RF Hacking: How-To Bypass Rolling Codes

The RF signal transmitted from a modern key fob and received by the associated vehicle is only used once. If the vehicle sees the same code again it rejects the command, however there is a loophole in those carefully chosen words. The code must be received by the vehicle’s computer before it can be added to the list of spent codes. [AndrewMohawk] goes through the process of intercepting a code sent from a key fob transmitter and preventing the vehicle from receiving it in a thorough post to his blog. You can see this attack working in his studio quality reenactment video after the break.

[Andrew] uses the YARD Stick One (YS1) which is a sub-GHz wireless tool that is controlled from a computer. The YS1 uses RfCat firmware, which is an interactive python shell that acts as the controller for the wireless transceiver.

This system is not without its problems: different frequencies are often used for different commands, [Andrew]’s scripts are designed to work with On-Off keying (OOK) leaving it useless when attacking a system that uses Frequency-Shift Keying (FSK). There is also the issue of rendering a target key fob non-functional but you’ll have to pop over to [Andrew]’s blog to read more about that.

Continue reading “RF Hacking: How-To Bypass Rolling Codes”

Teensy 3.1 Controlled VFO

[Tom Hall], along with many hams around the world, have been hacking the Silicon Labs Si5351 to create VFOs (variable frequency oscillators) to control receivers and transmitters. You can see the results of his work in a video after the break.

vfo board[Tom] used a Teensy 3.1 Arduino compatible board, to control the Si5351 mounted on an Adafruit breakout board. An LCD display shows the current frequency and provides a simple interface display for changing the output. A dial encoder allows for direct adjustment of the frequency. The ham frequency band and the frequency increment for each encoder step are controlled by a joystick. When you get into the 10 meter band you definitely want to be able to jump by kHz increments, at least, since the band ranges from 28 MHz to 29.7 MHz.

So what is the Si5351? The data sheet calls it an I2C-Programmable Any-Frequency CMOS Clock Generator + VCXO. Phew! Let’s break that down a bit. The chip can be controlled from a microprocessor over an I2C bus. The purpose of the chip is to generate clock outputs from 8 kHz to 160 MHz. Not quite any frequency but a pretty good range. The VCXO means voltage controlled crystal oscillator. The crystal is 25 MHz and provides a very stable frequency source for the chip. In addition, the Si5351 will generate three separate clock outputs.

[Tom] walks through the code for his VFO and provides it via GitHub. An interesting project with a lot of the details explained for someone who wants to do their own hacks. His work is based on work done by others that we’ve published before, which is what hacking is all about.

Continue reading “Teensy 3.1 Controlled VFO”

Sage Advice for the New Ham

If you’re on the edge about getting your amateur radio license, just go do it and worry about the details later. But once you’ve done that, you’re going to need to know a little bit about the established culture and practices of the modern ham — the details.

Toward that end, [McSteve] has written up a (so far) two-part introductory series about ham radio. His first article is fairly general, and lays out many of the traditional applications of ham radio: chatting with other humans using the old-fashioned analog modes. You know, radio stuff.

The second article focuses more on using repeaters. Repeaters can be a confusing topic for new radio operators: there are two frequencies — one for transmitting and one for receiving — and funny control tones (CTCSS) etc. This article is particularly useful for the new ham, because you’re likely to have a relatively low powered radio that would gain the most from using a repeater, and because the technology and traditions of repeater usage are a bit arcane.

So if you’re thinking about getting your license, do it already. And then read through these two pages and you’re good to go. We can’t wait to see what [McSteve] writes up next.

Serial Telemetry To Wi-Fi With An ESP8266

Hackaday.io user [J. M. Hopkins] had a problem with his rocketry. Telemetry from the rockets came down to Earth via a 433MHz serial link, but picking just the bits he needed from a sea of data for later analysis on a laptop screen on bright sunny days was getting a little difficult.

His solution was to bring the serial data from his transceiver module to an ESP8266, and from that both share it over WiFi and display pertinent information via I2C to an LCD for easy reference. And he’s put the whole lot with a power supply in a rather splendid wooden case with an SMA socket on the back to attach his Yagi.

All information received from the telemetry is passed to a client connecting via Telnet over the WiFi, but pertinent information for the LCD is selected by sending it from the rocket enclosed in square brackets. We hope that the source code will be forthcoming in time.

This isn’t the first time we’ve featured rocket telemetry here at Hackaday. And we’d be missing a trick if we didn’t point out that this project is using our own Hackaday-branded Huzzah ESP8266 breakout board from the Hackaday Store.

