-
Notifications
You must be signed in to change notification settings - Fork 124
Decode 0xB1 sniffed data
If you successful sniffed RF data by command 0xB1 you may be able to decode the signal and to define a new protocol timing in RF_Protocols.h.
Since version 3 the firmware support a high/low bucket marking. Each nibble of one byte include the bucket number from 0 to a maximum of 7. The highest bit in the nibble is the high/low bucket marking.
Hex: ..38..
Each byte do have two bucket numbers in the higher and lower nibble:
Hex: [3][8]
First bucket number: [3] & 0x07 == 3
First bucket high/low marking: [3] & 0x08 > 0 == low
Second bucket number: [8] & 0x07 == 0
Second bucket high/low marking: [8] & 0x08 > 0 == high
Hex: AA B1 04 017C 046A 0BCC 2378 3818190908181908190909090908190819081818190909091A 55
Data | Description |
---|---|
0xAA |
uart sync init |
0xB1 |
uart command |
0x04 |
number of buckets |
0x01, 0x7C |
Bucket 0 length: 380µs |
0x04, 0x6A |
Bucket 1 length: 1130µs |
0x0B, 0xCC |
Bucket 2 length: 3020µs |
0x23, 0x78 |
Bucket 3 length: 9080µs |
3818190908181908190909090908190819081818190909091A |
RF data received (high/low nibbles denote buckets and high/low marking) |
0x55 |
uart sync end |
The longest bucket found is taken as sync bucket and is placed as first bucket number in the sniffed data:
->3<- 818190908181908190909090908190819081818190909091A
The second sync bucket is every time located before or next to the [sync bucket](https://github.com/Portisch/RF-Bridge-EFM8BB1/wiki/_new#The sync bucket).
So it have to be one of this nibbles:
3818190908181908190909090908190819081818190909091 ->A<-
or
3 ->8<- 18190908181908190909090908190819081818190909091A
This is protocol dependent and can't be universal translated.
At this case it would be:
3818190908181908190909090908190819081818190909091 ->A<-
So the sync buckets are A3
.
The rest of the RF data is the transmitted data.
818190908181908190909090908190819081818190909091
For this example each bit do have two buckets.
Bucket 0 length: 380µs
and Bucket 1 length: 1130µs
.
If the protocol isn't inverted it can be decoded like this:
Long high followed by a short low: bit 1
Short high followed by a long low: bit 0
As bucket 1 is longer than bucket 0 a 10
does mean bit 1, 01
does mean bit 0.
First remove the high/low bucket marking by doing a logical and by 0x77 with each data byte:
818190908181908190909090908190819081818190909091
After AND 0x77:
010110100101100110101010100110011001010110101011
RF data: 01 01 10 10 01 01 10 01 10 10 10 10 10 01 10 01 10 01 01 01 10 10 10 11
Binary: 0 0 1 1 0 0 1 0 1 1 1 1 1 0 1 0 1 0 0 0 1 1 1 1
So the result is 0x32FA8F (b001100101111101010001111), 24 bit of data.
Use the BitBucketConverter to analyze and create 0xB0 commands from the sniffed 0xB1 data.
This version is also drawing a scope of the sniffed data:
Here you find some information.