433mhz PIR Interface

I am wanting a 433mhz wireless PIR unit. All the ones I have found say one should check their control units are compatable with the PIR before buying.

Does anybody have an idea as to how much a problem would be to make a home built receiver to match the wireless PIR? eventually going into a Picaxe control circuit.

Building a 433Mhz receiver takes real skill and needs a lot of electrical engineering knowledge, buying one is cheap and simple. You will find receivers on eBay for about £1.
most PIR sensors have a TTL / digital output, so just connect its output to a 433Mhz Tx and that will be transferred to the receiver.
http://www.ebay.co.uk/itm/433MHz-RF-Transmitter-and-Receiver-Pair-for-Pi-Arduino-Remote-Wireless-ASK-OOK-/131423537958?pt=LH_DefaultDomain_3&hash=item1e99740b26

It might not be that simple. If you get a "wireless PIR" for a security alarm, pretty obviously it transmits in a secure protocol to counter hacking.

True, I have not seen any details of a common protocol, and the majority may well be proprietary details of which are never released.

I can decode most weather station wireless unit protocols, there are about 6 types, but only with an Arduino.

Getting hold of a low cost receiver will give a data stream that is broadcast from the wireless PIR, then the fun begins on decoding.

It may just be possible that it is a simple protocol.
http://dangerousprototypes.com/2011/06/15/hacking-a-pir-rf-signal-with-pic-12f683/

Thanks all. I thought decoding might be an issue. I don't know why attention is paid on encoding other than stopping one device interfering with another, for one the PIR has had a couple of triggers by an intruder then it's too late for enigma folk todo much.

I was playing around with the TX/RX pair shown in the link. I made the PIR output ground the test pin which has a pullup resistor. On the PIR getting triggered, a series of pulses go out from the NKM2401 into the 433mhx TX board. These pulses are received by the 433mhx RX board into a Picaxe which are converted into a single pulse so I can make my alarm look for a specified number of pulses over a time to avoid false triggers.

The reason I was looking at commercial wireless PIR units was on battery life, units claimimg uA consumption. I know my consumption yet to be measured is small, but a factor to consider with battery to use.

My other issue is trying to work with a pair on 433mhz units. I have one as described, but the other uses an encoder to allow 4 channel switches, however one knocks out the other so now I can only see a fix is by having one off while the other is on.

Decoding is pretty challenging for a Picaxe I found. I spent a fair bit of time decoding the Home Easy/Byron protocol and can "just" get a Picaxe to do it if it's not doing anything else. Pretty much every commercial device that uses 433MHz uses coded transmissions to avoid interference with other devices and, in the case of devices like PIR units and home automation switches, to give a unique ID for each device, so the receiving system knows the ID of the transmitter. This avoids obvious problems, like the receiving system in one house responding to a sensor or switch in the house next door.

I posted here about decoding the Home Easy/Byron protocol (used for home automation switches, PIR units, remote controls, window and door sensors etc) here: http://www.picaxeforum.co.uk/showthread.php?23007-HomeEasy-Byron-433MHz-RF-decoding-with-a-Picaxe

Thanks Jeremy, very good, you put a lot of work into that to get that together. I came accross Home Easy units.
I will have a good study of the threads, again thanks

You can probably receive the data from a 433MHz wireless PIR fairly easily using a standard 433MHz receiver but as others have noted that data may be rather difficult to decode. There usually will be some encoding so the system can assure itself the incoming data is from a legitimate and uncompromised PIR.

A proper security alarm system has to ensure data is from a reliable source to offer maximum security but a less secure system could possibly extract or detect activation without verifying its legitimacy. It depends on whether that information is encoded or not. I would have thought it would be and needs to be to offer maximum security.

ZOR said:

I don't know why attention is paid on encoding other than stopping one device interfering with another, for one the PIR has had a couple of triggers by an intruder then it's too late for enigma folk todo much.

Click to expand...

A decent alarm systems has to do two things; detect intrusion and detect attempts to undermine that detection, attempts to intrude. Hence two circuits in most wired alarm sensors. One will indicate an activation, the other detects tampering which precedes trying to prevent activation.

