linux   rf
From 01.09.2018

Remote Control Globo LED Light

I recently stumbled upon a LED Light with a remote control using 433MHz. Somewhat like this one.


As I knew from the past, 433MHz devices do not have a lot of security if they have some at all. So I decided to turn it into a Wake-up-Light using a RaspberryPi by replaying signals.

Viewing the spectrum (using a RTL-SDR) proved it to use the same protocol I saw with some Intertechno AC-Plugs (featuring the same security: None). I figured that there might already by a simple software to handle this and found 433Utils. As I needed to get a sender anyway, I also got a receiver.

433MHz hardware

To install 433Utils (which uses RCSwitch):

cd ~/
git clone git://
cd wiringPi

cd ~/
git clone –recursive git://
cd 433Utils/RPi_utils

Now I could just see the commands from the remote with ./RFSniffer (uses WiringPI 2 -> Pin 13). I recorded all Keys:

Key Code
Aus xxxxx611
An xxxxx755
Warm xxxxx800
Cold xxxxx608
Dunkler xxxxx620
Heller xxxxx572

and then tried to replay them using ./codesend xxxxx755 (uses WiringPI 0 -> Pin 11)

Now my Lamp did not respond. But RFSniffer still picked it up. Looking througt the code I had to realize that RCSwitch tries to decode a few variants but RFSniffer does only print the decoded value without further information about the protocol at play. I changed that:

  just chaged the last print

#include "../rc-switch/RCSwitch.h"
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>

RCSwitch mySwitch;
int main(int argc, char *argv[]) {
     // This pin is not the first pin on the RPi GPIO header!
     // Consult
     // for more information.
     int PIN = 2;
     if(wiringPiSetup() == -1) {
       printf("wiringPiSetup failed, exiting...");
       return 0;
     int pulseLength = 0;
     if (argv[1] != NULL) pulseLength = atoi(argv[1]);
     mySwitch = RCSwitch();
     if (pulseLength != 0) mySwitch.setPulseLength(pulseLength);
     mySwitch.enableReceive(PIN);  // Receiver on interrupt 0 => that is pin #2
     while(1) {
      if (mySwitch.available()) {
        int value = mySwitch.getReceivedValue();
        if (value == 0) {
          printf("Unknown encoding\n");
        } else {    
          printf("Received %i %i %i len: %i\n", mySwitch.getReceivedValue(),
                                           mySwitch.getReceivedBitlength() );

Now I was able to see the difference between condesend and my remote. The showed parameters where not exactly stable but good enough.

pi@raspberrypi:~/433Utils/RPi_utils $ ./codesend xxxxx755
sending code[xxxxx755]
Received xxxxx755 1 353 len: 24
Received xxxxx755 1 353 len: 24
pi@raspberrypi:~/433Utils/RPi_utils $ 
pi@raspberrypi:~/433Utils/RPi_utils $ Received xxxxx755 1 248 len: 24
Received xxxxx611 1 248 len: 24
Received xxxxx611 1 249 len: 24
pi@raspberrypi:~/433Utils/RPi_utils $ ./codesend xxxxx755 1 248
sending code[xxxxx755]
Received xxxxx755 5 555 len: 24
Received xxxxx755 5 556 len: 24
Received xxxxx755 5 557 len: 24
pi@raspberrypi:~/433Utils/RPi_utils $ ./codesend xxxxx611 1 248
sending code[xxxxx611]
Received xxxxx611 5 555 len: 24
Received xxxxx611 5 553 len: 24
Received xxxxx611 1 251 len: 24