Earlier Work Sniffing Vantage Wireless Signals

There is a dearth of information out there on hacking the Davis weather station and I'm not sure why.  It is a higher end product that appeals to people who like performance and accuracy in a device.  Those same types of people often have a technical background where taking things apart to see how they tick comes naturally.  I thought I was the first person who tried to figure out the wireless transmission aspect of these things.  It appears that I am actually the second.

Back in 2008, a fellow by the name of Jack Smith at Clifton Laboratories published this post on his blog.  He got curious about the wireless transmission from a Weather Envoy remote wireless transceiver.  So what did he do?  He hauled out his Watkins-Johnson 8617B radio receiver and his Advantech R3463 spectrum analyzer (in both frequency domain and in zero span mode, rather than digging out his Tektronix TDS430 digital scope) and got busy.  Now that's what I'm talking about.

Weather Station Hacking Equivalent of "First Post"

His blog post has some really good information that is worth a read, if only to get a good appreciation for how somebody can dig into this stuff with only a few scant bits of information to go on.  Unfortunately, it looks like he didn't take his investigation much further than this one post.  He also realized that the sun was setting on this data transmission scheme: it ended with the Vantage Pro wireless.  He wrote "However, the current production Vantage Pro II uses frequency hopping transmission, which means that you will also have to build a frequency agile receiver and program it to track the hopping transmission".  You could, or you could just wait for technology to get to the point where someone comes out with a Pretty Pink Pager that does the hardware design for you.

And speaking of Pretty Pink Pagers, mine is sitting at the Post Office and will be picked up today.  Unfortunately I have some other stuff to work on today that will cut into the time I have to play with it this weekend.  But I'm crossing my fingers that I can get enough software written this weekend to get my Bus Pirate talking to the IM-ME so that I can at least load Pink OS.  Things should get interesting after that, with sniffing some register configurations on the Davis console and hacking some C code to configure the IM-ME in a compatible fashion.

By the way, for whatever reason, Google doesn't give Jack's work the ranking that it should.  I had searched around without success for some time to find some information like this.  Nothing ever popped up until I came up with some now forgotten magical set of search terms.  At least if I blog it here, it will hopefully make this work a little easier to find.