Wireless doesn't have two distinct channels so there needs to be some tricks used to handle wireless sensors. An alarm needs to ensure the sensor hasn't 'gone missing'; been stolen, run out of power or been wrapped in cooking foil. It needs to prevent someone faking an activation and needs to detect someone attempting to mask a genuine activation.

Some alarms may not require all that but wireless sensors will usually be designed to provide that for those systems which do.

Thanks hippy.

One of my TX/RX units is based as previously described. The second, which when gets turned on halts the other TX/RX units being my PIR. Not so concerned with it doing that as the PIR part would have done its job. This second RX/TX module transmits to another remote box having a GSM Dialler in and sounds noises.

This second 433mhz unit has an encoder, so know I wonder if the PIR circuit should also be like this?



On the switch inputs not shown I have pullup resistors and the inputs are taken low by Picaxe

ZOR said:

This second 433mhz unit has an encoder, so know I wonder if the PIR circuit should also be like this?

Click to expand...

I am not really understanding the question, what set-up you are describing, what you actually have and what you are attempting to achieve.

Are you asking how a non-wireless PIR can be converted to wireless by using a Holtek HT12E encoder chip ?

Hello hippy, I used this method for one 433mhz transmission

http://maxembedded.com/2012/12/making-an-rf-car/

Basically I had a wired PIR which was wired to a control box which dealt with PIR triggering, door/window catches. If it determined someone was there it then triggered a remotely hidden box by 433mhz using the above link circuit to dial me on a phone and make noises.

I then thought it would have been better to have had 3 boxes spread out from another, the third box being the PIR modified to be wireless.

However I cannot have both transmitters on at the same time as the second (communicating to 3rd box dialler etc) stops the first (PIR) TX working. So I will leave the second TX turned off until the control box is satisfied the PIR says burglar. It will then go on and although PIR transmission ceases it won't matter, PIR work has finished.

Hope I have not confused further

@ ZOR : Have you considered what may be available commercially ? There seems to be a wide range of flexible battery powered wireless alarm systems around offering GSM call-out at quite reasonable prices. This company just as an example offers a wide range of security products -

http://www.ultrasecuredirect.com/acatalog/Remote-Location-Buildings-GSM-Ultra-PIR-Alarm.html

The advantage of a commercial system is the companies behind them will have invested many man-hours and thousands of pounds in solving the issues you are struggling with and optimising solutions.

The company linked to seem to offer a comprehensive range of products and I am sure they, and other companies, would be delighted to take a call or email to discuss something which best suits your needs.

Thanks hippy. The unit and others I have seen similar worry me because everything is in one place, a hammer through it and that's it. I think with discreet hidden modules theres less chance of being taken out in one, and with thought original booby traps can be evolved. I also have a humouristic idea that there's a burglar weekly online site where hacking discussions take place on commonly found units.

In this project I'm looking at a quick throw in the house basic cover. Someone triggers the PIR and that's it. The Old Farts dialler works perfectly.
If I was looking for a permanent system then yes I would look at commercial units, but certainly on seperate hidden units. My control box is going in a loft.

However with all this thanks for the link and good advice as always

The thing you have to remember is that there are millions of devices operating on the same 433MHz frequency, from car remotes and home automation, through home weather stations and domestic wireless thermostats, to garage door openers and amateur radio. There is an awful lot of interference on this frequency, so anything that uses it has to build in ways of detecting the right signal from loads of signals from other devices. This is why the encoding for simple things, like remote light switches and thermostats, looks so complex.

For example, there's no real need for high level security with the HomeEasy/Byron home range of remote light switches, yet they use a 32 bit encoding/decoding scheme just to make sure that the system works reasonably reliably. You'll need to do something similar, or else you are likely to get false triggering, with your receiver being fooled into believing that there is a valid transmission from your PIR transmitter when there isn't.

You can get a fair degree of reliability using these 433 MHz modules, if you send a unique data stream over the RF link and then parse that at the receive end. I have a 433 MHz link that transmits the power that our house is using or exporting from an external box to devices in the house. That uses ASCII at 1200 baud, with each data transmission being prefixed with "UUU" (to set the AGC in the receiver), then "POW" (as an identifier string) followed by six ASCII characters for the sign and power in watts. At the receive end another Picaxe uses the serin instruction with a qualifier of "POW" to identify the signal I want from all the noise, then saves the following six characters.

