Ham Radio Traffic Logger Using A Bug In Baofeng Electronics

June 10, 2021 by Danie Conradie 22 Comments

A Baofeng radio is often one of the first purchases a new ham radio operator makes these days due to the decent features and low price tag. They are far from perfect, but with a bit of creative inspiration, it’s possible to make the quirks work in your favor. By taking advantage of a loud pop on the earphone outputs whenever the LCD backlight turns on, [WhiskeyTangoHotel] built a radio traffic counter using an ESP8266.

Whenever there is a transmission on one of the frequencies the radio is tuned to, the backlight turns on. Connecting the audio output to an oscilloscope, [WhiskeyTangoHotel] measured a 5V spike whenever this happens. Using a pair of diodes in series to drop the voltage to a safe level, the ESP8266 detects the voltage spike and updates a Google spreadsheet with the timestamp via IFTTT.

This gave [WhiskeyTangoHotel] empirical data on how much traffic passes through the local VHF repeater, but we wouldn’t blame them if the hack itself was the real motivator.

Of course, this would also be a perfect application for the RTL-SDR, which should allow you to do the above and much more, all in software. Add a bit of AI and you can even extract the call signs. The RTL-SDR is also a good tool for learning about RF modulation.

UV5-R image via PE1RQM

What Is Ultra Wideband?

June 9, 2021 by Jenny List 36 Comments

If you’ve been following the world of mobile phone technology of late, you may be aware that Apple’s latest IPhones and AirTag locator tags bring something new to that platform. Ultra wideband radios are the new hotness when it comes to cellphones, so just what are they and what’s in it for those of us who experiment with these things?

An Apple AirTag being paired with an iPhone. Swisshashtag, CC BY-SA 4.0.

Ultra wideband in this context refers to radio signals with a very high bandwidth of over 500 MHz, and a very low overall power density spread over that spectrum. Transmissions are encoded not by modulation of discrete-frequency carriers as they would be in a conventional radio system, but by the emission of wideband pulses of RF energy across that bandwidth. It can exist across the same unlicensed spectrum as narrower bandwidth channelised services, and that huge bandwidth gives it an extremely high short-range data transfer bandwidth capability. The chipsets used by consumer devices use a range of UWB channels between about 3.5 and 6.5 GHz, which in radio terms is an immense quantity of spectrum. Continue reading “What Is Ultra Wideband?” →

QMESH: LoRa Mesh Networked Voice Communications

June 6, 2021 by Danie Conradie 32 Comments

LoRa is great for sending short data packets over long ranges but is not normally suitable for voice communications. [Dan Fay] is looking to change this with QMesh, a synchronized, flooded mesh network protocol for ham radio applications.

In a flooded mesh network every node repeats every message it receives. This has the theoretical advantage of making the network self-healing if a single node stops working, but often just means that the nodes will interfere with each other. Thanks to some characteristics of LoRa, [Dan] is using several tricks to get around this packet collision problem. LoRa network can make use of the “capture effect”, which allows a receiver to differentiate between two packets if the power level difference is large enough. This is further improved by adding forward error correction and slightly changing the frequency and timing of the LoRa chirps. QMesh also implements TDMA (Time Division Multiple Access) by splitting transmission into time slots, and only transmitting every third slot. This means it is operating on a 33% duty cycle, which is much higher than the 0.1%-10% allowed on license-free ISM-bands, which legally limits it to the ham bands.

On the hardware side, [Dan] has been using the STM32 NUCLEO-144 development boards with F4/L4/F7/H7 microcontrollers and a custom shield with a 1 W LoRa module and OLED screen. While [Dan] wants to eventually build handheld radios, he plans to first develop small FM repeaters that encode voice as codec2 and use QMesh as a backhaul. QMesh is still under development, but we would love to see the results of some long-range testing, and we are excited to see how it matures.

If your interested in a more basic LoRa-based human-to-human messaging system, take a look at Meshtastic. It’s been going very rapidly over the past year. To learn more about LoRa and other digital modulation schemes, check out the crash course we did with an SDR a while back.

Radio Build Goes Outside The Box

June 3, 2021 by Bryan Cockfield 4 Comments

It’s easy to get caught up in a build and forget that the final version usually needs some sort of enclosure, especially things with sensitive electronics in them. The [Director of Legal Evil] at the LVL1 Louisville Hackerspace notes as much in his recent radio build. It seems as though the case was indeed an afterthought, but rather than throwing it in a nondescript black project enclosure it was decided to turn the idea of a project enclosure itself inside-out.

