Decoding the IR1838 Remote with Serious Bit Slew
Decoding the IR1838 Remote with Serious Bit Slew
A quick bit of code was created that would allow timing inspection of one bit against another. Here is the quick code block inside the interrupt trip:
void gpio_callback(uint gpio, uint32_t events)
{
uint32_t rnow = time_us_32();
uint32_t dif = rnow - time_a;
if (dif > 14000)
{
printf("split\n");
time_a = rnow;
return;
}
int cpin = gpio_get(gpio);
printf("%d,%d\n", dif, cpin);
time_a = rnow;
}The output is captured with a simple:
sudo cat /dev/ttyACM0 >> capture.txxtYou will know that the RPI2040 is capable of outputting when you watch the dmesg as in:
sudo dmesg -wIt will show up in the console as:
A very quick partition script is written in Python that will parse the packets split on the word 'split'
with open("split.txt", "r") as g:
data = g.read()
data = data.split('split')
print("dkdk")Print is deliberately left on the end so that there is a debugging break point to hang off of after the split.
The results are interesting
- We can see clearly that we have a short packet, and the long full packet. This gives us a potential to filter.
- Checking the back of the packets we can also notice this:
Knowing this we can really focus on three timing slots:
- Starting bits with ranges in 8900-9100 us.
- Single bits with timings in the range of 500 - 630 us.
- Triple bits with timings in the range of 1600-1720 us.
Just to be thorough we check the remainder of the buttons for the remote, the end of the data was the same as button 1.
Button 2:
Button 3:
Button 4:
.. and so on a clear structure is developed here.
- Anything with a 2000-2200 can be filtered (short packets or partial fragments)
- Anything with a signing 8800-9000 us followed by a 4300-4500 is a signing bit set showing a full packet follows.
- The offset of the wide pulses shift left or right which determines the key.
All we have to do now is write the protocol decoder for this.