You could use a similar scheme to identify your PIR. Have the PIR switch a pin on a Picaxe (an 08M2 would be fine) and then transmit a unique ASCII serial data string to drive the transmitter. The receiver then uses the serin instruction with the qualifier being the same as the unique ASCII string used for the transmitter.

It's probably cheaper, quicker and simpler to use an off-the-shelf unit though, as mentioned above.

Thanks Jeremy. Maybe I have been lucky, I live in a very built up area but not had any false triggering going on. I looked everywhere for simple examples but everything I came accross was connected to arduino and it's code. I looked at the AXE213 information but wanting low power consumption in the PIR unit I wanted it without a microprocessor, and that's where I used the NKM2401 IC's, using it to send pulse chains (test) to the controller unit Picaxe 14M2.
I will go back to follow the AXE213 data again and look in that direction for replacing what I have now. I think I tried putting the suggested code in the editor for an 08M2 and it rejected it, maybe wrong, will try again.

A real nubie question.

If I use a Picaxe and transmit this data :
Then not using any LED display, how do I get "12345678" into a variable using replacement code to this.

And if I had 2 433mhz systems on at the same time would one that was not sending data knock the other out from working? In other words being multiple 433mhz units. Thanks

Then not using any LED display, how do I get "12345678" into a variable using replacement code to this.

Click to expand...

Very confused I am, I am getting old, so it does happen.

What has a LED display to do with it ?

"12345678" as a variable ?

Click to expand...

Maximum size variable in the PICAXE world is a word variable, so 65535 maximum.

And if I had 2 433mhz systems on at the same time would one that was not sending data knock the other out from working? In other words being multiple 433mhz units. Thanks

Click to expand...

Lost me completly there.

I am more confused as you. In the AXE213pdf it talks about a test transmission and a receiving one.
In the test it has a line "serout txpin, n2400, ( “12345678” )"

So I being totally ignorant think that if it goes out like that then how do I get "12345678" back. If I knew how to do that then I could interrogate it in the Picaxe receiving end as being my data is there and not interference.

Hope that makes sense so far.

Now again in the documentation on the receiver test program it talks about seeing the received data in a led display. I dont have a display. I just want 1 variable containing "12345678".

The code lines "serin rxpin, n2400, b0, b1, b2, b3, b4, b5, b6, b7
sertxd (“Received= “, b0, b1, b2, b3, b4, b5, b6, b7, CR, LF)" does not make it clear how I just get back the data as it was sent.

I thought the question of running a dual 433mhz at the same time was clear. If they were sending different data to different receivers using the methods described in this chapter, would they conflict with each other. Maybe I should go back to valves

I came from working with Visual Basic, and in my head thinking still seeing things in quotes "" are word string variables, not numeric,

The line serout txpin, n2400, ( “12345678” ) sends 8 bytes one after another.. 1 then 2 then 3 etc. The serin command reads eight bytes, one at a time and stores the value 1 in b0, 2 in b1, 3 in b2 etc.

Using the NKM2401 / AXE213, if you send from the transmitter using -

serout txpin, n2400, ( “12345678” )

And on the receiver have -

serin rxpin, n2400, b0, b1, b2, b3, b4, b5, b6, b7

b0 through b7 will be set to whatever has been sent by the transmitter. In this case b1 will be set to "1" and so on, up to b7 being set to "8". Those will be ASCII character values.

What you do with those values in variables b0 to b7 depends on what you want to do with them, what they represent or indicate. You cannot however have one variable containing "12345678", and it's not clear why you would want to, or what you hope to achieve from doing that if you could..

I think this is a case of you wanting to accomplish something and are trying to solve how to do that but aren't telling us what it is you want to accomplish; you aren't painting the big picture.

If you are worried about someone putting a hammer into your PIR, or simply a battery running out, or a new neighbour's device jamming your rado, you might need to reflect on system architecture. If you design a system where the PIR only "squawks" when detecting movement, those situations are undetectable. A hammered/dead/jammed PIR responds to the secret hidden central system in the same way as an all-is-well one - i.e. nothing happens. That's not very secure, but isn't security your aim?

