My reasons may not match others, but these things are expensive, and lutron can brick them at any time by shutting down their servers! If that day comes, I want to be prepared. If that day comes, we may be able to release the results of our work. In the mean time, you might be able to find some useful tools here for other RF reverse engineering. I'm currently writing a tool to help with some aspects of protocol RE. It'll be open source, and linked from here. In addition, any public information we find (patents, undecoded captures, etc) may be aggregated here. Anything we find using "normal" reverse engineering, or advanced stuff, will not be able to be posted. Sorry :(
If you've landed here and see nothing, well, that's what this page is starting with. If you want to help, send a message. For the people I have talked to as well as myself, this is a very low priority project, so updates will be slow.
it will take a bit…unless you’re good with some additional tools. I don’t want to comment publicly on what I have or how I have it, but it’s raw at the moment, and may not be a “complete” “image”. It’s possible they already plugged the home I used, but just in case they haven’t, I’d prefer that hole stay open :). I’ll send a dm with a link to what I have and you can decide what you want to do with it.
I hate to admit it, but I haven’t had a lot of time for this :(. It has always been a low priority project and some bigger projects have been winning my time! I think I shared links to some captures from my system, so that should give some more test cases. If not, I’ll pm you links. I do still want to do this…I just have other things too (that I don’t really post about anywhere - partially because progress is slower on them than I’d like too!)
A PM with that firmware image you found would be really beneficial. I've been learning Ghidra lately, and at this point I'm stumped on the CRC algorithm unless it's something weird where the byte separators for data are included in the CRC calculation.
Following this up from our conversation four years ago at https://hackaday.io/project/2291-integrated-room-sunrise-simulator/log/7223-the-wireless-interface - I've revisited this a bit, and have made some progress in parsing my URH captures - see https://github.com/Entropy512/lutron_hacks - I'm definitely seeing a 10 transition after every byte from my pico, but what I'm seeing coming out of my pico is inconsistent with what @Ceady posted in https://github.com/CTeady/IRIS/blob/master/WirelessAnalysis/PICO.xls which is puzzling me - it's like the original 0xff has the expected 10 trailer, but no further bytes do, and they are also looking completely different from anything I've captured.
Just to ping him, @mhansston showed some interest in our work in a PM last year.
it will take a bit…unless you’re good with some additional tools. I don’t want to comment publicly on what I have or how I have it, but it’s raw at the moment, and may not be a “complete” “image”. It’s possible they already plugged the home I used, but just in case they haven’t, I’d prefer that hole stay open :). I’ll send a dm with a link to what I have and you can decide what you want to do with it.