The radio build is based on an SI4732 radio receiver which is a fairly common radio module and is easily adaptable. It needs a microcontroller to run though, so a Maple STM32 platform was chosen to do all of the heavy lifting. The build includes a screen, some custom analog controls, and a small class D audio amplifier, but this is the point it begins to earn its name: the Chaos Radio. While playing around with the project design in CAD, a normal design seemed too bland so one was chosen which makes the radio look like the parts are exploding outward from what would have been a more traditional-style enclosure.

While the project includes a functioning radio receiver, we have to complement the creator for the interesting display style for this particular set of hardware. It can get boring designing the same project enclosures time after time, so anything to shake things up is often welcomed especially when it puts all of the radio components on display like this. In fact, it’s reminiscent of some of [Dmitry]’s projects, an artist known for deconstructing various common household appliances like this CD Player.

Thanks to [Jose] for the tip!

How To Run A First-Generation Cell Phone Network

June 2, 2021 by Zach Zeman 21 Comments

Retro tech is cool. Retro tech that works is even cooler. When we can see technology working, hold it in our hand, and use it as though we’ve been transported back in time; that’s when we feel truly connected to history. To help others create small time anomalies of their own, [Dmitrii Eliuseev] put together a quick how-to for creating your own Advanced Mobile Phone System (AMPS) network which can bring some of the classic cellular heroes of yesterday back to life.

Few readers will be surprised to learn that this project is built on software defined radio (SDR) and the Osmocom-Analog project, which we’ve seen before used to create a more modern GSM network at EMF Camp. Past projects were based on LimeSDR, but here we see that USRP is just as easily supported. [Dmitrii] also provides a brief history of AMPS, including some of the reasons it persisted so long, until 2007! The system features a very large coverage area with relatively few towers and has surprisingly good audio quality. He also discusses its disadvantages, primarily that anyone with a scanner and the right know-how could tune to the analog voice frequencies and eavesdrop on conversations. That alone, we must admit, is a pretty strong case for retiring the system.

The article does note that there may be legal issues with running your own cell network, so be sure to check your local regulations. He also points out that AMPS is robust enough to work short-range with a dummy load instead of an antenna, which may help avoid regulatory issues. That being said, SDRs have opened up so many possibilities for what hackers can do with old wireless protocols. You can even go back to the time when pagers were king. Alternatively, if wired is more your thing, we can always recommend becoming your own dial-up ISP.

ESP8266 Adds WiFi To A 433 MHz Weather Station

May 26, 2021 by Tom Nardi 7 Comments

There’s no shortage of cheap weather stations on the market that pull in data from several wireless sensors running in the 433 to 900 MHz range and present you with a slick little desktop display, but that’s usually where the flow of information stops. Looking to bridge the gap and bring all that local climate data onto the Internet, [Jonathan Diamond] decided to reverse engineer how his weather station worked.

The first phase of this project involved an RTL-SDR receiver, GNURadio, and a sprinkling of Python. [Jonathan] was able to lock onto the signal and piece together the data packets that reported variables such as temperature, wind speed, and rainfall. Each one of these was a small puzzle in itself, and in the end, there’s still a few bits which he hasn’t quite figured out. But he at least had enough to move onto the next step.

Now at this point, he could have pulled the data right out of the air with his RTL-SDR. But looking to push his skills to the next level, [Jonathan] decided to open up the base station and isolate its receiver. Since he already decoded the packets on the RF side, he knew exactly what he was looking for with his oscilloscope and logic analyzer. Once he was tapped into the feed coming from the radio, the final step was writing some code for the ESP8266 that could listen on the line, interpret the data packets, and push the resulting variables out over the network.

In this case, [Jonathan] decided to funnel all the data into Weather Underground by way of the Personal Weather Station API. This not only let him view the data through their web interface and smartphone application, but brought their hyperlocal forecasting technology into the mix at no extra charge. If you’re not interested in sharing your info with the public, it would be a trivial matter to change the firmware so the data is published to a local MQTT broker, or whatever else floats your proverbial boat.

If you’re really lucky, your own weather station may already have an ESP8266 onboard and is dumping all its collected data to the serial port. But if not, projects like this one that break down how to reverse engineer a wireless signal can be a great source of inspiration and guidance should you decide to try and crack the code.

Historical Hackers: Emergency Antennas Launched By Kite

May 12, 2021 by Al Williams 24 Comments

Your airplane has crashed at sea. You are perched in a lifeboat and you need to call for help. Today you might reach for a satellite phone, but in World War II you would more likely turn a crank on a special survival radio.

These radios originated in Germany but were soon copied by the British and the United States. In addition to just being a bit of history, we can learn a few lessons from these radios. The designers clearly thought about the challenges stranded personnel would face and came up with novel solutions. For example, how do you loft a 300-foot wire up to use as an antenna? Would you believe a kite or even a balloon?

Continue reading “Historical Hackers: Emergency Antennas Launched By Kite” →