PCB of the antenna about to be modded, with components desoldered and different parts of the circuit highlighted

Make A GPS Antenna Compatible With Same Manufacturer’s Receiver

GPS can be a bit complex of a technology – you have to receive a signal below the noise floor, do quite a bit of math that relies on the theory of relativity, and, adding insult to injury, you also have to go outside to test it. Have you ever wondered how GPS antennas work? In particular, how do active GPS antennas get power down the same wire that they use to send signal to the receiver? Wonder not, because [Tom Verbeure] gifts us a post detailing a mod letting a fancy active GPS antenna use a higher-than-expected input voltage.

[Tom]’s post has the perfect amount of detail – enough pictures to illustrate the entire journey, and explanations to go with all of it. The specific task is modifying a Symmetricom antenna to work with a Symmetricom GPS receiver, which has a puzzling attribute of supplying 12V to the antenna instead of more common 3.3V or 5V. There’s a few possible options detailed, and [Tom] goes for the cleanest possible one – replacing the voltage regulator used inside of the antenna.

With a suitable replacement regulator installed and a protection diode replaced, the antenna no longer registers as a short circuit, and gets [Tom] a fix – you, in turn, get a stellar primer on how exactly active GPS antennas work. If your device isn’t ready to use active GPS antennas, [Tom]’s post will help you understand another GPS antenna hack we covered recently – modifying the Starlink dish to use an active antenna to avoid jamming on the frontlines.

Three ZigBee radios in ESD bags, marked "Zigbee Sniffer", "Router" and "Coordinator".

Crash IoT Devices Through Protocol Fuzzing

IoT protocols are a relatively unexplored field compared to most PC-exposed protocols – it’s bothersome to need a whole radio setup before you can tinker on something, and often, for low-level experiments, just any radio won’t do. This means there’s quite a bit of security ground to cover. Now, the U-Fuzz toolkit from [asset-group] helps us make up for it.

Unlike fuzzers you might imagine, U-Fuzz doesn’t go in blindly. This toolkit has provisions to parse protocols and fuzz fields meaningfully, which helps because many of devices will discard packets they deem too malformed. With U-Fuzz, you feed it a couple packet captures, help it make some conclusions about packet and protocol structure, and get suggestions on how to crash your devices in ways not yet foreseen.

This allows for basically arbitrary protocol fuzzing, and to demonstrate, we get examples on 5G, CoAP and ZigBee probing alike, with a list of found CVEs to wrap the README up. As Wikipedia often states, this list is incomplete, and you can help by expanding it. Fuzzing is an underestimated tool – it will help you hack ubiquitous wireless protocols, proprietary standards, and smart home hubs alike.

Wireless All The Things!

Neither Tom Nardi nor I are exactly young anymore, and we can both remember a time when joysticks were actually connected with wires to the computer or console, for instance. Back then, even though wireless options were on the market, you’d still want the wired version if it was a reaction-speed game, because wireless links just used to be too slow.

Somehow, in the intervening years, and although we never even really noticed the transition as such, everything has become wireless. And that includes our own hacker projects. Sure, the ESP8266 and other WiFi-capable chips made a big difference, but I still have a soft spot in my heart for the nRF24 chipset, which made at least point-to-point wireless affordable and easy. Others will feel the same about ZigBee, but the point stands: nothing has wires anymore, except to charge back up.

The reason? As this experiment comparing the latency of many different wireless connections bears out, wireless data links have just gotten that good, to the point that the latency in the radio is on par with what you’d get over USB. And the relevant software ecosystems have made it easier to go wireless as well. Except for the extra power requirement, and for cases where you need to move a lot of data, there’s almost no reason that any of your devices need wires anymore.

Are you with us? Will you throw down your chains and go wireless?

Benchmarking Latency Across Common Wireless Links For MCUs

Although factors like bandwidth, power usage, and the number of (kilo)meters reach are important considerations with wireless communication for microcontrollers, latency should be another important factor to pay attention to. This is especially true for projects like controllers where round-trip latency and instant response to an input are essential, but where do you find the latency number in datasheets? This is where [Michael Orenstein] and [Scott] over at Electric UI found a lack of data, especially when taking software stacks into account. In other words, it was time to do some serious benchmarking.

