Radio Hacks

1405 Articles

Attack Some Wireless Devices With A Raspberry Pi And An RTL-SDR

September 10, 2017 by 5 Comments

If you own one of the ubiquitous RTL-SDR software defined radio receivers derived from a USB digital TV receiver, one of the first things you may have done with it was to snoop on wide frequency bands using the waterfall view present in most SDR software. Since the VHF and UHF bands the RTL covers are sometimes a little devoid of signals, chances are you homed in upon one of the ISM bands as used by plenty of inexpensive wireless devices for all sorts of mundane control tasks. Unless you reside in the depths of the wilderness, ISM band sniffing will show a continuous procession of chirps; short bursts of digital data. It is surprising, the number of radio-controlled devices you weren’t aware were in your surroundings.

Some of these devices, such as car security keys, are protected by rolling encryption schemes to deter would-be attackers. But many of the more harmless devices simply send a command in the open without the barest of encryption. The folks at RTL-SDR.com put up a guide to recording these open data bursts on a Raspberry Pi and playing them back by transmitting them from the Pi itself.

It’s not the most refined of attack because all it does is take the recorded file and retransmit it with the [F5OEO] RPiTX software. But they do demonstrate it in action with a wireless lightbulb, a door bell, a wireless relay, and a remote-controlled switched socket. Since the data in question is transmitted as OOK, or on-off keying, the RPiTX AM mode stands in for the transmitter.

You can see it in action in the video below the break. Now, have you investigated the ISM band chirps in your locality?

Continue reading “Attack Some Wireless Devices With A Raspberry Pi And An RTL-SDR”

A Ham Radio Go-Box Packed With Functionality

September 9, 2017 by 16 Comments

“When all else fails, there’s ham radio.” With Hurricane Harvey just wrapping up, and Irma queued up to clobber Florida this weekend, hams are gearing up to pitch in with disaster communications for areas that won’t have any communications infrastructure left. And the perfect thing for the ham on the go is this ham shack in a box.

Go-boxes, as they are known, have been a staple of amateur radio field operations for as long as there have been hams. The go-box that [Fuzz (KC3JGB)] came up with is absolutely packed with goodies that would make it a perfect EmComm platform. The video tour below is all we have to go on, but we can see a tri-band transceiver, an RTL-SDR dongle and a Raspberry Pi with a TFT screen for tracking satellites. The Pi and SDR might also be part of a NOAA satellite receiver like the one [Fuzz] describes in a separate video; such a setup would be very valuable in natural disaster responses. Everything is powered by a 12-volt battery which can be charged from a small solar panel.

[Fuzz] is ready for action, and while we genuinely hope he and other hams won’t be needed in Florida, it doesn’t seem likely at this point. You can read more about the public service face of ham radio, or about an even more capable go-box.

Continue reading “A Ham Radio Go-Box Packed With Functionality”

19 RTL-SDR Dongles Reviewed

September 5, 2017 by 44 Comments

Blogger [radioforeveryone] set out to look at 19 different RTL-SDR dongles for use in receiving ADS-B (that’s the system where airplanes determine their position and broadcast it). Not all of the 19 worked, but you can read the detailed review of the 14 that did.

Granted, you might not want to pick up ADS-B, but the relative performance of these inexpensive devices is still interesting. The tests used Raspberry PI 3s and a consistent antenna and preamp system. Since ADS-B is frequently sent, the tests were at least 20 hours in length. The only caveat: the tests were only done two at a time, so it is not fair to directly compare total results across days.

Continue reading “19 RTL-SDR Dongles Reviewed”

Wearable Foxhunt Transmitter For Conventions

August 31, 2017 by 13 Comments

Amateur radio operator [KE4FOX] wanted to build his own 2M fox hunt transmitter for use at conventions. It would be contained in a 1020 Pelican micro case and attached to a person who would walk around transmitting a signal, leaving the hams to track down the fox. The project uses a DRA818 VHF/UHF transceiver plugged into a low-pass filter combined with a hardware DTMF decoder, all controlled by an ATmega328P and powered by a 11.2 mAh battery.

[KE4FOX] also etched his own PCB, using the PCB toner transfer method, folding a sheet of transfer paper around the board to align both layers. Then he etched the board using cupric chloride. When assembling the board he realized he had made a terrible error, assuming the transceiver module’s pins went in the top layer when in fact they should have gone in the bottom layer. He solved this by soldering in the module in upside down.

