Cheap Arduino Controlled Light Sockets – Reverse Engineering RF
If only there was a way to control your lights without breaking the bank…
And now there is! For $19 on Amazon, you can get a 4-lightbulb kit from China that ordinarily is limited to 4 channels from a single remote…but with some creative hacking, can be used to control an unlimited number of channels using an arduino and a very simple RF module!
Here’s a video of them in action as part of our smart bathroom project (Instructable for that coming soon!):
Think this is awesome? Don’t forget to favorite it and follow us on Facebook!
Time required: 1-2 hours
Total Cost: $19 for four sockets ($5/socket), ~$20 for a transmitter
You should know:
Step 1: Reading the EEPROM
We’ll start by cracking open one of these light sockets and reading its memory. Grab your screwdriver and remove the two phillips screws holding the housing together. The case should fall open and reveal the PCB inside.
If you look around, you’ll see a few capacitors, some diodes, a big box (the relay), a long IC (the microcontroller), a separate board tacked on (the RF receiver), and a little 8-DIP chip marked 24C04 – this is the EEPROM that stores the RF command to turn on the bulb.
Let’s take a closer look at what the memory chip holds, shall we? Using the bus pirate and the datasheet for the EEPROM chip, wire up a circuit like the one shown. You should have:
- Bus Pirate VCC -> chip VCC (and to VPU, the pullup pin of the Bus Pirate)
- Bus Pirate GND -> chip GND
- Bus Pirate SDA (MOSI, Orange for Sparkfun BPs) -> chip SDA
- Bus Pirate SCL (CLK, Yellow for Sparkfun BPs) -> chip SCL
- Bus Pirate VPU -> Bus Pirate VCC (the pullup I/O pins are driven from this pin)
Next, let’s run a script that will dump the EEPROM data to a file using the I2C circuit we just set up. Using the terminal or command line, navigate to the folder where you downloaded i2c_dump.py and run it as follows:
It’ll produce a .hex file showing the hex values of the data.
Open up the .txt file. If it contains nothing but 0x00 or nothing but 0xFF, chances are you need to check your circuit and re-run the dump. If you see a few different values towards the start of the file and a bunch of 0x00’s after, you have a successful hex dump!
It’s a good idea at this point to try dumping a couple of the other bulbs to see what values change in this code. Don’t worry if the hex dumps don’t make sense yet, but you should notice that only one specific value in them is changing. Hmmmm…
For more detail: Cheap Arduino Controlled Light Sockets – Reverse Engineering RF
This Post / Project can also be found using search terms:
- numitron sockel