Of course this kind of thing is solveable, using more complexity and keep-alive messages and so on - it's already thought out in commercial systems.
It's even easier with real wires ....

It also seems this system would be completely defeated by someone breaking in while using a high-powered 433MHz transmitter to swamp the system.

It might be worth stating what the goals of the project are, what events it is meant to detect and the level of protection you expect.

You could find you get the same level of protection from a small but noticeable "this house is alarmed" sign and a flashing LED left in view of the window.

Thanks hippy. At present I have 1 433mhz transmitter sending pulses to another. (PIR to control unit) It would be ideal if the pulse received was mine and not interference. that I could verify it in the Picaxe receiving end. So thats part 1. The other is another 433mhz transmitter that sends a pulse to another 433mhz receiver, and again be able to verify it came from the second transmitter. Having these two setups, will one transmitter stop the other working. I cannot explain it any more than that.

If I can understand things from what you say I would have to individually check the values of 8 variables? instead of being able to join into 1 number or 1 word to verify. Are the values in b0 etc numeric or alphanumeric. Can't get to grips with using quotes ""

In the AXE213 pdf, it talks about the test function of NKM2401 putting out data every 1 second, so I must be able again to verify it's data coming from a certain transmitter.

Sorry to go on, I think after this I will just keep what I have.

Many thanks again

Having read this I now know I have been wasting time, hippy is right, hard wire.

Wireless electronic security systems are most common in the Home Security Market (commodity). These systems are popular due to the ease in installation and low cost. The frequency ranges in which they may operate are restricted by the FCC and other International Agencies. Those frequency ranges are approximately 433MHz / 800MHz / 900MHz / 2.4GHz / 5GHz. Many home system motion detectors operate in the 433Mhz range. Professional systems usually operate at higher frequencies. Some companies advertise secret frequencies. However, they must still be within the mentioned transmission ranges controlled by agencies such as the FCC. And in any event, they are trivial to discover with simple electronic instruments.

Some wireless electronic security companies advertise encrypted transmission codes. This is marketing hyperbolie. There is no reason to encrypt transmissions since defeating a wireless electronic security system has nothing to do with wireless signal transmissions content. The clue on how to defeat a wireless electronic security system is provided by the apparatus that interferes with it. Radio Frequency Interference is an old term replaced by the acronym EMI (Electro Magnetic Interference). The newer term includes natural causes such as lightning.

Here is a partial list of EMI sources that will prohibit operation, interfer with or otherwise generate false alarms:
Cordless Phones
Microwave ovens
Baby monitors
Garage door openers
Lightning
Bluetooth systems

So good old booby traps and wire possibly rule?

You need, as a bare minimum, a unique ID for the transmitter that matches the unique ID for the receiver. There are several different ways of doing this. You can use the rfout and rfin commands to send and receive 8 bytes, and check that the 8 bytes received exactly match the 8 bytes expected from the transmitter that's paired with that receiver. This should work OK and allow several different transmitter/receiver pairs to work together, but you will need to build in some redundancy, by repeating the transmitted sequence more that once, to overcome short-duration blocking from another transmitter nearby.

You can do much the same by transmitting a sequence of ASCII characters and then using serin with a qualifier to parse the correct sequence of characters.

You could also do what HomeEasy do and bit-bang a sequence with enough bits to reduce the chance of an interfering signal blocking it, and again you'd need to repeat the transmission a few times to enure reliable reception.

None of these methods is fail safe and all are easy to defeat or clone, as the sequence is hardwired. This may not matter for non-critical applications, like switching on lights remotely, but it is very unsafe for use as an alarm, both because it will be subject to interference and because it is very easy for someone to clone the fixed code.

If the application is for a security system, then you really need rolling code protection, to avoid someone just scanning your area and picking up and decoding the encoding sequence (which is easy to do - it's hoe I reverse engieered the 32 bit HomeEasy protocol.

As mentioned above, a security sensitive application needs sensors that can detect an attempt at sabatoge and roll the encryption forward. The transmitters have to recognise the frequency shft and can change to match in.

