Decoding the IR1838 Remote with Serious Bit Slew

Decoding the IR1838 Remote with Serious Bit Slew

Decoding the IR1838 Remote with Serious Bit Slew
Credit: Dogecoin.

A quick bit of code was created that would allow timing inspection of one bit against another. Here is the quick code block inside the interrupt trip:

void gpio_callback(uint gpio, uint32_t events)
{
  uint32_t rnow = time_us_32();
  uint32_t dif = rnow - time_a;
  if (dif > 14000)
  {
    printf("split\n");
    time_a = rnow;
    return;
  }
  int cpin = gpio_get(gpio);
  printf("%d,%d\n", dif, cpin);
  time_a = rnow;
}

The output is captured with a simple:

sudo cat /dev/ttyACM0 >> capture.txxt

You will know that the RPI2040 is capable of outputting when you watch the dmesg as in:

sudo dmesg -w

It will show up in the console as:

A very quick partition script is written in Python that will parse the packets split on the word 'split'

with open("split.txt", "r") as g:
    data = g.read()
    data = data.split('split')

    print("dkdk")

Print is deliberately left on the end so that there is a debugging break point to hang off of after the split.

The results are interesting

  • We can see clearly that we have a short packet, and the long full packet. This gives us a potential to filter.
  • Checking the back of the packets we can also notice this:

Knowing this we can really focus on three timing slots:

  • Starting bits with ranges in 8900-9100 us.
  • Single bits with timings in the range of 500 - 630 us.
  • Triple bits with timings in the range of 1600-1720 us.

Just to be thorough we check the remainder of the buttons for the remote, the end of the data was the same as button 1.

Button 2:

Button 3:

Button 4:

.. and so on a clear structure is developed here.

  • Anything with a 2000-2200 can be filtered (short packets or partial fragments)
  • Anything with a signing 8800-9000 us ¬†followed by a 4300-4500 is a signing bit set showing a full packet follows.
  • The offset of the wide pulses shift left or right which determines the key.

All we have to do now is write the protocol decoder for this.

Linux Rocks Every Day