SPIT_GPIO_Expert

<<<< Back

The RC Expert Settings - Sniffer Windows

f the SPIT_GPIO software does not know a wireless protocol, you can try to find out the protocol yourself using the expert settings.
This is a little puzzle, if the radio protocol is standard, you have a chance to find out the protocol.

You don't have a chance with very special protocols that are completely out of the box by the manufacturers or changing codes, like car keys.
It is also possible that the radio frequency of your device is not at 433 MHz, then you have no chance.

To find out a radio protocol manually, you should know how such a Protololl is constructed.
In the following the logical structure of a radio protocol is explained briefly.

Note for professionals:
The following explanation for the coding is not quite correct. The point here is not to determine the real code, but to reproduce a recorded protocol.

How is a 433 MHz radio protocol structured?

Most handheld transmitters send a certain code sequence to a radio receiver (radio socket, gadget, ...).
For this purpose, the handheld transmitter sends a sequence of on-off (high-low) signals:

The sender and the receiver have agreed on how the high-low signals are to be sent - this agreement is the so-called protocol.

In order for a receiver to know which button was pressed on a radio transmitter, a code must be hidden behind the high-low signals.
Since a transmitter can only send On (High) and Off (Low), this code must be related to the times of High and Low.

So that the times of High and Low can be classified correctly, a smallest duration (basic duration) is agreed upon - the pulse length.
The high times and the low times are then always multiples of the pulse length.

Since a handheld transmitter often transmits several codes or the same code several times, there must be a separation between two transmitted codes!
By this separation the receiver also knows when a code begins.

The separation or synchronization:

A separation is simply done by a short high signal and a long pause (long time low). The short high signal and the long pause time are always a multiple of the pulse length (agreed basic duration)!

If the receiver sees such a pause sequence, he knows that now the code follows until the next separation / synchronization.

The times for synchronization were also agreed, they are a part of the protocol.

The transmission of information - the code:

To transmit information, it is simply agreed that a pair (high signal, low signal) is assigned a certain value.
The exact value is determined by the length of the high-signal and the length of the low-signal. The lengths are again multiples of the pulse length.

Most transmitters/receivers have only agreed upon the values (0 and 1), but there are also transmitters/receivers that use a third value (2).
So e.g. the following could be agreed:

= 0 single pulse length HIGH + triple pulse length LOW (1,3)

= 1 triple pulse length HIGH + single pulse length LOW (3,1)

For transmitters/receivers with a third value (2) the value could look like this:

= 2 single pulse length HIGH + six times pulse length LOW (1,6)

Assuming that our handheld transmitter has 4 buttons, the code must allow at least 4 differentiations. Let us further assume that only two values 0 and 1 were agreed.
For the 4 distinctions, at least two values x y must be transmitted e.g. 00 = button 1, 01 = button 2, 10 = button 3 and 11 = button 4.

for the button 1 (01) our radio signal looks like this
separation - 0 - 1 - separation

Separation / Synchronization = (1,9)

For the other buttons the same protocol is used, only the code is different.

As you can see, you can specify the agreement for a value as a pair (multiples of the pulse length HIGH , multiples of the pulse length LOW).
Also the separation / synchronization can be specified as a pair (multiple of pulse length HIGH , multiple of pulse length LOW).

The description of a protocol consists of multiples of the pulse length for synchronization (High,Low) and for each value (High,Low).
Many devices use the same protocol, they may have agreed on a different pulse length and the transmitted code is different.

Depending on the agreed pulse length, the transmission of an information takes longer or shorter.
If in our example a pulse length of 100 microseconds is agreed upon, our signal needs (1+9+1+3+3+1) = 18 pulse lengths = 1800 microseconds.

For the other buttons the same protocol is used, only the code is different.

The exception - the inverted protocol

There are protocols with mirrored structure, the inverted protocols.
The synchronization starts with a long LOW signal followed by a short High signal (Low,High). Only after the short high signal come the values (code) whose high low signal is also reversed (low,high).

For the following described detection of a protocol it is actually only important that the values do not start directly after the long pause (low-signal), but start one digit later, after the short high-signal of the synchronization.

