Unlocking your Computer with a Leonardo and an NFC Shield

Manually typing your login password every time you need to login on your computer can get annoying, especially if it is long and complex. To tackle this problem [Lewis] assembled an NFC computer unlocker by using an Arduino Leonardo together with an NFC shield. As the latter doesn’t come with its headers soldered, a little bit of handy work was required.

A custom enclosure was printed in order to house the two boards together and discretely mount them under a desk for easy use. Luckily enough very few code was needed as [Lewis] used the Adafruit NFC library. The main program basically scans for nearby NFC cards, compares their (big-endianned) UIDs against a memory stored-one and enters a stored password upon match. We think it is a nice first project for the new generation of hobbyists out there. This is along the same lines as the project we saw in September.

[Read more...]

Sniffing pH Sensor RF Signals for Feedback Re: Your Esophagus

For about a week [Justin] had a wireless acidity level sensor in his esophagus and a pager-looking RF receiver in his pocket. So he naturally decided to use an RTL-SDR dongle to sniff the signals coming out of him. As most of our Hackaday readers know, these cheap RTL2382U-based DVB-T receivers are very handy when it comes to listening to anything between 50MHz and 1800MHz. [Justin] actually did a great job at listing all the things these receivers can be used for (aircraft traffic monitoring, weather images download, electric meter reading, pacemaker monitoring…).

After some Googling he managed to find his Bravo pH sensor user’s guide and therefore discovered its main frequency and modulation scheme (433.92MHz / ASK). [Justin] then used gqrx and Audacity to manually decode the packets before writing a browser-based tool which uses an audio file. Finally, a few additional hours of thinking allowed him to extract his dear esophagus’ pH value.

Build Your Own Radio Clock Transmitter


Deep in the Colorado foothills, there are two radio transmitters that control the time on millions of clocks all across North America. It’s WWVB, the NIST time signal radio station that sends the time from several atomic clocks over the airwaves to radio controlled clocks across the continent. You might think replicating a 70 kW, multi-million dollar radio transmitter to set your own clock might be out of reach, but with a single ATtiny45, just about everything is possible.

Even though WWVB has enough power to set clocks in LA, New York, and the far reaches of Canada, even a pitifully underpowered transmitter – such as a microcontroller with a long wire attached to a pin PWMing at 60kHz – will be more than enough to overpower the official signal and set a custom time on a WWVB-controlled clock. This signal must be modulated, of course, and the most common radio controlled clocks use an extremely simple amplitude modulation that can be easily replicated by changing the duty cycle of the carrier. After that, it’s a simple matter of encoding the time signal.

The end result of this build is an extremely small one-chip device that can change the time of any remote-controlled clock. We can guess this would be useful if your radio controlled clock isn’t receiving a signal for some reason, but the fact that April 1st is just a few days away gives us a much, much better idea.

Radar Imaging in your Garage: Synthetic Aperture Radar


Learn why you were pulled over, quantify the stealthiness of your favorite model aircraft, or see what various household items look like at 10 GHz. In this post we will describe the basics of Synthetic Aperture Radar (SAR) imaging, beginning with a historical perspective, showing the state of the art, and describing what can be done in your garage laboratory. Lets image with microwaves!

[Read more...]

Hacking Rolling Code Keyfobs



Most keyfobs out there that open cars, garage doors, and gates use a rolling code for security. This works by transmitting a different key every time you press the button. If the keys line up, the signal is considered legitimate and the door opens.

[Spencer] took a look into hacking rolling code keyfobs using low cost software-defined radio equipment. There’s two pars of this attack. The first involves jamming the frequency the keyfob transmits on while recording using a RTL-SDR dongle. The jamming signal prevents the receiver from acknowledging the request, but it can be filtered out using GNU Radio to recover the key.

Since the receiver hasn’t seen this key yet, it will still be valid. By replaying the key, the receiver can be tricked. To pull off the replay, GNU Radio was used to demodulate the amplitude shift keying (ASK) signal used by the transmitter. This was played out of a computer sound card into a ASK transmitter module, which sent out a valid key.

ISEE-3: We Get Signal


Out in the depths of space, more than 100 times the distance from the Earth to the moon, there’s a lonely spacecraft gracefully spinning towards an August encounter with our planet. It’s ICE/ISEE-3, a probe long-forgotten by official space agencies. Now, the team dedicated to repurposing this satellite has made contact with this probe using a 20-meter satellite dish in Germany.

When we first heard about the planned communication by volunteers, no one was certain the probe was still alive. It shouldn’t be a surprise this satellite was still functioning; it was launched in 1978, and most of the instruments were still functioning in 2008. Still, this is the first time amateurs – not NASA – had received a signal from the probe

ICEteam, the group of volunteers dedicated to reviving this spacecraft used the huge dish at Boshum observatory to detect the 5 Watt carrier signal coming from the spacecraft. That’s all the probe is sending out right now – no data was received – but this is a huge accomplishment and the first step towards directing ICE/ISEE-3 into an orbit around one of the Earth-Sun Lagrange points.

Side note: Looking at the ephemeris data (target -111) I *think* ICE/ISEE-3 will be above the night side of Earth at closest approach. Can anyone confirm that, and does that mean a future mission at L2?

Video from the ICEteam below.

[Read more...]

Hacking Radio Controlled Outlets

Decoding NRZ ASK

It’s no surprise that there’s a lot of devices out of there that use simple RF communication with minimal security. To explore this, [Gordon] took a look at attacking radio controlled outlets.

He started off with a CC1111 evaluation kit, which supports the RFCat RF attack tool set. RFCat lets you interact with the CC1111 using a Python interface. After flashing the CC1111 with the RFCat firmware, the device was ready to use. Next up, [Gordon] goes into detail about replaying amplitude shift keying messages using the RFCat. He used an Arduino and the rc-switch library to generate signals that are compatible with the outlets.

In order to work with the outlets, the signal had to be sniffed. This was done using RTL-SDR and a low-cost TV tuner dongle. By exporting the sniffed signal and analyzing it, the modulation could be determined. The final step was writing a Python script to replay the messages using the RFCat.

The hack is a good combination of software defined radio techniques, ending with a successful attack. Watch a video of the replay attack after the break.

[Read more...]