Shmoocon 2017: So You Want To Hack RF

Far too much stuff is wireless these days. Home security systems have dozens of radios for door and window sensors, thermostats aren’t just a wire to the furnace anymore, and we are annoyed when we can’t start our cars from across a parking lot. This is a golden era for anyone who wants to hack RF. This year at Shmoocon, [Marc Newlin] and [Matt Knight] of Bastille Networks gave an overview of how to get into hacking RF. These are guys who know a few things about hacking RF; [Marc] is responsible for MouseJack and KeySniffer, and [Matt] reverse engineered the LoRa PHY.

In their talk, [Marc] and [Matt] outlined five steps to reverse engineering any RF signal. First, characterize the channel. Determine the modulation. Determine the symbol rate. Synchronize a receiver against the data. Finally, extract the symbols, or get the ones and zeros out of the analog soup.

From [Marc] and [Matt]’s experience, most of this process doesn’t require a radio, software or otherwise. Open source intelligence or information from regulatory databases can be a treasure trove of information regarding the operating frequency of the device, the modulation, and even the bit rate. The pertinent example from the talk was the FCC ID for a Z-wave module. A simple search revealed the frequency of the device. Since the stated symbol rate was twice the stated data rate, the device obviously used Manchester encoding. These sorts of insights become obvious once you know what you’re looking for.

In their demo, [Marc] and [Matt] went through the entire process of firing up GNU Radio, running a Z-wave decoder and receiving Z-wave frames. All of this was done with a minimum of hardware and required zero understanding of what radio actually is, imaginary numbers, or anything else a ham license will hopefully teach you. It’s a great introduction to RF hacking, and shows anyone how to do it.

Toshiro Kodera: Electromagnetic Gyrotropes

We’ve learned a lot by watching the talks from the Hackaday Superconferences. Still, it’s a rare occurrence to learn something totally new. Microwave engineer, professor, and mad hacker [Toshiro Kodera] gave a talk on some current research that he’s doing: replacing natural magnetic gyrotropic material with engineered metamaterials in order to make two-way beam steering antennas and more.

If you already fully understood that last sentence, you may not learn as much from [Toshiro]’s talk as we did. If you’re at all interested in strange radio-frequency phenomena, neat material properties, or are just curious, don your physics wizard’s hat and watch his presentation. Just below the video, we’ll attempt to give you the Cliff’s Notes.

Continue reading “Toshiro Kodera: Electromagnetic Gyrotropes”

Jenkins and Slack Report Build Failure! Light the Beacons!

When you have a large software development team working on a project, monitoring the build server is an important part of the process. When a message comes in from your build servers, you need to take time away from what you’re doing to make sure the build’s not broken and, if it’s broken because of something you did, you have to stop what you’re doing, start fixing it and let people know that you’re on it.

[ridingintraffic]’s team uses Jenkins to automatically build their project and if there’s a problem, it sends a message to a Slack channel. This means the team needs to be monitoring the Slack channel, which can lead to some delays. [ridingintraffic] wanted immediate knowledge of a build problem, so with some software, IoT hardware, and a rotating hazard warning light, the team now gets a visible message that there’s a build problem.

An Adafruit Huzzah ESP8266 board is used as the controller, connected to some RF controlled power outlets via a 434MHz radio module. To prototype the system, [ridingintraffic] used an Arduino hooked up to one of the RF modules to sniff out the codes for turning the power outlets on and off from their remotes. With the codes in hand, work on the Huzzah board began.

An MQTT broker is used to let the Huzzah know when there’s been a build failure. If there is, the Huzzah turns the light beacon on via the power outlets. A bot running on the Slack channel listens for a message from one of the developers saying that problem is being worked on, and when it gets it, it sends the MQTT broker a message to turn the beacon off.

There’s also some separation between the internal network, the Huzzahs, and the Slack server on the internet, and [ridingintraffic] goes over the methods used to communicate between the layers in a more detailed blog post. Now, the developers in [ridingintraffic]’s office don’t need to be glued to the Slack channel, they will not miss the beacon when it signals to start panicking!

