Following on from capturing the signal in the previous post was to try a simple replay of the signal to see if it would set the doorbell off as expected.
For this we started off using hackrf_transfer, this receives data in to a file then transmits again from the file, perfect for a quick signal replay.
My first attempt at this was to simply set hackrf_transfer to record the signal centred on the frequency of interest 433.780Mhz.
Firstly capturing to a file:
hackrf_transfer -r 433780000.raw -f 433780000
Then transmitting from the file:
hackrf_transfer -t 433780000.raw -f 433780000 -x 20
Initially I hadn’t included a transmit gain option with -x so wasn’t seeing a signal when transmitting, this could have been reduced a bit.
Now the approach taken above did not work as expected. On looking at the signal transmitted by using an RTL-SDR device to see what was going on we can see a problem.
The image above shows that capturing and transmitting on the same frequency has resulted in in a continuous signal being sent, the red line, through the middle of our real signal. This signal is on the exact same frequency the doorbell receiver is expecting the real signals and unsurprisingly the AM receiver doesn’t like a strong signal interfering so it didn’t ring.
The simple answer here is to offset the record and transmit frequency a bit, 20khz here, so the DC spike that exists in the middle of our recording isn’t where we’re wanting to transmit.
hackrf_transfer -r 433760000.raw -f 433760000
hackrf_transfer -t 433760000.raw -f 433760000 -x 20
As can be seen in the image below, by shifting the capture and transmit frequency 100khz away, the carrier of the spike is no longer on top of our signal and bing bong the doorbell rings!
I tried to replay the signal with GNU Radio gnuradio-companion using an offset frequency and it also worked as expected and rang the doorbell first try.
Simple flow to capture to file.
The GNU Radio waterfall from the
capture showing the signal (just)
Simple flow to transmit from file.
The only problem with this is approach is it’s transmitting the full captured sample which could land us transmitting something unintentionally captured. So while it works and is quick, a better approach would include some filtering, I have a look at this in the next post here.
I’d also like to emulate the signal in GNU Radio as retransmitting isn’t that great but that’s a bit of learning away yet.
I uploaded a short video to youtube demonstrating the doorbell ringing.