Most hobbyists use crystals as an external clock signal for a microcontroller. A less common use would be to make a bandpass filter (BPF) for an RF signal. [Dan Watson] explains his crystal ladder design on his blog and links to several sources for understanding the theory and creating your own crystal ladder band pass filter. If you want a set of these purple PCBs you can order them straight from the purple fab.
One of the sources that [Dan] cites is [Larry Benko]’s personal site which is primarily dedicated to amateur radio projects. Which you can find much more in-depth information regarding the design of a xtal BPF. [Larry] goes into detail about the software he uses and some of the applications of crystal ladder filters.
The process includes measuring individual xtals to determine which ones will work together for your target frequency. [Larry] also walks you through the software simulation process using LTSpice. If you aren’t familiar with Spice simulation you can get caught up by checking out the series of Spice articles by our very own [Al Williams].
There are two sides to every coin. Instead of swiping or using a chip reader with your credit card, some companies offer wireless cards that you hold up to a reader for just an instant. How convenient for you and for anyone who might what to read that data for their own use. The same goes for RFID enabled passports, and the now ubiquitous keycards used for door access at businesses and hotels. I’m sure you can opt-out of one of these credit cards, but Gerald in human resources isn’t going to issue you a metal key — you’re stuck hauling around that RFID card.
It is unlikely that someone surreptitiously reading your card will unlock your secrets. The contactless credit cards and the keylock cards are actually calculating a response based on a stored key pair. But you absolutely could be tracked by the unique IDs in your cards. Are you being logged when passing by an open reader? And other devices, like public transit cards, may have more information stored on them that could be harvested. It’s not entirely paranoid to want to silence these signals when you’re not using them.
One solution is to all of this is to protect your wallet from would-be RFID pirates. At this point all I’m sure everyone is thinking of a tin-foil card case. Sure, that might work unless the malicious reader is very powerful. But there’s a much more interesting way to protect against this: active RFID scrambling with a project called GuardBunny. It’s a card that you place next to whatever you want to protect. It’s not really RFID — I’ll get that in a moment — but is activated the same way and spews erroneous bits back at any card reader. Kristin Paget has been working on GuardBunny for several years now. As of late she’s had less time for active development, but is doing a great thing by letting version 1 out into the world for others to hack on. In her talk at Shmoocon 2016 she walked through the design, demonstrated its functionality, and shared some suggestions for further improvement.
[Henrik’s] new design uses an NXP LPC4320 which uniquely combines an ARM Cortex-M4 MCU along with a Cortex-M0 co-processor. The HackRF also uses this micro as it has some specific features that can be taken advantage of here like the Serial GPIO (SGPIO) which can be tediously configured and high-speed USB all for ~$8 in single quantity. The mixed signal design is done in two boards, a 4 layer RF board and 2 layer digital board.
Like the gentleman he is, [Henrik] has included schematics, board files, and his modified source from the HackRF project in his github repo. There is simply too much information in his post to attempt to summarize here, if you need instant gratification check out the pictures after the break.
Somewhere between the HF projects many of us have worked on, and the visible light spectrum lies the UHF, EHF, SHF, and THF. That’s Ultra, Extremely, Super, and Tremendously High Frequency for those who aren’t in the know. All of them involve frequencies in the gigahertz and terahertz range. While modern computers have made gigahertz a household term, actually working with signals in the gigahertz frequency range is still a daunting prospect. There have always been an elite group of hackers, makers, and engineers who tinker with projects using GHz frequencies. This week’s Hacklet is about some of the best GHz projects on Hackaday.io!
We start with [Luke Weston] and Simple, low-cost FMCW radar. For years people like Hackaday’s own [Gregory L. Charvat] have been building simplified radar systems and documenting them for the rest of us. [Luke’s] goal is to make radar systems like this even more accessible for the average hacker. He’s put all the specialized parts on one board. Rather than large Mini Circuits modules, [Luke] went with Hittite microwave parts in chip scale packages. Modulation comes from a Microchip MCP4921 mixed signal DAC. The system works, and has demonstrated transmission and reception 5 GHz to 6 GHz bands. [Luke] has even demonstrated detection of objects at close range using a scope.
[jmilldrum] really gets a lot of use out of his Si5351A breakout board. He’s a ham [NT7S], and the Si5351A can generate multiple square waves ranging from 8 kHz to 160 MHz, so it only stands to reason that it is going to be a useful tool for any RF hacker. His most recent exploit is to use the I2C-controllable chip to implement a Fast Simple QSO (FSQ) beacon with an Arduino.
FSQ is a relatively new digital mode that uses a form of low rate FSK to send text and images in a way that is robust under difficult RF propagation. There are 32 different tones used for symbols so common characters only require a single tone. No character takes more than two tones.
Morse code qualifies as a digital mode, although organic brains are somewhat better at copying it than electronic ones. Ham radio operators that did “phone” (ham-talk for voice) started out with AM modulation. Sometime after World War II, there was widespread adoption of single side band or SSB. SSB takes up less bandwidth and is more reliable than AM modulation. On the digital side, hams turned to different and more sophisticated digital transmission types with computers pushing bandwidth down and reliability up. However, a recent trend has been to encode voice over ham radio–sort of VoIP with radio instead of Ethernet–using an open source program called freedv.
[AA6E] made a very informative video where he carries on a QSO (a conversation) with a distant station using freedv. What makes it interesting, is towards the end when the two stations switch to regular SSB. The difference is dramatic and really points out how even with less bandwidth (roughly 3 kHz for SSB vs 1.25 kHz), the digital mode is superior. The freedv software (available for Windows or Linux) compresses audio to 700-1600 bits per second and spreads it over 16 QPSK signals.
[Simon] has been using his home alarm system for over six years now. The system originally came with a small RF remote control, but after years of use and abuse it was finally falling apart. After searching for replacement parts online, he found that his alarm system is the “old” model and remotes are no longer available for purchase. The new system had similar RF remotes, but supposedly they were not compatible. He decided to dig in and fix his remote himself.
He cracked open the remote’s case and found an 8-pin chip labeled HCS300. This chip handles all of the remote’s functions, including reading the buttons, flashing the LED, and providing encoded output to the 433MHz transmitter. The HCS300 also uses KeeLoq technology to protect the data transmission with a rolling code. [Simon] did some research online and found the thew new alarm system’s remotes also use the same KeeLoq technology. On a hunch, he went ahead and ordered two of the newer model remotes.
He tried pairing them up with his receiver but of course it couldn’t be that simple. After opening up the new remote he found that it also used the HCS300 chip. That was a good sign. The manufacturer states that each remote is programmed with a secret 64-bit manufacturer’s code. This acts as the encryption key, so [Simon] would have to somehow crack the key on his original chip and re-program the new chip with the old key. Or he could take the simpler path and swap chips.
A hot air gun made short work of the de-soldering and soon enough the chips were in place. Unfortunately, the chips have different pinouts, so [Simon] had to cut a few traces and fix them with jumper wire. With the case back together and the buttons in place, he gave it a test. It worked. Who needs to upgrade their entire alarm system when you can just hack the remote?