Wireless Hacks

1064 Articles

Pictures From A High Altitude Balloon

March 28, 2025 by 14 Comments

How do you get images downlinked from 30 km up? Hams might guess SSTV — slow scan TV — and that’s the approach [desafloinventor] took. If you haven’t seen it before (no pun intended), SSTV is a way to send images over radio at a low frame rate. Usually, you get about 30 seconds to 2 minutes per frame.

The setup uses regular, cheap walkie-talkies for the radio portion on a band that doesn’t require a license. The ESP32-CAM provides the processing and image acquisition. Normally, you don’t think of these radios as having a lot of range, but if the transmitter is high, the range will be very good. The project steals the board out of the radio to save weight. You only fly the PC board, not the entire radio.

If you are familiar with SSTV, the ESP-32 code encodes the image using Martin 1. This color format was developed by a ham named [Martin] (G3OQD). A 320×256 image takes nearly two minutes to send. The balloon system sends every 10 minutes, so that’s not a problem.

Of course, this technique will work anywhere you want to send images over a communication medium. Hams use these SSTV formats even on noisy shortwave frequencies, so the protocols are robust.

Hams used SSTV to trade memes way before the Internet. Need to receive SSTV? No problem.

What’s Wrong With This Antenna Tuner?

March 10, 2025 by 15 Comments

[Tech Minds] built one of those cheap automatic antenna tuners you see everywhere — this one scaled up to 350 watt capability. The kit is mostly built, but you do have to add the connectors and a few other stray bits. You can see how he did it in the video below.

What was very interesting, however, was that it wasn’t able to do a very good job tuning a wire antenna across the ham bands, and he asks for your help on what he should try to make things better.

Continue reading “What’s Wrong With This Antenna Tuner?”

An excerpt from the website, showing the nRootTag block diagram and describing its structure

Hijacking AirTag Infrastructure To Track Arbitrary Devices

March 3, 2025 by 7 Comments

In case you weren’t aware, Apple devices around you are constantly scanning for AirTags. Now, imagine you’re carrying your laptop around – no WiFi connectivity, but BLE’s on as usual, and there’s a little bit of hostile code running at user privileges, say, a third-party app. Turns out, it’d be possible to make your laptop or phone pretend to be a lost AirTag – making it and you trackable whenever an iPhone is around.

The nroottag website isn’t big on details, but the paper ought to detail more; the hack does require a bit of GPU firepower, but nothing too out of the ordinary. The specific vulnerabilities making this possible have been patched in newer iOS and MacOS versions, but it’s still possible to pull off as long as an outdated-firmware Apple device is nearby!

Of course, local code execution is often considered a game over, but it’s pretty funny that you can do this while making use of the Apple AirTag infrastructure, relatively unprivileged, and, exfiltrate location data without any data connectivity whatsoever, all as long as an iPhone is nearby. You might also be able to exflitrate other data, for what it’s worth – here’s how you can use AirTag infrastructure to track new letter arrivals in your mailbox!

Octet Of ESP32s Lets You See WiFi Like Never Before

February 15, 2025 by 13 Comments

Most of us see the world in a very narrow band of the EM spectrum. Sure, there are people with a genetic quirk that extends the range a bit into the UV, but it’s a ROYGBIV world for most of us. Unless, of course, you have something like this ESP32 antenna array, which gives you an augmented reality view of the WiFi world.

According to [Jeija], “ESPARGOS” consists of an antenna array board and a controller board. The antenna array has eight ESP32-S2FH4 microcontrollers and eight 2.4 GHz WiFi patch antennas spaced a half-wavelength apart in two dimensions. The ESP32s extract channel state information (CSI) from each packet they receive, sending it on to the controller board where another ESP32 streams them over Ethernet while providing the clock and phase reference signals needed to make the phased array work. This gives you all the information you need to calculate where a signal is coming from and how strong it is, which is used to plot a sort of heat map to overlay on a webcam image of the same scene.

