The Terrible Devices Of The Internet Of Wrongs

Last week was Bsides London, and [Steve Lord] was able to give a talk about the devices that could pass for either a terrible, poorly planned, ill-conceived Internet of Things Kickstarter, or something straight out of the NSA toolkit. [Steve] built the Internet of Wrongs, devices that shouldn’t exist, but thanks to all this electronic stuff, does.

Continue reading “The Terrible Devices Of The Internet Of Wrongs”

Identify Your Devices by Their Unintentional Radiation

RFID was supposed to revolutionize asset tracking, replacing the barcode everywhere. Or at least that was the prediction once tags got under five cents apiece. They still cost seven to fifteen cents, even in bulk, and the barcode is still sitting pretty. [Chouchang (Jack) Yang] and [Alanson Sample] of Disney Research hope to change that.

Instead of tagging every electronic device, they use whatever electromagnetic emissions the device currently produces when it’s powered up. What’s surprising is not that they can tell an iPhone from a toy lightsaber, but that they can tell the toy lightsabers apart. But apparently there’s enough manufacturing and tolerance differences from piece to piece that they appear unique most of the time.

The paper (PDF) goes through the details and procedure. The coolest bit? The sensor they use is an RTL-SDR unit with the radio-mixer front end removed and replaced with a simple transformer. This lets them feed baseband (tuning from 0 to 28.8 MHz) straight into the DAC ADC and on to the computer which does the heavy math. Sawing off the frontend of a TV tuner is a hack, for those of you out there with empty bingo cards.

If you like statistics, you’ll want to read the paper for details about how they exactly do the classification of objects, but the overview is that they first start by figuring out what type of device they’re “hearing” and then focusing on which particular one it is. The measure that they use ends up being essentially a normalized correlation.

While we’re not sure how well this will scale to thousands of devices, they get remarkably good results (around 95%) for picking one device out of five. The method won’t be robust to overclocking or underclocking of the device’s CPU, so we’re concerned about temperature and battery-voltage effects. But it’s a novel idea, and one that’s ripe for the hacker-rebuild. And for the price of an RTL-SDR, and with no additional per-tag outlay as with an RFID system, it’s pretty neat.

Thanks [Static] for the tip! Via Engadget.

$25 Satellite Tracker Boasts “Usefulness Optional”

[Paul] is very up-front about the realities of his $25 Satellite Tracker, which aims a tape measure yagi antenna at a satellite of choice and keeps it tracking the satellite as it moves overhead. Does it work? Yes! Is it cheap? Of course! Is it useful? Well… did we mention it works and it’s cheap?

When [Paul] found himself wanting to see how cheaply he could make a satellite tracker he already had an RTL-SDR (which we have seen used for satellite communication before) and a yagi antenna made out of a tape measure, but wanted some way to automatically point the antenna at a satellite as it moved across the sky. He also wanted to see just how economically it could be done. Turns out that with some parts from China and code from SatNOGS (open-source satellite tracking network project and winner of the 2014 Hackaday Prize) you have most of what you need! A few modifications were still needed, and [Paul] describes them all in detail.

Satellite Tracker In Parking Lot ThumbnailSo is a $25 Satellite Tracker useful? As [Paul] says, “Probably not.” He explains, “Most people want satellite trackers so that they can put them outside and then control the antenna from inside, which someone probably can’t do with mine unless they live in a really nice place or build a radome. […] Driving somewhere, setting it up correctly (which involves reprogramming the Arduino for every satellite), and then sitting around is pretty much the opposite of useful.”

It might not be the most practical but it works, it’s cool, he learned a lot, and he wrote up the entire process for others to learn from or duplicate. If that’s not useful, we don’t know what is.

Satellite tracking is the focus of some interesting projects. We’ve even seen a project that points out satellite positions by shining a laser into the sky.

Improving the RTL-SDR

The RTL-SDR dongle is a real workhorse for radio hacking. However, the 28.8 MHz oscillator onboard isn’t as stable as you might wish. It is fine for a lot of applications and, considering the price, you shouldn’t complain. However, there are some cases where you need a more stable reference frequency.