Summary:

A radio signal always consists of pairs of (high, low) times. The times are always multiples of the agreed pulse length.
Transmitter and receiver have always agreed upon the same thing.
Data (code) consist of a sequence of values / of pairs (High,Low). Between a sequence of values there is always a synchronization pair (High,Low).

With an inverted protocol (High,Low) are swapped and the synchronization starts with a long low signal. The data/values start only after the short high signal of the synchronization.

A protocol description consists of the specification for the pulse length and the (High,Low) pairs for the synchronization and for the used values. Furthermore it has to be specified whether the protocol is inverted or not.

The radio protocols in reality:

In our example we transferred only a very small information (two values). In reality the transferred information is much longer. Mostly an identifier for a certain device is transmitted and so on.
Often at least 24 values are used for a transmission.

How do you get a protocol if it is not known?

The goal is to find out the pairs in multiples of the pulse lengths for the synchronization and the respective values.

When a button on the handheld transmitter is pressed, the SPIT_GPIO (Sniffer) software records the real times of the received signals.
So a long sequence of times is created. You can view this sequence of times by clicking on

Remark: Alternatively, by clicking on

an additional file with the time values is created. The file can be found at /home/pi/RCSniffer_RawData.txt.
If you open the file RCSniffer_RawData.txt with the TextEditor, the times can be viewed more clearly.

Because there might be a lot of noise in the radio signal, there will be some other values before or/and after the actual radio signal, which mean nothing.
Because of disturbances and inaccurate measurement the recorded times are not always exactly the multiple of the pulse length. This makes things a bit more complicated, because a little estimation is needed.
It is not enough to record such a time sequence and to reproduce it completely, there would be too much nonsense.
You have to try to find out the protocol which will be sent as clean as possible by the sender.

Step 0: Recording data

Hold the handheld transmitter very close to the circuit board (the receiver) and press a button on the handheld transmitter.
Immediately afterwards click on

to see the recorded times.

Step 1: Search synchronization (long times)

According to the above description the synchronization consists of a short high signal followed by a very long low signal.
With an inverted protocol it is the other way round.
In the list you have to search for long times that recur in similar length. Between two such long times there should always be the same number of other times.
As 24 values and more can be transmitted for an information, there should be at least 48 other times or more in between.
Long times with few times in between or very different long times can be neglected as noise.

Step 2: Find out similar times

For a transmission/information the following times will occur:
2 times for the synchronization pair
2 times for the value 0,
2 times for the value 1
and possibly 2 times for the value 2.

The times are always multiples of a pulse length, which is currently not known!!!
There may be less times if the multiples of the pulse lengths in the protocol are often the same.
In the picture above, for example, the multiples of the pulse length for the synchronization (1.31), for the value 0 (1.3) and for the value 1 (3.1) are
So there are only three times available:
Time A: 1xpulse length
Time B: 3x pulse length
Time C: 31 x pulse length.

Between the long synchronization times, times of similar length must be searched for. An average value can be calculated from the similar times.
So you get a certain number of times/mean values.

Step 3: Estimate pulse length

To determine the pairs of multiples later, the pulse length must first be estimated. In principle the pulse length is the largest common divisor of all found times/mean values.
Since the times are only averaged, you can play around a bit to find the pulse length as suitable as possible. A pulse length can be in a range of about 15 - about 600 microseconds.
The pulse length does not have to be estimated exactly, an approximation is sufficient.
All determined average times must be divisible by the estimated pulse length in whole numbers - at least approximately.

Step 4: Determine and enter pairs

As described above the synchronization consists of a short high signal and a long low signal.
So the synchronization pair is determined as follows:

short time directly before the long time in the list divided by the pulse length gives the multiple for High
long time in the list divided by the pulse length gives the multiple for Low

Remark: with an inverted protocol there is first the long low time and then the short high time.
Click on

, then the identifiers for High and Low are swapped.

Directly after the long time the first value (0 or 1 or 2) starts:

Time directly after the long time in the list divided by the pulse length gives the multiple for High
The time immediately afterwards divided by the pulse length gives the multiple for Low
Whether this is entered for the value 0 (Data 0) or Data 1 is irrelevant.

