Sniffing Chinese wireless 433 modules

In an attempt to get some really nice Cheap wireless led-drivers I decided to buy some of these 433mhz transmitters:

led_remote_433mhz-ebay

Thinking I could sniff-out the protocol, and use these babies a s a nice ultra-cheap home-automation node.

So after taking apart the remote and wireing up the led (yes, those Chinese guy’s are awesome!, they wired a led on the antenna input, so sniffing out the signal (without noise) was peanuts). They probably replace the blue (why always blue leds in cheap Chinese stuff), with an IR version in the even cheaper IR models.

Transmitter-433-inside

I could hook it up to my bus-pirate. Using this this nice tool (u must for every hacker), I can easily mimic a very low-speed logic-analyser and sample the signals:

wireless sample433-signal

As it turns-out, those signals send by the controller are UNFORTUNATLY just commands. Each command maps to a direct state, eg: 4345 means set Red do 80%.

I hoped they utilised a increase-decrease method, but they didnt…

for those still interested in using them in an MSP430 cpu (arduino will also work with minor change (2 lines)), you can checkout my driver at github: https://github.com/vinietje/LedProtocol

All credits for the original author, I just fixed the driver so it runs on the MSP430/Energia platform rather than Arduindo (for those interessted, is is the interupt-handeling that is different on the MSP in contrast to the Atmel’s atmega series.