There’s no doubt that the RTL-SDR project has made radio hacking more accessible than ever, but there’s only so far you can go with a repurposed TV tuner. Obviously the biggest shortcoming is the fact that you can only listen to signals, and not transmit them. If you’re ready to reach out and touch someone, but don’t necessarily want to spend the money on something like the HackRF, the Evil Crow RF might be your ideal next step.
This Creative Commons licensed board combines two CC1101 radio transceivers and an ESP32 in one handy package. The radios give you access to frequencies between 300 and 928 MHz (with some gaps), and the fact that there are two of them means you can listen on one frequency while transmitting on another; opening up interesting possibilities for relaying signals. With the standard firmware you connect to a web interface running on the ESP32 to configure basic reception and transmission options, but there’s also a more advanced RFQuack firmware that allows you to control the hardware via Python running on the host computer.
One particularly nice feature is the series of buttons located down the side of the Evil Crow RF. Since the device is compatible with the Arduino IDE, you can easily modify the firmware to assign various functions or actions to the buttons.
In a demonstration by lead developer [Joel Serna], the physical buttons are used to trigger a replay attack while the device is plugged into a standard USB power bank. There’s a lot of potential there for covert operation, which makes sense, as the device was designed with pentesters in mind.
As an open source project you’re free to spin up your own build of the Evil Crow RF, but those looking for a more turn-key experience can order an assembled board from AliExpress for $27 USD. This approach to hardware manufacturing seems to be getting popular among the open source crowd, with the Open-SmartWatch offering a similar option.
[Thanks to DJ Biohazard for the tip.]
nice project but this is no really SDR since the CC1101 radio transceivers are not for SDR they implement the phy layer and they output decoded bits or viceversa not IQ samples.
My bad, maybe they have a raw mode for trully sdr:
https://github.com/joelsernamoreno/EvilCrow-RF/tree/main/OtherSketches
but not clue the specifications for this.
Hi!
Yes, you can use the RAW RX and RAX TX examples to receive and transmit raw data. I added these examples to the repository because some signals are not decoded correctly with the libraries.
If you have any doubt about how to use this, you can write me via twitter (@JoelSernaMoreno) or open an issue in the repository.
Thanks!
No you are right they are a HDR (Hardware Defined Radio), but with their supported modulation they can totally run circles around a SDR. As long as your needs match what they provide, and lots of applications do, they are fantastic.
Modulation: ASK modulation, OOK modulation, 2-FSK modulation, GFSK modulation, 4-FSK modulation, MSK modulation
Data Rate[kBaud]: 0.6 up to 500
Bandwidth: 812kHz, 650kHz, 541kHz, 464kHz, 406kHz, 325kHz, 270kHz, 232kHz, 203kHz, 162kHz, 135kHz, 116kHz, 102kHz, 81kHz, 68kHz, 58kHz
There are many such radios, even ST has S2LP (but a little lower frequency range and when I’ve tried to use it, it sucked very badly on api front, lot’s of configuration problems and general software instability).
Hi!
You can use the RAW RX and RAX TX examples to receive and transmit raw data. I added these examples to the repository because some signals are not decoded correctly with the libraries
If you have any doubt about how to use this, you can write me via twitter (@JoelSernaMoreno) or open an issue in the repository.
Thanks!
Is that RAW IQ samples or just RAW demodulated bitstream without using the embedded packet engine?
It is a simple raw recording which is recorded by the microcontroller. Almost like with the cheap 433 mhz modules. the cc1101 can do both. internally and also loop through the signal and process it externally
Nice to see some hobby projects directly available on Ali !
And its sold out
To paraphrase the Doritos slogan;
“Buy all you want! We’ll make more!”
Yep. Evil Crow RF is out of stock now. Check back in a few days :)
Evil Crow RF stock now!
Made a quite similar “mono” ESP32 CC1101 interface board for a project( E-Paper Shelf labels )
https://www.pcbway.com/project/shareproject/esp32_Pricetag_Access_Point_PCB.html
Is there any jurisdiction where this device is legal?