[Craig] wanted a stable solution and immediately thought of a TCXO (Temperature Compensated “Xtal” Oscillator). The problem is, finding these at 28.8 MHz is difficult and, if you can find them, they are relatively expensive. He decided to make an alternate oscillator using an easier-to-find 19.2 MHz crystal.

Continue reading “Improving the RTL-SDR”

Triple Threat RTL-SDR System Reads Trunked Radio

In the old days, if you wanted to listen to police, fire, or other two-way radio users, you didn’t need much more than a simple receiver. Today, you are more likely to need something a little more exotic thanks to the adoption of trunked radio systems. To pick up the control channels and all the threads of a talk group conversation, you might need a wide bandwidth receiver.

[Luke Berndt] found he needed 6 MHz to monitor the stations he wanted to hear. This is easily in the reach of dedicated software defined radios (SDR). However, [Luke] wanted to use cheap RTL-SDRs and their bandwidth is about 2 MHz. The obvious hacker solution? Use three of them!

If you haven’t looked at a trunked system before, it essentially allows a large number of users to share a relatively small number of channels. When someone wants to talk, they move to an unused channel just for that transmission. Suppose Alice asks Bob a question that happens to be on channel 12. Bob’s reply might be on channel 4. A follow up from Alice could be on channel 3.

In practice, this means that receiving the signal isn’t difficult to decode. It is just difficult to find (and follow as it jumps around). This is an excellent job for multiple SDRs and the approach even reduces the burden on the CPU, which doesn’t have to decode signals that aren’t essential to the conversation.

[Luke] includes source code and also notes how to change the serial numbers of the dongles since each has to be unique. We have seen so many great projects with the RTL-SDR that it is hard to choose our favorite. It is especially great knowing that the dongle was only meant to receive television, and all these projects are hacks in the best sense of the word.

Thanks [WA5RRior] for the tip.

Hacking the Internet of Things: Decoding LoRa

Getting software-defined radio (SDR) tools into the hands of the community has been great for the development and decoding of previously-cryptic, if not encrypted, radio signals the world over. As soon as there’s a new protocol or modulation method, it’s in everyone’s sights. A lot of people have been working on LoRa, and [bertrik] at RevSpace in The Hague has done some work of his own, and put together an amazing summary of the state of the art.

LoRa is a new(ish) modulation scheme for low-power radios. It’s patented, so there’s some information about it available. But it’s also proprietary, meaning that you need a license to produce a radio that uses the encoding. In keeping with today’s buzzwords, LoRa is marketed as a wide area network for the internet of things. HopeRF makes a LoRa module that’s fairly affordable, and naturally [bertrik] has already written an Arduino library for using it.

So with a LoRa radio in hand, and a $15 RTL-SDR dongle connected to a laptop, [bertrik] got some captures, converted the FM-modulated chirps down to audio, and did a bunch of hand analysis. He confirmed that an existing plugins for sdrangelove did (mostly) what they should, and he wrote it all up, complete with a fantastic set of links.

There’s more work to be done, so if you’re interested in hacking on LoRa, or just having a look under the hood of this new modulation scheme, you’ve now got a great starting place.

Art for Planespotters

We don’t know art, but we know what we like. And this gizmo by [Johan Kanflo] is right up our alley.

First, [Johan] gutted an old Macintosh Classic computer and stuffed a Raspberry Pi inside. Now this is not really a new idea, but [Johan] did a very nice job with the monitor and his attention to detail shows in the rebuilt floppy-drive eject mechanism. He gives it back that characteristic “schlurp” noise.

Then he outfitted the Raspberry Pi with an RTL dongle running dump1090 software to listen to the ADS-B radio signals. The data extracted from the SDR is piped off to an MQTT server with all sorts of data about the airplanes overhead. Another script subscribes to the MQTT topic and figures out which is the closest and runs an image search for the plane type in question, publishing the results back to another MQTT topic. One final script subscribes to this last topic and displays the relevant images on the screen. Pshwew!

The end result is a Macintosh Classic that’s continually updated with whatever planes are closest to being overhead. We’re not at all sure if this is fine art, or part of the useful arts, or maybe even none of the above. But we really like the nice case job and think that using MQTT as a back-end for coordinating multiple concurrent Python scripts (on the same computer) is pretty cool.