I've been fighting with this for a few days now, and surprisingly have come up with nothing related to reading modern GM Schrader TPMs. I have a set of AG6SP4 / GM 13598773 that I am trying to get an esp32 with a CC1101 to read for a retrofit project on a vehicle that predates tire pressure monitoring. I know the sensors work and report correctly as I have access to a reader at work, using that I have each sensor ID written down. I am able to see them transmit using Universal Radio Hacker, as stated in the FCC docs for this part I get 16 packets no less than 100ms apart when I hit them with a LF tire bonger.
In the interpretation screen I get what appears to be valid data using ASK modulation, all zeros with FSK selected. As a test I took one and put it in the freezer for about 5m then re-recorded it, the data was different this time indicating about where the temperature data resides. The FCC docs mention that the packets are manchester encoded, but I am having a tough time figuring out how to reverse it. Does anyone have any ideas on going about decoding these packets into valid data? I believe they should contain the ID, pressure, temperature, battery life/state, and probably a check bit.
The next question is how to configure radiolib to receive the info with a CC1101, using the examples I have managed to get it working or at least it claims that its listing, but it doesn't pick anything up.
These are the packets im getting from URH. There is a difference between the two for sure and between room temp and cold. Pressure should be reading zero, and temp should be around 74f or so, much lower for the cold one though.
@alto777 The packets posted are raw data straight from Universal Radio Hacker using a RTL-SDR usb.
@davidefa Sensor one reports out 2017287205, two 2017599814. The pressure is zero and the temperature is about 74°F. I have two more sensors that I can query. Beyond that, all I can change their temperature as they are not in a wheel, just on my desk.
Is there any Manchester decoding done by whatever it is that makes the data stream you posted? If that data is encoded, you have to de-Manchesterize it. it makes no sense to wonder about what the "raw" data is.
One of the links seems to suggest there are some tools available to help with that.
I honestly do not know if it's being decoded or not, this is my first go at RF hacking. I figured that this would be documented already since these sensors are used in plenty of vehicles, guess not. I checked the docs here https://fccid.io/MRXAG6SP4 for anything that might describe operation, and of course as I type this they're having server problems, so I can't snip the relevant section.