I'm researching for my first Arduino product, which is to have my PC control the electric Somfy roller shades for my windows. I have 5 roller shades and each has a wall button which is also an RF receiver. I have an RF remote which sends out a signal to one or all wall buttons, telling them to go up, down, or stop. I expect sending the RF commands would be difficult, so I purchased an extra RF remote and I hope to have an Arduino simulate button presses (there are 5: up, down, stop, next, previous).
I'm a programmer by trade. While I've dabbled with simple electronics long ago, I would greatly appreciate a bit of hand holding. I do have a DMM, so there's that!
While a physical solution is amusing, I think there is probably a better way. My first thought was to use electromagnetic relays. After some reading, I've come to think this is also not terribly elegant for such low voltage. I considered solid state relays, but found they only work with AC and don't work for low voltage. Next I came across optocouplers, and this seems like a very promising solution. I also read a bit about using transistors, but it seems best to keep the Arduino and remote circuits separate.
Are optocouplers the way to go? How would I wire them up?
The main downside to hacking the remote like this is that it won't work correctly if the state of the remote doesn't match the expected state. This shouldn't happen since the Arduino is the only thing manipulating the remote, but who knows. A workaround is to power cycle the remote so it has a known state, then apply commands. The remote runs on two AAA batteries. Could I use an optocoupler to power cycle it? In this case I'd want the circuit normally closed and the optocoupler would (somehow) open the circuit briefly. How might this be wired?
Next is the decision on which Arduino board to use. I'd like my Arduino to have WIFI for these two reasons: 1) I'd like my PC to control the Arduino via HTTP, and 2) in the future I'd like do a similar hack for my AC's IR remote and to have line of sight to the AC, it needs to connect to the LAN via WIFI. It seems Yún and TIAN have WIFI, or I could get an Uno and a WIFI shield. Are there other boards with WIFI or any recommendations on which to choose?
The remote probably uses one of the standard frequency bands (e.g. 315 or 433 MHz) in which case any Arduino can use a $1 transmitter module and replace the remote completely. Same goes for the AC.
Check the remotes for the frequency band, or the identification number and post the details.
First step is to figure out what freq the system uses. At this point if you happen to know if the system uses a rolling code, then abandon all hope of a simple hack.
Anyway, figure out what freq, buy a receiver of that freq (might as well buy transmitter also, sold as a pair usually anywho)
Run an RF sniffer sketch to read what the button(s) send.
If each button sends the same code every time, then you can just have the Arduino transmit.
If the same button sends diff codes each time, you'll have to go with "Arduino faking a human activating those buttons". Optocouplers are useful if voltages are amenable.
Third option (if rolling code) would be to make your own receiver modules to bypass the built in RF receiver.
I barely have a handle on using optocouplers to fake button presses. I didn't think it would be easy to use RF directly and didn't know where to start but if you guys can help, maybe it's viable. Here's the remote internals:
If I try to make RF work, what parts should I buy?
If I try to make optocouplers work, what parts should I buy?
I live at the arsehole of the Earth where we bang rocks together and ride donkeys. A relative is visiting from the US soon and will bring me an Arduino and parts. I'd like to have them bring me all the parts needed for both approaches, so I'm sure to have a solution.
Well if you only get one real shot, then explore the optocoupler route. They sound fancy but are quite basic in operation.
Look at one of those microbuttons on the controller. These are simple momentary buttons that electrically join two ends of trace. It's like a drawbridge that closes when pushed.
An optocoupler is like adding another bridge alongside the button. And this second bridge is activated when you turn on the internal LED. It's as if you can push the button by shining a flashlight at it.
And turning on an LED is step one for everyone.
To pick the right optocoupler, you'll need to know what voltage and current is crossing those buttons when pressed. A few pokes with a multimeter will tell you that.
You don't need to open up the RF remote to figure out what the codes are, but you do need to know the radio frequency, which will be printed on the case (or, an FCC-ID will be).
After that, follow these guidelines to get a start on decoding the transmissions.
BTW that remote looks far more complicated than expected. What else does it do, besides send button pushes?
INTP:
To pick the right optocoupler, you'll need to know what voltage and current is crossing those buttons when pressed. A few pokes with a multimeter will tell you that.
Thanks for the simple explanation. I poked the remote and found 3.1V across the button, which I guess is expected since it uses 2 AAA batteries. I also saw 5.6uA. If this sufficient to choose an optocoupler? Could I bother you for an exact model, plus specify any resistor values I might need?
jremington:
You don't need to open up the RF remote to figure out what the codes are, but you do need to know the radio frequency, which will be printed on the case (or, an FCC-ID will be).
After that, follow these guidelines to get a start on decoding the transmissions.
No FCC markings (just "CE France") but I (surprisingly) found it in the otherwise sparse user manual: 433.42MHz
Thanks for the link! That looks like it has all the info I need to know what parts to get for the RF solution. Now I just need the parts for an optocoupler solution.
BTW that remote looks far more complicated than expected. What else does it do, besides send button pushes?
It has 16 channels, each with an 8 character name and icon. Any number of wall switches can be set to respond to a channel.
Wall switches very commonly use the RCSwitch protocol, for which an Arduino library exists, both to decode remote transmissions and to send transmissions to the switches.
Of course, your remote may not use that protocol, but if it does, your work will be much easier. You still should go through the basic steps described in the link I posted in reply #5. Just looking at the Audacity trace of a transmission is all you need.
