It's been a while since I've had the time to post anything around here. Luckily, I had recently just submitted my PhD thesis so that gives me a chance to take a short break and do some of the stuff that I like.


Recently, I came across a bunch of cheap remote controlled 433Mhz power sockets which I decided to pick up, tear down and reverse engineer on my blog site. Because of the recent discussions regarding remote control that I've been a part of on this forum, I thought it would be rather interesting to some of the people here as well. What I found was most intriguing - a fixed code system with no checksum/CRC, a 3-bit address space and 1-bit switch command for 4 variable bits in a 25-bit message, and hard coded broadcast-to-all switches including fresh un-learned switches out of the box.


I think it's probably worth a read as I go through the whole process from start to finish, and now I have an Ethernet bridge to the 433Mhz system built out of my efforts. It doesn't improve security, but it does improve usability. However, it's a key point that even if a system has a "learning" button and doesn't seem to respond to "other" codes that it's not necessarily secure by design. It may just give the impression of security.