Inside A 20-Watt Traveling Wave Tube Amplifier From Apollo

When the Apollo astronauts made their way to the Moon, their communication equipment had a transmission power of a mere 20 W, which the sensitive receivers back on Earth managed to pick up. But this isn’t just any amplifier, it’s a Traveling Wave Tube amplifier (TWT), as [Ken Shirriff] explains in a recent article.

The most fascinating thing about these TWTs isn’t just their role during the Apollo missions, but the fact that even today this type of vacuum tube is still among the most efficient and compact types of RF amplifier. As a result today’s high-tech satellites still commonly feature these devices.

As always, [Ken] entertains and enlightens us with how the TWT and the rest of the amplifier system worked.

 

USB Power Bank’s Auto-Off Becomes Useful Feature In Garage Door Remote

For devices that are destined for momentary and infrequent use as well as battery power, some kind of power saving is pretty much a required feature. For example, when [PJ Allen] turned two ESP8266-based NodeMCU development boards into a replacement wireless remote garage door opener, a handy USB power bank ended up serving as a bit of a cheat when migrating the remote away from the workbench. Instead of moving the board from USB to battery power and implementing some kind of sleep mode or auto-off, [PJ Allen] simply plugged in a USB power bank and let it do all the work.

This is how the feature works: some USB power banks turn themselves off unless they detect a meaningful current draw. That means that if the power bank is charging a phone, it stays on, but if it’s only lighting up a few LEDs, it’ll turn itself off. This feature can be a frustrating one, but [PJ Allen] realized that it could actually be useful for a device like his garage door remote. Turning on the power bank delivers 5 V to the NodeMCU board and allows it to work, but after about fifteen seconds, the power bank turns itself off. Sure, strapping a power bank to the remote makes the whole thing bigger than it needs to be, but it’s a pretty clever use of the minimum load as an effortless auto-off feature.

The NodeMCU boards in [PJ Allen]’s DIY remote use ESP-NOW for their wireless communications, a nifty connectionless protocol from Espressif that we’ve seen used in other projects as well, such as this ESP32-based walkie-talkie.

QMESH: LoRa Mesh Networked Voice Communications

LoRa is great for sending short data packets over long ranges but is not normally suitable for voice communications. [Dan Fay] is looking to change this with QMesh, a synchronized, flooded mesh network protocol for ham radio applications.

In a flooded mesh network every node repeats every message it receives. This has the theoretical advantage of making the network self-healing if a single node stops working, but often just means that the nodes will interfere with each other. Thanks to some characteristics of LoRa, [Dan] is using several tricks to get around this packet collision problem. LoRa network can make use of the “capture effect”, which allows a receiver to differentiate between two packets if the power level difference is large enough. This is further improved by adding forward error correction and slightly changing the frequency and timing of the LoRa chirps. QMesh also implements TDMA (Time Division Multiple Access) by splitting transmission into time slots, and only transmitting every third slot. This means it is operating on a 33% duty cycle, which is much higher than the 0.1%-10% allowed on license-free ISM-bands, which legally limits it to the ham bands.

On the hardware side, [Dan] has been using the STM32 NUCLEO-144 development boards with F4/L4/F7/H7 microcontrollers and a custom shield with a 1 W LoRa module and OLED screen. While [Dan] wants to eventually build handheld radios, he plans to first develop small FM repeaters that encode voice as codec2 and use QMesh as a backhaul. QMesh is still under development, but we would love to see the results of some long-range testing, and we are excited to see how it matures.

If your interested in a more basic LoRa-based human-to-human messaging system, take a look at Meshtastic. It’s been going very rapidly over the past year. To learn more about LoRa and other digital modulation schemes, check out the crash course we did with an SDR a while back.

Hacking A Solar Inverter RF Interface

One of the main advantages of cheap wireless modules is that they get used in consumer electronics, so if you know what’s being used you can build your own compatible hardware. While investigating the RF interface used in a series of cheap “smart” solar inverters [Aaron Christophel], created an Arduino library to receive inverter telemetry using a $2 RF module. See the demonstration after the break.

[Aaron] bought the inverter and ~40 euro USB “Data Box” that allows the user to wirelessly monitor the status of the inverter. Upon opening the two units, he found that they used LC12S 2.4Ghz modules, which create a wireless UART link. With a bit of reverse engineering, he was able to figure out the settings for the RF modules and the serial commands required to request the status of the inverter. He doesn’t delve into the possible security implications, but there doesn’t appear to be any form of encryption in the link. It should be possible for anyone with a module to sniff the messages, extract the ID of the inverter, and hijack the link. Just knowing the status of the inverter shouldn’t be all that dangerous, but he doesn’t mention what other commands can be sent to the module. Any others could have more severe implications.

