Reverse Engineering a Different Kind of Bus

Radio enthusiasts have a long history of eavesdropping on non-broadcast stations–police, fire, and public transportation frequencies, for example. These days, though, a lot of interesting communications are digital. When [bastibl] wanted to read data displayed on bus stop signs, he turned to software defined radio. He used gr-fosphor to monitor the radio spectrum as buses drove by and discovered a strong signal near 151 MHz (see photo below).

That, however, was just the start. Using a variety of tools, he figured out the modulation scheme, how the data framing worked, and even the error correction scheme. Armed with all the information, he built a GNU Radio receiver to pick up the data. A little number crunching and programming and [bastibl] was able to recover data about  individual buses including their position and schedule.

Continue reading “Reverse Engineering a Different Kind of Bus”

CCCamp 2015 rad1o Badge

Conference badges are getting more complex each year. DEFCON, LayerONE, Shmoocon, The Next Hope, Open Hardware Summit, The EMF, SAINTCON, SXSW Create, The Last Hope, TROOPERS11, ZaCon V and of course the CCC, have all featured amazing badges over the years. This years CCCamp 2015 rad1o badge is taking things several notches higher. The event will run from 13th through 17th August, 2015.

The rad1o Badge contains a full-featured SDR (software defined radio) transceiver, operating in a frequency range of about 50 MHz – 4000 MHz, and is software compatible to the HackRF One open source SDR platform. The badge uses a Wimax transceiver which sends I/Q (in-phase/quardrature-phase) samples in the range of 2.3 to 2.7 GHz to an ARM Cortex M4 CPU. The CPU can process the data standalone for various applications such as FM radio, spectrogram display, RF controlled power outlets, etc., or pass the samples to a computer using USB 2.0 where further signal processing can take part, e.g. using GnuRadio. The frequency range can be extended by inserting a mixer in the RF path. Its got an on-board antenna tuned for 2.5GHz, or an SMA connector can be soldered to attach an external antenna. There’s a Nokia 6100 130×130 pixel LCD and a joystick, which also featured in the earlier CCCamp 2011 badge known as the r0ket.

A 3.5mm TRRS audio connector allows hooking up a headphone and speaker easily. The LiPo battery can be charged via one of the USB ports, while the other USB port can be used for software updates and data I/O to SDR Software like GnuRadio. Check out the project details from their Github repository and more from the detailed wiki which has information on software and hardware. There’s also a Twitter account if you’d like to follow the projects progress.

This years Open Hardware Summit also promises an awesome hackable badge. We’ll probably feature it before the OHS2015 conference in September.

Thanks to [Andz] for tipping us off about this awesome Badge.

OS X port of gqrx is the easiest way to get into software defined radio

Many have tried to put together an easy package for running software defined radio packages on the Mac. Not many have succeeded the way [Elias]’ port of the gqrx SDR package has. It’s simply the easiest way to get a software defined radio up and running on the mac.

gqrx is a front end for the very popular GNU Radio software defined radio toolkit. Originally designed for the FUNcube SDR dongle, gqrx can also be made to work with one of the many, many USB TV tuners that have come out of China this past year for use as a software radio.

[Elias]’ port of gqrx isn’t the first app to put software defined radio on the Mac, but it certainly is the easiest. Simply by downloading [Elias] disk image, plugging in a TV tuner dongle, and starting the app, I was able to have a software radio receiver on my MacBook Air in less than a minute.

Everything required by GNU Radio and gqrx is already included, making this the easiest way to get SDR on a Mac. Very awesome work from [Elias], and we thank him.

Defcon 16: Pacemaker-B-Gone

A collaboration of various medical researchers in the academic field has led to proof that pacemakers can be remotely hacked with simple and accessible equipment. [Kevin Fu], an associate professor at the University of Massachusetts at Amherst, led the team. [Kevin] first tried to get documentation from the manufacturers, believing they would support the effort, but they were not interested in helping. They were forced to get access to an old pacemaker and reverse engineer it. They found that the communication protocol used to remotely program the device was unencrypted. They then used a GNU radio system to find access to some of the machine’s reprogrammable functions, including accessing patient data and even turning it off.

Although this was only done with one particular pacemaker, it proves the concept and should be taken seriously by the medical companies who produce these devices. If you are interested in the technical aspects, check out the paper the team released in May disclosing the methods.