Cheap Home Automation using Wireless Outlet Modules

Picture of Cheap Home Automation using Wireless Outlet Modules
It's that time of year again, when the stores are full of Christmas decorations and accessories.  Christmas may be months away yet, but never underestimate the power of hacking seasonal holiday accessories, one accessory in particular is incredibly useful year-round in home automation systems.  This is, of course, wireless remote-controlled outlets.  These are small boxes that plug in the wall with an outlet on them that act as switches.  Included is a wireless remote with on/off buttons for one or more outlet modules.  These often communicate on hacker-friendly radio frequencies with simple protocols that are easily reverse engineered.  By pairing these wireless outlet modules with a simple transmitter circuit, you can attach AC lights and appliances to a computer-controlled home automation network.

I had previously purchased a 5-pack of wireless DBTech outlets from Amazon and reversed their protocol, but found that they only offered one signal, which was a toggle command.  This is not ideal for home automation, where we want to explicitly send on or off to avoid issues caused by missed transmissions.  Fortunately, I found a 3-pack of "Holiday Time" outlets at Walmart for $15, quite a good deal for what you can do with them, and these have both on and off buttons on the remote.
Remove these adsRemove these ads by Signing Up
TimL53 months ago

I wrote a post describing in detail how I created this without using an oscilloscope:

CalcProgrammer1 (author) 1 year ago
Works perfectly with the Verdant Electronics sets from Home Depot as well! I bought their CH C outdoor set today to run some outdoor Christmas lights. I now have 12 outlets (CH A, B, C, and D) all working at once! I've revised my bit timings again as well to get rid of some flaky behavior I was seeing on some of the modules.
CalcProgrammer1 (author) 1 year ago
I just bought a new set, CH D, at WalMart. It looks like they've changed the design but from my initial first glance the electronics are probably the same as before. I'll post pictures and a teardown after confirming that they do in fact work with the protocol I've implemented.
Here are some pics of the new outlets.  I didn't bother reverse engineering their protocol as I figured they'd be the same and lo and behold they were.  I added support for the 'D' channel code (SSSL) and tested to see if it would just work and it did.  All three of these outlets work perfectly just like the old ones.  They're kinda ugly though.  They still have the red LED but it's not exposed through a window so the whole plastic sorta glows red.  At least the price stayed the same!
sarthur2 years ago
While the ones I purchased looked exactly the same, they were rebranded and also flashed with a different pulse lengths. The codes were the same, but long/1 is 1800/600 us, and short/0 is 600/1800 us. Full writeup and arduino code on my blog:
CalcProgrammer1 (author)  sarthur2 years ago
I'm guessing they were the same ones after looking through your code, If you were looking at the comments in my code (640us per frame) that's for a different set of outlets I had purchased and did not end up using (they ran at 434MHz). My timings are 1700/900 and 500/2100, though there's probably a good margin of tolerance on these numbers as I remember adjusting them up and down by a few hundred us to get them reliable for all my outlets. I'm using the 8MHz internal RC oscillator on my ATTiny2313 as well, which is not the most accurate clock source at all. If you're using an Arduino with a proper 16MHz crystal your timings are probably more accurate.
sarthur2 years ago
Cool -- I happened to find all 4 channels A,B,C,D at Big Lots and picked them up. Are there other differences besides the END code? Your methods are named like ch_b_out_1_on and I'm not sure if that was just future-proofing, or if the preamble or on/off code varies as well.
CalcProgrammer1 (author)  sarthur2 years ago
I'm guessing it's only the end code, I changed my code to just have one set of outlet on/off and one start code function, then have end code functions for A and B. It worked with my A and B sets but you're on your own with C and D. I'd try the assumption that 1000 0100 0010 0001 corresponds to A B C D and if that doesn't work then you'll need to scope it.
endolith2 years ago
Wouldn't it be simpler to just control the switch that it comes with? No reverse engineering of the protocol necessary.
CalcProgrammer1 (author)  endolith2 years ago
That would be a much uglier and hackier hack though, sacrificing the remotes and voiding any warranty. I wanted to do this cleanly and not modify the remotes (as I still use them, they sit on my table for when I don't want to use my phone/PC). You could if you were in a pinch or didn't have the tools to reverse the protocol, but what fun is that? The parts to build a complete remote are cheap anyways, and you could program multiple different sets as long as they use the same frequency using this technique.
CalcProgrammer1 (author) 2 years ago
For the CH A set replace the END code with LSSS, now you have 6 outlets! Looking at that code, it could very well be the case that A is LSSS, B is SLSS, C is SSLS, and D is SSSL but I'm just guessing based on A and B which are known.
Treknology2 years ago
I have been looking at X-10 equipment for my own home, however, most of the "switches" cannot handle heavy inductive loads. Starting up a heater or a light is no problem, but the heavy draw of a fan-motor starting up can destroy the receiver/switch. Does the product you have hacked survive under such conditions?
CalcProgrammer1 (author)  Treknology2 years ago
Haven't tried it but I would assume so. These modules are relay based which is the same as a physical switch as two contacts are connected and disconnected to swirch the load. Those X10 units are likely using solid state relays based on TRIACs which do not take inductive loads well.
Thank you. I now have to find a 250V version.... :)