[https://sdr.osmocom.org/trac/wiki/sdrangelove|sdrangelove]].
 +Use this frequency to record and demodulate the signal using [[https://sdr.osmocom.org/trac/wiki/rtl-sdr|rtl_fm]]:
 +<code>
 +rtl_fm -f 317.962M -M am megacode.pcm
 +</code>
 +The recorded data can be view in audio editing tools such as [[http://audacity.sourceforge.net/|audacity]] by importing it as raw data, 24kHz, mono, 16 bits little endian.
 +
 +The code can also be extracted using [[https://git.cuvoodoo.info/kingkevin/megacode/blob/master/sdr/decode.rb|decode.rb]]
 +<code>
 +./decode.rb megacode.pcm
 +</code>
 +This decodes the transmissions and lists the 3 bytes values.
 +<code>
 +# egdes: 0
 +# pulses: 0
 +# groups: 1 (1)
 +# transmissions: 0
 +# values: 0
 +# egdes: 1822
 +# pulses: 167
 +# groups: 9 (24, 24, 23, 13, 10, 24, 24, 24, 1)
 +# transmissions: 5
 +# values: 5
 +values: 
 +- value: 13178818 (0xc917c2), system code: 598776 (0x922f8), databits: 2 (0x2)
 +- value: 13178818 (0xc917c2), system code: 598776 (0x922f8), databits: 2 (0x2)
 +- value: 13178818 (0xc917c2), system code: 598776 (0x922f8), databits: 2 (0x2)
 +- value: 13178818 (0xc917c2), system code: 598776 (0x922f8), databits: 2 (0x2)
 +- value: 13178818 (0xc917c2), system code: 598776 (0x922f8), databits: 2 (0x2)
 +</code>
megacode.txt · Last modified: 2024/01/07 17:49 by 127.0.0.1