Doesn’t look like it.
I always assumed that it was legal, with an external filter to prevent transmissions outside of the band, on ISM bands. So long as the frequency, EIRP (Effective Isotropic Radiated Power) and duty cycle were within the legal limits defined for that ISM band that country.
Unless you have a amateur radio license and then you are typically restricted to transmit on the amateur bands that you are licensed for in that country.
Counterexample: cell phones
Are you just being pedantic or is there a point hidden in there ?
Are you saying that people who have been allocated an amateur radio license can legally use a cell phone (with approved hardware using the telco’s license). Or is there some other thing that I’m missing ?
Citizens Band radios, aircraft radios, etc. infinity. Cool thy jets.
So type accepted equipment?
Which that design without any clear type acceptance is not?
Tbh selling it on ali is the best way to do it. No regulatory hurdles to overcome when you don’t even try to comply :P
Here in the US, licensed amateur radio operators can operate on any radio they want so long as the RF output falls within legal specs for things like signal purity and harmonic suppression. The frequency range is a bit limited, but this could be legally used to transmit on both the 70 cm band (420 – 450 MHz in the US) and 33 cm band (902 – 928 MHz in the US).
I have an amateur radio license (in Canada), this device is only usable by a subcategory, and many not even qualify then, it would have to be self-certified by the license holder.
Broadcasting in the ISM bands without an amateur radio license requires the device itself be certified in both Canada and the United States.
I recently acquired boards for use in the ISM bands, and went through the hoops necessary to see that they were legal, that their usage will stay legal and that I don’t require an upgrade on my amateur radio license to use them.
So yes, it bothers me when uncertified devices are presented without at least a minimum level of reminder of qualifications required to import and use them.
(In Canada it requires Advanced certification for the described use and purpose).
A ham license is only about ham use. It doesn’t mean you can do anything radio related.
The original question was good. This thing can transmit over a wide spectrum range, but there are lots of limitations on what it might actually be used for.
I don’t think the FCC cares anymore. Too worried about naughty words being heard by children.
Huh? Those are all ISM bands, some are able to be used in some countries and some aren’t for various reasons.
What is the legality you are questioning?
“The radios give you access to frequencies between 300 and 928 MHz”.
That covers TV frequencies (or maybe former now), the 420MHz and 902MHz ham bands, the public service band around 450MHz, FRS and GMRS. ISM is just a small portion. And maybe some military allocations.
And even if a frequency can be used, it doesn’t mean just any equipment is allowed
Radio devices such as cell phones sold in the USA are licensed by the manufacturer, Apple, Samsung, etc. Applied for a license on their product to operate within a spec. Devices such as this ‘open’ and can be configured to operate in a number of ways. When in doubt look for stickers on the device. If no FC FCC ID sticker, then you need to licensed. Challenge the law if wish, but you been warned.
Remember to check-out your country’s use of long-forgotten cell phone bands, take a look at the link below for some 800-900 MHz restrictions in the USA.
https://computer.rip/2020-11-28%20the%20verboten%20band.html
From the HAD article, here:
https://hackaday.com/2020/12/19/why-your-scanner-has-a-hole-in-it/
I wonder if the name EvilCrow-RF has anything to do with the Association of Old Crows [1][2]:
“The Association of Old Crows is an international nonprofit professional organization specializing in electronic warfare, tactical information operations, and associated disciplines headquartered in Alexandria, Virginia. Its mission is to “advocate the need for a strong defense capability emphasizing electronic warfare and information operations to government, industry, academia, and the public.”
* References:
1. https://en.wikipedia.org/wiki/Association_of_Old_Crows
2. https://www.crows.org/
Hi!
No, the name Evil Crow has nothing to do with it
In the article is says “As an open source project you’re free to spin up your own build of the Evil Crow RF”. Does anyone know where to find drawings for the PCB and a parts list?
I’m brand new. Very interested. Bought the hackRF one with mayhem. I would love to see a manual and start learning about this.
Has anyone done a project with this device to bring an early mobile telephone to life?