-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Geevon TX19-1 #3109
base: master
Are you sure you want to change the base?
Conversation
Thanks! Is there really an extra bit between packets? Or is that maybe a sync pulse for the next packet -- we sometimes see that. We need to figure out the new checksum. Not having any checksum will produce false positives. The model key should have the name string on the same line, use DATA_COND if you need different names. |
This is what I get when I run
Set slicer to PWM, short to 256us, long to 476uS, sync to 728uS
Not really unless there is another protocol with payload of 72 bits with 0xaa, 0x55, 0xaa at the same positions. Anyway, I have no idea how to reverse engineer the checksum. There is no software from Geevon to capture the data and I have no way to dump the firmware from the sensor.
I'll look into it. |
BTW, it looks like TX16-3 is also 73 bits, see https://github.com/merbanan/rtl_433/blob/master/src/devices/geevon.c#L67 but the author didn't bother to document the last bit Another issue: I don't understand why |
There are these warnings and errors:
For the docs maybe use a doc comment with |
For the checksum, post a list of many different codes and we'll take a look at what it could be. |
How many do you need? |
Not sure, let's start with about 30 unique code, mostly close together (very little bit differences) if that's possible. |
Here you go:
|
And a bit more:
(The first byte - ID - changes when you remove the batteries, apparently it's generated randomly) |
Checksum looks like a LFSR, Galois with bit reflect and byte reflect, generator 0x98 and key 0x25. |
It doesn't seem to work:
|
Yes, the key is rolled the wrong direction I think. I'll look into that. // Checksum is actually an "LFSR-based Toeplitz hash"
// gen needs to includes the msb if the lfsr is rolling, key is the initial key
static uint8_t lfsr_digest8_galois(uint8_t const *message, int bytes, uint8_t gen, uint8_t key)
{
uint8_t sum = 0;
// Process message from last byte to first byte (reflected)
for (int k = bytes - 1; k >= 0; --k) {
uint8_t data = message[k];
// Process individual bits of each byte (reflected)
for (int i = 7; i >= 0; --i) {
// fprintf(stderr, "key at bit %d : %04x\n", bit, key);
// XOR key into sum if data bit is set
if ((data >> i) & 1) {
sum ^= key;
}
// shift the key right (not roll, the lsb is dropped)
// and apply the gen (needs to include the dropped lsb as msb)
if (key & 1)
key = (key >> 1) ^ gen;
else
key = (key >> 1);
}
}
return sum;
} |
Yeah, this one works, thanks! Out of curiosity, how did you reverse engineer it? |
340e486
to
47d9b95
Compare
LFSR (digest) is a common scheme so I wrote a program to brute force the parameters: https://github.com/triq-org/revdgst/ |
There is now a |
The protocol is essentially the same as with TX16-3, the only difference is that checksum algorithm has changed
47d9b95
to
d96ffe9
Compare
The device itself can be found at Amazon, e.g. https://www.amazon.ca/Geevon-Wireless-Outdoor-Thermometer-Replacement/dp/B0BMLRJ61Q
The protocol is essentially the same as with TX16-3, the only difference is that checksum algorithm has changed. I tried feeding the data into reveng, but unfortunately it's enable to find CRC model.