The Neewer NL660-2.4 Video Keylight has a handy remote control, which for [Tom Clement] has a major flaw in that it can’t restore the light to the state it had during its last power-on. He’s thus taken the trouble to reverse engineer it and create his own remote using a suitably-equipped Arduino clone.
The write-up is a step through primer for the would-be RF remote hacker, identifying the brains as an STM8 and the radio as an NRF24 clone before attempting to dump the firmware of the STM8. As might be expected the STM is protected, which only leaves the option of sniffing the connection between the two chips. The SPI pins are duly probed with a logic analyser, and the codes used by Neweer are extracted. As luck would have it there is a handy board called the RF Nano which is an Arduino Nano and an NRF24 in an Arduino Nano form factor, so a proof of concept remote could be written on an all-in-one module. You can find the result as a GitHub Gist, should you be curious.
We’ve seen Tom a few times before, particularly in his European BadgeLife work, as part of which he’s put a lot of effort into bringing browser-based WebUSB and WebSerial development to his work.
Source: AN RF REMOTE IS NO MATCH FOR A LOGIC ANALYSER!
