From Vacuum Cleaner Hacking To Weather Station Reverse Engineering

February 11, 2014 by Abe Connelly 19 Comments

spectrum

[Spock] wanted to do a little reverse engineering of his Miele brand remote control vacuum cleaner, so he broke out his DVB-T SDR dongle to use as a spectrum analyser. Sure enough, he found a 433.83Mhz signal that his vacuum cleaner remote control was using, but to his surprise, he found a stray ~~QAM256~~ signal when he expected ~~an ASK~~ only one.

After a little detective work, [Spock] eventually tracked it down to a cheap weather station he had forgotten about. The protocol for the weather station was too compelling for him to go back to his vacuum cleaner, though. After ~~downloading an rc-switch Arduino library and~~ making a quick stop at his local radio shack to get a 433.92 radio receiver to decode the signal, he reverse engineered the weather station so he could digitally record the temperature output. The Arduino rc-switch library proved unable to decode the signal, but some Python work helped him get to the bottom of it.

With software defined radio becoming more accessible and common place, hacks like these are a nice reminder just how wired our houses are becoming.

Improve Your HT Ham Radio By Adding A Counterpoise Antenna Wire

February 8, 2014 by Todd Harrison 38 Comments

We found an interesting tip that might just improve the performance of those small affordable handheld ham radios called a “Handy Talky” or HT for short in ham vernacular. [RadioHamGuy] posted an interesting video on adding a counterpoise antenna wire to an HT. He claims it will noticeably improve both transmit and receive by making a quarter-wave monopole into a makeshift dipole antenna system.

Per his instructions you basically add a short wire to the antenna’s outer ground connection or to an equivalent case screw that’s electrically connected to the antenna’s ground side. Apparently this can be referred to as a Tiger Tail and does make it look like your HT has a tail. You would construct a counterpoise antenna wire 11.5 inch for VHF, 6.5 for UHF and about 19.5 inches for an OK performing dual band VHF/UHF radio.

Normally with a handheld radio the counterpoise (ground) is your own body as you are holding the HT. This is because the capacitance of your body makes a good counterpoise under normal conditions. It would be interesting to hear what others find for performance when adding a counterpoise antenna wire.

You can watch [RadioHamGuy’s] full construction tutorial video for multiple radio types after the break.

Continue reading “Improve Your HT Ham Radio By Adding A Counterpoise Antenna Wire” →

Pi-Powered Radio Over IP

February 6, 2014 by Brian Benchoff 12 Comments

[KP4TR] connected a Raspberry Pi to a small, cheap handheld radio, allowing anyone within a few miles of his house to connect to amateur radio operators all around the world.

For the hardware, [KP4TR] is using a Raspi, a Baofeng BF-888s 400MHz – 470MHz walkie-talkie radio, a USB sound card, and a pair of transformers for the 5V and 3.7V lines. All this is tucked away in a remakably vintage-looking plate and standoff enclosure, complete with acorn nuts and an RGB LED connected to the Raspi’s GPIO to indicate whether the radio is transmitting or receiving.

The software used is SVXLink, a Linux port of the Echolink software. This app allows hams the world over to connect to very distant radios over the Internet.

You can check out the video demos of the system below.

Continue reading “Pi-Powered Radio Over IP” →

Verifying A Wireless Protocol With RTLSDR

January 31, 2014 by Brian Benchoff 1 Comment

rtlsdr_nrf905_rtlizer

[Texane] is developing a system to monitor his garage door from his apartment. Being seven floors apart, running wires between the door and apartment wasn’t an option, so he turned to a wireless solution. Testing this wireless hardware in an apartment is no problem, but testing it in situ is a little more difficult. For that, he turned to software defined radio with an RTLSDR dongle.

The hardware for this project is based around a TI Stellaris board and a PTR8000 radio module. All the code for this project was written from scratch (Github here), making it questionable if the code worked on the first try. To test his code, [Texane] picked up one of those USB TV tuner dongles based around the RTL2832U chipset. This allowed him to monitor the frequencies around 433MHz for the packets his hardware should be sending.

After that, the only thing left to do was to write a frame decoder for his radio module. Luckily, the datasheet for the module made this task easy.

[Texane] has a frame decoder for the NRF905 radio module available in his Git. It’s not quite ready for serious applications, but for testing a simple radio link it’s more than enough.

Bringing WiFi Into A Mobile Hackerspace

January 25, 2014 by James Hobson 47 Comments

2013-11-23-00.04.14

[Philipp Protschka] has a pretty awesome mobile hackerspace (MHS) trailer. The only problem? How do you get WiFi when you’re inside what is basically a Faraday’s cage?

He didn’t think he’d have a problem, since he has a fairly powerful router (Netgear R7000 Nighthawk), not more than 20m from the trailer. But as soon as he shuts the door, he loses all connectivity — he can’t even see his SSID. Leaving the door open a crack results in a signal with a speed of about 54Mbits — not bad, but when it’s cold outside this really isn’t an option.

The solution? Install a WiFi repeater with an external antenna. He’s using a TP link station with two antennas — he’s removed one and hooked it up to a rugged outdoor antenna that gives the MHS a bit of an FBI van look — awesome. With the repeater in place he’s suddenly got access to over 24 SSID’s in the neighborhood from inside! It’ll also be extra handy when travelling because with the extra range it means he’ll be able to hook into local WiFi networks with ease.

Continue reading “Bringing WiFi Into A Mobile Hackerspace” →

Sniffing And Decoding Bluetooth LE Advertising Packets And NRF24L01+ Comms. For Under $30

January 22, 2014 by Mathieu Stephan 9 Comments

[Omri] just documented his journey to sniff and decode the protocol used by the popular NRF24L01+ transceiver off the air for very cheap. As he was designing a mesh network code and needed a way to monitor/debug the overall network performance, [Omri] decided to look for some RF hardware.

We’re sure that most of our readers are familiar with Software Defined Radio (SDR), which not so long ago became popular when some engineer discovered hidden registers inside Realtek RTL2832U chip, allowing many DVB-T dongles to be converted into RF listening devices. Unfortunately for [Omri], most of them have a maximum listening frequency of 2.2GHz, while the NRF24L01+ emits at 2.4GHz. The solution? Buy a 2.2-2.4GHz antenna from Aliexpress with a low-noise block downconverter (LNB), used for a Multichannel Multipoint Distribution Service (MMDS). The LNB therefore takes the 2.2-2.4GHz signal and downconverts it to around 400MHz, allowing any RTL-SDR-compatible DVB-T dongle to listen to the NRF communications. A program was then written to decode the RF signal and output the sniffed data in realtime.

Making A 20dB Low Noise Amplifier For A 400MHz Radio

January 19, 2014 by Mathieu Stephan 21 Comments

[Will] recently tipped us about a 400MHz Low Noise Amplifier (LNA) module he made. His detailed write-up starts by explaining the theory behind an amplifying chain. Assuming a 50 Ohm antenna system receives a -70dBm signal, the total peak to peak voltage would be less than 200uV (.0002 volts). If the first amplifying stage doesn’t consist of an LNA, then the added noise would later be amplified by the other elements of your system.

[Will] then detailed how he picked his LNA on Digikey, mainly by looking for one that had a less than 1dB Noise Figure. His final choice was the Sky65047: a small budget-priced 0.4-3.0GHz low noise amplifier with a theoretical gain of 20dB at 400MHz. He made the PCB you can see in the picture above, removing the soldermask on the signal path in order to lower the permitivity. Because of a few mistakes present in the application note, it took [Will] quite a while to get his platform up and running with a 20dB gain but a 4.5dB NF. He also measured the input return loss using a directional coupler, which ended up being quite close to the datasheet’s 14dB number.