When last we heard of the progress of commanding the derelict ISEE-3 satellite into stable orbit between the Earth and the sun, the team had just made contact with the probe using the giant dish in Arecibo, sent a few commands, and started gathering data to plot where the spacecraft is and where it will be. A lot has happened in a week, and the team is now happy to report the spacecraft is alive and well, and much, much closer to the intended trajectory than initially believed.
Before last week, the best data on where ISEE-3 was heading was from a 13-year-old data set, leaving the project coordinators to believe a maneuver of about 50-60 m/s was necessary to put the spacecraft into the correct orbit between the Earth and the sun. With new data from Arecibo, that figure has been reduced to about 5.8 m/s, putting it extremely close to where the original ICE navigation team intended it to go, all the way back in 1986. This also gives the team a bit of breathing room; the original planned maneuver to capture the spacecraft required nearly a third of the available fuel on board. The new plan only requires the spacecraft expend about 5% of its fuel stores. This, of course, brings up the idea of continuing the planned mission of the rebooted ISEE-3 beyond the Earth-Sun L1 point, but that is very much putting the cart before the horse.
Of course, getting ranging data of the spacecraft is only a small part of what has happened with the ISEE-3 part this week. Thanks to the ‘away team’ sent to Arecibo to install hardware and attempt to make contact with the satellite, both transceivers are working, telemetry is being downloaded from the probe, and work has begun on refining the exact position of ISEE-3 to compute where and when the spacecraft needs to make its maneuver.
Regular Hackaday feature and software defined radio god [Balint] was on hand with the away team at Arecibo to install his company’s SDR unit on the largest dish on the planet. His happy dance of the first data from ISEE-3 made the blog rounds, but the presentation (PDF) and photo gallery tell the story of working on the largest dish on the planet much better.
There’s still a lot of work to be done by the ISEE-3 team as they figure out how best to capture the spacecraft and prepare for the burn in the following week. They should have the exact orbit of ISEE-3 nailed down early this week, and after that, ISEE-3 could on a path back home in less than two weeks.
[Rich, VE3MKC] has been wanting to get into Software Defined Radio for a while now, but didn’t want to go the usual PC route. He initially thought the Raspberry Pi would be the best platform for a small, embedded device that could manipulate audio, but after discovering the ARM-powered Teensy 3.0, had an entirely different project in mind.
[Rich] is using a SoftRock SDR to take RF from an antenna and downconvert it into the audio range. Doing DSP for SDR is fairly computationally intensive, but he found a Teensy 3.0 with the audio adapter board was more than up to the task.
So far, [Rich] is running the audio from the SoftRock to the Teensy where the audio is digitized and multiplied with a VFO, sent through a filter and then sent to the output of the headphone jack to a speaker. The volume pot on the audio adapter board is used to tune the VFO, something [Rich] be replacing with a proper encoder sometime in the future.
In the videos below, you can see [Rich] listening in on a contest with a tiny TFT display showing everybody on the air. It’s a very cool build, and even though it’s still very early in development, there’s still a whole lot of CPU cycles for the Teensy to do some very cool stuff.
[Balint] has a bit of history in dealing with software defined radios and cheap USB TV tuners turned into what would have been very expensive hardware a few years ago. Now [Balint] is finally posting a few really great GNU Radio tutorials, aimed at getting software defined radio beginners up and running with some of the coolest hardware around today.
[Balint] is well-known around these parts for being the first person to create a GNU Radio source block for the implausibly inexpensive USB TV tuners, allowing anyone with $20 and enough patience to wait for a package from China to listen in on everything from 22 to 2200 MHz. There’s a lot of interesting stuff happening in that band, including the ACARS messages between airliners and traffic control, something that allowed [Balint] to play air traffic controller with a minimal amount of hardware.
Right now the tutorials are geared towards the absolute beginner, starting at the beginning with getting GNU Radio up and running. From there the tutorials continue to receiving FM radio, and with a small hardware investment, even transmitting over multiple frequencies.
It’s not much of an understatement to say software defined radio is one of the most versatile and fun projects out there. [Balint] even demonstrated triggering restaurant pagers with a simple SDR project, a fun project that is sure to annoy his coworkers.
