Backscatter Your Own FM Pirate Radio Station

If you live in a city, you’re constantly swimming in a thick soup of radio-frequency energy. FM radio stations put out hundreds of kilowatts each into the air. Students at the University of Washington, [Anran Wang] and [Vikram Iyer], asked themselves if they could harness this background radiation to transmit their own FM radio station, if only locally. The answer was an amazing yes.

The trailer video, embedded below, demos a couple of potential applications, but the paper (PDF) has more detail for the interested. Basically, they turn on and off an absorbing antenna at a frequency that’s picked so that it modulates a strong FM signal up to another adjacent channel. Frequency-modulating this backscatter carrier frequency adds audio (or data) to the product station.

One of the cooler tricks that they pull off with this system is to inject a second (stereo) channel into a mono FM station. Since FM radio is broadcast as a mono signal, with a left-minus-right signal sent alongside, they can make a two-channel stereo station by recreating the stereo pilot carrier and then adding in their own difference channel. Pretty slick. Of course, they could send data using this technique as well.

Why do this? A small radio station using backscatter doesn’t have to spend its power budget on the carrier. Instead, the device can operate on microwatts. Granted, it’s only for a few feet in any given direction, but the station broadcasts to existing FM radios, rather than requiring the purchase of an RFID reader or similar device. It’s a great hack that piggybacks on existing infrastructure in two ways. If this seems vaguely familiar, here’s a similar idea out of the very same lab that’s pulling off essentially the same trick indoors with WiFi signals.

So who’s up for local reflected pirate radio stations?

Continue reading “Backscatter Your Own FM Pirate Radio Station”

Move Over Baofeng, Xiaomi Want To Steal Your Thunder

To a radio amateur who received their licence decades ago there is a slightly surreal nature to today’s handheld radios. A handheld radio should cost a few hundred dollars, or such was the situation until the arrival of very cheap Chinese radios in the last few years.

The $20 Baofeng or similar dual-bander has become a staple of amateur radio. They’re so cheap, you just buy one because you can, you may rarely use it but for $20 it doesn’t matter. Most radio amateurs will have one lying around, and many newly licensed amateurs will make their first contacts on one. They’re not even the cheapest option either, if you don’t mind the absence of an LCD being limited to UHF only, then the going rate drops to about $10.

The Baofengs and their ilk are great radios for the price, but they’re not great radios. The transmitter side can radiate a few too many harmonics, and the receivers aren’t the narrowest bandwidth or the sharpest of hearing. Perhaps some competition in the market will cause an upping of the ante, and that looks to be coming from Xiaomi, the Chinese smartphone manufacturer. Their Mijia dual-band walkie-talkie product aims straight for the Baofeng’s jugular at only $35, and comes in a much sleeker and more contemporary package as you might expect from a company with a consumer mobile phone heritage. Many radio amateurs are not known for being dedicated followers of fashion, but for some operators the sleek casing of the Mijia will be a lot more convenient than the slightly more chunky Baofeng.

This class of radio offers more to the hardware hacker than just an off-the-shelf radio product, at only a few tens of dollars they become almost a throwaway development system for the radio hacker. We’ve seen interesting things done with the Baofengs, and we look forward to seeing inside the Xiaomi.

We brought you a look at the spurious emissions of this class of radio last year, and an interesting project with a Baofeng using GNU Radio in a slightly different sense to its usual SDR function.

[via Southgate ARC]

Origin of Wireless Security: the Marconi Radio Hack of 1903

The place is the historic lecture theater of the Royal Institution in London. The date is the 4th of June 1903, and the inventor, Guglielmo Marconi, is about to demonstrate his new wireless system, which he claims can securely send messages over a long distance, without interference by tuning the signal.

The inventor himself was over 300 miles away in Cornwall, preparing to send the messages to his colleague Professor Fleming in the theater. Towards the end of Professor Flemings lecture, the receiver sparks into life, and the morse code printer started printing out one word repeatedly: “Rats”. It then spelled out an insulting limerick: “There was a young man from Italy, who diddled the public quite prettily”. Marconi’s supposedly secure system had been hacked.

Continue reading “Origin of Wireless Security: the Marconi Radio Hack of 1903”

Universal Radio Hacker

If you are fascinated by stories you read on sites like Hackaday in which people reverse engineer wireless protocols, you may have been tempted to hook up your RTL-SDR stick and have a go for yourself. Unfortunately then you may have encountered the rather steep learning curve that comes with these activities, and been repelled by a world with far more of the 1337 about it than you possess. You give up after an evening spent in command-line dependency hell, and move on to the next thing that catches your eye.

