Figure 0 - This hidden device can intercept remote control signals and play them back!
This hidden device can intercept remote control signals and play them back!

This fun project lets you take control away from the person holding the remote control by intercepting the invisible signals as they travel through the air so you can play them back to the TV or video machine. You can also "train" your Remote Hijacker by recording certain button presses directly from the remote so that you can play them back later on, taking total control over the target appliance. Because this project records the remote control pulse stream directly, it will work on any infrared based remote control, able to learn a few button presses.

This project uses a very simple microcontroller program that just times the pulses coming into the infrared decoder and then stores them in the internal SRAM for later playback. The source code is made as simple as possible, allowing for plenty of room for modifications and alterations to suit your evil genius agenda. Because no interrupts are used, the C program could be ported to just about any microcontroller, and will work on all of the Atmel microcontrollers as is. Larger internal memory allows more button presses to be stored, with the Amtega88 (1K SRAM) allowing about three button presses to be recorded and played back.

Figure 1 - The remote control signals are first decoded by the RC5 module
Figure 1 - The remote control signals are first decoded by the RC5 module

Almost every electronic appliance that includes an infrared remote control will use a standard method of communication over the invisible beam called the "RC5 Protocol". This simple protocol works by sending a series of 1.5ms to 2.5ms long pulses that are modulated by a carrier frequency of 36 KHz to 45 KHz. The pulses make up a frame of data, which is usually 12 bits long, encoded using a system of inversion called Manchester Encoding. Of course, we won't have to dig all that deep into any of this stuff because this project just records the length of pulses and stores them as byte values into the microcontroller's internal memory for later playback.

Of course, you could actually decode the data and store a lot more, but this would require some crafty programming to measure the exact pulse rate and then understand the stream that it is seeing at the input. I just wanted a quick and dirty hack that would allow me to prank the remote control user, so I opted to just measure the time between pulses and store that value. This allows any remote to be recorded and played back as the program does not care what the exact frequency or command being sent really is.

To deal with the very fast 40 KHz modulation, a readymade solution is used that will strip out the modulation and leave only the millisecond pulse train. These remote control decoder modules are very common as they are used in most of the appliances that we are going to hijack. These tiny 3 pin blocks have a power, ground, and output, and do nothing more than look for RC5 pulses in order to strip them of their modulation. I have collected many of these remote control modules from various dead appliances and electronics suppliers, and all of them do basically the same thing. Some of them are contained in a metal can, while others look like transistors with a bubble on one side to input the infrared light. All that matters is that you can figure out which pins are power, ground, and output on the device.

Back Home Last Next
You are Viewing... Page 1 of 13
Lucid Science Electronics from the Fringe AtomicZombie Hack-a-day SparkFun