GSM Sniffing on a Budget with Multi-RTL

If you want to eavesdrop on GSM phone conversations or data, it pays to have deep pockets, because you’re going to need to listen to a wide frequency range. Or, you can just use two cheap RTL-SDR units and some clever syncing software. [Piotr Krysik] presented his work on budget GSM hacking at Camp++ in August 2016, and the video of the presentation just came online now (embedded below). The punchline is a method of listening to both the uplink and downlink channels for a pittance.

[Piotr] knows his GSM phone tech, studying it by day and hacking on a GnuRadio GSM decoder by night. His presentation bears this out, and is a great overview of GSM hacking from 2007 to the present. The impetus for Multi-RTL comes out of this work as well. Although it was possible to hack into a cheap phone or use a single RTL-SDR to receive GSM signals, eavesdropping on both the uplink and downlink channels was still out of reach, because it required more bandwidth than the cheap RTL-SDR had. More like the bandwidth of two cheap RTL-SDR modules.

Getting two RTL-SDR modules to operate in phase is as easy as desoldering a crystal from one and slaving it to the other. Aligning the two absolutely in time required a very sweet hack. It turns out that the absolute timing is retained after a frequency switch, so both RTL-SDRs switch to the same channel, lock together on a single signal, and then switch back off, one to the uplink frequency and the other to the downlink. Multi-RTL is a GnuRadio source that takes care of this for you. Bam! Hundreds or thousands of dollar’s worth of gear replaced by commodity hardware you can buy anywhere for less than a fancy dinner. That’s a great hack, and a great presentation.
Continue reading “GSM Sniffing on a Budget with Multi-RTL”

Hacking Together a Serial Backpack

A serial backpack is really nothing more than a screen and some microcontroller glue to drive it. And a hammer is nothing more than a hardened weight on the end of a stick. But when you’re presented with a nail, or a device that outputs serial diagnostic data, there’s nothing like having the right tool on hand.

1383501485329153153[ogdento] built his own serial backpack using parts on hand and a port of some great old code. Cutting up a Nokia 1100 graphic display and pulling a PIC out of the parts drawer got him the hardware that he needed, and he found a good start for his code in [Peter Andersen]’s plain-old character LCD library, combined with a Nokia 1100 graphic LCD library by [spiralbrain]. [ogdento] added control for the backlight, mashed the two softwares together, and voilà!

A simple screen with a serial port is a great device to have on hand, and it makes a great project. We’ve seen them around here before, of course. And while you could just order one online, why not make your own? Who knows what kind of crazy customizations you might dream up along the way.

Sticking With The Script For Cheap Plane Tickets

When [Zeke Gabrielse] needed to book a flight, the Internet hive-mind recommended that he look into traveling with Southwest airlines due to a drop in fares late Thursday nights. Not one to stay up all night refreshing the web page indefinitely, he opted to write a script to take care of the tedium for him.

Settling on Node.js as his web scraper of choice, numerous avenues of getting the flight pricing failed before he finally had to cobble together a script that would fill out and submit the search form for him. With the numbers coming in, [Grabrielse] set up a Twilio account to text him  once fares dropped below a certain price point — because, again, why not automate?

Continue reading “Sticking With The Script For Cheap Plane Tickets”

SDR and Node.js Remote-Controlled Monster Drift

Most old-school remote controlled cars broadcast their controls on 27 MHz. Some software-defined radio (SDR) units will go that low. The rest, as we hardware folks like to say, is a simple matter of coding.

So kudos to [watson] for actually doing the coding. His monster drift project starts with the basics — sine and cosine waves of the right frequency — and combines them in just the right durations to spit out to an SDR, in this case a HackRF. Watch the smile on his face as he hits the enter key and the car pulls off an epic office-table 180 (video embedded below).

Continue reading “SDR and Node.js Remote-Controlled Monster Drift”

Reprogramming Bluetooth Headphones for Great Justice

Like a lot of mass-produced consumer goods, it turns out that the internal workings of Bluetooth headphones are the same across a lot of different brands. One common Bluetooth module is the CSR8645, which [lorf] realized was fairly common and (more importantly) fairly easy to modify. [lorf] was able to put together a toolkit to reprogram this Bluetooth module in almost all of these headphones.

This tip comes to us from [Tigox] who has already made good use of [lorf]’s software. Using the toolkit, he was able to reprogram his own Bluetooth headphones over a USB link to his computer. After downloading and running [lorf]’s program, he was able to modify the name of the device and, more importantly, was able to adjust the behavior of the microphone’s gain which allowed him to have a much more pleasant user experience.

Additionally, the new toolkit makes it possible to flash custom ROMs to CSR Bluetooth modules. This opens up all kinds of possibilities, including the potential to use a set of inexpensive headphones for purposes other than listening to music. The button presses and microphones can be re-purposed for virtually any task imaginable. Of course, you may be able to find cheaper Bluetooth devices to repurpose, but if you just need to adjust your headphones’ settings then this hack will be more useful.

[Featured and Thumbnail Image Source by JLab Audio LLC –, CC BY-SA 4.0]

Fixing My 4×4: The Battle of the Bent Valves

If you know me at all, you know I’m a car guy. I’m pretty green as far as hardcore wrenching skills go, but I like to tackle problems with my vehicles myself – I like to learn by doing. What follows is the story of how I learned a few hard lessons when my faithful ride died slowly and painfully in my arms over the final months of 2016.

For context, my beast of a machine was a 1992 Daihatsu Feroza. It’s a 4WD with a 1.6 litre fuel injected four-cylinder engine. It had served me faithfully for over a year and was reading around 295,000 kilometers on the odometer. But I was moving house and needed to pull a trailer with all my possessions on an 800 km journey. I didn’t want to put the stress on the car but I didn’t have a whole lot of choice if I wanted to keep my bed and my prized Ricoh photocopier. I did my best to prepare the car, topping up the oil which had gotten perilously low and fitting new tyres. I’d had a hell of a time over the winter aquaplaning all over the place and wasn’t in the mood for a big ugly crash on the highway. Continue reading “Fixing My 4×4: The Battle of the Bent Valves”

Retrotechtacular: The Best Pendulum Clock

Would you believe a pendulum clock that can keep time accurately to within one second per year? If you answered “yes”, you’ve either never tried to regulate a pendulum clock yourself, or you already know about the Shortt Clock. Getting an electromechanical device to behave so well, ticking accurately to within 0.03 parts per million, is no mean feat, and the Shortt clock was the first timekeeping device that actually behaves more regularly than the Earth itself. Continue reading “Retrotechtacular: The Best Pendulum Clock”