sc4nn33r - wireless warfare tool



I had a lot of fun with this device. I can control the lights of two neighbours, open the gate of the customs authority next door, open our garage door, crash my weatherstation and so on. I don't know how many neighbours i've accidently driven mad while debugging this thing. Need your wireless garage door opened? Just phone me ;)





Well, it's basically an arduino, a shielded dc-dc converter with lots of filtering, 3 pairs of receivers/transmitters and a lot of software (firmware binary weighs in at 29..30KB). The first revision was 433-only, thus the name.

You can rip the transmitter and receiver out of remote controlled outlets or buy them at your favourite electronics store. Look for the output-pin in the datasheet of the ic they are using (eg. DOUT for PT2262) inside the remote control, cut the connection to the IC and hook the arduino up instead. Most receivers used inside the outlets even have the pinout printed on them:



I learned about the bit-combinations from the RCSwitch project which offers sending and receiving of some control codes via an Arduino library. Just dump the bitstream you are getting, try some permutations, and you will see it's easy to crack which bit does what.

No schematics needed, because it's just A0-A2 for input of the three receivers, and D3-D5 for the transmitters. The size of my code is mostly because of i do a lot of string parsing.
Created on 26.11.2011 | Tags [ ]
hometop