Building A Local Network With LoRaWAN

October 22, 2022 by Bryan Cockfield 40 Comments

At its core, the Internet is really just a bunch of computers networked together. There’s no reason that there can’t be other separate networks of computers, or that we all have to tie every computer we have to The One Internet To Rule Them All. In fact, for a lot of embedded systems, it doesn’t make much sense to give them a full network stack and Cat6e Ethernet just to report a few details about themselves. Enter LoRaWAN, a wireless LAN that uses extremely low power for Internet-of-Things devices, and an implementation of one of these networks in an urban environment.

The core of the build is the LoRaWAN gateway which sits at the top of a tall building to maximize the wireless range of all of the other devices. It’s running ChirpStack on the software side and uses a Kerlink Wigrid station to broadcast. The reported range is a little over 9 km with this setup. Other gateways can also be added, and the individual LoRa modules can report to any available gateway. From there, the gateways all communicate back to the central server and the information can be sent out to the wider network, Internet or otherwise.

The project’s creator [mihai.cuciuc] notes that this sort of solution might not be best for everyone. There are other wide area networks available, but using LoRaWAN like this would be likely to scale better as more and more devices are added to the network. For some other ways that LoRa can be used to great effect, take a look at this project which builds an off-grid communications network with it.

An RF remote control with a LoRa receiver next to it

Reverse Engineering A 900 MHz RC Transmitter And Receiver

February 20, 2022 by Robin Kearey 5 Comments

For those building their own remote controlled devices like RC boats and quadcopter drones, having a good transmitter-receiver setup is a significant factor in the eventual usability of their build. Many transmitters are available in the 2.4 GHz band, but some operate at different frequencies, like the 868/915 MHz band. The TBS Crossfire is one such transmitter, and it’s become a popular model thanks to its long-range performance.

The channel hopping sequence of a TBS Crossfire transmitter — The channel hopping sequence

When [g3gg0] bought a Crossfire set for his drone, he discovered that the receiver module consisted of not much more than a PIC32 microcontroller and an SX1272 LoRa modem. This led him to ponder if the RF protocol would be easy to decode. As it turns out, it was not trivial, but not impossible either. First, he built his own SPI sniffer using a CYC1000 FPGA board to reveal the exact register settings that the PIC32 sent to the SX1272. The Crossfire uses channel hopping, and by simply looking at the register settings it was easy to figure out the hopping sequence.

Once that was out of the way, the next step was to figure out what data was flowing through those channels. The data packets appeared to be built up in a straightforward way, but they included an unknown CRC checksum. Luckily, brute-forcing it was not hard; the checksum is most likely used to keep receivers from picking up signals that come from a different transmitter than their own.

[g3gg0]’s blog post goes into intricate detail on both the Crossfire’s protocol as well as the reverse engineering process needed to obtain this information. The eventual conclusion is that while the protocol is efficient and robust, it provides no security against eavesdropping or deliberate interference. Of course, that’s perfectly fine for most RC applications, as long as the user is aware of this fact.

If you’re into decoding RF protocols, you might also want to try using a logic analyzer. But if you merely want to replicate an existing transmitter’s signals, it might be easier to simply spoof a few button presses.

Continue reading “Reverse Engineering A 900 MHz RC Transmitter And Receiver” →

Long Range WiFi Broadcasts Open-Source Video Conferencing

October 10, 2020 by Bryan Cockfield 18 Comments

WiFi is an ubiquitous feature of the modern landscape, but due to power restrictions on most hardware alongside the high-frequency signal it’s typically fairly limited in range. This of course leads to frustration where a WiFi signal can be seen, but the connection is unreliable or slow. While most would reach for a range extender or other hardware bridge, [tak786] was able to roll out a better solution for his workplace by using a high-gain antenna and a single-board computer which gets him an amazing kilometer-wide WiFi network.

The build uses a 10 dBi antenna from TP-Link that’s rated for outdoor use and a single-board computer which acts as a sort of router. The antenna is placed at the top of a building which certainly helps with the extreme range as well. This setup doesn’t actually broadcast an open Internet connection, though. [tak786]’s employer needed a teleconferencing solution for their building, and he also created a fully open-source video conferencing solution called trango that can run on any LAN and doesn’t require an Internet connection. The WiFi setup in this build is effectively just a bonus to make the conferencing system more effective.

[tak786] is planning on releasing a whitepaper about this build shortly, but for now you can access the source code for the video conferencing system at his GitHub page. And, before anyone jumps to conclusions, apparently this is well within FCC rules as well. Some of the comments in the linked Reddit post suggest that with an amateur radio license this system could be pushed much further, too. If you need more range than a kilometer, though, it’s not too much more difficult to do once you have all the right hardware.

