Radio Hacks

1334 Articles

Hacking Radio Controlled Outlets

March 10, 2014 by 5 Comments

It’s no surprise that there’s a lot of devices out of there that use simple RF communication with minimal security. To explore this, [Gordon] took a look at attacking radio controlled outlets.

He started off with a CC1111 evaluation kit, which supports the RFCat RF attack tool set. RFCat lets you interact with the CC1111 using a Python interface. After flashing the CC1111 with the RFCat firmware, the device was ready to use. Next up, [Gordon] goes into detail about replaying amplitude shift keying messages using the RFCat. He used an Arduino and the rc-switch library to generate signals that are compatible with the outlets.

In order to work with the outlets, the signal had to be sniffed. This was done using RTL-SDR and a low-cost TV tuner dongle. By exporting the sniffed signal and analyzing it, the modulation could be determined. The final step was writing a Python script to replay the messages using the RFCat.

The hack is a good combination of software defined radio techniques, ending with a successful attack. Watch a video of the replay attack after the break.

Continue reading “Hacking Radio Controlled Outlets”

TDOA (Time Difference Of Arrival) Directional Antenna

March 4, 2014 by 34 Comments

tdoa-antenna-tutorial

We have posted articles in the past on directional antennas such as Yagi antennas used for transmitter hunting otherwise known as fox hunting. Those types of antennas and reception suffer from one major drawback, which is as you get close to the transmitter the S meter will go full scale. At which time the transmitted signal appears to be coming from all directions. To correct for this problem you need to use clever signal attenuators or change to a poor receiving antenna as well as tuning off frequency effectively making your receiver hard of hearing so that only the direct path to the transmitter is loudest.

There is another popular type of antenna that you can build yourself called a TDOA which stands for Time Difference of Arrival. [Byon Garrabrant N6BG]  shared a short video tutorial on the functionality of his home built TDOA antenna. Effectively this is an active antenna that uses a 555 chip or, in [Byon’s] case, a PIC chip to quickly shift between two receiving dipole antennas at either end of a shortened yardstick. In his explanation you learn that as the antenna ends move closer or farther from the source a 640 Hz generated audio tone will go from loud to very soft as the antennas become equal distance from the source. This type of directional reception is not affected by signal strength. This means you can be very close to a powerful transmitter and it will still function as a good directional antenna.

The current circuit diagram, BOM and source code are all available on [Byon’s] TDOA page.

The reason [Byon] used a programmable PIC instead of the 555 for his design is because he wants to add a few more modifications such as feeding back the audio output to the PIC in order to programmatically turn on a left or right LED indicating the direction of the transmitter. Furthermore, he plans on adding a third antenna in a triangular configuration to programmatically control a circle of 6 LEDs indicating the exact direction of the signal. When he finishes the final modifications he can drive around with the antenna array on his vehicle and the circle of LEDs inside indicating the exact direction to navigate.

We look forward to seeing the rest of the development which might even become a kit someday. You can watch [Byon’s] TDOA video after the break.

Continue reading “TDOA (Time Difference Of Arrival) Directional Antenna”

Remote Control Anything With A PS3 Controller

March 3, 2014 by 14 Comments

back

When looking for a remote control for your next project, you might want to look in your living room. Wii controllers are a hacker’s favorite, but wagging an electronic wand around isn’t the greatest for remote control planes, cars, tanks, and multicopters. What you need for this is dual analog controls, something every playstation since the 90s has included.

[Marcel] created a replacement electronics board for the Sony DualShock 3 controller for just this purpose. With this board, an XBee, and an old controller, it’s easy to add dual analog control and a whole lot of buttons to any project using an XBee receiver.

The replacement board is based on the ATMega328p uC, includes a Lipo charge circuit and power supply, and inputs for the analog sticks and all the button boards inside the DualShock controller.

Yes, we have seen an earlier version of [Marcel]’s project before, but this time he’s added a few new features – the rumble now works and thanks to multiple people unable or unwilling to spin a few boards, [Marcel] has put up an Indiegogo campaign.

