basilfx / Tradfri Hacking
Projects that are alternatives of or similar to Tradfri Hacking
Hacking IKEA TRÅDFRI
- Introduction
- TRÅDFRI modules
- Firmware analysis
- Development
- Other hacks
- Working safely
- Sources
- License
- Disclaimer
Introduction
The IKEA TRÅDFRI family of products provide you with several home automation solutions that interconnect using ZigBee Light Link. While the line-up initially only included lighting products, it includes power switches and wireless window blinds as well.
Many of the TRÅDFRI are quite simple. For instance, if we take a simple light bulb, it contains:
- Power supply
- LED driver
- IKEA TRÅDFRI module
The IKEA TRÅDFRI module is used in many of their products, and is actually a small piece of circuit board with a few GPIO pins exposed. These pins are then used to control the LED driver.
You can take out the board, and hook it up to your own lighting solutions. Or, you can flash it with your own firmware, for other purposes.
To find relevant products, I have compiled a list of IKEA TRÅDFRI products in PRODUCTS.md (please help me to update this list). Several products have been opened up. Teardown pictures can be found in the teardowns folder.
TRÅDFRI modules
So far, a few variations of the TRÅDFRI modules have been identified. They are all using microcontrollers manufactured by Silicon Labs. The modules that have been identified are:
- ICC-1
- ICC-A-1
- MGM210L
Some other products, such as the line-up of remote controls, have a dedicated circuit board that integrate a microcontroller directly (i.e. no separate module board).
More details and pictures on these modules can be found in MODULES.md.
Firmware analysis
An analysis of some firmware versions encountered can be found in FIRMWARE.md.
Development
The ICC-1 and ICC-A-1 have a regular Cortex M4 and the MGM210L has a Cortex M33. These architectures are very common, and you can easily flash it with your a custom firmware. I've added some firmwares in the firmwares folder.
As a starting point for your own firmwar, you could take a look at this pull request for RIOT-OS. As a proof of concept, check out this YouTube video I made. In that video, I show how I control the LED connected via a serial console.
To get access to development tools for Silicon Labs, you can take a look at Simplicity Studio.
Other hacks
Some people have came up with alternative uses for the TRÅDFRI modules. Here are a few
EZSP Zigbee coordinator
It is possible to load the Silicon Labs EmberZNet Zigbee coordinator firmware on an ICC-1 or ICC-A-1. This allows you to use the module to set-up your own ZigBee network.
MattWestb has provided a guide and firmware here.
ZigBee router
Several users have modified the TRÅDFRI routers to improve the performance, by adding an external antenna.
This applies to the ICC-A-1 modules only, but it should be very interesting if a the TRÅDFRI routers will use the newer MGM210L modules, because they offer a solder pad for an external antenna.
FLOALT brightness hack
zw has patched the firmware of his FLOALT LED panel to have an improved range of brightness levels. A guide to perform the firmware patch has been contributed here.
Working safely
If you plan to leave the board in-place, and run your own light bulb firmware, never connect external devices (e.g. debugger or serial adapter) to a light bulb that is plugged in. Due to different voltage levels, you could destroy your devices.
If you want to connect an external device, ensure that it is properly isolated (e.g. using a optocoupler).
I have designed a board that you could use to isolate UART signals. You can find it here.
Test setup
My setup (the small board is a UART isolator):
My safer setup, including debugger (LED is connected to same pin as it would in the GU10 light):
Two soldered development boards that I use nowadays:
Sources
I have gathered some information from the following sources:
- IKEA Trådfri hacking
- Trådfri: ESP8266-Lampen-Gateway
- Trådfri Zigbee Light Link module
- Trådfri Wall switch
License
Creative Commons BY Attribution 4.0 International
Disclaimer
This page and its content is not affiliated with IKEA of Sweden AB.
The purpose of this project is to learn and improve using reverse engineering techniques. Use this information on your own risk.