PiAware, Automated Airliner Tracking On The Raspberry Pi


For the sufficiently geeky aviation nerd there’s FlightAware, a website that tracks just about every airliner and most private planes currently in flight. The folks at FlightAware compile all the information with the help of a few thousand volunteers around the world that have a bit of hardware to listen to ADS-B transmissions and relay them to the FlightAware servers. Now you can do this with a Raspberry Pi, and as a nice little bonus FlightAware is giving away free enterprise accounts to anyone who does.

Listening in on ADS-B transponders is something Raspberry Pis have been doing for a while, but doing anything useful with the altitude, speed, heading, and registry numbers of various planes flying overhead is pretty much FlightAware’s only reason for existing, and the reason they’ve developed an easy to use software package for the Pi.

Setting everything up requires getting dump1090 running on the Pi, the only hardware required being an RTL-SDR USB TV tuner, a GPS module, and an antenna for 1090 MHz. From there, just send all the data to FlightAware and you get a free enterprise account with them. Not a bad deal for the aviation nerds out there.

Hackaday Links: July 27, 2014


Taking apart printers to salvage their motors and rods is a common occurrence in hacker circles, but how about salvaging the electronics? A lot of printers come with WiFi modules, and these can be repurposed as USB WiFi dongles. Tools required? And old printer, 3.3 V regulator, and a USB cable. Couldn’t be simpler.

The Raspberry Pi has a connector for a webcam, and it’s a very good solution if you need a programmable IP webcam with GPIOs. How about four cameras?. This Indiegogo is for a four-port camera connector for the Raspi. Someone has a use for this, we’re sure.

The one flexible funding campaign that isn’t a scam. [Kyle] maintains most of the software defined radio stack for Arch Linux, and he’s looking for some funds to improve his work. Yes, it’s basically a ‘fund my life’ crowdfunding campaign, but you’re funding someone to work full-time on open source software.

Calibration tools for Delta 3D printers. It’s just a few tools that speed up calibration, made for MATLAB and Octave.

[Oona] is doing her usual, ‘lets look at everything radio’ thing again, and has a plan to map microwave relay links. If you’ve ever seen a dish or other highly directional antenna on top of a cell phone tower, you’ve seen this sort of thing before. [Oona] is planning on mapping them by flying a quadcopter around, extracting the video and GPS data, and figuring out where all the other microwave links are.

PowerPoint presentations for the Raspberry Pi and BeagleBone Black. Yes, PowerPoint presentations are the tool of the devil and the leading cause of death for astronauts*, but someone should find this useful.

* Yes, PowerPoint presentations are the leading cause of death for astronauts. The root cause of the Columbia disaster was organizational factors that neglected engineer’s requests to use DOD space assets to inspect the wing, after which they could have been rescued. These are organizational factors were, at least in part, caused by PowerPoint.

Challenger was the same story, and although PowerPoint didn’t exist in 1986, “bulletized thinking” in engineering reports was cited as a major factor in the disaster. If “bulletized thinking” doesn’t perfectly describe PowerPoint, I don’t know what does.

As far as PowerPoint being the leading cause of death for astronauts, 14 died on two shuttles, while a total of 30 astronauts died either in training or in flight.

[Balint]‘s GNU Radio Tutorials


[Balint] has a bit of history in dealing with software defined radios and cheap USB TV tuners turned into what would have been very expensive hardware a few years ago. Now [Balint] is finally posting a few really great GNU Radio tutorials, aimed at getting software defined radio beginners up and running with some of the coolest hardware around today.

[Balint] is well-known around these parts for being the first person to create a GNU Radio source block for the implausibly inexpensive USB TV tuners, allowing anyone with $20 and enough patience to wait for a package from China to listen in on everything from 22 to 2200 MHz. There’s a lot of interesting stuff happening in that band, including the ACARS messages between airliners and traffic control, something that allowed [Balint] to play air traffic controller with a minimal amount of hardware.