Video below.
Continue reading “Remote Control Anything With A PS3 Controller”

Using SDR To Read Your Smart Meter

February 25, 2014 by 76 Comments

[BeMasher] was dissatisfied with the cost of other solutions to read his smart meter, so he made a project to read it himself using an rtl-sdr dongle.

Using his hacking and reverse engineering skills along with a $20 RTL-SDR dongle, [BeMasher] wrote rtlamr to automatically detect and report the consumption information reported by smart meters within range. Though designed for his Itron C1SR, [BeMasher] claims that any electronic receiver transmitter (ERT) capable smart meter should work.

[BeMasher]’s Itron C1SR smart meter broadcasts both interval data and standard consumption in the 915MHz ISM band using a Manchester encoded, frequency hopping spread spectrum protocol. [BeMasher] used the RTL-SDR dongle to do the signal capture and analysed the resulting signal in software afterwards. [BeMasher] did a great job of going through the theory and implementation of analysing the resulting data capture, so be sure to check it for an in-depth analysis.

If the RTL-SDR dongles are too limited for you taste, you might want to check out some hacker friendly SDRs with a little more punch.

Guest Post: Try Radar For Your Next Project

February 24, 2014 by 77 Comments

Sensors. The low-end stuff that we can get our hands on usually suffers from poor range, lack of sensitivity, and no way to characterize what the target is. But today we can use the good stuff that, until recently, was only available to military: radar. In this post we will discuss how radar works, commercially available small radar devices, and where to learn more to help make it easy to add radar to your next project. Reach out and sense something!
Continue reading “Guest Post: Try Radar For Your Next Project”

Audio Networking With GNU Radio

February 19, 2014 by 31 Comments

fsk

Thought GNU Radio was just for radio? Think again. [Chris] has been hard at work turning the signal generation and analysis of the best tool for software defined radio into a networking device for speakers and a microphone.

The setup uses GNU Radio to generate a carrier signal whose frequency is modulated with a data stream. With this modulated signal piped over a laptop’s speakers, [Chris] is able to send UDP packets across his desk using nothing but sound.

[Chris] had recently used a similar technique to transmit data via audio with GNU Radio, but this latest build is a vast improvement; this is now a duplex networking, meaning two computers can transmit and receive at the same time.

In the end, [Chris] created a strange, obsolete device called a “modem”. It’s not exactly fast; sending ‘Hello World’ takes quite a bit of time, as you can see in the video below.

Continue reading “Audio Networking With GNU Radio”

Call For Hams And Hackers: Welcome ICE/ISEE-3 Home

February 14, 2014 by 76 Comments

ISEE-3, one of America’s most dedicated space exploration vessels is on its way home. Unfortunately, when it gets here, no one will be talking to it. NASA decommissioned the equipment needed to communicate with the satellite nearly 15 years ago. [Emily Lakdawalla] at the planetary society has been following the long traveled probe for years. Her recent article on the topic includes the news that NASA essentially gave up the battle before it even started.

Originally named International Sun/Earth Explorer 3 (ISEE-3), the spacecraft was launched atop a Delta rocket on August 12, 1978. Its mission was to study interaction between the Earth’s magnetic field and solar wind. As part of this mission ISEE-3 became the first spacecraft to enter halo orbit. It did this by positioning itself at Lagrangian point L1, directly between the sun and the Earth. In 1982, scientists on earth were preparing for the 1986 flyby of Halley’s Comet. ISEE-3 was repurposed as a comet hunter, and renamed International Cometary Explorer (ICE). The craft flew back to Earth and entered lunar orbit, coming within 120km of the moon’s surface. It used this momentum to achieve a heliocentric orbit, on track for two comet encounters. ICE/ISEE-3 encountered Comet Giacobini-Zinner on September 11, 1985, collecting data and becoming the first spacecraft to fly through a comet’s plasma tail. While not considered part of the Halley Armada, ICE/ISEE-3 took measurements as it passed within 28 million km of Comet Halley’s nucleus. Since then, ICE/ISEE-3 has continued on its 355 day heliocentric orbit. It studied coronal mass ejections in the early 90’s, before being shut down in May of 1997. Follow us past the break to learn ICE/ISEE-3’s fate.

Continue reading “Call For Hams And Hackers: Welcome ICE/ISEE-3 Home”