Hacking a wireless burglar alarm sensor.

I would like to hack a wireless burglar alarm sensor.

The objective is build my own Arduino based wireless host, and to couple it with commercially available sensors. Something like this sensor.

Yes, I can roll my own - but that is not the question.

The main question is really how to receive the alarm signal emitted by the sensor with a 433MHz receiver on an Arduino, and possibly how to reprogram the sensor.

Any hints on sensors that are more suitable or have already been reverse engineered would be appreciated, as will any insights on how to set about achieving this.

There is nothing to hack. This is just a toy door sensor.

The PT2264 chip is commonly used in RF remote controls.

A 433Mhz receiver module and a remote control library is all you need.
I think "RCSwitch" will work.
You can then see the "code" on the serial monitor.

You can change the address/code of the sensor with jumpers.
Leo..

@Wawa : Wow, well that is simply fantastic.

I have some of these receivers - will it work or do I need a more sophisticated one?

Yes.
Try this library.
GitHub - sui77/rc-switch: Arduino lib to operate 433/315Mhz devices like power outlet sockets..

Leo..

Thanks Leo. I will order a sensor and try it.

Make sure that the frequencies of the sensor and the receiver are the same (433 or 315).
Leo..

Yes, FWIW everything I buy, I order at 433MHz.

Frequency used depends on what's legal in your country.
Nothing more.
Leo..

Hi folks,

if the Arduino forum can/will help you to hack a burgler alarm .....

How save would you feel after having hacked it.

If you got some valuables in your house I would use mechanical locks.

And if someone wants to get your stuff, they will get it.

Electronic door locks and online banking are safe only as long as the bad guys think that you have nothing worth of stealing.

The rest is just an illusion.

However, most people living in a world of mobile phones, twitter and facebook will never think about data security. And in some cases data simply means money.

So just in case you have money, pretend to have no money.

OP thought it was a burglar alarm.

It is just an automatic wireless doobell.
A one-button remote control where the button has been replaced with a reed switch.

Sure, a hacker could read the code, and activate the alarm/doorbell.
But not de-activate it.

If I knew how to hack alarms, I wouldn't post it.
Leo..

@ arduinoaleman : The gist of your post appears irrelevant to this thread and before you start criticising the Arduino community or anyone else, you should take the time to read this thread more carefully.

Firstly read the title - its says burglar alarm sensor and not alarm system.
Secondly, if you did read it carefully, u will note the stated objective is not to hack an alarm system, but to build an Arduino based alarm system and to use commercially available sensors with it.

FWIW the word "hack" was used rather tongue in cheek.

There is no criticism in my words. I just wanted to show that you cannot trust electronics when it comes to safety. If anyone in the forum feels annoyed by my post - i sincerely apologize.

So you can't trust airbags for safety? They have electronic triggers.
@aisc Did you get the receiver with the module?(Probably NOT)

Isaac96:
@aisc Did you get the receiver with the module?(Probably NOT)

I have ordered the sensor module. I expect it will arrive in the next 2 weeks.
I already have some of the cheap receivers.
However I am also looking at the super heterodyne receivers like this one and this one since they are supposed to perform markedly better.
Another interesting candidate I am reading up on is the learning receiver which will allow me to pair the sensor and receiver.

I have some code for a Pro Mini sensor that I want to adapt and use in the sensor I ordered. What would I need hardware and software wise to accomplish this?

Sure, a hacker could read the code, and activate the alarm/doorbell.
But not de-activate it.

Does this have anybody else wondering if this "Project" is intended for nefarious deeds? I'm just imagining somebody riding around at night with some gadget setting off people's alarms and ringing doorbells

That would be pretty fun. But you need a TV-B-Gone to really have fun. You could turn off the neighborhood's TVs!

Wawa:
There is nothing to hack. This is just a toy door sensor.

The PT2264 chip is commonly used in RF remote controls.

A 433Mhz receiver module and a remote control library is all you need.
I think "RCSwitch" will work.
You can then see the "code" on the serial monitor.

You can change the address/code of the sensor with jumpers.
Leo..

You were right - works like a charm.
Sensor arrived today. I used the demo receive sketch in RCSwitch and was able to see the id code of the sensor.

Now for the actual hacking part...

Below is the RCSwitch output in Serial Monitor.
The attached pic is a "telegram" copy of the raw data.

Reed Switch Sensor - Basic Receive:

Received 5592405 / 24bit Protocol: 1

Reed Switch Sensor - Advanced Receive:

Decimal: 5592405 (24Bit) Binary: 010101010101010101010101 Tri-State: FFFFFFFFFFFFÀ PulseLength: 479
microseconds Protocol: 1

Raw data:
14860,448,1444,1360,504,440,1460,1356,508,132,2252,52,212,36,220,68,196,68,396,112,836,492,448,1456
,1388,516,424,1756,24,592,172,4008,116,4036,52,4092,484,1424,1400,520,452,1448,1388,520,100,24,1540
,1008,40,

From the above I conclude the reed switch sensor has an id code : 5592405
My objective is to capture the id code (5592405) with my existing sketch (to be modified) whenever the reed switch sensor transmits.

This is a basic form of my existing receiver sketch which already works with a home-grown sensor.

// receiver.pde
//
// Simple example of how to use VirtualWire to receive messages
// Implements a simplex (one-way) receiver with an Rx-B1 module
//
// See VirtualWire.h for detailed API docs
// Author: Mike McCauley (mikem@airspayce.com)
// Copyright (C) 2008 Mike McCauley
// $Id: receiver.pde,v 1.3 2009/03/30 00:07:24 mikem Exp $

#include <VirtualWire.h>

int count;
char cid[] = "0000-0001_A01";

void setup()
{
    Serial.begin(9600);	// Debugging only
    Serial.println("setup"); //Prints "Setup" to the serial monitor
    vw_set_rx_pin(A5);       //Sets pin D12 as the RX Pin
    vw_set_ptt_inverted(true); // Required for DR3100
    vw_setup(4000);	     // Bits per sec
    vw_rx_start();       // Start the receiver PLL running
}

void loop()
{
    uint8_t buf[VW_MAX_MESSAGE_LEN];
    uint8_t buflen = VW_MAX_MESSAGE_LEN;
    if (vw_get_message(buf, &buflen)) // Non-blocking
    {
	int i;
        digitalWrite(13, true);  // Flash a light to show received good message
	// Message with a good checksum received, dump it.
//	Serial.print("0000-0001");
	Serial.print(cid);
	Serial.print(".");
	
	for (i = 0; i < buflen; i++)
	{
            char c = (buf[i]);
            Serial.print(c);
//	    Serial.print(" ");
	}
        Serial.print(" ");
        count++;
        Serial.print(count);
	Serial.println("");
        digitalWrite(13, false);
    }
}

So the question is how to modify my sketch so-that it still works with my home-grown sensor but additionally can detect the reed switch sensor.

I know RCSwitch listens on an interrupt port I would need to use Pin 2 or Pin 3.

Broadly speaking I am assuming I would need to integrate parts of the RCSwitch sketch into my sketch.

In theory I know I could start with the RCswitch sketch as a base and modify it to extract the id code, then add the rest of my code that I need.

I will probably need to add an array of known sensor id codes, so the sketch only processes input from (my) specific sensors and not stray transmissions.

I would appreciate any suggestions of different/better approaches.

RCSwitch_RawData.png891×150 952 Bytes

if (mySwitch.getReceivedValue() == 5592405) {
do something
}

@Wawa : Short and sweet

To do what u suggested do I only need to include the RCSwitch library to use that function in my existing sketch?