Reverse Engineering a 27MHz RC Toy Communication Using RTL SDR
a day ago
- #RTL-SDR
- #GNU Radio
- #reverse-engineering
- The author reverse-engineered an RC fire engine's communication to control it from a laptop using an RTL SDR and GNU Radio.
- Identified the exact frequency (27.1MHz) using a waterfall diagram and visualized the signal.
- Determined the modulation scheme to be Amplitude Shift Keying (ASK) through time domain visualization.
- Demodulated the ASK signal using AM Demod, AGC2, and FIR Filter blocks to improve signal quality.
- Observed repeating patterns (111011101110 and 10101010) indicating key encoding based on high-frequency pattern length.
- Used a Symbol Sync block and custom Python code to count frame lengths and decode key combinations.
- Resolved buffer size issues with Stream to Vector and Vector to Stream blocks for accurate frame detection.
- Compiled a table of key combinations with their corresponding frame lengths and data lengths.