Nice work! #1
Comments
|
Dear Dennis, thank you for your request and for the commendation. Unfortunately, I did not have much time to investigate this further in the last weeks. However, I really would like to go into more details and further investigate this protocol. I did not try a replay attack yet. Since they are using is a rolling key algorithm, the remote must be out of range or in a faraday cage to eavesdrop on the commands. This is already on my agenda :) Feel free to investigate on your own. And if you find anything interesting, please let me know! Cheers! |
|
Hi, Great work indeed, the blog post is awesome! In about two weeks I will receive screens with the Somfy IO motor and I would like to make an attempt on capturing the packets when binding the remote and sending commands. I do have a RTL-SDR (RT2832U) dongle and installed gnuRadio. However I'm struggling to get the project to work e.g. gnuRadio complains about missing blocks. Could you give some steps to follow on how to get the project up and running? |
|
Have a look at https://github.com/Velocet/iown-homecontrol. |
|
The code from the 2W example will soon be merged in a cleaner version into iown. If there are any questions feel free to leave a message in one of the chats or open a discussion. Happy to help 👍🏻 |
Thanks for sharing your reverse engineering article on the Somfy IO: https://www.google.com/amp/s/deralchemist.wordpress.com/2021/05/10/reverse-engineering-remote-controlled-somfy-blinds-part-1/amp/
I really enjoyed reading it... Did you already have some progress on the digital signal as it is probably encrypted. Hopefully we can extract some more information like the encryption method/ standard shared key.
How does the payload look between the remote and device if you reset the remote and join the device again?
Did you achieve anything with a simple replay of the payload?
The text was updated successfully, but these errors were encountered: