Sniffing RF Hardware Communication Packets

February 7, 2011 by Mike Szczys 7 Comments

[Travis Goodspeed] put together a proof of concept hack that sniffs wireless keyboard data packets. He’s using the Next HOPE badge that he designed as the hardware platform for these tests. It has an nRF24L01+ radio on-board which can easily communicate with 2.4 GHz devices.

The real trick comes in getting that radio to listen for all traffic, then to narrow that traffic down to just the device from which you want data. He covers the protocol that is used, and his method of getting around MAC address verification on the hardware. In the end he can listen to all keyboard data without the target’s knowledge, and believes that it is possible to inject data using just the hardware on the badge.

Building Linear Amplifier Prototypes

January 28, 2011 by Mike Szczys 15 Comments

We know way too little about this subject but hopefully [Bob4analog] helped us learn a little bit more this time around. He’s building his own linear amplifiers on what looks like sheets of MDF. This is an evolving design and the two videos after the break show two different iterations. He’s salvaged several components, like transformers from microwaves, as well as built his own components like the plate choke to the right of the tubes in the image above. In standby, the amp sits at 2800 volts, warming the filament before the unit is switched on.

So what’s he got planned for this? Good question, but it appears that there’s more than enough power to drive a long-range transmitter.

Continue reading “Building Linear Amplifier Prototypes” →

Stepper Directed HDTV Antenna

January 26, 2011 by James Munns 22 Comments

Credit: http://www.instructables.com/id/Computer-controlled-OTA-TV-antenna/

Broadcast TV has come a long way from adjusting the rabbit ears on top of the set just to get a fuzzy black and white picture. While nowadays there are often HD signals broadcast in most areas, it can often still be critical to redirect an antenna to get the best possible signal. By harvesting a stepper motor from an old 5 1/2″ floppy drive, and using a PC’s parallel port to control it, this adjustment can be handled automatically. Broadcast tower locations are easily found online, and once you have calibrated your stepper to face North, you are on your way to free HDTV reception.

What we would like to see is this antenna attached to a HTPC, and some kind of script to automatically direct the antenna for the best possible signal for the current channel. If anyone out there makes this happen, be sure to let us know.

Making The IM-ME Dongle More Useful

January 26, 2011 by Mike Szczys 15 Comments

So you’ve hacked your IM-ME six ways from Sunday but don’t know what to do with the USB dongle? [Joby Taffey] set out to make this leftover a useful part of the hacking arsenal. He pulled off the USB connector and the USB controller chip. From there he glued on the pin headers as pictured above in order to turn this into a breadboard-friendly single in-line package. But wait, that’s not all… for the low-low price of common components he also built a power and programming cable. Once it’s all said and done you can load PinkOS, an operating system he developed for the device which lets you operate the onboard radio via serial protocol.

Need a better overview of the hardware on the board? [Joby] laid the groundwork for this hack back in October.

Wireless Sniffing And Jamming Of Chronos And Iclicker

January 25, 2011 by Joseph Thibodeau 1 Comment

The ubiquitous presence of wireless devices combined with easy access to powerful RF development platforms makes the everyday world around us a wireless hacker’s playground. Yesterday [Travis Goodspeed] posted an article showing how goodfet.cc can be used to sniff wireless traffic and also to jam a given frequency. We’ve previously covered the work of [Travis] in pulling raw data from the IM-ME spectrum analyzer, which also uses goodfet.cc.

The Texas Instruments Chronos watch dev platform contains a C1110 chip, which among other things can provide accelerometer data from the watch to an interested sniffer. The i>clicker classroom response device (which houses a XE1203F chip) is also wide open to this, yielding juicy info about your classmates’ voting behaviour. There is still some work to be done to improve goodfet.cc, and [Travis] pays in beer–not in advance, mind you.

With products like the Chronos representing a move towards personal-area wireless networks, this sort of security hole might eventually have implications to individual privacy of, for example, biometric data–although how that might be exploited is another topic. Related to this idea is that of sniffable RFID card data. How does the increasing adoption of short-range wireless technologies affects us, both for good and bad? We invite you to share your ideas in the comments.

Radios Without Power Sources

January 25, 2011 by Mike Szczys 37 Comments

[Goodhart] is sharing his process for building a couple different AM radios. It’s surprising how few components he’s using; the first build is just a germanium diode, some wire, and a piezo earpiece. But it strikes us that both of the radios he gives build instructions for have no power source. We’re also amused by the process of selecting the station. His example uses 770 AM, and requires you to take the wire and place it up in a tree with the two ends about 1216 feet apart. We think there’s something a bit off with the math, but with that much conductor to start with there might be enough induced current for you to actually hear something come out the piezo. We don’t think we’ll be trying this anytime soon, but we’d like to hear comments from those of you who do (or already have).

555 Based AM Radio Transmitter

January 10, 2011 by Mike Szczys 33 Comments

Bust out that 555 timer and use it to build your own AM radio transmitter. The circuit that [Rtty21] is using only needs the timer chip, an NPN transistor, three caps, three resistors, and a potentiometer. It generates an amplitude modulation signal around the 600 kHz range which you will be able to pick up with any normal AM radio. From the comments on the article it seems you’ll get around 30-40 feet of range out of the device. We don’t see this as a competitor for the FM spy microphone, but maybe you can use it as a diy baby monitor.