Monday, 28 February 2022

Programming a TTGO ESP32 as a 868MHz RF sniffer

Out of the box the MCU runs a person counter programmer called PAXCOUNTER. Which uses bluetooth and WiFi transmissions to detect how many people are nearby.

http://www.lilygo.cn/prod_view.aspx?TypeId=50060&Id=1271&FId=t3:50060:3



And produces this serial output at 115200 baud on its micro-USB connector.

kilnageer@mint-AMILO-Pro-Series-V8210:~/Downloads/arduino-1.8.19$ cat putty.log
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2022.02.27 22:22:46 =~=~=~=~=~=~=~=~=~=~=~=
.cpp:110] sendData(): Counter cleared
ery: 4230mV
[I[I][cyclic.cpp:73] doHousekeeping(): Battery: 4200mV
[I][senddata.cpp:110] sendData(): Counter cleared
[I][cyclic.cpp:73] doHousekeeping(): Battery: 4198mV
[I][cyclic.cpp:73] doHousekeeping(): Battery: 4266mV
[I][senddata.cpp:110] sendData(): Counter c.cpp:110] sendData(): Counter cleared
ets Jun  8 2016 00:22:57

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 188777542, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:928
ho 0 tail 12 room 4
load:0x40078000,len:8740
load:0x40080400,len:5788
entry 0x4008069c
[I][reset.cpp:64] do_after_reset(): Starting Software v1.9.982, runmode 0
[I][configmanager.cpp:190] loadConfig(): Reading settings from NVS
[I][configmanager.cpp:55] open_storage(): Opening NVS
[I][configmanager.cpp:60] open_storage(): Done
[I][configmanager.cpp:204] loadConfig(): NVRAM settings version = 1.9.982
[I][configmanager.cpp:222] loadConfig(): bsecstate = 0
[I][configmanager.cpp:227] loadConfig(): loradr = 5
[I][configmanager.cpp:235] loadConfig(): txpower = 14
[I][configmanager.cpp:243] loadConfig(): adrmode = 1
[I][configmanager.cpp:251] loadConfig(): screensaver = 0
[I][configmanager.cpp:259] loadConfig(): screenon = 1
[I][configmanager.cpp:267] loadConfig(): countermode = 0
[I][configmanager.cpp:275] loadConfig(): sendcycle = 30
[I][configmanager.cpp:283] loadConfig(): wifichancycle = 50
[I][configmanager.cpp:291] loadConfig(): wifiantenna = 0
[I][configmanager.cpp:299] loadConfig(): vendorfilter = 1
[I][configmanager.cpp:307] loadConfig(): rgbluminosity = 30
[I][configmanager.cpp:315] loadConfig(): blescantime = 8
[I][configmanager.cpp:323] loadConfig(): BLEscanmode = 0
[I][configmanager.cpp:331] loadConfig(): WIFIscanmode = 1
[I][configmanager.cpp:339] loadConfig(): rssilimit = 0
[I][configmanager.cpp:347] loadConfig(): payloadmask = 127
[I][configmanager.cpp:355] loadConfig(): Monitor mode = 0
[I][configmanager.cpp:362] loadConfig(): Done
[I][i2c.cpp:23] i2c_scan(): Starting I2C bus scan...
[I][i2c.cpp:44] i2c_scan(): 0x3C: SSD1306 Display controller
[I][i2c.cpp:71] i2c_scan(): I2C scan done, 1 devices found.
[I][main.cpp:242] setup(): Starting LED Controller...
[I][power.cpp:171] calibrate_voltage(): ADC characterization based on reference voltage stored in eFuse
[I][lorawan.cpp:297] lora_stack_init(): LORA send queue created, size 600 Bytes
[I][lorawan.cpp:300] lora_stack_init(): Starting LMIC...
[I][main.cpp:375] setup(): Starting Wifi...
[I][main.cpp:388] setup(): Starting Interrupt Handler...
[I][main.cpp:412] setup(): Starting Timers...
[I][main.cpp:470] setup(): Starting Timekeeper...
[I][timekeeper.cpp:151] timepulse_init(): Timepulse: internal (ESP32 hardware timer)
[I][timesync.cpp:52] timesync_request(): [10.506] Timeserver sync request seqNo#144 started
[I][main.cpp:477] setup(): Features: OLED LED BATT OTA LORA FILTER PACKED WIFI
[I][cyclic.cpp:73] doHousekeeping(): Battery: 4116mV
kilnageer@mint-AMILO-Pro-Series-V8210:~/Downloads/arduino-1.8.19$ date
Sun 27 Feb 22:23:58 GMT 2022
kilnageer@mint-AMILO-Pro-Series-V8210:~/Downloads/arduino-1.8.19$

Which while interesting is of no use to this RF sniffer project.

To use the Arduino IDE for this MCU you need to add  https://dl.espressif.com/dl/package_esp32_index.json into the “Additional Board Manager URLs” field in the File -> Preferences screen.