You could then be interested by [Jopohl]’s Universal Radio Hacker. It’s a handy piece of software for investigating unknown wireless protocols. It supports a range of software defined radios including the dirt-cheap RTL-SDR sticks, quickly demodulates any signals you identify, and provides a whole suite of tools to help you extract the data they contain. And for those of you scarred by dependency hell, installation is simple, at least for this Hackaday scribe. If you own an SDR transceiver, it can even send a reply.

To prove how straightforward the package is, we put an RTL stick into a spare USB port and ran the software. A little investigation of the menus found the spectrum analyser, with which we were able to identify the 433 MHz packets coming periodically from a wireless thermometer. Running the record function allowed us to capture several packets, after which we could use the interpretation and analysis screens to look at the binary stream for each one. All in the first ten minutes after installation, which in our view makes it an easy to use piece of software. It didn’t deliver blinding insight into the content of the packets, that still needs brain power, but at least if we were reverse engineering them we wouldn’t have wasted time fighting the software.

We’ve had so many reverse engineering wireless protocol stories over the years, to pick only a couple seems to miss the bulk of the story. However both this temperature sensor and this weather station show how fiddly it can be without a handy software package to make it easy.

Via Hacker News.

Radio and Phone Speaker has Style

Building a crystal radio isn’t exactly rocket science. Some people who build them go for pushing them technically as far as they can go. Others, like [Billy Cheung], go for style points. The modular radio and phone speaker looks like it came out of the movie Brazil. The metallic gramophone-like speaker horn adds to the appeal and mechanically amplifies the sound, too.

The video (see below) isn’t exactly a how-to, but if you watch to the end there is enough information that you could probably reproduce something at least similar. There are actually several horns. One is made from copper, another from paper, and one from a plastic bottle.

Continue reading “Radio and Phone Speaker has Style”

A Real Star Trek Communicator Badge

Star Trek has never let technology get in the way of a good story. Gene Roddenberry and the writers of the show thought up some amazing gadgets, from transporters to replicators to the warp core itself. Star Trek: The Next Generation brought us the iconic communicator badge. In 1987, a long-range radio device which could fit in a pin was science fiction. [Joe] is bringing these badges a bit closer to the real world with his entry in the 2017 Hackaday Sci-Fi Contest.

trek-thumbThe first problem [Joe] dealt with was finding a radio which could run from watch batteries, and provide decently long-range operations. He chose the HopeRF RFM69HCW. Bringing fiction a bit closer to reality, this module has been used for orbital communications with low-cost satellites.

The Badge’s processor is a Teensy LC. [Joe] is rolling his own Teensy, which means using bootloader chips from PJRC, as well as the main microcontroller. Kicking the main micro into operation is where [Joe] is stuck right now. Somewhere between the breadboard and the first spin of the surface mount PCB things went a bit sideways. The oscillators are running, but there are no USB communications. [Joe] is trying another board spin. He made a few improvements and already has new boards on the way. Switching to a toaster oven or skillet paste and solder setup would definitely help him get the new badges up and running.

An Overview Of The Dreaded EMC Tests

There is one man whose hour-long sessions in my company give me days of stress and worry. He can be found in a soundless and windowless room deep in the bowels of an anonymous building in a town on the outskirts of London. You’ve probably driven past it or others like it worldwide, without being aware of the sinister instruments  that lie within.

The man in question is sometimes there to please the demands of the State, but there’s nothing too scary about him. Instead he’s an engineer and expert in electromagnetic compatibility, and the windowless room is a metal-walled and RF-proof EMC lab lined with ferrite tiles and conductive foam spikes. I’m there with the friend on whose work I lend a hand from time to time, and we’re about to discover whether all our efforts have been in vain as the piece of equipment over which we’ve toiled faces a battery of RF-related tests. As before when I’ve described working on products of this nature the specifics are subject to NDAs and in this case there is a strict no-cameras policy at the EMC lab, so yet again my apologies as any pictures and specifics will be generic.

There are two broadly different sets of tests which our equipment will face: RF radiation, and RF injection. In simple terms: what RF does it emit, and what happens when you push RF into it through its connectors and cables? We’ll look at each in turn as a broad overview pitched at those who’ve never seen inside an EMC lab, sadly there simply isn’t enough space in a Hackaday article to cover every nuance.

Continue reading “An Overview Of The Dreaded EMC Tests”