I believe this question is on topic for this site under Algorithm debugging questions, but if not, I would appreciate a suggestion about where to post this question.
I have been messing around with detecting a car key fob that was given to me from a room mate. This key fob goes to a broken car in a junk yard and he got it for free from there. I have managed to figure out how to sort out a car key signal from background noise by filtering based on the decibel level. I am very, very, new to signal processing and I want to learn more. The problem is, I cannot figure out how to make my program tell the difference between button presses and and different car keys.
I have written this program in Python 3 and I use a RTL SDR to detect the key fob. The key, while it is supposed to operate on 315 MHz, it appears to operate on 314,873 MHz. I figured this much out using Gqrx. The Key Fob is a Ford 2S4T-15K601-AA.
I hear some keys use rolling codes and I do not know if this key does. I am not interested in actually cracking any cryptography on this key unless it is necessary to detect which key buttons are pressed.
How would I differentiate between key presses and key fobs?
This is an example of the program receiving the lock button being pressed.
➜ remote git:(master) python3 remote.py
Devices: ['00000001']
Found Rafael Micro R820T tuner
[R82XX] PLL not locked!
Wanted Frequency: 315000000.0 Hz! Actual Frequency: 314873000.0 Hz!
Offset: -127000 and Squelch: -10.0
Signal!!! Decibel: -4.172264183610216
Signal: [1]
Signal!!! Decibel: -7.696191692271029
Signal: [1, 1]
Signal!!! Decibel: -3.3640835791737893
Signal: [1, 1, 1]
Signal!!! Decibel: -4.760667362463348
Signal: [1, 1, 1, 1]
Signal!!! Decibel: -7.167746085106671
Signal: [1, 1, 1, 1, 1]
Signal!!! Decibel: -3.007769020399573
Signal: [1, 1, 1, 1, 1, 1]
Answer
Just a few pointers, since a complete answer would be way too long.
The link you give for the key fob lists its FCC ID: CWTWB1U331. Using a search engine, you can find its entry in the FCC database: https://fccid.io/CWTWB1U331
The FCC database is a goldmine because it lists many of the operational parameters of the device. For example, you can verify that the frequency range you're looking at is correct.
Among other things, you can learn that the modulation is ASK, and that the line encoding is Rolling/Manchester. In particular, the "Test Report" pdf has a couple of extremely helpful figures, which will help you narrow down the transmitted frequency and the line encoding format.
For example, from Figure 2 in that document, it seems like there are 10 bits in 5 milliseconds, for a data rate of 2000 bits per second.
Another thing to note is that essentially all key fobs will transmit a different word every time the key is pressed, so the job of identifying the key will imply finding each key's patterns, which will not be easy -- otherwise, car theft would be a piece of cake.
Finally, there are several resources online for reverse-engineering wireless signals, such as remote controls and garage door openers. I recommend that you look for those.
No comments:
Post a Comment