Hackaday Links: October 9, 2016

Atari is back! That’s what some dude says. There are no real details in that post, other than ‘Atari is Back!’

The ESP32 is coming, and it’s going to be awesome. Espressif has just released an Arduino core for the ESP32 WiFi chip. The digitalRead, digitalWrite, SPI, Serial, Wire, and WiFi “should” work. If you’re looking for ESP32 hardware, they’re infrequently available and frequently out of stock. Thankfully, stock levels won’t be the Raspberry Pi Zero all over again until someone figures out how to run an NES emulator on the ESP32.

Tiny, cheap ARM boards would make for great home servers if they had SATA or multiple network interfaces. Here’s a Kickstarter for a board with both. It’s based on an ARM A53 with multiple Ethernets, mini PCIe, enough RAM, and SATA. It’s a board for niche use cases, but those uses could be really cool.

You’re not cool or ‘with it’ until you have a PCB ruler. That’s what all the hip kids are doing. For wizards and dark mages out there, a simple PCB ruler isn’t enough. These rare beasts demand RF rulers. There’s some weird stuff on these rulers, like Archemedian spiral antennas and spark gaps. Black magic stuff, here.

Some dude with a camera in the woods did something. Primitive Technology, the best example of experimental archaeology you’ve ever seen, built a spear thrower. You can throw a ball faster with a lacrosse stick than you can with just your hands, and this is the idea behind this device, commonly referred to as an atlatl. You can hunt with an atlatl in some states, but I have yet to see a video of anyone taking down a deer with one of these.

Think we’re done spamming the Hackaday Superconference yet? YOU’RE WRONG. The Hackaday Superconference is the greatest hardware conference of all time until we do this whole thing again next year. Get your tickets, look at the incredible list of speakers, book your flights, and be in Pasadena November 5-6.

Preparing Your Product For The FCC

At some point you’ve decided that you’re going to sell your wireless product (or any product with a clock that operates above 8kHz) in the United States. Good luck! You’re going to have to go through the FCC to get listed on the FCC OET EAS (Office of Engineering and Technology, Equipment Authorization System). Well… maybe.

As with everything FCC related, it’s very complicated, there are TLAs and confusing terms everywhere, and it will take you a lot longer than you’d like to figure out what it means for you. Whether you suffer through this, breeze by without a hitch, or never plan to subject yourself to this process, the FCC dance is an entertaining story so let’s dive in!

Continue reading “Preparing Your Product For The FCC”

Would You Like a Satellite Dish?

Satellite dishes are a common site these days, although admittedly most of them are Ku- and Ka-band dishes. The older C-band dishes are still around, though, just less frequently in people’s yards. [Greenish Apple] decide to cut the cable and start watching free TV so he built a C-band dish. The trick is, he made the dish out of wood.

The design is the offset type, not a prime focus dish–that is, the electronics are not in the center of the dish but on the side. Wood isn’t particularly good at reflecting RF, of course, so over the wooden skeleton, he used flashing.

Continue reading “Would You Like a Satellite Dish?”

Build a Tiny (Unstable) Bugging Device

We don’t know who the [amgworkshop] wanted to listen in on, but they apparently went searching for a small FM wireless transmitter. There’s plenty of circuits around, but they wanted something smaller. The original circuit had a variable capacitor to tune the output frequency. The new design uses a fixed capacitor and a spring for an antenna. You can see the build steps in the video below, but don’t expect a lot of frequency stability or fidelity out of a single transistor transmitter.

The parts list is minimal. In addition to a coin cell holder (which serves as the construction base), you need a transistor, two resistors, three capacitors, a homemade inductor (very easy to make with some wire and a drill bit), and an electret microphone. Of course, you need a battery, too. The whole thing is potted with hot glue.

Continue reading “Build a Tiny (Unstable) Bugging Device”