The results are pretty cool. Walking through the field of view of the array, [Jeija]’s smartphone shines like a lantern, with very little perceptible lag between the WiFi and the visible light images. He’s also able to demonstrate reflection off metallic surfaces, penetration through the wall from the next room, and even outdoor scenes where the array shows how different surfaces reflect the signal. There’s also a demonstration of using multiple arrays to determine angle and time delay of arrival of a signal to precisely locate a moving WiFi source. It’s a little like a reverse LORAN system, albeit indoors and at a much shorter wavelength.

There’s a lot in this video and the accompanying documentation to unpack. We haven’t even gotten to the really cool stuff like using machine learning to see around corners by measuring reflected WiFi signals. ESPARGOS looks like it could be a really valuable tool across a lot of domains, and a heck of a lot of fun to play with too.

Continue reading “Octet Of ESP32s Lets You See WiFi Like Never Before”

What The Well-Dressed Radio Hacker Is Wearing This Season

February 13, 2025 by 7 Comments

We’ve seen a lot of interest in Meshtastic, the license-free mesh network for small amounts of data over the airwaves. [Ham Radio Rookie] was disappointed with his Meshtastic node’s small and inefficient antennas. So he decided to make what we suspect is the world’s first Meshtastic necktie.

We assume the power is low enough that having it across your thorax is probably not terrible. Probably. The tie is a product of a Cricut, Faraday cloth, and tiny hardware (the Xiao ESP32S3 and the WIO SX1262 board). The biggest problem was the RF connector, which needed something smaller than the normal BNC connector.

Continue reading “What The Well-Dressed Radio Hacker Is Wearing This Season”

desk with circuit schema and AirTag

Stealth AirTag Broadcasts When Moved: An Experiment

January 18, 2025 by 43 Comments

A simple yet intriguing idea is worth sharing, even if it wasn’t a flawless success: it can inspire others. [Richard]’s experiment with a motion-powered AirTag fits this bill. Starting with our call for simple projects, [Richard] came up with a circuit that selectively powers an AirTag based on movement. His concept was to use an inertial measurement unit (IMU) and a microcontroller to switch the AirTag on only when it’s on the move, creating a stealthy and battery-efficient tracker.

The setup is minimal: an ESP32 microcontroller, an MPU-6050 IMU, a transistor, and some breadboard magic. [Richard] demonstrates the concept using a clone AirTag due to concerns about soldering leads onto a genuine one. The breadboard-powered clone chirps to life when movement is detected, but that’s where challenges arise. For one, Apple AirTags are notoriously picky about batteries—a lesson learned when Duracell’s bitter coating blocks functionality. And while the prototype works initially, an unfortunate soldering mishap sadly sends the experiment off the rails.

Despite the setbacks, this project may spark a discussion on the possibilities of DIY digital camouflage for Bluetooth trackers. By powering up only when needed, such a device avoids constant broadcasting, making it harder to detect or block. Whether for tracking stolen vehicles or low-profile uses, it’s a concept rich with potential. We talked about this back in 2022, and there’s an interesting 38C3 talk that sheds quite some light on the broadcasting protocols and standards. Continue reading “Stealth AirTag Broadcasts When Moved: An Experiment”

A Low Effort, Low Energy Doorbell

January 10, 2025 by 19 Comments

Bluetooth is a good way to connect devices that are near each other. However, it can drain batteries which is one reason Bluetooth Low Energy — BLE — exists. [Drmph] shows how easy it is to deploy BLE to make, in this case, a doorbell. He even shows how you can refit an existing doorbell to use the newer technology.

Like many projects, this one started out of necessity. The existing wireless doorbell failed, but it was difficult to find a new unit with good review. Cheap doorbells tend to ring spuriously due to interference. BLE, of course, doesn’t have that problem. Common BLE modules make up the bulk of the project. It is easy enough to add your own style to the doorbell like a voice announcement or musical playback. The transmitter is little more than a switch, the module, a coin cell, and an LED.

It is, of course, possible to have a single receiver read multiple doorbells. For example, a front door and back door with different tones. The post shows how to make a remote monitor, too, if you need the bell to ring beyond the range of BLE.

A fun, simple, and useful project. Of course, the cool doorbells now have video. Just be careful not to get carried away.