Go Down

Topic: Replicate a IKEA light control using TI CC2500 (Read 5312 times) previous topic - next topic

paiblaspebill

Hi Guys,

I have a LED light of IKEA that control by tranceiver using TI CC2500 chip and now want to replicate the control for spare. However, this is a closed commercial product and there is nothing technical information. I just know it used TI CC2500 chip after tearing down the control and receiver.

The problem is that I don't have any experiences with TI CC2500. So that I cannot determine what should I do now.

Pls give me the advices if you knew. Thanks in advance.

Regards,



paiblaspebill

#1
Oct 15, 2016, 11:22 am Last Edit: Oct 17, 2016, 10:32 am by paiblaspebill
Here is photos of the control and receiver.




paiblaspebill

Any comments at least the theory or the way I should go. Please.

Riva

You seem to have double posted the same image in #1 and I suspect they should be different. Can you post images of the backs of the boards as well and also can you post an image of the board we can see in the background.

Can you tell us the make/model of LED light your talking about (preferably with links) and describe what buttons are on the hand held device and what they do.

Does the transmitter and receiver need pairing together before use as I wonder what the button on the board image you posted does?
Don't PM me for help as I will ignore it.

paiblaspebill

#4
Oct 17, 2016, 10:25 am Last Edit: Oct 17, 2016, 10:35 am by paiblaspebill
You seem to have double posted the same image in #1 and I suspect they should be different.
You're right. I have re-uploaded them on above.

Quote
Does the transmitter and receiver need pairing together before use as I wonder what the button on the board image you posted does?
Exactly. The transmitter and receiver need pairing each other before use. The button on the #1 board is used to do that. The button on the #2 board is used to control the light (on/off). I can't get model of  LED light now, but the link of product on the web has no much information. At the moment, I want to know is it possible to replicate the transmitter?

Thanks

Riva

The system is using the CC2500 radio transceiver chips that work in the 2.4GHz range.
Google shows you can get these on little module boards to make connection to an Arduino possible and someone has written a library for them as well. This is not half of the story though as you will somehow need to determine the protocol they are using and maybe the keys needed for a particular paring.

Another option might be NRF24L01+ modules as they also work in the 2.4GHz range but a very quick look at the datasheet seems to indicate they have 64 byte FIFO buffers where I think the NRF24L01+ has only 32 byte buffers. For something as simple as turning on/off a light I would not expect the full buffers to be used though so they may be an option.

Yet another option is to just replace there entire board/plipper with your own system.
Don't PM me for help as I will ignore it.

paiblaspebill

This is not half of the story though as you will somehow need to determine the protocol they are using and maybe the keys needed for a particular paring.
What you described is that one I am cosidering but not sure. Assume that already had the keys for paring. So how can I do to get/determine the protocol?

Thanks

Riva

What you described is that one I am cosidering but not sure. Assume that already had the keys for paring. So how can I do to get/determine the protocol?
There may be easier ways but my first point to look at would be if the firmware/code can be extracted from the MCU but it may be protected (I have not looked into the details of the TI MCU). The second option would be to capture the SPI data between the MCU and Radio chip using a logic analyser.
Don't PM me for help as I will ignore it.

paiblaspebill

This seems to be a quite complexity. Anyway, thank for your time with me.

NDBCK

#9
Nov 27, 2016, 10:43 pm Last Edit: Nov 27, 2016, 10:48 pm by NDBCK
I've had the same problem as you. I wanted to know how the remote works because I wanted to use multiple remotes for one light.
If you're still interested in some explanation/code see my github (Work in progress):

https://github.com/NDBCK/Ansluta-Remote-Controller/

Riva

@NDBCK - A nice explanation and write up.
I would assume there is no CRC to worry about though as the only byte to change in the packet is the level. If it also had a CRC then more than one byte would change.
Have you captured the code sent/received when pairing the remote?
Don't PM me for help as I will ignore it.

NDBCK

You are right about the CRC, I didn't tought about the brightness changes.

I didn't capture the pairing sequence (my lamp and original remote where coupled before I sniffed the traffic).
I'm going to do some tests (changing some bytes and trying to pair the remote so I could identify the address bytes).

I presumed that the transmitter is dumb and always sends the same sequence. I've read somewhere that the used microcontroller (128K ram) doesn't have enough ram to use the full RX (64K) en TX (64K) buffers. It's always possible that it uses a small part of the FIFO however.

Riva

I presumed that the transmitter is dumb and always sends the same sequence. I've read somewhere that the used microcontroller (128K ram) doesn't have enough ram to use the full RX (64K) en TX (64K) buffers. It's always possible that it uses a small part of the FIFO however.
To check if the transmitter is dumb press button between battery changes. If it works straight away without needing pairing again then it is not generating a new random key on power up (or the batteries need pulling out for a few minutes longer).
With so little data being sent the TX buffer will hardly be used and unless the light replies to the transmitter then the RX buffer will be unused.
Don't PM me for help as I will ignore it.

NDBCK

I did check that, the transmitter always sends the same code. (I tried unpairing it an pairing again and againm the code remains the same).
All the tests I did, I disconnected and reconnected the batteries.

Now I'm trying to decode the pairing data but it's a little less obvious...
(There's a bunch of data sent witouth toggling the CS signals)

Riva

If the transmitter always sends the same code then the receiver (light) might be learning the code or when the pairing button(s) are pressed the light might be sending the key for the transmitter to use.
Don't PM me for help as I will ignore it.

Go Up