Bluetooth Development Board Goes The Distance

June 15, 2020 by Tom Nardi 13 Comments

Have you ever come across an interesting chip or component that you wanted to experiment with, only to find that there doesn’t seem to be a development board for it? Spinning up your own board is a lot easier today than it has been in the past, but it’s still a bit of a hassle to do it just for your own personal use. This is why [Nikolaj Andersson Nielsen] has decided to release RFCat, his custom long-range Bluetooth development board, onto the community.

The board is based around a module from MeshTek that’s essentially an amplified version of the Nordic nRF52832. According to [Nikolaj], this gives the module 30 times the transmit power of the base model chip.

RFCat is compatible with the Arduino IDE and uses the Adafruit nRF52 bootloader, making it easy to write your own code to take advantage of all this new-found power. Primarily you’d be programming the board over USB-C, but it also supports Serial Wire Debug (SWD) and over-the-air updates that can be triggered with a physical push button on the device.

If you want to get an RFCat of your own, it’s available on Tindie now. The amplified modules were originally intended for building Bluetooth mesh networks, but we’re sure there are other interesting applications out there just waiting to be discovered.

Continue reading “Bluetooth Development Board Goes The Distance” →

Adding LoRa Long Range Radio To Smartphones And Connected Devices

July 11, 2019 by Brian Benchoff 41 Comments

Would you add another radio to your smartphone? No, not another WiFi or cellular radio; a smartphone already has that. I’m talking about something that provides connectivity through ISM bands, either 433 or 915 MHz. This can be used where you don’t have cell phone coverage, and it has a longer range than WiFi. This is the idea behind Skrypt, a messaging system that allows you to send off-the-grid messages.

Skrypt is an ESP32-based hardware modem that can communicate with a smartphone, or any other device for that matter, over Bluetooth or USB. Inside, there are two modules, an ESP32 WROOM module that provides the Bluetooth, WiFi, USB connectivity, and all of the important software configuration and web-based GUI. The LoRa module is the ubiquitous RFM95W that’s ready to drop into any circuit. Other than that, the entire circuit is just a battery and some power management ICs.

While LoRa is certinaly not the protocol you would use for forwarding pics up to Instagram, it is a remarkable protocol for short messages carried over a long range. That’s exactly what you want when you’re out of range of cell phone towers — those pics can wait, but you might really want to send a few words to your friends. That’s invaluable, and LoRa makes a lot of sense in that case.

Long-Range RFID With Feedback

January 17, 2019 by Brian McEvoy 24 Comments

Not long ago, we published an article about researchers adding sensor data to passive RFID tags, and a comment from a reader turned our heads to a consumer/maker version which anyone can start using right away (PDF). If you’re catching up, passive RFID technology is behind the key fobs and stickers which don’t need power, just proximity to the reader’s antenna. This is a much “hackier” version that works with discrete signals instead of analog ones. It will not however require writing a new library and programming new tags from the ground up just for the user to get started, so there is that trade-off. Sparkfun offers a UHF reader which can simultaneously monitor 25 of the UHF tags shown in this paper.

To construct one of these enhanced tags, the antenna trace is broken and then routed through a switching device such as a glass-break sensor, temperature limit switch, doorbell, or light sensor. Whenever continuity is restored the tag will happily send back its pre-programmed data, and the reader will acknowledge that somewhere one of the tags is seeing some activity. Nothing says this could not be applied to inexpensive RFID readers should you just want a temperature warning for your gecko terrarium or light sensor to your greenhouse‘s sealed controller.

Thank you, [Mike Massen], for your tip on RFID Doing More Than ID.

Continue reading “Long-Range RFID With Feedback” →

Long-Range RFID Leaflets

January 19, 2018 by Brian McEvoy 29 Comments

Pick a card, any card. [Andrew Quitmeyer] and [Madeline Schwartzman] make sure that any card you pick will match their NYC art installation. “Replantment” is an interactive art installation which invites guests to view full-size leaf ~~molds~~ casts from around the world.

A receipt file with leaf images is kept out of range in this art installation. When a viewer selects one, and carries it to the viewing area, an RFID reader tells an Arduino which tag has been detected. Solid-state relays control two recycled clothing conveyors draped with clear curtains. The simple units used to be back-and-forth control but through dead-reckoning, they can present any leaf ~~mold~~ cast front-and-center.

Clothing conveyors from the last century weren’t this smart before, and it begs the question about inventory automation in small businesses or businesses with limited space.

We haven’t seen much long-range RFID, probably because of cost. Ordinary tags have been read at a distance with this portable reader though, and NFC has been transmitted across a room, sort of.

Continue reading “Long-Range RFID Leaflets” →