RTL 433
来自Jack's Lab
(版本间的差异)
(→Modulation) |
(→Modulation) |
||
第33行: | 第33行: | ||
* FSK:两个不同的频率分别代表 0 和 1,FSK 信号要想准确判定是 1 还是 0 (高频率还是低频率), 总是要等几个信号周期 | * FSK:两个不同的频率分别代表 0 和 1,FSK 信号要想准确判定是 1 还是 0 (高频率还是低频率), 总是要等几个信号周期 | ||
− | * | + | * OOK:On-Off Keying,当“1”出现时接通振幅为 A 的载波,“0” 出现时关断载波。是 ASK (Amplitude Shift Keying) 振幅键控调制的一个特例 |
+ | * ASK:相当于模拟信号中的调幅,只不过与载频信号相乘的是二进制数。移幅就是把频率、相位作为常量,而把振幅作为变量。 | ||
+ | |||
+ | [[文件:ASK.png]] | ||
+ | |||
+ | 如上图所示,载波经过调制之后可以有 4 个幅度,分别为 V0=00、V1=01、V2=10、V3=11, 每一个幅度可以代表 2 个 bit,这样它的传输速率就是 OOK 的 2 倍 | ||
2022年10月8日 (六) 15:27的版本
目录 |
1 Overview
发射部分多是声表谐振器 (Surface Acoustic Wave Resonators):
常见频率 315MHz 和 433MHz
通电、信号脚为 1 就发射
发射编码部分通常用 PT2262/eV1527 编码芯片,也可直接通过程序控制发射
2 Quick Start
2.1 Modulation
OOK_MC_ZEROBIT : Manchester Code with fixed leading zero bit OOK_PCM : Non Return to Zero coding (Pulse Code) OOK_RZ : Return to Zero coding (Pulse Code) OOK_PPM : Pulse Position Modulation OOK_PWM : Pulse Width Modulation OOK_DMC : Differential Manchester Code OOK_PIWM_RAW : Raw Pulse Interval and Width Modulation OOK_PIWM_DC : Differential Pulse Interval and Width Modulation OOK_MC_OSV1 : Manchester Code for OSv1 devices FSK_PCM : FSK Pulse Code Modulation FSK_PWM : FSK Pulse Width Modulation FSK_MC_ZEROBIT : Manchester Code with fixed leading zero bit
- FSK:两个不同的频率分别代表 0 和 1,FSK 信号要想准确判定是 1 还是 0 (高频率还是低频率), 总是要等几个信号周期
- OOK:On-Off Keying,当“1”出现时接通振幅为 A 的载波,“0” 出现时关断载波。是 ASK (Amplitude Shift Keying) 振幅键控调制的一个特例
- ASK:相当于模拟信号中的调幅,只不过与载频信号相乘的是二进制数。移幅就是把频率、相位作为常量,而把振幅作为变量。
如上图所示,载波经过调制之后可以有 4 个幅度,分别为 V0=00、V1=01、V2=10、V3=11, 每一个幅度可以代表 2 个 bit,这样它的传输速率就是 OOK 的 2 倍
更多参考:
3 Build
$ sudo apt-get install libtool libusb-1.0-0-dev librtlsdr-dev rtl-sdr build-essential cmake pkg-config $ git clone https://github.com/merbanan/rtl_433 $ cd rtl_4333 $ ./do_build.sh $ cd build $ sudo make install -- Installing: /usr/local/include/rtl_433_devices.h -- Installing: /usr/local/bin/rtl_433 -- Installing: /usr/local/etc/rtl_433/CAME-TOP432.conf ......
4 分析方法
原来老方法:天使之翼遥控晾衣架分析
5 TSLA
@433.92MHz
- The button on the charge handle is pressed, the signal is repeated at 0.15s intervals for 10 times.
- The code is the same for all Tesla charge port
- The transmitter hardware is reported to be using a Si4010
- There is always 2 rows = 094aa9b38da19 and 1 row = 094aa9b38da18.
time : @0.203604s model : Tesla charge port opener count : 5 num_rows : 5 rows : len : 13 data : 0000, len : 52 data : 094aa9b38da19, len : 52 data : 094aa9b38da19, len : 51 data : 094aa9b38da18, len : 1 data : 0 codes : {13}0000, {52}094aa9b38da19, {52}094aa9b38da19, {51}094aa9b38da18, {1}0
# Tesla charge port opener decoder { name = Tesla charge port opener, modulation = OOK_MC_ZEROBIT, short = 400, reset = 1200, tolerance = 50, match = 094aa9b38da19, rows = 5 repeats = 2, countonly, }
$ rtl_433 -f 433920000 -X "n=Tesla,m=OOK_MC_ZEROBIT,s=400,r=1200,t=60" $ rtl_433 -c /usr/local/etc/rtl_433/tesla_charge-port-opener.conf
https://github.com/merbanan/rtl_433/blob/master/conf/tesla_charge-port-opener.conf
https://github.com/merbanan/rtl_433_tests/pull/392
https://github.com/fredilarsen/TeslaChargeDoorOpener
发射采用 6SC2 (CP7L, MSOP10) + loop 天线,体积极小。核心芯片 6SC2 应该类似 https://www.silabs.com/documents/public/data-sheets/Si4010.pdf
6 Lifesense LS102
Body scale @433.2MHz or 433.3MHz
7 PH sensor
decoder { name = Given Imaging Bravo, modulation = OOK_PWM, short = 360, long = 711, gap = 1070, reset = 12000000, bits = 59, invert, get = @10:{16}:txid, get = @26:{8}:msgid, get = @34:{8}:pH1, get = @42:{8}:pH2, get = @50:{8}:crc }
https://analogist.net/post/decoding-radio-ph-capsules-with-rtl_433/
8 Reference
- https://github.com/merbanan/rtl_433
- Transform SDR I/Q data
- LimeSDR 无线信号重放攻击和逆向分析
- http://www.quassi.nl/2014/05/19/sdr-433-mhz-door-bell/
- https://goughlui.com/2013/12/20/rtl-sdr-433-92mhz-askook-decoding-of-various-devices-with-rtl_433/
- https://analogist.net/post/decoding-radio-ph-capsules-with-rtl_433/