Prev: LCD Without Wire Connectors
Next: Technics SL-B100 Turntable Grounding Wire
From: N_Cook on 8 Aug 2010 07:46
Am I on a hiding to nothing? trying to crack a device with unavailable
remote control, and no button functions to speak of. Is there a technique of
sniffing a microcontroller to at least find the basic pulse repition rate?
perhaps inductive loop over the package or monitoring to nA level in supply
current would register a blip, or is it all or nothing?
Anyway
First tried this with Mitsubishi BD 512 "universal" rc
Removed the 4MHz resonator and fed in a sig gen of about 1.5V pk-pk
(previously scoped), floating from the rc battery levels. With a known
receiver and transmitter code selected, then functions would work over range
3.3 to 5.8M then fail outside that. The rc would work with 1.5V sine between
300K and 10.5M. Didn't continue with that one as you had to manually step
through each in-built code.

Got a few no-name URCs from UK Poundland "pound shop" , badged as Signalex ,
81415, 10 in 1 . 1 GBP for all the functionality of a URC. This type you can
set it to flicker away to itself until it reaches the end of a batch of
codes.
Removed the 3.58MHz resonator (why so apparently accurate?) . With 1.5V
pk-pk locked in with receiver over range 2.7 to 5.1M, and again about 300K
to 11M would operate using 1.5V. So far have only used with original 3.58M ,
6M and 7.5M sine inputs. Am I serendipitously likely to get a hit
somewhere, at least the unit on/off model recognition code if not function
code plus the model code

So 2 out of 2 of these URC have been amenable to this mod but no match to
the unit in question found so far. Is there any general guidelines for
makers to choose certain types/ranges of coding for different types of
equipment or is it totally open for them to choose? Assorted bits of kit
show at least partial responses to some of these off-spec codes, but not my
target one so far.


From: Geoffrey S. Mendelson on 8 Aug 2010 11:19
N_Cook wrote:
> Got a few no-name URCs from UK Poundland "pound shop" , badged as Signalex ,
> 81415, 10 in 1 . 1 GBP for all the functionality of a URC. This type you can
> set it to flicker away to itself until it reaches the end of a batch of
> codes.
> Removed the 3.58MHz resonator (why so apparently accurate?) .

That's the NTSC color carrier frequency. Not only were they made in the
billions over the years (every US/Canada/Japan, etc) color TV had one,
so did every VCR, and lots of other things.

I'm sure they will still be around for a while because while digital TV
has taken over in the US, it has not in the entire world and anything with
a composite video input or output needs one.

They became the defacto standard for things like telephone dialers,
and many things that needed about a 4mHz crystal because they were so cheap
and plentyful.

One of the famous "blue boxes" (telephone hacking devices) was made by
taking a Radio Shack tone dialer and replacing the 1mHz crystal with a
3.58mHz one.


> With 1.5V
> pk-pk locked in with receiver over range 2.7 to 5.1M, and again about 300K
> to 11M would operate using 1.5V. So far have only used with original 3.58M ,
> 6M and 7.5M sine inputs. Am I serendipitously likely to get a hit
> somewhere, at least the unit on/off model recognition code if not function
> code plus the model code
>
> So 2 out of 2 of these URC have been amenable to this mod but no match to
> the unit in question found so far. Is there any general guidelines for
> makers to choose certain types/ranges of coding for different types of
> equipment or is it totally open for them to choose? Assorted bits of kit
> show at least partial responses to some of these off-spec codes, but not my
> target one so far.

Look up LIRC (Linux Ifrared Remote Control). There is a library of remote
codes, a way of capturing new ones from a remote and since the definitions
are in a text file, they are easy to "hack".

There are all sorts of input and output devices, if you have a PC with a
regular serial port (not USB), you can build a transmitter from the proper
plug, a resistor and an IR LED.

Geoff.


