Mid-Priced Hardware Gets Serious About Software Defined Radio

September 25, 2015 by Al Williams 50 Comments

Regular Hackaday readers are used to seeing the hacks that use a cheap USB TV dongle as a software defined radio (SDR). There’s plenty of software that will work with them including the excellent GNU Radio software. However, the hardware is pretty bare-bones. Without modifications, the USB dongle won’t get lower frequencies.

There’s been plenty of other SDR radios available but they’ve had a much heftier price tag. But we recently noticed the SDRPlay RSP, and they now have US distribution. The manufacturer says it will receive signals with 12-bits of resolution over the range of 100 kHz to 2 GHz with an 8MHz bandwidth. The USB cable supplies power and a connection to the PC. The best part? An open API that supports Windows, Linux, Mac, Android, and will even work on a Raspberry Pi (and has GNU Radio support, too).

Continue reading “Mid-Priced Hardware Gets Serious About Software Defined Radio” →

Deep Sweep: A Home Made SigInt Platform

September 25, 2015 by Richard Baguley 56 Comments

Signals Intelligence (SigInt) isn’t something that you normally associate with home hackers, but the Deep Sweep project is looking to change that: it is a balloon platform that captures radio signals in the stratosphere, particularly conversations between drones and satellites. Created by three students at the Frank Ratchye Studio for Creative Inquiry at Carnegie-Mellon, Deep Sweep is a platform that is attached to a balloon and which captures signals over a wide range of frequencies, logging them for later analysis. The current version captures data on three frequency bands: LF/HF (10KHz-30KHz), UHF (650 – 1650MHz) and SHF (10-20GHz). The latter are often the bands used for satellite links between drones and satellites. They are difficult to intercept from the ground, as the signals are directed upwards towards the satellite. By creating a platform that can fly several kilometers above the earth, they are hoping to be able to capture some of this elusive traffic.

So far, the team has made two flights in Europe, both of which encountered technical issues. The first had a battery fault and only captured 10 minutes of data, and the second flew further than expected and ended up in Belarus, a country that isn’t likely to welcome this kind of thing. Fortunately, they were able to recover the balloon and are working on future launches in Europe and the USA. It will be interesting to see how the Department of Homeland Security feels about this.

A Better Spectrum Analyzer For Your Rigol Scope

September 22, 2015 by Eric Evenchick 11 Comments

The Rigol DS1000 series of oscilloscopes are popular with hobbyists for good reason: they provide decent specs at a low price. However, their spectrum analysis abilities are lacking. While these scopes do have a Fast Fourier Transform (FFT) function, it’s limited and nearly useless for RF.

[Rich] wanted a spectrum analyzer for amateur radio purposes, but didn’t want to build his own sampling hardware for it. Instead, he wrote PyDSA, a software spectrum analyzer for Rigol DS1000 oscilloscopes. This tool uses the USB connection on the scope to fetch samples, and does the number crunching on a far more powerful PC. It’s able to plot a 16,000 point FFT at two sweeps per second when run on a decent computer.

PyDSA is a Python script that makes use of the Virtual Instrument Software Architecture (VISA) interface to control the scope and fetch the sample data. Fortunately there’s some Python libraries that take care of the protocol.

[Rich] is now able to use his scope to measure amateur radio signals, which makes a nice companion to his existing Teensy based SDR project. If you have a Rigol, you can grab the source on Github and try it out.

Reverse Engineering Traffic Lights With Software Defined Radio

September 20, 2015 by Adam Fabio 32 Comments

Construction crews tearing up the street to lay new internet fiber optic cable created a unique opportunity for [Bastian Bloessl]. The workers brought two mobile traffic lights to help keep the road safe while they worked. [Bastian] had heard that these lights use the 2 meter band radios, so he grabbed his RTL-SDR USB stick and started hacking. Mobile traffic lights are becoming more common in Europe. They can be controlled by a clock, traffic volume via an on-board camera, wire or radio. They also transmit status data, which is what [Bastian] was hoping to receive.

A quick scan with GQRX revealed a strong signal on 170.760 MHz. Using baudline and audacity, [Bastian] was able to determine that Audio Frequency Shift Keying was used to modulate the data. He created a simple receiver chain in GNU radio, and was greeted with a solid data stream from the lights. By watching the lights and looking at the data frames, [Bastian] was able to determine which bits contained the current light status. A quickly knocked up web interface allowed him to display the traffic light status in real-time.

It’s a bit scary that the data was sent in plaintext, however this is just status data. We hope that any command data is sent encrypted through a more secure channel.

Continue reading “Reverse Engineering Traffic Lights With Software Defined Radio” →

Hacking 2.4GHz Radio Control

September 20, 2015 by Al Williams 6 Comments

Many modern radio control (RC) systems use frequency hopping to prevent interference. Unfortunately, hopping all over the 2.4GHz band can interfere with video or WiFi using the same frequency band. [Befinitiv] was trying to solve this problem when he realized that most of the systems used a TI CC2500 chip and a microcontroller. The microcontroller commands the chip via SPI and controls the frequency by writing into a frequency register.

Updating the microcontroller firmware was impractical. The firmware is encrypted, for one thing. In addition, the change would have to be reinserted on any future updates and repeated for every RC vendor. So [Befinitiv] took a different approach. He did a classic man in the middle attack by inserting an CPLD in between the controller and the CC2500.

Continue reading “Hacking 2.4GHz Radio Control” →

Reverse Engineering An Obsolete Security System

September 15, 2015 by Brian Benchoff 32 Comments

[Veghead] recently went to a surplus warehouse filled with VHS editing studios, IBM keyboards, electronic paraphernalia from 40 years ago, and a lot of useless crap. His haul included a wooden keypad from an old alarm system that exuded 1980s futurism, and he figured it would be cool to hook this up to an alarm system from 2015. How did he do that? With software defined radio.

After pulling apart the alarm panel, [Veghead] found only a single-sided board with a 9V battery connector. There were no screw terminals for an alarm loop, meaning this entire system was wireless – an impressive achievement for the mid-80s hardware. A quick search of the FCC website showed this alarm panel was registered to two bands, 319MHz and 340MHz, well within the range of an RTL-SDR USB TV tuner dongle.

After capturing some of the raw data and playing it back in Audacity, [Veghead] found a simple OOK protocol that sends two identical binary patterns for each key. A simple program takes the raw bit patterns for each key press and codes them into a map for each of the twelve buttons.

Although the radio still works, [Veghead] found the waveforms captured by his RTL-SDR were an abomination to RF. All the components in this security system are more than 30 years old at this point, and surely some of the components must be out of spec by now. Still, [Veghead] was able to get the thing working again, a testament to the usefulness of a $20 USB TV tuner.

Thanks [Jose] for sending this one in

Arduino Masters Ham Radio Digital Mode

September 13, 2015 by Al Williams 26 Comments

[jmilldrum] really gets a lot of use out of his Si5351A breakout board. He’s a ham [NT7S], and the Si5351A can generate multiple square waves ranging from 8 kHz to 160 MHz, so it only stands to reason that it is going to be a useful tool for any RF hacker. His most recent exploit is to use the I2C-controllable chip to implement a Fast Simple QSO (FSQ) beacon with an Arduino.

FSQ is a relatively new digital mode that uses a form of low rate FSK to send text and images in a way that is robust under difficult RF propagation. There are 32 different tones used for symbols so common characters only require a single tone. No character takes more than two tones.

Continue reading “Arduino Masters Ham Radio Digital Mode” →