Right now the tutorials are geared towards the absolute beginner, starting at the beginning with getting GNU Radio up and running. From there the tutorials continue to receiving FM radio, and with a small hardware investment, even transmitting over multiple frequencies.

It’s not much of an understatement to say software defined radio is one of the most versatile and fun projects out there. [Balint] even demonstrated triggering restaurant pagers with a simple SDR project, a fun project that is sure to annoy his coworkers.

[Read more...]

Measuring Frequency Response with an RTL-SDR Dongle and a Diode

[Hans] wanted to see the frequency response of a bandpass filter but didn’t have a lot of test equipment. Using an RTL-SDR dongle, some software and a quickly made noise generator, he still managed to get a rough idea of the filter’s characteristics.

How did he do it? He ‘simply’ measured his noise generator frequency characteristics with and without the bandpass filter connected to its output and then subtracted one curve with the other. As you can see in the diagram above, the noise generator is based around a zener diode operating at the reverse breakdown voltage. DC blocking is then done with a simple capacitor.

Given that a standard RTL-SDR dongle can only sample a 2-3MHz wide spectrum gap at a time, [Hans] used rtlsdr-scanner to sweep his region of interest. In his write-up, he also did a great job at describing the limitations of such an approach: for example, the dynamic range of the ADC is only 48dB.

Sniffing pH Sensor RF Signals for Feedback Re: Your Esophagus

For about a week [Justin] had a wireless acidity level sensor in his esophagus and a pager-looking RF receiver in his pocket. So he naturally decided to use an RTL-SDR dongle to sniff the signals coming out of him. As most of our Hackaday readers know, these cheap RTL2382U-based DVB-T receivers are very handy when it comes to listening to anything between 50MHz and 1800MHz. [Justin] actually did a great job at listing all the things these receivers can be used for (aircraft traffic monitoring, weather images download, electric meter reading, pacemaker monitoring…).

After some Googling he managed to find his Bravo pH sensor user’s guide and therefore discovered its main frequency and modulation scheme (433.92MHz / ASK). [Justin] then used gqrx and Audacity to manually decode the packets before writing a browser-based tool which uses an audio file. Finally, a few additional hours of thinking allowed him to extract his dear esophagus’ pH value.

Hacking Rolling Code Keyfobs



Most keyfobs out there that open cars, garage doors, and gates use a rolling code for security. This works by transmitting a different key every time you press the button. If the keys line up, the signal is considered legitimate and the door opens.

[Spencer] took a look into hacking rolling code keyfobs using low cost software-defined radio equipment. There’s two pars of this attack. The first involves jamming the frequency the keyfob transmits on while recording using a RTL-SDR dongle. The jamming signal prevents the receiver from acknowledging the request, but it can be filtered out using GNU Radio to recover the key.

Since the receiver hasn’t seen this key yet, it will still be valid. By replaying the key, the receiver can be tricked. To pull off the replay, GNU Radio was used to demodulate the amplitude shift keying (ASK) signal used by the transmitter. This was played out of a computer sound card into a ASK transmitter module, which sent out a valid key.

Hacking Radio Controlled Outlets

Decoding NRZ ASK

It’s no surprise that there’s a lot of devices out of there that use simple RF communication with minimal security. To explore this, [Gordon] took a look at attacking radio controlled outlets.

He started off with a CC1111 evaluation kit, which supports the RFCat RF attack tool set. RFCat lets you interact with the CC1111 using a Python interface. After flashing the CC1111 with the RFCat firmware, the device was ready to use. Next up, [Gordon] goes into detail about replaying amplitude shift keying messages using the RFCat. He used an Arduino and the rc-switch library to generate signals that are compatible with the outlets.

In order to work with the outlets, the signal had to be sniffed. This was done using RTL-SDR and a low-cost TV tuner dongle. By exporting the sniffed signal and analyzing it, the modulation could be determined. The final step was writing a Python script to replay the messages using the RFCat.

The hack is a good combination of software defined radio techniques, ending with a successful attack. Watch a video of the replay attack after the break.

[Read more...]


Get every new post delivered to your Inbox.

Join 92,441 other followers