Call or sms your location to

Remote Controlled Gate Opening system


433_icon_bigMany of us live in so called ‘gated communities’ which are often surrounded by fences and/or walls built to provide to all residents some sense of security and isolation or (as it will be described later) an illusion of it. The access to such places is only possible through a limited number of dedicated gates which are often electronically controlled. Since I don’t possess a car, I wasn’t given a remote control which would allow me to open any of gates that lead to my house. Although it may not seem to be very problematic for a guy who still didn’t manage to get his own ride, but whenever any friend of mine (who often do have cars) wants to drop by, then he has to park his car outside which may sometimes be very inconvenient. As you can imagine, probably the best solution for this kind of situation would be to just ask some people who administer the spot, to give me one of those ‘cheap looking’ remote controls, but hey – where’s the fun in that? And so I’ve decided to hack my way into this system

Step 1. Gather all the tools you need

Almost all of those systems that are currently available on market use RF communication. I’ve never seen a gate opener that uses infra-red or any other communication medium. Many of those make use of ISM bands which in Europe are: 433MHz, 868MHz, 2.4GHz, 433MHz being the most popular one for such purposes. To be able to monitor ongoing communication one needs to have a receiver capable of tuning to 433MHz band and recording received signals on the go. There is no better tool for the job than SDR receiver. I’m using the most popular one, bought almost for peanuts, depicted below (plastic enclosure was removed for the ‘wow!’s).

And now for the software, the one and only . User interface pretty much explains itself. Here you can see that my RTL SDR dongle pics up two FM broadcast stations around 105MHz. What’s most important: this marvelous piece of software allows you to tune into your band of interest and record baseband (or ‘received’ if you prefer) signal in *.wav file format.

So much for the reception. Now we need something to analyse incoming signals. I’ve used, as it works nicely with *.wav files produced by SDR#.

After capturing and analyzing incoming signals we will need some sort of radio transmitter that will behave just like the original remote control, and, for that matter, I’ve build my own from scratch.

Step 2. Capture

One needs to know what he is looking for, obviously. As I mentioned before jumping around 433MHz (433.82MHz to be exact, as it’s the most common SAW resonator frequency, often used in small remote controls) seems like a good idea. In my neighborhood there is quite a lot going on in that band, household weather stations, car alarms and some sensor networks activity can be observed.sdrsharp Simple yet important question arises: How can I distinguish wanted signal from all that radio chatter? Well, answer won’t be straightforward, although there are some unique features that may indicate that we are right on spot:

  • Signal strength – the closer to the gate you’ll get the stronger received signal should be. Just keep in mind that signal is not transmitted from the gate itself, but from remote control that is in use by people approaching the gate in their cars. Many remote controls produce a decent amount of RF power, so it’s possible to open the gate while still being distant. This is good, as you’ll probably won’t need to sit with your laptop and all RF tools in front of the object of your hacking, looking all suspicious and attracting unwanted attention

Here’s a screenshot of SDR# while receiving gate opening signal. (Care to know what signal is?)

audacityStep 3. Analyze

Quite a few things can be deduced from the picture above. First of all we can see that transmitter sends frames in periodic manner, and that all the frames being sent are of equal length. Small frequency drift can be observed. This leads to conclusion that transmitter does not use PLL nor any other form of hand effect (transmitter de-tuning caused by hand’s proximity) compensation. This indicates that we are dealing with some sort of cheap’n’simple circuitry. Needles to say – this is exactly what we were hoping for!

Using SDR# I’ve recorded baseband in the period during which transmission occured. Then, I’ve simply opened the recorded file in Audacity, and this is what I’ve got (after removing all moments of radio silence, etc.):

Well, look at that – a thing of beauty! Signal was so strong that I don’t even need to do any sort of processing, as one can see all the bits, 1’s and 0’s with his naked eye. We can clearly see that we are about to deal with modulation scheme – needless to say, it’s the simplest modulation of all.

Every transmitted frame was always the same – this yields to conclusion that we are dealing with one-way communication here. This is to be expected from such a sleazy system, and it’s very good news. We won’t have to understand the encoding used, as we can simply mimic transmitter’s behavior, and the gate opening system won’t even notice that someone’s messing with it.

symbols symbols2 433txsch 433tx


Share this article





Related Posts


System of internal Controls
System of internal Controls

Latest Posts
Control Systems Management
Control Systems…
The global economy has caused managers…
Applications of Control Systems Engineering
Applications…
Feedback control systems are widely used…
Closed loop function
Closed loop function
Analyze responses of a control system…
Access Control System definition
Access Control…
For example, a key card may act as an…
Programmable Automation
Programmable…
Programmable Automation Controller or…
Search
Featured posts
  • Remote Controlled heating systems
  • System of internal Controls
  • Accounting system and internal control
  • Internal control systems are
  • Internal control system in an organization
  • What are internal control systems?
  • Guidance on Monitoring internal control systems
  • Evaluation of internal control systems
  • International Journal of control Automation and systems
Copyright © 2018 l www.oliver-control.com. All rights reserved.