He dropped the project into the 1020 and installed an SMA antenna. After he assembled the project he found out that the level shifter he used on the Arduino’s 5 V data didn’t work as expected and it was stuck at a single frequency. Something to work on for V2!

We publish a large number of amateur radio posts here on Hackaday, including fox hunting with Raspberry Pi and how to make a TDOA directional antenna.

[thanks, that Kat!]

AI Watches You Sleep; Knows When You Dream

August 29, 2017 by 5 Comments

If you’ve never been a patient at a sleep laboratory, monitoring a person as they sleep is an involved process of wires, sensors, and discomfort. Seeking a better method, MIT researchers — led by [Dina Katabi] and in collaboration with Massachusetts General Hospital — have developed a device that can non-invasively identify the stages of sleep in a patient.

Approximately the size of a laptop and mounted on a wall near the patient, the device measures the minuscule changes in reflected low-power RF signals. The wireless signals are analyzed by a deep neural-network AI and predicts the various sleep stages — light, deep, and REM sleep — of the patient, negating the task of manually combing through the data. Despite the sensitivity of the device, it is able to filter out irrelevant motions and interference, focusing on the breathing and pulse of the patient.

What’s novel here isn’t so much the hardware as it is the processing methodology. The researchers use both convolutional and recurrent neural networks along with what they call an adversarial training regime:

Our training regime involves 3 players: the feature encoder (CNN-RNN), the sleep stage predictor, and the source discriminator. The encoder plays a cooperative game with the predictor to predict sleep stages, and a minimax game against the source discriminator. Our source discriminator deviates from the standard domain-adversarial discriminator in that it takes as input also the predicted distribution of sleep stages in addition to the encoded features. This dependence facilitates accounting for inherent correlations between stages and individuals, which cannot be removed without degrading the performance of the predictive task.

Anyone out there want to give this one a try at home? We’d love to see a HackRF and GNU Radio used to record RF data. The researchers compare the RF to WiFi so repurposing a 2.4 GHz radio to send out repeating uniformed transmissions is a good place to start. Dump it into TensorFlow and report back.

Continue reading “AI Watches You Sleep; Knows When You Dream”

Sorry US; Europeans Listen To Space With GRAVES

August 27, 2017 by 18 Comments

In Europe, the GRAVES radar station beams a signal on 143.050 MHz almost straight up to detect and track satellites and space junk. That means you will generally not hear any signal from the station. However, [DK8OK] shows how you can–if you are in Europe–listen for reflections from the powerful radar. The reflections can come from airplanes, meteors, or spacecraft. You can see a video from [way1888] showing the result of the recent Perseid meteor shower.

Using a software-defined radio receiver, [DK8OK] tunes slightly off frequency and waits for reflections to appear in the waterfall. In addition to observing the signal, it is possible to process the audio to create more details.

Why is there a giant vertical radar transmitter in the middle of France? The transmitter uses a phased array to send a signal over a 45-degree swath of the sky at a time. It makes six total steps every 19.2 seconds. A receiver several hundred miles away listens for reflections.

Even the moon reflects the signal when it is in the radar’s path. If you are interested in a moon bounce, you may be able to build a station to hear the reflections without being in Europe.

Of course, if you can transmit yourself, you might want to bounce your own signal off airplanes. If you want to do it old school, you could emulate [Zoltán Bay].

Continue reading “Sorry US; Europeans Listen To Space With GRAVES”

Sniff Your Local LoRa Packets

August 22, 2017 by 15 Comments

As the LoRa low-bandwidth networking technology in license-free spectrum has gained traction on the wave of IoT frenzy, LoRa networks have started to appear in all sorts of unexpected places. Sometimes they are open networks such as The Things Network, other times they are commercially available networks, and then, of course, there are entirely private LoRa installations.

If you are interested in using LoRa on a particular site, it’s an interesting exercise to find out what LoRa traffic already exists, and to that end [Joe Broxson] has put together a useful little device. Hardware wise it’s an Adafruit Cortex M0 Feather with onboard LoRa module, paired with a TFT FeatherWing for display, and software wise it scans a set of available frequencies and posts any packets it finds to the scrolling display. It also has the neat feature of logging packets in detail to an SD card for later analysis. The whole is enclosed in a 3D printed case from an Adafruit design and makes for a very attractive self-contained unit.

We’ve featured quite a few LoRa projects here, including this one with a Raspberry Pi Compute module in a remote display. Of more relevance in a LoRa testing sense though is this look at LoRa range testing.