Hacking the Internet of Things: Decoding LoRa

Getting software-defined radio (SDR) tools into the hands of the community has been great for the development and decoding of previously-cryptic, if not encrypted, radio signals the world over. As soon as there’s a new protocol or modulation method, it’s in everyone’s sights. A lot of people have been working on LoRa, and [bertrik] at RevSpace in The Hague has done some work of his own, and put together an amazing summary of the state of the art.

LoRa is a new(ish) modulation scheme for low-power radios. It’s patented, so there’s some information about it available. But it’s also proprietary, meaning that you need a license to produce a radio that uses the encoding. In keeping with today’s buzzwords, LoRa is marketed as a wide area network for the internet of things. HopeRF makes a LoRa module that’s fairly affordable, and naturally [bertrik] has already written an Arduino library for using it.

So with a LoRa radio in hand, and a $15 RTL-SDR dongle connected to a laptop, [bertrik] got some captures, converted the FM-modulated chirps down to audio, and did a bunch of hand analysis. He confirmed that an existing plugins for sdrangelove did (mostly) what they should, and he wrote it all up, complete with a fantastic set of links.

There’s more work to be done, so if you’re interested in hacking on LoRa, or just having a look under the hood of this new modulation scheme, you’ve now got a great starting place.

20 thoughts on “Hacking the Internet of Things: Decoding LoRa

  1. >”But it’s also proprietary, meaning that you need a license to produce a radio that uses the encoding.”

    No you don’t. You need a license to *sell* a radio that uses the encoding.

      1. To a degree yes it would. The patent holder may no have to resources takes to every amateur or hacker patent violator to civil court, but other civil law/regulation may be on their side; violating some civil laws are a crime. In the US the FCC codifies what emission and or modulation methods type are available to hams, so the patent holder has the force of law/regulation protecting their patent. I’d would guess the FCC wouldn’t allow part 15 unlicensed operations that would violate patents. I commenting mostly in terms of transmitting LoRa, my assumption is receiving and decoding it would be permissible depending what it is you do with the decoded content.

        1. Patents do not regulate non commercial (hobby/research) use of technology. So the hacker/amateur is no patent violator, as long as he does not sell anything regulated by the patent. And if it is an FCC unlicensed operation then it is exactly that: not requiring a license. The FCC also is not the patent office and the patent office by themselves only register patents, the do not enforce them in any way.

  2. While I’m sure that hacking the Internet of Things is going to be great fun for those doing it we all know that there are going to be assholes that will go too far, and I fear the inevitable backlash and the restrictions that are going to come from that as the authorities overreact to calm a panicking public.

    1. The existing Internet of Computers is like that, but various geeks work to patch the holes and produce security software. As it is there’s already laws that send teenagers with Asperger’s syndrome into prison with murderers for decades at a time for messing with computers. The panic happened 30 years ago.

      1. While what you say is true, the idea that one’s appliances (or one’s car!) could turn on you has the potential to take this to another level in terms of frightening the public. Hacking data networks is a threat mostly to the Establishment, or at least is perceived as such and those hacker/crackers have enjoyed a certain amount of wry tolerance with the masses and in some cases folk hero status, that will never be the case here. I can see a time when just owning a device capable of being used in this fashion will be a crime, or worse, owning one that hasn’t been made tamperproof such that it might be modified to be capable will be.

        1. Making a tool illegal isn’t going to stop criminals, especially those in jurisdictions where such tools aren’t illegal, or where states themselves are doing the hacking (against other states or their own people)

          The responsibility should be 100% on the device manufacturers to create secure products, not on governments to try to limit the dissemination of information and tools.

          1. Except that isn’t how it works in politics, as we all know. If there is enough public concern all sorts of idiotic laws will be passed regardless of the lack of logic or efficacy – frequency lockouts on scanners for example, my weren’t those effective. No it won’t be the criminals that will be hobbled, it will be us.

          2. Looks to me that the coverage gaps in scanning receivers where very effective. I don’t recall reading of hi profile recurrence of the activity that lead to the coverage gaps in the first place. Yes people where still trying to listen in, but because the effort continued after a time where the industry mad an extra effort to protect conversations from snoopers, I’m not sure one could say what more effective. However a lack of readily an easily accessible receiving equipment surely reduced the numbers of those trying to break the encryption.

          3. First, for many units, defeating the lockouts was trivial, second unlocked “export only” versions of the units could be had in most cases, and third, it was only the fundamental frequency that was blocked.

        2. Ah, now cars are a separate issue. Re the car that can have it’s engine firmware updated, over the air, by hackers. There just aren’t enough exclamation marks for how insane that is. It’s very insane.

          There shouldn’t NEED to be a law for that, a car manufacturer should just know better! A car! See, I still can’t believe it and it was ages ago.

          As far as that goes though, I think update the car safety laws so that critical software for a car should not be writable over the air. Car firmware shouldn’t be writable over the car’s internal network at all, it should require a separate connector, on the engine somewhere. Separate from the OBD-II. You could still allow new data tables over OBD-II for tuning, but the firmware needs protecting, and to check the values in it’s tables for sanity. If this requires the addition of an extra EEPROM chip, it’s not going to make a big difference to a car’s price.

          Cars are the only threat to life I can think of. If your microwave starts swearing at you, it’s something you can cope with.

          All of this is without mentioning people like the Russian criminal hackers, who do it for extortion. They’re a real threat, much more than the traditional geek who wants to test their skills.

          1. I’m looking at this from a purely social-political perspective, and it matters little what real risks are vs the perception of such by the public and the fact that this can motivate policy. And it’s not just cars, and it’s not just single family dwellings that might be targets. The elevators, lighting systems, security, HVAC, fire suppression and similar wide service systems of large multiple unit dwellings need to be considered While some protection might be designed in the fact is tampering with these systems under the general misuse of the term “hacking” (as it will be called in the press) will bring down a draconian response from the powers-that-be and all I am saying is that legitimate hobbyist could get caught in the crossfire.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s