It's that time of year again, when the stores are full of Christmas decorations and accessories. Christmas may be months away yet, but never underestimate the power of hacking seasonal holiday accessories, one accessory in particular is incredibly useful year-round in home automation systems. This is, of course, wireless remote-controlled outlets. These are small boxes that plug in the wall with an outlet on them that act as switches. Included is a wireless remote with on/off buttons for one or more outlet modules. These often communicate on hacker-friendly radio frequencies with simple protocols that are easily reverse engineered. By pairing these wireless outlet modules with a simple transmitter circuit, you can attach AC lights and appliances to a computer-controlled home automation network.
I had previously purchased a 5-pack of wireless DBTech outlets from Amazon and reversed their protocol, but found that they only offered one signal, which was a toggle command. This is not ideal for home automation, where we want to explicitly send on or off to avoid issues caused by missed transmissions. Fortunately, I found a 3-pack of "Holiday Time" outlets at Walmart for $15, quite a good deal for what you can do with them, and these have both on and off buttons on the remote.
Step 1: What you will need to continue...
If you purchased the exact same outlets I did, you don't need to reverse engineer them as I did the work for you. However, you likely didn't get the exact same ones as me, and there are tons of brands out there. They are all similar, but you will likely need your own reverse-engineering tools and skills to crack the protocol.
First, get yourself a set of radio transmitters and receivers from SparkFun. Get both the 315MHz and 434MHz versions of each, because these outlets can use either frequency (my 5-pack set uses 434, these use 315). You need the receiver to decode the protocol unless you want to disassemble the remote and probe around inside it. I'd still recommend the receivers to confirm your transmitter is transmitting. If you use the receiver, you don't even have to risk voiding your warranty by opening up the remote.
315MHz Transmitter: https://www.sparkfun.com/products/10535
315MHz Receiver: https://www.sparkfun.com/products/10533
434MHz Transmitter: https://www.sparkfun.com/products/10534
434MHz Receiver: https://www.sparkfun.com/products/10532
You'll also want a microcontroller of some sort, I used ATTiny2313 but any AVR, PIC, Arduino, or similar should do. You need to know how to use its microsecond and millisecond delay functions or write your own delay loops. You also want a microcontroller that has a serial port so you can talk to the computer.
For the reverse engineering you will also need either an oscilloscope or a logic analyzer. These can run at fairly high speeds so a DIY analyzer off an Arduino might not be fast enough for microsecond-scale pulses. My Rigol DS1052E 100MHz scope works wonders for this.