Sniffing the wireless signal flashing through the air around us is a regular topic here on Hackaday. From testing the security of WiFi networks with an ESP32 to monitoring SpaceX launches with an SDR, the possibilities are infinite.

Continue reading “Hacking A Solar Inverter RF Interface”

WiFi Penetration Testing With An ESP32

WiFi is one of those technologies that most of us would have trouble living without. Unfortunately, there are several vulnerabilities in the underlying 802.11 standards that could potentially be exploited. To demonstrate just how simple this can be, [risinek] developed the ESP32 Wi-Fi Penetration Tool that runs on cheap dev boards and can execute deauthentication and Denial of Service attacks, and capture handshakes and PMKIDs.

The main challenge in this project is to implement these attacks while using the ESP-IDF development framework. The closed source WiFi libraries of the ESP-IDF block specific arbitrary frames like deauthentication frames. To get around this [risinek] used two different approaches. The first is to bypass the declaration of the blocking function at compile-time, which is borrowed from the esp32-deauther project. The second approach doesn’t require any modifications to the ESP-IDF. It works by creating a rogue access point (AP) identical to the targeted access point, which will send a deauthentication frame whenever one of the devices tries to connect to it instead of the real AP.

WPA/WPA2 handshakes are captured by passively listening for devices connecting to the target network, or running a deauth attack and then listening for when devices reconnect. PMKIDs are captured from APs with the roaming feature enabled, by analyzing the first message of a WPA handshake. ESP32 Wi-Fi Penetration Tool will also format the captured data into PCAP and HCCAPX files ready to be used with Wireshark and Hashcat. To manage the tool, it creates a management access point where the target and attack type is selected, and the resulting data can be downloaded. Pair the ESP32 with a battery, and everything can be done on the go. The project is part of [risinek]’s master’s thesis, and the full academic article is an educating read. Continue reading “WiFi Penetration Testing With An ESP32”

Send Old-Fashioned Pager Messages With New-Fashioned Hardware

In a world of always-connected devices and 24/7 access to email and various social media and messaging platforms, it’s sometimes a good idea to take a step away from the hustle and bustle for peace of mind. But not too big of a step. After all, we sometimes need some limited contact with other humans, so that’s what [EverestX] set out to do with his modern, pocket-sized communication device based on pager technology from days of yore.

The device uses the POCSAG communications protocol, a current standard for pager communications that allows for an SMS-like experience for those still who still need (or want) to use pagers. [EverestX] was able to adapt some preexisting code and port it to an Atmel 32u4 microcontroller. With a custom PCB, small battery, an antenna, and some incredibly refined soldering skills, he was able to put together this build with an incredibly small footprint, slightly larger than a bottle cap.

Once added to a custom case, [EverestX] has an excellent platform for sending pager messages to all of his friends and can avoid any dreaded voice conversations. Pager hacks have been a favorite around these parts for years, and are still a viable option for modern communications needs despite also being a nostalgic relic of decades past. As an added bonus, the 32u4 microcontroller has some interesting non-pager features that you might want to check out as well.

Thanks to [ch0l0man] for the tip!

Gaming Headset Gets Simple Wireless Charging

Despite the technology itself being widely available and relatively cheap, devices that offer wireless charging as a feature still aren’t as common as many would like. Sure it can’t deliver as much power as something like USB-C, but for low-draw devices that don’t necessarily need to be recharged in a hurry, the convenience is undeniable.

Sick of having to plug it in after each session, [Taylor Burley] decided to take matters into his own hands and add wireless charging capability to his Turtle Beach Recon 200 headset. But ultimately, there’s nothing about this project that couldn’t be adapted to your own particular headset of choice. Or any other device that charges via USB, for that matter.

To keep things simple, [Taylor] used an off-the-shelf wireless charging transmitter and receiver pair. The transmitter is housed in a 3D printed mount that the headset hangs from, and the receiver was simply glued to the top of the headset. The receiver is covered with a thin 3D printed plate, but a couple turns of electrical tape would work just as well if you didn’t want to design a whole new part.

Once everything was in place, he then ran a wire down the side of the headset and tapped into the five volt trace coming from the USB port. So now long as [Taylor] remembers to hang the headset up after he’s done playing, the battery will always be topped off the next time he reaches for it.

Considering how many projects we’ve seen that add wireless charging to consumer devices, it’s honestly kind of surprising that it’s still not a standard feature in 2021. Until manufacturers figure out what they want to do with the technology, it seems like hackers will just have to keep doing it themselves.

Continue reading “Gaming Headset Gets Simple Wireless Charging”