Thanks Jeremy. Having just seen pages of 433mhz jammers for sale, and my thread prior to yours, I think as hippy said a short while back, go to real wiring, and as long as it's backed up with power, backed up failsafes, then all the trickery of coded 433mhz signals could go out of the window.
Think I will use wire. Sorry if I have wasted peoples time, it's been a long road here only to find hidden wires are cheaper and better.

ZOR said:

Sorry if I have wasted peoples time, it's been a long road here only to find hidden wires are cheaper and better.

Click to expand...

It is never a wasted journey when there is something discovered or learned at the end of it. In fact there is often more learned through failure than success and those roads have to be walked.

ZOR said:

The frequency ranges in which they may operate are restricted by the FCC and other International Agencies.

Click to expand...

The FCC restricts what goes on in the USA, and 'International Agencies' do not restrict on what happens here in the UK.

There are areas of common agreement of course but what is permissable varies a great deal from one country to another, even within Europe.

Thanks hippy. I went round in a circle todiscover wire is best, but as you say I have gained knowledge from you and others along the way.
Thanks srnet, sorry that statement/section was cut/pasted from a website dealing with secure systems.

If you use wire then it's still worth checking two things. Firstly, you want a check that the device is still connected, to detect a disconnection attempt. This could be as simple as having the PIR transmitter send a signal down the wire every few seconds with a message that says "I'm connected and working", in effect. Second you need a signal that's sent to notify the receiver of a valid detection. Again, if this signal is fairly complex it probably makes the system a bit more secure.

I think that, if it were me, then I'd have an 08M2 at the sensor end, both detecting the sensor state and sending a regular "health report" back using serial data down a three core** power and signalling wire. The receiver could then just read the serial data to be assured that the sensor is connected, alive and working and also receive a detection event.

This isn't wholly foolproof, in that someone could stick pins in the wires, read the serial data and then build a unit to clone the "health report" signal, but it's probably absolutely fine for a home system, where anyone with ill-intent has no prior knowledge about the way the system works. Home made systems have an advantage in this respect, as each one will be a one-off, making it far harder for anyone to acquire knowledge about the way it works.

** three core wire makes it easy, but it is possible to put power and the signal on the same core, with a bit of cunning, so you could use two core wire.

No need to reinvent wheels (though as said exploring why wheels are that shape is useful), see details of "FSL" alarm wiring in other alarm threads. This allows simple detection of normal/alarm/tamper states over just two wires simply. 'Tamper' includes broken, short or power fail.
For a powered PIR, you'd normally use another wire pair to supply 12V from the battery central station.

Thanks Jeremy, good ideas.
Going back in thought with 433mhz, if I sent a regular data message to the controller it would then know something was wrong. At the same time some alert on battery condition so it could tell more of a story whats wrong. I tried a search on how one would detect a jamming rf blocker could be sensed, so that information might ebable something else to do something.

I like your idea of the 08M2 at the PIR end. Back to thinking.

Thanks rossko57, just seen your thread. Will do search on FSL. Thanks for your earlier inputs, appreciated.

Any excuse for posting nice views;

The first picture is of my LoRa tracker (434.400Mhz, 10mW) on the ground in my back garden, its an old model fuse I use for testing. Note the antenna (1/4wave wire) is very close to the ground, perhaps worst case for transmitting long distances. My models do normally end up lost in trees, but that's because around here we have a lot of special trees that are magnetic to balsa and plastic.

The second picture is the view of Cardiff, the tracker is somewhere in the middle. Note the two islands in picture center, they are Flatholm and Steepholm (see Marconi 1897).

Interestingly I could not hear the audio tones the tracker was also putting out with my UHF handheld as there was a very strong buzz (interference) on 434.400Mhz coming from the somewhere in the city. This would very likely overwhelm normal FSK data modules.

I picked up the telemtry from the tracker, its GPS co-ordinates, which was 4.5km away using only a rubber duck style antenna on the receiver. This demonstrates not only the sensitivity of LoRa but that it has a high resistance to local interference.

srnet, I can easily see how you got that thing in the photo to come down from the sky, but how the heck did you get it up there?

