In my previous post, I discussed the possibility of controlling one of those handy remote controlled outlets. Well, I got a hold of one, and decided to put my previous post to the test. I’ve even included a video, along with the code that I used. What more could you ask for? In the video, I attach my monitor to the remote control outlet switch and use my RFCat device flashed in my previous previous post to send a custom packet of data via 433.925MHz to the device. As you can see, the same signal is sent each time, turning the device on and off via its relay.
To better understand what is going on in this code, refer to my previous post that I have mentioned numerous times already.
#!/usr/bin/env python
import sys
import time
from rflib import *
from struct import *
import argparse
import pprint
import bitstring
keyLen = 0
baudRate = (1 / 0.000158) # pulse width
frequency = 433945000
repeatNum = 5
def ConfigureD(d):
d.setMdmModulation(MOD_ASK_OOK)
d.setFreq(frequency)
d.makePktFLEN(keyLen)
d.setMdmDRate(baudRate)
d.setMaxPower()
d.setMdmSyncMode(0)
print "[+] Radio Config:"
print " [-] ---------------------------------"
print " [-] MDMModulation: MOD_ASK_OOK"
print " [-] Frequency: ",frequency
print " [-] Packet Length:",keyLen
print " [-] Baud Rate:",baudRate
print "[-] ---------------------------------"
#raw what we are sending
bin_str_key = "1111010101010101110000010"; # This is the RC Switch Outlet payload;
#make it longer so it looks right
long_bin_key = "";
for k in bin_str_key:
x = "*"
if(k == "1"):
x = "11100" # <mossmann> A zero is encoded as a longer high pulse (high-high-low)
if(k == "0"):
x = "1000" #<mossmann> and a one is encoded as a shorter high pulse (high-low-low).
long_bin_key = long_bin_key + x
print "[+] Binary (PWM) key:\n\t",long_bin_key,"\n"
# Elongate this by 7 iterations since this is what the remote outlet switch requires
long_bin_key_modified = long_bin_key*7;
key_packed = bitstring.BitArray(bin=long_bin_key_modified).tobytes()
keyLen = len(key_packed)
print "[+] Key len:\n\t",keyLen,"\n"
print "[+] Key:\n\t", key_packed.encode('hex'),"\n"
print ""
d = RfCat()
ConfigureD(d)
print "[%] Transmitting key: ",repeatNum," times\n"
d.makePktFLEN(keyLen)
for i in range(0,repeatNum):
sys.stdout.write( "." )
d.RFxmit(key_packed)
sys.stdout.write("Done.\n")
Pingback: Hacking Radio Controlled Outlets
Pingback: rndm(mod) » Hacking Radio Controlled Outlets
Pingback: Hacking Radio Controlled Outlets - RaspberryPiBoards
Pingback: Hacking Radio Controlled Outlets — Blog of MPRosa
Pingback: Hacking Radio Controlled Outlets - | Noticias de seguridad informática, ¿qué es la seguridad informática?
Pingback: Hacking Radio Controlled Outlets - Tech key | Techzone | Tech data
Pingback: Hacking Radio Controlled Outlets | Hack The Planet