Radio Hacks

1317 Articles

Reverse Engineering Traffic Lights With Software Defined Radio

September 20, 2015 by 32 Comments

Construction crews tearing up the street to lay new internet fiber optic cable created a unique opportunity for [Bastian Bloessl]. The workers brought two mobile traffic lights to help keep the road safe while they worked. [Bastian] had heard that these lights use the 2 meter band radios, so he grabbed his RTL-SDR USB stick and started hacking. Mobile traffic lights are becoming more common in Europe. They can be controlled by a clock, traffic volume via an on-board camera, wire or radio. They also transmit status data, which is what [Bastian] was hoping to receive.

A quick scan with GQRX revealed a strong signal on 170.760 MHz. Using baudline and audacity, [Bastian] was able to determine that Audio Frequency Shift Keying was used to modulate the data. He created a simple receiver chain in GNU radio, and was greeted with a solid data stream from the lights. By watching the lights and looking at the data frames, [Bastian] was able to determine which bits contained the current light status. A quickly knocked up web interface allowed him to display the traffic light status in real-time.

It’s a bit scary that the data was sent in plaintext, however this is just status data. We hope that any command data is sent encrypted through a more secure channel.

Continue reading “Reverse Engineering Traffic Lights With Software Defined Radio”

Hacking 2.4GHz Radio Control

September 20, 2015 by 6 Comments

Many modern radio control (RC) systems use frequency hopping to prevent interference. Unfortunately, hopping all over the 2.4GHz band can interfere with video or WiFi using the same frequency band. [Befinitiv] was trying to solve this problem when he realized that most of the systems used a TI CC2500 chip and a microcontroller. The microcontroller commands the chip via SPI and controls the frequency by writing into a frequency register.

Updating the microcontroller firmware was impractical. The firmware is encrypted, for one thing. In addition, the change would have to be reinserted on any future updates and repeated for every RC vendor. So [Befinitiv] took a different approach. He did a classic man in the middle attack by inserting an CPLD in between the controller and the CC2500.

Continue reading “Hacking 2.4GHz Radio Control”

Reverse Engineering An Obsolete Security System

September 15, 2015 by 32 Comments

[Veghead] recently went to a surplus warehouse filled with VHS editing studios, IBM keyboards, electronic paraphernalia from 40 years ago, and a lot of useless crap. His haul included a wooden keypad from an old alarm system that exuded 1980s futurism, and he figured it would be cool to hook this up to an alarm system from 2015. How did he do that? With software defined radio.

After pulling apart the alarm panel, [Veghead] found only a single-sided board with a 9V battery connector. There were no screw terminals for an alarm loop, meaning this entire system was wireless – an impressive achievement for the mid-80s hardware. A quick search of the FCC website showed this alarm panel was registered to two bands, 319MHz and 340MHz, well within the range of an RTL-SDR USB TV tuner dongle.

After capturing some of the raw data and playing it back in Audacity, [Veghead] found a simple OOK protocol that sends two identical binary patterns for each key. A simple program takes the raw bit patterns for each key press and codes them into a map for each of the twelve buttons.

Although the radio still works, [Veghead] found the waveforms captured by his RTL-SDR were an abomination to RF. All the components in this security system are more than 30 years old at this point, and surely some of the components must be out of spec by now. Still, [Veghead] was able to get the thing working again, a testament to the usefulness of a $20 USB TV tuner.

Thanks [Jose] for sending this one in

Arduino Masters Ham Radio Digital Mode

September 13, 2015 by 26 Comments

[jmilldrum] really gets a lot of use out of his Si5351A breakout board. He’s a ham [NT7S], and the Si5351A can generate multiple square waves ranging from 8 kHz to 160 MHz, so it only stands to reason that it is going to be a useful tool for any RF hacker. His most recent exploit is to use the I2C-controllable chip to implement a Fast Simple QSO (FSQ) beacon with an Arduino.

FSQ is a relatively new digital mode that uses a form of low rate FSK to send text and images in a way that is robust under difficult RF propagation. There are 32 different tones used for symbols so common characters only require a single tone. No character takes more than two tones.

Continue reading “Arduino Masters Ham Radio Digital Mode”

Strange Signals? Sigidwiki!

September 11, 2015 by 25 Comments

If you’ve gotten into software-defined radio (SDR) in the last five years, you’re not alone. A lot of hackers out there are listening in to the previously unheard. But what do you do when you find an interesting signal and you don’t know what it is? Head on over to the Signal Identification Wiki! You’ll find recordings and waterfall plots for a ton of radio signals categorized by frequency band as well as their use.

Or, conversely, maybe you’ve just got a new radio and you want to test it out. What would be a fun challenge to receive? Signals in the catalog range from the mundane, like this smart home energy meter from California, or a Chrysler tire-pressure monitoring system to (probably) secret military or intelligence transmissions.

If you’re looking at a waterfall plot and you’re not sure what to make of it, the sigidwiki is worth a look. And it’s a wiki, so if you’ve got a cool signal and you want to add it, create an account and get to it!

Thanks to [mkie] for the tip!

See Actual Microwaves — No More Faking It

September 8, 2015 by 51 Comments

Last week we saw a lot of interest in faux visualization of wireless signals. It used a tablet as an interface device to show you what the wireless signals around you looked like and was kind of impressive if you squinted your eyes and didn’t think too much about it. But for me it was disappointing because I know it is actually possible to see what radio waves look like. In this post I will show you how to actually do it by modifying a coffee can radar which you can build at home.

The late great Prof. David Staelin from MIT once told me once that, ‘if you make a new instrument and point it at nature you will learn something new.’ Of all the things I’ve pointed Coffee Can Radars at, one of the most interesting thus far is the direct measurement and visualization of 2.4 GHz radiation which is in use in our WiFi, cordless phones (if you still have one) and many other consumer goods. There is no need to fool yourself with fake visualizations when you can do it for real.

Continue reading “See Actual Microwaves — No More Faking It”

Slimline USB Charger For Tiny Ham Radios

September 5, 2015 by 12 Comments

The recent trend to smaller and smaller handy talkie (HT) transceivers is approaching the limits of the human interface. Sure, engineers could probably continue shrinking the Baofeng and Wouxun HTs further, but pretty soon they’ll just be too small to operate. And it’s getting to the point where the accessories, particularly the battery charging trays, are getting bulkier than the radios. With that in mind, [Mads Hobye] decided to slim down his backpacking loadout by designing a slimline USB charger for his Baofeng HT.

Lacking an external charging jack but sporting a 3.7 volt battery pack with exposed charging terminals on the rear, [Mads] cleverly capitalized on the belt clip to apply spring tension to a laser-cut acrylic plate. A pair of bolts makes contact with the charging terminals on the battery pack, and the attached USB cable allows him to connect to an off-the-shelf 3.7 volt LiPo USB charger, easy to come by in multicopter circles. YMMV – the Baofeng UV-5R dual-band HT sitting on my desk has a 7.4 volt battery pack, so I’d have to make some adjustments. But you have to applaud the simplicity of the build and its packability relative to the OEM charging setup.

This isn’t the first time we’ve seen [Mads] on Hackaday. He and the FabLab RUC crew were recently featured with their open-source robotic arm.