Wireless fire alarm hacking

When I was at the stores I saw a package that had two fire alarms inside of it. This wouldn’t be anything special if they weren’t wireless. I decided on the spot that it would be awesome to attach them to raspberry pi for remote alarm detection. So the next problem was how to get the data out of them.

Frequency of the alarms was said to be 433,92 MHz, so I took my RTL-SDR and started to look at the spectrum around that frequency. I found that one of the alarms was sending at 433,885 MHz and the other one at 433.818 MHz. After finding the transmission it was time to start finding the data in that transmission.

Fire alarm spectrum

First I checked that it wasn’t frequency modulated, because that would have caused problems decoding the data. It wasn’t it was amplitude modulated OOK signal (On-Off-Keyed). OOK is the easiest way to code digital data, if you want to send 1 you send the carrier and for 0 no carrier is sent. The easiest way to know this was to listen to the transmission, it sounded repeating and that usually means digital. Transmission packet

Next step was to receive the transmission, for this I used a Aurel Wireless receiver. This receiver works at 433,92 MHz, receiver has data output and uses OOK modulation. I used a development board with ATmega128 to receive the message. The code for it is pretty simple using the Input Capture I check the time between rising edges to decide if it’s 1 or a 0. I the time between is longer than 8 mS it’s the sync signal, between 8 and 4 ms is decided as 1 and between 4 and 2 is 0. Next step is to make it communicate with Raspberry Pi and to send an e-mail when an alarm is detected.





Leave a Reply