Processing home security 433Mhz messages

I have an ADT home security system from the previous owner with various devices (motion sensors, door open sensors) around the house. These sensors use the 433Mhz frequency.

I have a sketch that is receiving these messages, but I don't know how to interpret them. Is there an online source that can show me how to interpret the raw bytes?

Thanks!

Collect the data. Then open a window and look for a change. Do that for all sensored items.

I'd figure you'd get the info from ADT. What did ADT have to say on the matter of you getting their data formats?

Which security system do you have? Perhaps the manual would give clues?

https://www.adt.com/help/faq/system-user-guides

I'm hoping there is actual documentation on such systems instead of me having to brute force things...

User manuals don't cover such technical details. I'm hoping their are known protocols used for such devices that aren't proprietary to a specific vendor.

Since no one wants a thief to monitor, spoof or corrupt their home security network, there is an excellent chance that the transmissions are strongly encrypted.

You would hope so, and in a modern system it's more likely, but concern about this sort of issue is comparatively recent. And if the sensors are cheap and battery powered they may not have the grunt for strong crypto.

Follow the advice in post #2, and post some examples of the data you receive, e.g. one with window open, one with window closed.

That's actually gonna be kinda tricky...I'm sniffing messages roughly every second or 2. It's hard to correlate the opening of a door with the message I'm seeing from the arduino.

An example of the data being received while I'm just sitting here at my desk:

10:08:23.385 -> Decimal: 2 (6Bit) Binary: 000010 Tri-State: not applicable PulseLength: 378 microseconds Protocol: 6
10:08:23.507 -> Raw data: 19036,236,724,868,388,264,1280,80,408,728,764,372,440,
10:08:23.676 -> 
10:08:28.143 -> Decimal: 7 (3Bit) Binary: 111 Tri-State: 1 PulseLength: 536 microseconds Protocol: 6
10:08:28.269 -> Raw data: 12300,324,752,512,972,220,760,
10:08:28.317 -> 
10:08:28.424 -> Decimal: 8 (8Bit) Binary: 00001000 Tri-State: not applicable PulseLength: 397 microseconds Protocol: 5
10:08:28.510 -> Raw data: 9176,312,2244,500,880,76,324,600,560,64,512,920,276,1016,40,1076,256,
10:08:28.574 -> 
10:08:30.173 -> Decimal: 7 (3Bit) Binary: 111 Tri-State: 1 PulseLength: 342 microseconds Protocol: 11
10:08:30.298 -> Raw data: 12356,504,844,404,664,544,740,
10:08:30.345 -> 
10:08:32.004 -> Decimal: 9 (4Bit) Binary: 1001 Tri-State: not applicable PulseLength: 322 microseconds Protocol: 11
10:08:32.104 -> Raw data: 11484,516,712,484,432,712,444,740,556,
10:08:32.166 -> 
10:08:33.769 -> Decimal: 1 (6Bit) Binary: 000001 Tri-State: 00F PulseLength: 385 microseconds Protocol: 6
10:08:33.892 -> Raw data: 9048,296,1884,336,248,844,364,760,464,768,416,760,540,

What transmission protocol did you assume, and why do you think that choice is correct?

To proceed without making any assumptions about the data transmission protocol, consider trying this general approach for sniffing and decoding 433 MHz transmissions: Reverse Engineer Wireless Temperature / Humidity / Rain Sensors — Part 1 « RAYSHOBBY.NET

I can't figure out where all these "messages" are coming from, as I don't even have an antenna connected to the receiver. Any chance it's just noise?

Now you tell us!

Close to 100% certainty that it is noise.

Use an antenna. 17 cm straight wire works well at 433 MHz. Try following the tutorial linked in post #10 to see if you can detect ANY messages.

Assuming these "messages" are noise, will using an antenna eliminate them?

I do have an RF433 switch like the one below which I can use for testing, and I can see messages sent by it (they are quite obvious).

No, but it will give you a chance to receive genuine messages. Without an antenna, that chance is close to zero.

I do have an RF433 switch like the one below

It is extremely unlikely that a security system uses the same encoding protocol as an RF switch.

MY experience with security monitoring service is they can tell you exactly which door/window/glass has set off the alarm. So I would expect any security message you receive will identify by number, the source of the alarm.

I'm not saying the RF switch will use the same encoding; merely that I have a device I can use to verify that RF433 messages are being received.

The data you posted as "example" messages seems to assume that those messages would in in RF-Switch or similar format.

If you want to get anywhere with this project, you need to drop that approach. The approach described in the link above (post #10) is the only simple option.

The next step up is to examine the emission spectrum using an SDR module (Software Defined Radio).

@mrfeh Which exact ADT model is your system. They have many different protocols since they just relabel sensors from e.g. Honeywell or DSC. To my knowledge though, all communications are encrypted.

Well, I soldered an antenna, and it really didn't make much difference. It seems to have a range of maybe 10 feet when I test w/ my RF switch.

These are the receivers I'm using...I've read comments online that indicate they may not be very good.