I have one of these security systems. The PIR sends message to the base station via 433mhz. Don’t you think I should be able to hook up a 433 radio to one of my FEZ boards and intercept the messages? I want to forward them to my cloud, not theirs.
Being a junior (although the website says I am a senior) this sort of thing might take me days, so I don’t want to embark down this trail if you smart guys don’t think it is a good idea.
I would start by cracking the unit open and looking at the radio module. Get some numbers off it and start researching on the web. If they haven’t done anything too exotic, you may be able to get a matching radio and decode the broadcasts from the PIR.
Personally though, for a PIR project like that, I bet you could get results faster (and about the same cost) by just getting an Oxygen and two Helium units from getmolecule.net (or a Cerb40 from GHI and two Helium from getmolecule.net) and a PIR from Adafruit or Sparkfun. The time you are going to spend reverse-engineering their radio, and their packets is probably more effort than if you just started and built what you need. You could even use the same case and probably could reuse the PIR you already have.
I have a similar system at home, of course not from the manufacture in link. I assume the package is encrypted or probably just a simple XOR with a secret byte stream… that will be a pain to reverse… the system I have is pretty old, so encryption just plain byte, quite simple to decode.
I doubted the new system like yours is plain like mine.
I am working on a commercial product that will involve PIR devices. This device fits the bill which relieves me of the task of reproducing this finished PIR product. No need to reproduce the wheel. I will still have to produce a gateway device that has a PIR attached, but for my satellite PIR devices, this is just what I am looking for. Great small package, 2 year average life on one AA battery, certified wireless I believe.
With PIR the existence of a message IS the message. You get motion and the device fires indicating there was a movement detected. So even if the message was encrypted, the presence of an encrypted message means it is sending a motion message. Now having said that, the device ID might be encrypted which will be a problem. If they are sending other messages like heartbeats and battery low messages, well that will be an encrypted issue as well.
I still want to get my FEZ sipping messages whether I can read them or not. If I can produce that, then I will take the next step and contact the manufacturer and see what it will take for me to become a reseller and to get my own custom messages firing from the device.
So if I hook a 433 up to my board, won’t it receive all 433 message? If not, why and how. This is what I would like more input on.
“433mhz” means nothing for how the data is encoded for transfer over the radio link. If you do some binging around, you’ll see things like FSK or ASK encoding - you need to actually pick a receiver module that’s compatible with the sender. There’s many articles around on reverse engineering these kinds of protocols, but you will find much of this is trial and error.
Since you want to use a commercial product in another product, you could approach the vendor and see if they offer this in an OEM style that you can then integrate with your own central device - they probably have great doco that shows exactly how this all works which instead of taking days of shooting in the dark can reduce that to hours working towards a known goal