GSM/RF Module to control house appliances hacked

GSM/RF Module to control house appliances hacked

I bought this where I work, Bauhaus Liertoppen for 99 Norwegian Kroner (~EUR12.5/~USD16). It is a wall socket adapter with combined RF remote control and GSM remote control.

To make all three parts communicate you plug in the power or insert the batteries on at the time, pressing any button on the remote so they all can recognize each other. I already have the RF only version, so now I was only interested in the GSM part.

Inside the modem box you find a GSM module and a RF module which operates at the 433MHz band.

On the main circuit board there is one chip in particular which is very interesting. The Holtek HT9170D, which is a Dual Tone Multi Frequency (DTMF) receiver. This is connected to the GSM module and listens to the conversation between the box and the caller. When you press a numeric button on the cell phone in-call a DTMF tone is produced, and the HT9170D translates this into a 4 bit digital representation, transferred in parallel trough the pins D0 to D3. Whenever a tone is received and not rejected by the internal circuitry of the HT9170D, the corresponding data pins goes high, and the DV pin goes high to indicate that there is data available to be read. The DV pin goes low again when the tone is gone, but the data pins remain high until next tone is to be transferred.
Note that there is a small tactile pushbutton that is pressed when the SIM-card lid is closed, so if you are experimenting with the circuit out of the box, the pushbutton needs to be bypassed with a piece of wire. Here are some photos of it.

Click the thumbnails for descriptions

This is a video of my oscilloscope reading the DV pin while I am in a call with the box.

Leave a Reply