Thanks Jeremy, good ideas.
Going back in thought with 433mhz, if I sent a regular data message to the controller it would then know something was wrong. At the same time some alert on battery condition so it could tell more of a story whats wrong. I tried a search on how one would detect a jamming rf blocker could be sensed, so that information might ebable something else to do something.

I like your idea of the 08M2 at the PIR end. Back to thinking.

Going back to the AXE213 pdf, it gives details on the NKM2401 Transmitter Configuration with a Picaxe.

It says in pressing the test button (which I was using the PIR to ground on triggers) it transmits a text message every 1 second

"The test message is the eight ASCII characters “Test $xx” where ‘$xx’ is an
incrementing hexadecimal number from $00 to $FF."

Could I have verified this at my other end Picaxe (in control box) to say its my transmission? and possibly react to a 433mhz jamming signal

ZOR said:

Going back to the AXE213 pdf, it gives details on the NKM2401 Transmitter Configuration with a Picaxe.

It says in pressing the test button (which I was using the PIR to ground on triggers) it transmits a text message every 1 second

"The test message is the eight ASCII characters “Test $xx” where ‘$xx’ is an
incrementing hexadecimal number from $00 to $FF."

Could I have verified this at my other end Picaxe (in control box) to say its my transmission? and possibly react to a 433mhz jamming signal

Click to expand...

Yes. Just use the 8 characters as an ID code for your PIR sensor. You could use one 8 character set as the regular "I'm alive and healthy" transmission (something like "PIR001OK") and another 8 character set for the alarm condition (something like "ALARM001"). As long as the receiver gets the "PIR001OK" string every few seconds it knows that the sensor is alive and functioning. If it fails to receive the OK string after a proscribed period then it flags either an alarm or a fault indication. If it received the "ALARM001" string then you know that sensor has detected something.

This should work OK with multiple transmitters and a single receiver, although there will be times when more than one transmitter is transmitting at the same time, so it's a good idea to transmit the data string a few times for each update to give a better chance of reliable reception.

As srnet has pointed out, there are much better RF modules around than the cheap ASK ones, and they are very much more resilient to interference.

Thanks Jeremy, I will experiment a bit more. And hippy, still going to use wire.

ZOR said:

Going back in thought with 433mhz, if I sent a regular data message to the controller it would then know something was wrong. At the same time some alert on battery condition so it could tell more of a story whats wrong. I tried a search on how one would detect a jamming rf blocker could be sensed, so that information might ebable something else to do something.

Click to expand...

Noting you are going to use wired this is more discussion on the issue of wireless when needing to protect valuables. Hopefully it might explain some things, particularly why wireless PIR present difficulties of use.

You don't really have to worry about jamming per se; what you need to be able to do is determine that every signal received is what it was expected to be and, if it's not, then something is amiss and the alarm can be sounded. Basically, if anything is not okay then something bad must be happening. You don't really care what that bad is only that you know something is not okay.

That shifts the problem to 'how do I create a system which confirms everything is okay and prevents the bad guys from fooling me into thinking things are okay when they are not'.

If you send a regular transmission you can determine PIR status and battery level etc. You can also use the regularity of the transmission and absence of it to determine some of the tampering cases. But how would you protect against someone recording your PIR signal, disabling or swamping out your PIR, and playing back what yours would have sent out ?

If that happened, as far as your alarm system were concerned, your PIR would appear to be reporting everything is okay while the burglars are clearing out the valuables.

One way round that is to include a code word, a secret password, in every transmission with the alarm system checking it was correct. That code word needs to be different each time to avoid the simple record and playback trick. But if the code word sequencing is easily predictable then, by knowing that sequence and the last code word sent, the bad guys could still generate a fake signal which was theirs but appeared to be from your PIR.

So a layer of encryption needs piling on top to prevent the criminals from knowing the code word and predicting the next. And there might be other tricks used as well such as shifting the timing of the next transmission or the frequency the transmission occurs on. It is all designed to trip the bad guys up in a 'bet you never expected that' way. As soon as something isn't how it's expected to be the game is up. The more tricks used the harder it is for the bad guys to get it right.

And this is why commercial wireless PIR's are difficult to use, or should be, because if they were easy to decode then bad guys could rather easily fake being that PIR and undermine the system it was used in.