--
Geoffrey S. Mendelson N3OWJ/4X1GM
To help restaurants, as part of the "stimulus package", everyone must order
dessert. As part of the socialized health plan, you are forbidden to eat it. :-)
From: N_Cook on 8 Aug 2010 11:40
Geoffrey S. Mendelson <gsm(a)mendelson.com> wrote in message
news:slrni5tik9.1ih.gsm(a)cable.mendelson.com...
> N_Cook wrote:
> > Got a few no-name URCs from UK Poundland "pound shop" , badged as
Signalex ,
> > 81415, 10 in 1 . 1 GBP for all the functionality of a URC. This type you
can
> > set it to flicker away to itself until it reaches the end of a batch of
> > codes.
> > Removed the 3.58MHz resonator (why so apparently accurate?) .
>
> That's the NTSC color carrier frequency. Not only were they made in the
> billions over the years (every US/Canada/Japan, etc) color TV had one,
> so did every VCR, and lots of other things.
>
> I'm sure they will still be around for a while because while digital TV
> has taken over in the US, it has not in the entire world and anything with
> a composite video input or output needs one.
>
> They became the defacto standard for things like telephone dialers,
> and many things that needed about a 4mHz crystal because they were so
cheap
> and plentyful.
>
> One of the famous "blue boxes" (telephone hacking devices) was made by
> taking a Radio Shack tone dialer and replacing the 1mHz crystal with a
> 3.58mHz one.
>
>
> > With 1.5V
> > pk-pk locked in with receiver over range 2.7 to 5.1M, and again about
300K
> > to 11M would operate using 1.5V. So far have only used with original
3.58M ,
> > 6M and 7.5M sine inputs. Am I serendipitously likely to get a hit
> > somewhere, at least the unit on/off model recognition code if not
function
> > code plus the model code
> >
> > So 2 out of 2 of these URC have been amenable to this mod but no match
to
> > the unit in question found so far. Is there any general guidelines for
> > makers to choose certain types/ranges of coding for different types of
> > equipment or is it totally open for them to choose? Assorted bits of kit
> > show at least partial responses to some of these off-spec codes, but not
my
> > target one so far.
>
> Look up LIRC (Linux Ifrared Remote Control). There is a library of remote
> codes, a way of capturing new ones from a remote and since the definitions
> are in a text file, they are easy to "hack".
>
> There are all sorts of input and output devices, if you have a PC with a
> regular serial port (not USB), you can build a transmitter from the proper
> plug, a resistor and an IR LED.
>
> Geoff.
>
>
> --
> Geoffrey S. Mendelson N3OWJ/4X1GM
> To help restaurants, as part of the "stimulus package", everyone must
order
> dessert. As part of the socialized health plan, you are forbidden to eat
it. :-)

I was not aware of that frequency as being significant , the equivalent over
here is millions of 4.433619MHz and x2 of that , quartz crystals for Phase
Alternate Line. That would explain why it was Never The Same Color (twice)
if they could get away with using ceramic resonators rather than quartz.

I'd already looked at LIRC but no listing for my device. Yes easy enough to
knock up an IR transmitter tacked onto a PC but I've not found a library of
codes or algorithm for generating all permutations of IR transmitter codes,
model trigger code or model plus functions


From: Geoffrey S. Mendelson on 8 Aug 2010 12:29
N_Cook wrote:
> I was not aware of that frequency as being significant , the equivalent over
> here is millions of 4.433619MHz and x2 of that , quartz crystals for Phase
> Alternate Line. That would explain why it was Never The Same Color (twice)
> if they could get away with using ceramic resonators rather than quartz.

Often the ceramic resonators were used as filters and for devices that were
designed to work at those frequencies, but where it was not critical.


>
> I'd already looked at LIRC but no listing for my device. Yes easy enough to
> knock up an IR transmitter tacked onto a PC but I've not found a library of
> codes or algorithm for generating all permutations of IR transmitter codes,
> model trigger code or model plus functions

I no longer have an LIRC setup to do it with, as I replaced my MythTV box with
a WD TV Live. If you can find someone with a little PERL programing experience,
they could write a program to copy each remote over to the LIRC config file,
restart the LIRC daemon and send some codes.

Then it would wait for you to hit a key, and try the next one.

It does not have to be very accurate, for example, if your program were to send
off, vol up, vol down, channel up, channel down, start and stop and something
happens at all, you have the correct frequency, spacing etc. From there,
you could play around to get the codes.

If I remember correctly LIRC was ported to the Palm Pilot, and if you could
get it to work on a Palm III or similar device, there are lots of them in
drawers just waiting for someone to ask for them.

Geoff.


--
Geoffrey S. Mendelson N3OWJ/4X1GM
To help restaurants, as part of the "stimulus package", everyone must order
dessert. As part of the socialized health plan, you are forbidden to eat it. :-)
From: Meat Plow on 8 Aug 2010 14:04
On Sun, 08 Aug 2010 15:19:07 +0000, Geoffrey S. Mendelson wrote:

> N_Cook wrote:
>> Got a few no-name URCs from UK Poundland "pound shop" , badged as
>> Signalex , 81415, 10 in 1 . 1 GBP for all the functionality of a URC.
>> This type you can set it to flicker away to itself until it reaches the
>> end of a batch of codes.
>> Removed the 3.58MHz resonator (why so apparently accurate?) .
>
> That's the NTSC color carrier frequency. Not only were they made in the
> billions over the years (every US/Canada/Japan, etc) color TV had one,
> so did every VCR, and lots of other things.
>
> I'm sure they will still be around for a while because while digital TV
> has taken over in the US, it has not in the entire world and anything
> with a composite video input or output needs one.
>
> They became the defacto standard for things like telephone dialers, and
> many things that needed about a 4mHz crystal because they were so cheap
> and plentyful.
>
> One of the famous "blue boxes" (telephone hacking devices) was made by
> taking a Radio Shack tone dialer and replacing the 1mHz crystal with a
> 3.58mHz one.

Toasters even had a 3.58 xtal in them. Phreakers were removing them and
replacing the xtal in walkie talkies so they could mess with drive up
window radio equipment for McDonalds, etc...



--
Live Fast, Die Young and Leave a Pretty Corpse
 |  Next  |  Last
Pages: 1 2 3 4 5
Prev: LCD Without Wire Connectors
Next: Technics SL-B100 Turntable Grounding Wire