Over on his blog, Veghead has posted about how he was able to reverse engineer a wireless alarm panel keypad from 1986 with an RTL-SDR dongle. The goal of his reverse engineering was to be able to eventually hook it up to a modern alarm system.
By first looking at the old FCC label on the keypad, Veghead discovered that the device transmitted between 319 MHz and 340 MHz. He then used his RTL-SDR dongle to take a recording of the transmitted signals, before opening them up in Audacity – a free audio processing program.
By analyzing the waveform in Audacity, Veghead discovered that the alarm panel uses simple ON-OFF Keying (OOK) modulation. Although the frequency of the signal drifted a lot (probably due to aged components), he was able to write a decoder that he called cletus which converts the recorded complex I/Q signal into a real signal and then uses a state machine to turn the waveform into 1’s and 0’s. Finally the program then outputs the correct button that was pressed to the terminal.
Reverse Engineering a Vintage Wireless Keypad with an RTL-SDR
Source: RTL SDR