Note: with an inverted protocol the first value starts after the short high time of synchronization, not directly after the long low time.
(long time low, short time high, value ....)

So you go through the list of times in pairs and search for a new combination of (high,low) pairs.
Usually you will find only three combinations (Synchronization, Data 0 and Data1). In some cases there is a fourth combination for Data 2.

The determined multiples of the pulse length are entered into the corresponding fields:

If no times were found for a value e.g. 'Data 2', simply enter 0.

Remark: For an inverted protocol you have to select

Step 5 Test

Hold the handheld transmitter again very close to the board and press the same button as before.
If the protocol was estimated correctly, a sequence of values should now be recognized:

Click on

. The Sniffer window will close and you can check whether your receiver responds by pressing the Test button

in the Settings window.
If no sequence of values is recognized or your receiver does not react, you have to play around with steps 3 and 4 and change the estimate a bit.
You can also start from the beginning, maybe the recording of the data was too inaccurate due to interference.

A concrete example:

Here you see an example of recorded times of a handheld transmitter:

	Step 1 Search synchronization There are two long times with enough other times between 11981 and 11987- The times for synchronization are marked with 'sync'. Step 2 Search for similar times If you look at the times, the following three times are noticeable: Time A: (401, 374, 371, 404, 373,..) Average value approx. 385 Time B: (1187, 1178, 1183, 1144, 1158,....) Average value approx. 1170 Time C: the long synchronization times (11981, 11978) Average value approx. 11980 Other times are not available. Step 3 Estimate pulse length The largest common divisor of the three determined average values is approx. 390 Time A average value 385 divided by 390 = 0.98 -> approx. 1 Time B average value 1170 divided by 390 = 3 Time C average 11980 divided by 390 = 30.71 -> approx. 31 This does not have to be exact, an approximation is sufficient here. Step 4 Determine pairs and enter multiples of the pulse length Synchronization High (first time short ) 401 / 390 gives about 1 Synchronization Low (second time long) 11981 / 390 gives about 31 So the synchronization pair in multiples of the pulse tones (1.31) Immediately after the long time you go through the row in pairs and look for combinations: Time for High is marked with . Time for Low is marked with ''. The first pair (1187 , 374*) corresponds in multiples of the pulse length (1, 3) The next two pairs are the same. The fourth pair (404 , 1144 *) corresponds in multiples of the pulse length (3.1) other combinations are not available. The found combinations can now be entered. We did not find any times for Data 2, just enter 0 here. Since it is a normal protocol, Gap Value must be set to Low. Once a value has been entered, you must press the Return/Enter key or click in another field to accept the value. Note: If it would be an inverted protocol, so the synchronization would consist of 11981, 1187 and the marks in the example would be shifted down by one: 11981 sync High 1187 sync Low 374 High 1178 ** Low But then you would need further combinations with (372,404) in lines 604 and 605 and (1158,1174) in lines 608 and 609, this does not work out very well. Therefore, we assume in our example that this is a normal protocol. Step 5 Test Hold the handheld transmitter again very close to the board and press the same button as before. If the protocol was estimated correctly, a sequence of values should now be recognized: Now you can click on to accept the result. If no value sequence is recognized or your receiver does not react, you will have to play around with steps 3 and 4 and change the estimate a little. You can also start from the beginning, maybe the recording of the data was inaccurate due to disturbances. Tipp: The software remembers the last expert setting. If you have several cryptic transmitters and are trying out different expert settings in the meantime, you can open an already used (saved) setting for a handheld transmitter button and then close the Sniffer window again. This makes that expert setting the last one again and you can use it for another button on your remote control. Another alternative would be to write down the combinations and put this to your handheld transmitter!
Another tricky example:	The following times were recorded for radio sockets from delayCON
	Here there are three combinations of pairs of values: Red circle: (290 High, 2634 Low) yellow circles: (308 high, 1280 low) and (296 high, 237 low) this means that the code consists of three values and you have to enter combinations of pulse lengths for Data 0, Data 1 and Data 2. This time sequence is a bit tricky, with the following values it worked: estimated pulse length 60 synchronization (5, 173) Data 0: (5, 4) Data 1: (5, 21) Data 2: (5, 44) - red circle

<<<< Back