I bought a simple set of rf-controlled outlets (set of 3 outlets and 1 3-button remote) from Harbor Freight. The RCSwitch RF Sniffer sketch detected the codes, but surprisingly each button press was a rolling code.
That is to say, I would expect this more complex system of the OP to also be running a rolling code.
I always worry when I read a beginner say something like this. Normally it means they switched the meter to current and then probed arround as if it were a voltmeter.
The thing is on current settings a meter looks like a dead short, so to measure current you must break a circuit and replace the connection with each end of the meter.
You can damage stuff by randomly shorting out bits of circuitry.
I'm excited to try the RF sniffing! One of the RF parts is backordered at SparkFun, but it'll be some time before I need it shipped anyway.
I would still like to have optocouplers for a backup solution. SparkFun doesn't seem to sell these. Where is a good place to buy them? Anywhere shipping in the US would work.
Grumpy_Mike:
I always worry when I read a beginner say something like this. Normally it means they switched the meter to current and then probed arround as if it were a voltmeter.
Haha, of course I did that, then realized I don't actually know WTH I'm doing and Googled a bit. When I saw 5.6uA I was using the DMM to bypass the switch, so the DMM was in the circuit.
I use PC817 optocouplers, picked up 50 of them for a buck (USD) something via slowboat. They are simple simple devices. Literally an LED on one side and an LDR on the other.
Should work just fine for your application. I used one to 'press' the button on the wall for a garage door (but was controlled via my Android devices over the internet) because garage doors use rolling code, of course.
Grumpy_Mike:
I always worry when I read a beginner say something like this. Normally it means they switched the meter to current and then probed arround as if it were a voltmeter.
The thing is on current settings a meter looks like a dead short, so to measure current you must break a circuit and replace the connection with each end of the meter.
You can damage stuff by randomly shorting out bits of circuitry.
Nitpicking, but in this instance he's trying to determine the current that would flow through a normally open switch were it closed.*
In any case, it's a pretty safe bet that the remote is CMOS operating at the level of the batteries and the current through the keyboard switches is going to be minuscule as the measurement seems to show. One does need to know the polarity of the key switch.
Note that the keyboard is probably scanned so the current is non-continuous which may well confuse the multimeter and won't give a true peak value.
I am currently using the cheap 433Mhz modules and a HobbyKing Logic Analyser (Hobby Components 8ch Logic Analyser) to decode a random remote that does not have a library.
It is pretty cheap and a nice item to have as a basic troubleshoot/packet sniffing aid.
If ( as I suspect from the complexity of the electronics ) it's a walking code system, it won't be at all easy. Who knows the algorithm involved? -you can bet it isn't published.
Only eg relays instead of the switches would work. - you can get very tiny ones.
But if you use Johnny010's method to decode the signals, and they're static , it could be done more simply.
Great, I ordered some PC817 optocouplers on Ebay, thanks! Let the waiting begin! I can report back in late August or so when my Arduino and other stuff arrives from the US. You guys that get their toys quickly are lucky!
The logic analyser and accompanying software looks pretty convenient versus audio, maybe I'll grab one to play with.
I got my stuff today, earlier than anticipated! I hooked up the RF receive to a Hobby Components logic analyzer and used the sigrok PulseView software to record me holding a button on my RF roller shade remote.
The Arduino is just a very, very fancy 5V power source so far. I don't have an antenna wire on the receiver, if that matters. Here's what the RF data looks like (click for full resolution):
So, that was neat! But now I'm not sure what I should do. Here's a zip of 4 recordings of the same button press. The files are in the "sigrok Sessions" format which PulseView can open. The clip versions each contain one of the repeating sections. The pattern looks very similar between button presses, though not exactly the same.
Should I wire up the transmitter and try to play back the recorded signals to see if they work on the roller shades every time? If they do, that would be proof there is no security. I guess I would use the Arduino Tian to do such playback? Maybe using the RadioHead library? Any guides for this exact task?
Next step, you can set the sampling rate higher (4MHz for example) and take another sample.
Next, you can export the data (drop down arrow NEXT TO the 'Save As' Icon) as "0/1 Digits".
Set the width to something like 64.
Look for where the individual signals are.
Copy and Paste in to a document so you can "line up" the signals under one another to see if they are actually similar.
Next stage would be a case of writing a protocol/function to reproduce the bits.
You could check for "similarity" of the signals as well by using say GIMP/photoshop and making the white "transparent" and seeing if the visually can be overlayed.
No idea why I couldn't find it sooner, but I found this breakdown of the roller shade RF:
And here's an Arduino sketch for controlling it:
Cool! It does use a rolling code, but it's only 2 bytes and uses a window so is more like 1:655 and easily hacked.
The roller shade receivers are 433.42 Mhz and my transmitter is 433.92 Mhz. That guy had the same situation and seems to think he needed to change his transmitter crystal, so I assume he had trouble using 433.92. The other trouble is that he says to hold the "program" button on the remote -- my remote doesn't have that, instead the program button is on the wall switch. I have a feeling I'll end up hacking the remote buttons using optocouplers rather than RF. I already have an extra remote, so it isn't a huge problem. It would be nice to also wire the remote so it doesn't need batteries.
I do have a DMM, so there's that!
I don't have an antenna wire on the receiver, if that matters. Here's what the RF data looks like (click for full resolution):