“Clicker” Hacking

Clicker

Here’s another IR hack released at Toorcon.  SurveySays (from Midnight Research Labs) is software that will intercept signals from remotes or “clickers” that universities use for test and quiz taking in class. According to the site, there are over a million of these remotes out there at hundreds of schools (UC Berkeley and SFSU to name a couple around [sith]’s area). SurveySays will display the most commonly given answer by the classroom on the screen and will also issue a trigger after every round. You can send in this answer automatically, for you or for a group of friends =). Have fun!

[thanks sith]

20 thoughts on ““Clicker” Hacking

  1. I’m not immediately seeing how you’re supposed to receive directional IR signals from multiple devices pointing away from you. I get the part where it’s using LIRC to snoop for signals, but I don’t understand how the signals are actually supposed to reach your IR sensor in a real-world environment.

    It’s nifty but seems impractical to me. It’d also be nice to see testing results for more than one clicker operating simultaneously.

  2. when i was told i needed one for class, the first thing that went through my head was…how can i get one of these things to flood the polls…kinda bruteforce style…just cycling through id numbers. since they took atendance with them, one indivudual could do MANY people a favor.

  3. furtim,

    While it’s true that IR is directional, it’s not very directional at all. It’s more like a speaker than a laser. The other problem with IR is that it bounces ALOT. Ever pointed your TV remote in different directions to see how many different ways you can point the remote and still have it work? Same idea….

    The output of any light source for the most part is a cone. The further away you are, the larger the cone is. If these things transmitted a spot, you’d have to be really good at aiming for it to work :)

    –buddy

  4. Damn! My school just switched from these IR models to the newer (more expensive) RF versions. they really are better from a non-hacking standpoint, in that in classes over 50 the recievers don’t bog down. perhaps some WRt54g action could harness the power of the rf editions. I envision having the router in my backpack with ethernet running to my laptop, showing a live graph of votes as they are placed. wicked, hehe.

  5. Yes, we use the PRS ones at my school (umass amherst) and I would personally love one that could spam back registered id’s w/ answers, because attendence is taken in many classes by this method. That alone is worth breaking out the soldering iron.

  6. nullset, I figured on reflections, but most living rooms I’ve encountered are painted white, so the reflectivity is pretty good. Classrooms aren’t always, plus there will be more obstructions in the form of people’s heads and whatnot.

    I’d really like to see a real-world(ish) test to examine the reliability rather than just a simple undocumented “lab”-environment test results that they showed on the website. For that matter, they only showed their program’s output, not the input from the clickers. For all we know, the program could have been giving wrong results.

    There have been plenty of hacks in the past on this site with good testing documentation, so it’s not asking so much really.

  7. nullset, i understand what you’re saying, but in order for a wrt54g to *pick up* the signal it wouldn’t have to be on the 802.11 system. it doesn’t have to be 2.4ghz to listen does it. i guess i should talk to some firmware hacking folks because i really don’t know. it’s just an interesting idea.

  8. For the WRT54G to pick up a non-802.11b/g signal, you’d have to do some deep driver modification, at the very least. The Broadcom driver is not open-source, and the hardware is not publicly documented, so it would not be an easy task. To the best of my knowledge, no-one has yet produced an open-source driver for the Broadcom radio hardware on the WRT54G.

    Depending on the extent to which the radio is software-defined, you might have also have to do hardware modification. For non-2.4GHz signals, you would certainly have to modify the hardware.

    (My completely uneducated guess is that it’s a 900 MHz or 2.4 GHz device.)

    You’d probably be better off looking in to GNU Radio. Or, if you already have a receiver lying around, you could put an appropriate transverter in front of it and plug the AF output into your laptop’s microphone jack.

  9. Has anyone hacked the i>clicker yet? It seems that they’ve all converted to wireless now, so infrared is a thing of the past. We just need to know what frequency and we need to know how to register the votes A-E. If somebody makes this, I know there will be hundreds who will want to buy it.

  10. The RF iClickers operate at 915Mhz. Any know if’s possible to get a standard 802.11g adapter to pick up the signal? That seems like it would be the only hard part… once you can pick up data it’s just a matter of packet sniffing.

  11. The i>clicker uses an AVR micro controller that you can easily reflash with your own firmware. I haven’t investigated the possibilities of listening to other clickers yet. The communication chip is a standard one, though.

    Way old post, but I ran across it when I was looking at what other people have done with the iclicker.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.