IR REVERSE ENGINEERING

IR REVERSE ENGINEERING

Nadav Yahav, Asher Yanai

1

Decoding infrared transmission using remote control signals.Actually, we are using the decoder to timing all possible signals (bit 0/1, header, footer). Thats allowed us to verify and graphs all of the possible control configuration, establishing a timing and command set for the device.After understanding the graphs, and each transmission, we generate a code for the specific protocol. That code will replace the controller using the Arduino and IR LED transmitter.WHAT IS REVERSE ENGINREERING?

2

IR frequency transmitter can transmit in wide range of frequencies(38 kHz, 50 kHz).Usually at 38 kHzEach bit represented by constant time of LED on and LED off.We produced this frequency by turning on and off the LED for 13 microseconds. (this is just for the ON state)

IR TRANSMIT

IR TRANSMIT

oscilloscope example

DVD EXAMPLE PAGE-1

DVD EXAMPLE PAGE-2

DVD EXAMPLE PAGE-3

DVD EXCEL SIGNALS EXAMPLE

DVD ExampleDVD EXAMPLE PAGE-4

107G Helicopter

107G HelicopterProtocol:The Syma 107G is a 3-channel (Yaw, Pitch, Throttle) helicopter which utilizes Infrared (IR)The transmission of a control packet is contingent on the application of throttle.There are four passible symbols-Header , Footer , 0s , 1s.

107G Helicopter

The IR Decoder results on the 107G remote controller. 107G

26 microsec300 microsec- on300 microsec- off0 bit107G Helicopter

26 microsec300 microsec- on700 microsec- off1 bit107G Helicopter

26 microsec1960 microsec- on1860 microsec- offheader107G Helicopter

26 microsec300 microsec- on1400 microsec- offfooter107G Helicopter

01234567012345670123456701234567header0yaw0pitchchannelThrottle 0Trimfooter

The control packet consists of a header symbol, 32-bits of control information, and a footer symbol.107G Helicopter

107G HelicopterProtocol:Yaw- represented by bits 0-7.Yaw control the turning of the Helicopter-Values between 0 and 127, centered on 63.For example sharp turn left will send number of value 127.

107G HelicopterProtocol:Pitch - represented by bits 8-15.Pitch control the flying forward and backwards - range: 0-127,Bit number 16-Represent the Chanel of the Helicopter(A\B).

107G HelicopterProtocol:Throttle is represented by bits 17-24 between 0 and 127.Throttle control the speed of the rotors (go up and down or hover).

107N Helicopter

107N HelicopterThe only difference between the two helicopters is the timing of the 4 symbols represented.Working with the same frequency (38 kHz)Has the same protocol (3-channels, 32 bit package)

107n signals example107n Code 107G Code

107N HelicopterTime off (sec)Time on (sec)symbol19002060header340440zero740440one24240440footer

Time off (sec)Time on (sec)symbol18801960header300300zero680300one14000300footer

G

N

The lego car

The lego carThe Remote control of the Lego carThe IR receiver of the Lego car works with 4 channels, He receives a packet of 16 bits. Depending of the packet, he sends the commands to two engines working in synchronization. If a legal command is received, The receiver will blink yellow LED, indicates that the command in being executed.

0123012345670123headerBBBB AAAALLLLfooter

The control packet consists of a header symbol, 16-bits of control information, and a footer symbol.The lego car

channelNibble 1Nibble 2Nibble 3

Error detectionConstant bits of 01

Engine B

Engine A

The lego carProtocol:BBBB-Left Engine:ACTUAL MOVEBITSNo movement0000Forward speed 10001Forward speed 20010Forward speed 30011Forward speed 40100Forward speed 50101Forward speed 60110Forward speed 70111Brake1000

ACTUAL MOVEBITSBackward speed 71001Backward speed 61010Backward speed 51011Backward speed 41100Backward speed 31101Backward speed 21110Backward speed 11111

The lego carProtocol:AAAA-RightEngine:ACTUAL MOVEBITSNo movement0000Forward speed 10001Forward speed 20010Forward speed 30011Forward speed 40100Forward speed 50101Forward speed 60110Forward speed 70111Brake1000

ACTUAL MOVEBITSBackward speed 71001Backward speed 61010Backward speed 51011Backward speed 41100Backward speed 31101Backward speed 21110Backward speed 11111

The lego carProtocol:LLLL- 4 bits of Error detection.The 4 bits will be 0xF xor Nibble 1 xor Nibble 2 xor Nibble 3.

The lego carTime off (sec)Time on (sec)symbol960182header230182zero500182one960182footer

The lego car

A code is added, writing by Nadav Yahav and Asher Yanai.

Press here to get the code

Press commands using the serial port:W- moving forwardZ or X - moving backward A - turn left.D - turn right.

The lego car

- The end -