In order to work with the outlets, the signal had to be sniffed. This was done using RTL-SDR and a low-cost TV tuner dongle. By exporting the sniffed signal and analyzing it, the modulation could be determined. The final step was writing a Python script to replay the messages using the RFCat.
The hack is a good combination of software defined radio techniques, ending with a successful attack. Watch a video of the replay attack after the break.
[Texane] is developing a system to monitor his garage door from his apartment. Being seven floors apart, running wires between the door and apartment wasn’t an option, so he turned to a wireless solution. Testing this wireless hardware in an apartment is no problem, but testing it in situ is a little more difficult. For that, he turned to software defined radio with an RTLSDR dongle.
The hardware for this project is based around a TI Stellaris board and a PTR8000 radio module. All the code for this project was written from scratch (Github here), making it questionable if the code worked on the first try. To test his code, [Texane] picked up one of those USB TV tuner dongles based around the RTL2832U chipset. This allowed him to monitor the frequencies around 433MHz for the packets his hardware should be sending.
After that, the only thing left to do was to write a frame decoder for his radio module. Luckily, the datasheet for the module made this task easy.
[Texane] has a frame decoder for the NRF905 radio module available in his Git. It’s not quite ready for serious applications, but for testing a simple radio link it’s more than enough.
Theoretically, GSM has been broken since 2003, but the limitations of hardware at the time meant cell phone calls and texts were secure from the prying ears of digital eavesdroppers and all but the most secret government agencies. Since then, the costs of hardware have gone down, two terabytes of rainbow tables have been published, and all the techniques and knowledge required to listen in on cell phone calls have been available. The only thing missing was the hardware. Now, with a super low-cost USB TV tuner come software defined radio, [domi] has put together a tutorial for cracking GSM with thirty dollars in hardware.
Previous endeavours to listen in and decrypt GSM signals used fairly expensive software defined radios – USRP systems that cost a few thousand dollars a piece. Since the advent of RTL-SDR, the price of software defined radios has come down to about $30 on eBay, giving anyone with a Paypal account the ability to listen in on GSM calls and sniff text messages.
The process of cracking GSM first involves getting the TMSI – Temporary Mobile Subscriber Identifier – a unique ID for each phone in a certain cell. This is done by sending a silent SMS that will send back and acknowledgement an SMS has been received on the victim’s phone, but won’t give the victim any indication of receiving a message.
From there, the attacker listens to the GSM signals in the cell, receiving bursts attached to a TMSI, and cracking the encrypted stream using 1.6 TB of rainbow tables.
[domi] put up a four-part tutorial series (part 1 above; part 2, part 3, and part 4) that goes over the theory and the actual procedure of cracking text messages and voice calls with a simple USB TV tuner. There are a few limitations; the attacker must be in the same cell as the victim, and it looks like real-time voice decoding isn’t yet possible. Cracking GSM for $30, though, that’s good enough for us.
Up on Kickstarter, [Michael Ossmann] is launching the HackRF, an inordinately cheap, exceedingly capable software defined radio tool that’s small enough to lose in your laptop bag.
The HackRF was the subject of a lot of interest last time it was on Hackaday – the ability to receive up to 6GHz allows the HackRF to do a lot of very interesting things, including listening in on Bluetooth, WiFi, and 4G networks. Also, the ability to transmit on these frequencies means a lot of very interesting, and quite possibly slightly evil applications are open to anyone with a HackRF. Like the RTL-SDR dongles, the HackRF works with GNU Radio out of the box, meaning all those cool SDR hacks we’ve seen so far will work with this new, more powerful board.
Compared to the USB TV tuner cards that were so popular a year ago, the HackRF has 10 times the bandwidth, is able to receive up to 6GHz, and is also able to transmit. It’s only half-duplex, so to receive and transmit simultaneously you’ll need two HackRFs, or maybe wait for a hardware revision that will hopefully come sooner rather than later.
Below you can check out [Michael]’s presentation at Toorcon where the HackRF was unleashed to the world.