Then install/download the 32MByte esp32 board support package by Espressif in the Board Manager (see https://github.com/espressif/arduino-esp32)

(See https://randomnerdtutorials.com/installing-the-esp32-board-in-arduino-ide-windows-instructions/)

After this you can select the "TTGO  LoRa32-OLED v2.1.6" board via Tools -> Board

In passing, I had to follow http://playground.arduino.cc/Linux/All#Permission to get serial monitor access

No good couldn't compile without getting below error. I also tried using board "Heltec WiFi LoRa 32" as stated in:

https://github.com/LilyGO/ESP32-Paxcounter/blob/master/platformio.ini

 

Traceback (most recent call last):
  File "/home/kilnageer/.arduino15/packages/esp32/tools/esptool_py/3.0.0/esptool.py", line 38, in <module>
    import serial
ImportError: No module named serial
exit status 1
Error compiling for board Heltec WiFi LoRa 32.

kilnageer@mint-AMILO-Pro-Series-V8210:~/platformio/ESP32-Paxcounter$ pip install pyserial
Collecting pyserial
  Using cached https://files.pythonhosted.org/packages/07/bc/587a445451b253b285629263eb51c2d8e9bcea4fc97826266d186f96f558/pyserial-3.5-py2.py3-none-any.whl
Installing collected packages: pyserial
Successfully installed pyserial-3.5
kilnageer@mint-AMILO-Pro-Series-V8210:~/platformio/ESP32-Paxcounter$ 

That fized above arduino serial issue and can now program MCU with blink, WiFiscan, etc. sketches :)


So tried using PlatformIO Core (CLI) (I'm on a 32-bit Mint Linux laptop so VSC, etc won't install!)

Wouldn't compile.. missing bt_xxx.h file.

 pio run

..


Compiling .pio/build/ttgov2/src/blecsan.cpp.o
Compiling .pio/build/ttgov2/src/lorawan.cpp.o
src/blecsan.cpp:15:22: fatal error: bt_types.h: No such file or directory

******************************************************************
* Looking for bt_types.h dependency? Check our library registry!
*
* CLI  > platformio lib search "header:bt_types.h"
* Web  > https://registry.platformio.org/search?q=header:bt_types.h
*
******************************************************************

compilation terminated.


 







 

 



 LILYGO TTGO ESP32-Paxcounter LoRa32 V2.1 1.6.1 Version 868MHZ LoRa ESP-32 OLED 0.96 Inch SD Card Bluetooth WIFI Module(868MHz CH9102)
Sold by TIAN YI

 

Posted by at No comments:
Labels: , , , ,

Mimicking a Friedland Doorbell

The project goal is to ring an existing Friedland doorbell when the Ring Doorbell 4 is pressed. 

To this end I used an SDR (Software Defined Radio) USB dongle to see if it could pick up bell rings on 868 MHz. 

Looking at the back of the doorbell is has the Libra+ model number of : 48248SL and the fact it operates at 868Mz (the unlicensed instrumentation band in the UK/Ireland)

With the rtl_433 software installed on a Kali Linux desktop I got this result: 

 

Using the command:

kilnageer@mint-AMILO-Pro-Series-V8210:~$ rtl_433 -v -f 868000000 -M time

Interestingly, it sees it as a Honeywell doorbell so they must share the same RF protocol! 

So this allows me to know when someone has pressed the doorbell but can I mimic this action myself in software so that I can get the Ring doorbell to activate it? 

So to this end I bought a Honeywell ringer and a LILYGO TTGO MCU both of which have 868MHz transmitters.

The Honeywell DCP311 doorbell push button:




uses the ActivLink protocol but isn't detected by the SDR. So I've parked that approach up for now to concentrate on the TTGO MCU. Which can apparently run sniffer firmware :)

http://www.lilygo.cn/prod_view.aspx?TypeId=50060&Id=1271&FId=t3:50060:3

So my next blog post will be on this device.


 

 

Posted by at No comments:

Sunday, 6 February 2022

ST-Link V2 Programming Unit mini STM8 STM32 Emulator Downloader M89 New Total: EUR 10.95

 Bought this on 6/2/22 for 11 euros. Hopefully it will allow me to reprogramme ST controller that Lets Talk Solar installed.

Posted by at No comments:

RC Boat Ready to Test at Wetlands

 I dropped the resistor down to 900R from 2K2R and the motor now comes on reliably. See YouTube video.


https://youtu.be/SGTJCwVKb_8



Posted by at No comments:

Wednesday, 2 February 2022

RC Boat for Wetlands switched to Power Transistors

Experiments with SG90 servos and board resulted in failure to drive the motors.

http://www.ee.ic.ac.uk/pcheung/teaching/DE1_EE/stores/sg90_datasheet.pdf


So rummaged around in component boxes until I found some power transistors.

The 2N3054 should do the trick:

https://octopart.com/datasheet/2n3054-comset+semiconductors-29378570

https://www.homemade-circuits.com/dc-motor-speed-controller-circuits/


I ended up with a diode across the motor with both between th NPN collector (case) and +5v from a USB power bank. Then a 2K2R resistor from base pin to micro:bit and emitter connected to GND.

Also have a red LED (longer lead to +5v) and 670R resistor across water pump motor as a visual indication.

With the NPN viewed from behind with the two pins furthest away from you the emitter is on the right (with base on the left)




Next, after testing successfully using a breadboard last night, 


I decided to commit two channels to a veroboard this morning.




Got one wired and works if signal in connected to +5v (i.e. LED and motor turn on) but not when driven by 3.5v signal from micro:bit! Strange as this worked on the breadboard last night!

After some fiddling it finally worked. So loose cable maybe? Now wiring up the second transistor.

Got second channel working (LED on when signal taken to +5v) but first channel now broken!

Fixed. Was loose solder to collector casing.





















Posted by at No comments:
Subscribe to: Posts (Atom)