Swarm of Tiny Pirate Transmitters Gets the Message out in Syria

They say that the first casualty of war is the truth, and that’s probably only more the case in a civil war. When one side in a conflict controls the message, the other side is at a huge disadvantage. Technology can level the playing field, and in the case of the Syrian Civil War, a swarm of tiny Raspberry Pi transmitters is helping one side get their message out.

We won’t pretend to understand the complexities of this war, but it’s clear that the Syrian government controls broadcast media and access to the internet, and is using them for propaganda while denying the opposition access to the same. A decentralized medium can get the message out under these conditions, and that’s exactly what Pocket FM does. Built around a Raspberry Pi and a frequency-agile FM transmitter, a Pocket FM can take multiple audio feeds and transmit them out to a 5km radius. Small enough to be packed up and deployed quickly and able to be powered by batteries or solar panels, the pirate transmitters can be here one minute and gone the next, yielding a robust network resistant to takedown attempts.

The network built around Pocket FM in Syria is small but growing, and it appears to be making a difference in the conflict. We find the concept of a decentralized network intriguing and potentially empowering, at least in situations where the letter of the law regarding broadcasting is not a prime consideration. That’s where projects like Airchat seek to build an unsanctioned network. The same goes for Tweeting on the Amateur Radio Band in a project aptly named HamRadioTweets.

We wonder how a fleet of these Pi-based transmitters could aid in recovery from natural disasters?

[via r/amateurradio and TomHiggins]

Google Is Building A 100kW Radio Transmitter At A Spaceport And No One Knows Why

You can find the funniest things in public government documents. There’s always ample evidence your local congress critter is working against the interests of their constituency, nation, and industry controlled by the commission they’re chairperson of. Rarely, though, do you find something surprising, and rarer still does it portend some sort of experiments conducted by Google at a spaceport in New Mexico.

In a publication released last week, Google asked the FCC to treat some information relating to radio experiments as confidential. These experiments involve highly directional and therefore high power transmissions at 2.5 GHz, 5.8GHz, 24GHz, 71-76GHz, and 81-86GHz. These experiments will take place at Spaceport America, a 12,000 foot runway in the middle of New Mexico occasionally used by SpaceX, Virgin Galactic, and now Google.

For the most part, this document only tells the FCC that Google won’t be causing harmful interference in their radio experiments. There few other details, save for what bands and transmitters Google will be using and an experimental radio license call sign (WI9XZE) that doesn’t show up in the FCC database.

Of the few details listed in the documents, one thing does pop out as exceptionally odd: a 70-80 GHz transmitter with an effective radiated power (ERP) 96,411 W. That’s close enough to 100 kilowatts to call it as such. This is the maximum effective radiated power of the highest power FM stations in the US, but radio stations are omnidirectional, whereas Google is using very high gain antennas with a beam width of less than half a degree. The actual power output of this transmitter is a mere half watt.

The best guess for what Google is doing out in the New Mexico desert is Project Skybender, a project to use millimeter waves to bring faster Internet to everyone. There aren’t many details, but there is a lot of speculation ranging from application in low Earth orbit to something with Google Loon.

Sputnik’s Transmitter Beeps Again

Sputnik. The first artificial satellite, the launch of which precipitated the space race. Without the frenetic pace of technological advancement as the USA and the USSR vied with each other during the decade following its launch it is safe to say that we might not yet have many of the tools and components we take for granted as electronics enthusiasts and makers today.

[Frank Waarsenburg PA3CNO] has taken on the interesting task of recreating one of the Sputnik radio transmitters using a set of the original Russian tubes.

Sputnik itself was an astounding achievement for the team of engineers and scientists who put it into orbit, but the drive to beat the USA to the post within the 1957 International Geophysical Year meant that it was a surprisingly simple device. A sphere pressurised with nitrogen and with those iconic whip antennas mounted on its outside, containing a battery, 20 and 40 MHz tube radio transmitters, and a fan cooling system. Its design was a Soviet state secret, but in 2013 [Oleg, RV3GM] located the schematic used for the transmitter.

The tubes are slightly unusual, being a wire-ended design with all electrodes mounted on rods the length of the glass envelope. This design feature gave them a resistance to acceleration and vibration, making them suitable for use in aircraft, missiles, and rockets.

[Frank] faced one or two hurdles during his construction, including the development of a suitable power supply and finding an unfortunate bug in the Russian schematic. If you speak Dutch or are prepared to use a translation tool his full write-up can be found in the Dutch-language RAZzies magazine, December issue featuring the power supply (PDF, Dutch), and January issue featuring the transmitter (PDF, Dutch).

The Sputnik satellite has not appeared on its own in these pages before, but we have recently featured the early OSCAR amateur radio satellites and the revival of a piece of space-race-era Soviet rocket technology.

Via [Stefan, HB9TWS], whose English-language coverage of the transmitter was of great help.