Reverse engineering ELRO HA51 wireless: Difference between revisions
Jump to navigation
Jump to search
Initial reverse enginering Elro HA51 |
m |200px added |
||
| Line 3: | Line 3: | ||
We have a central and a remote control: | We have a central and a remote control: | ||
[[File:Elro_HA51.jpg]][[File:Elro_HA51_remote.jpg]] | [[File:Elro_HA51.jpg|200px]][[File:Elro_HA51_remote.jpg|200px]] | ||
=Setup= | =Setup= | ||
| Line 13: | Line 13: | ||
We hooked up a logic analyzer on the 433 receiver board to "snif" the datastreams:<br> | We hooked up a logic analyzer on the 433 receiver board to "snif" the datastreams:<br> | ||
We opened the remote to change the dipswitches: | We opened the remote to change the dipswitches: | ||
[[File:Elro_HA51_remoteinside.jpg]][[File:Elro_HA51_remoteinsidedips.jpg]]<br> | [[File:Elro_HA51_remoteinside.jpg|200px]][[File:Elro_HA51_remoteinsidedips.jpg|200px]]<br> | ||
After sniffing a few times this the result:<br> | After sniffing a few times this the result:<br> | ||
Revision as of 19:25, 30 July 2012
What is it
It's a alarm system, used with wireless accessories. We have a central and a remote control:
Setup
We opened the device, no internal alarm trigger's where used. The system contains 2 board:
- Logic board
- 433 receiver
We hooked up a logic analyzer on the 433 receiver board to "snif" the datastreams:
We opened the remote to change the dipswitches:
After sniffing a few times this the result:
"Put alarm off" with all dips off:
File:Elro HA51 433 alloff alarmoff.jpg
"Put alarm off" with all dips on:
File:Elro HA51 433 allon alarmoff.jpg
As you can see, the first pulse is always short, the next 8 pulses is the code of the system, dip "off" is a small pulse, a wide pulse is dip "on".
