Skip to content

On Off Keying

27MHz RC Car

These cheap RC cars that the Waag Society were using for their autonomous toy car project included chintzy 27 MHz transmitters that had binary speed and direction control. Since we were using an Arduino and motorshield to control the car, the RC parts were surplus I wanted to try to use my new HackRF to decode the protocol.

The HackRF uses an accessory program named gqrx that is useful for "spinning the dial" to look for frequencies. It allowed me to quickly zero in on roughly 27.1 MHz for the signal.

gnuradio is a "blueprint" based programming environment that takes some getting used to. In this case I followed Great Scott Gadget's On-Off Keying tutorial to configure the radio.

Notes:

  • The osmocon source is the HackRF and is configured with two variables:
    • samp_rate of 8 MHz is sufficient for the low-bandwidth transmissions and helps avoid crushing the CPU.
    • tuning_freq is near the desired frequency, but offset slightly to avoid the DC bias
  • The chan_freq variable is a GUI slider so that I can adjust it on the fly. This allowed me to zero-in the actual frequency, although just getting close is sufficient.
  • Complex Mag will turn an AM modulated signal into a binary one.

Unitary encoding

TODO: Document protocol - unitary encoding

  • Some number of long start bits, followed by some number of short bits, followed by at least one long bit.
NONE  00000 5
UP    0000000000 10
DOWN  0000000000000000000000000000000000000000 40
LEFT  0000000000000000000000000000000000000000000000000000000000000000 64
RIGHT 0000000000000000000000000000000000000000000000000000000000 58
U+L   0000000000000000000000000000000000 34
U+R   0000000000000000000000000000 28
D+L   0000000000000000000000000000000000000000000000 46
U+R   0000000000000000000000000000000000000000000000000000 52

2017 Radio

Last update: November 8, 2020