Reverse Engineering Remote Control Power Sockets

pollin frontpollin back

For about 13 EUR, the German electronics dispatcher Pollin sells remote controlled power plugs that can be used as kind of a poor man's home automation system. Four plugs can be grouped together and switched on or off by a remote control.

Inspired by an article in the German c't Hacks magazine (3/2012), the following series of post will guide through a reverse engineering process with the intention to replace the remote control in two different ways. The first approach uses an Andoid smartphone connected to a Raspberry Pi via WiFi, the second one makes use of a STM32F0DISCOVERY. Both microcontroller platforms make use of a cheap 433 MHz transceiver ordered in China. If you plan to rebuild one of the projects, make sure to order right now, the shipping from China may take weeks to month.

In case of the Raspberry Pi, two approaches will be described, one in userspace and one in kernel space. The kernel space approach comes in form of a Linux Kernel Module (LKM) and hides the fact that the Raspberry Pi normally is not capable of fulfilling realtime tasks.

Tooling

In order to follow the articles, or to rebuild one of the projects, you'll need the following items:

  • Raspberry Pi and Android smartphone or
  • STM32F0DISCOVERY
  • 433 MHz transceiver (e.g. from ebay)
  • Multimeter (optional, e.g UNI-T UT61C)
  • Oscilloscope (e.g. RIGOL DS1052E) or
  • Software-defined radio supported by rtl-sdr (e.g. Noxon DAB Stick)
  • Phillips-tip screwdriver