Reverse Engineering the Silvercrest Wireless Socket set.

The Silvercrest wireless socket set is a budget 433Mhz remote-controlled socket sold at Lidl for around £15. It can take up to 3000w of continuous draw and comes in a 5-piece set. Due to its simplistic form of communication, it makes it an excellent candidate for performing replay attacks as well as capturing the signal, so it can be used with Home assistant.

There are plenty of tools we can use to get the job done. One of the most simplistic ones to use is RTL_433 which enables us to figure out what type of transmitter it is using and decode any keys. With reference to the image below, the controller has a different code for each button while also having a “Turn all ON/OFF” function. Surprisingly, it is picked up as a Smoke-GS558 sensor, which most probably means that the same chipset is used in multiple Silvercrest products.

By using Universal Radio hacker along side a HackRF and an RTLSDR , we can record the signal and play it back . In this case, we have recorded four instances of ON/OFF.

By using a small Rubber duck antenna for 2M/70cm we were able to get a range of 100m from inside a five-story building. These types of devices although they are very cheap, they pose a large security risk to users which install them in their homes. Anyone with simple tools can attack these devices and might cause some havoc. But , the ability to implement these devices with a raspberry pi and home assistant or a 3rd party RF/IR “smart” blaster makes them a good option for implementing a “simple” smart home.


Ham Radio Programing