The Internet of Things is terrible when it’s your toaster. The real fun happens when you have hundreds or thousands of sensors sending data back to a base station every day. That requires low power, and that means LPWAN, the Low Power Wide Area Network.
There are a lot of options for LPWAN, but few are a perfect fit. LoRa is one of the rare exceptions, offering years of operation on a single AA cell, and range measured in miles. Layers two and three of LoRa are available as public documentation, but until now layer one has been patented and proprietary. At the GNU Radio Conference, [Matt Knight] gave a talk on reverse engineering the LoRa PHY with a software defined radio. Now, LoRa is open to everyone, and anyone can decode the chirps transmitted from these tiny, low power devices.
The work presented at the GNU Radio Conference builds upon an earlier talk given a this year’s DEF CON wireless village. This time, though, there’s a complete, open source solution for a LoRa PHY. The experimental setup consisted of a Microchip RN2903 module, and an Ettus B210 SDR, Python, GNURadio, and Baudline. The end result is a GNU Radio module implementing the LoRa PHY.
Until now, the MAC and network layer of LoRa were completely open. The PHY, however, was closed. Chip makers like to sell chips, it seems. Now, equipped only with an SDR, it’s possible to read LoRa chips, listen in on what they’re doing, and uncover one of the most interesting bits about the Internet of Things.