Reversere engineer an garage door remote key fob
- Can this radio protocoll be decoded in rtl_433 and is there any vulnerabilities
- Create and Flex decoder alutech.conf file based on examples from rtl_433 conf
- Create and C version and possible merge to rtl_433 devices
- Is it possibe to open grage door with an flipper
| No | Description | IC |
|---|---|---|
| Probably | Microchip HCS301 |
Universal radio Hacker (URH) recored and try to decode the data from one keypress
- It's 868,35MHz ASK alias OOK in URH
- It's a rolling message, so a simple clone is not enough
- There is an preaamble of 6 a in hex and the message is repeated 3 times for each keypres
- An Pause threshold of 10 under modulation is enough to get preamble and message to be in one message
Converting from URH to RTL Flex decoder using this asinspiration
Aftear looking at datasheet and the recorded data
- There is ~9350 us with 12 1 bit ( ~389 us)
- A break for ~4150 us
- A 1 is coded as ~370 us short signal (1x)
- A 0 is coded as ~760 us long signal (2x)
- And it's whole signal is ~ 1123 us (3x)
- Noticed previous version of chip HCS200 is here, but the code fails for some reason as 868.35 mhs picks up 72 bits instead for 66