The question to be answered here was specifically how fast a one-way wireless user interaction can be across three levels of payload sizes (12, 128, and 1024 bytes). The effective latency is measured from when the input is provided on the transmitter, and the receiver has processed it and triggered the relevant output pin. The internal latency was also measured by having a range of framework implementations respond to an external interrupt and drive a GPIO pin high. Even this test on an STM32F429 MCU already showed that, for example, the STM32 low-level (LL) framework is much faster than the stm32duino one.

Continue reading “Benchmarking Latency Across Common Wireless Links For MCUs”

Garden Light Turned Mesh Network Node

We love a good deal, especially when it comes to scavenging parts for projects. Cheap outdoor solar lights are more than just garden accessories; they’re a handy source of waterproof enclosures, solar panels and batteries. This is demonstrated by [Tavis], who turned one such light into a Meshtastic LoRa communication node.

Solar Light With Meshtastic node inside
Where there’s an antenna, there’s a radio

A nice feature on this specific $15 Harbor Breeze Solar LED is the roomy solar panel enclosure with integrated 18650 battery holder, allowing for easy battery swaps. [Tavis] was able to easily fit the RAKwireless modular dev board, and wire it into the light’s charging circuit. The cheap  circuit is likely not the most efficient, but will probably get the job done. It’s always possible to just swap it out with a better charging board. [Tavis] also added an external antenna by using a panel-mount SMA pigtail connector.

The Meshtastic project is all about enabling text-only communications through LoRa-based mesh networks, built using off-the-shelf devices and development boards that won’t break the bank. The project has seen some incredible growth, with people all over the world setting up their own networks.

It’s not the first time we’ve seen garden lights get used in project. We’ve seen MQTT added to a PIR solar light with some clever power saving circuitry, and as a power source for Attiny85-based projects.

Reverse-Engineering The ESP32’s WiFi Binary Blob With A Faraday Cage

The Faraday cage constructed by Jasper Devreker.
The Faraday cage constructed by Jasper Devreker.

As part of a team reverse-engineering the binary blob driver for the ESP32’s WiFi feature at Ghent University, [Jasper Devreker] saw himself faced with the need to better isolate the network packets coming from the ESP32-under-test. This is a tough call in today’s WiFi and 2.4 GHz flooded airwaves. To eliminate all this noise, [Jasper] had to build a Faraday cage, but ideally without racking up a massive invoice and/or relying on second-hand parts scavenged from eBay.

We previously reported on this reverse-engineering project, which has since seen an update. Although progress has been made, filtering out just the packets they were interested in was a big challenge. The solution was a Faraday cage, but on a tight budget.

Rather than relying on exotic power filters, [Jasper] put a battery inside a Faraday cage he constructed out of wood and conductive fabric. To get Ethernet data in and out, a fiber link was used inside a copper tube. Initial testing was done using a Raspberry Pi running usbip and a WiFi dongle.  The Faraday cage provided enough attenuation that the dongle couldn’t pick up any external WiFi signals in listening mode.

The total cost of this build came down to a hair over €291, which makes it feasible for a lot of RF experiments by hobbyists and others. We wish [Jasper] and the rest of the team a lot of luck in figuring out the remaining secrets of Espressif’s binary WiFi blob using this new tool.

Faking Bluetooth LE With An NRF24L01+ Module

Despite the name, Bluetooth Low Energy (BLE) has very little to do with the original Bluetooth, other than its use of the same 2.4 GHz frequencies. This is where [Dmitry] got the idea to use a 2.4 GHz nRF24L01+ module to implement his very own BLE device, without the typical BLE chipset. This should be easy, since this popular IC supports GFSK modulation, 1 MHz channels and the 1 MBit data rate of BLE.

Despite of how simple BLE seems to implement, [Dmitry] quickly came across a range of issues due to limitations of the nRF24L01+. These include no support for a 24-bit CRC, a too sluggish PLL cycling for BLE’s frequency hopping, and as the coup de grâce, a lack for incoming data packets larger than 32 bytes — which destroyed any hope of accepting incoming connections.

Unperturbed, [Dmitry] set to work implementing what would work on this IC: broadcasting BLE packets. In the article he covers the entire code (in C) that allows the nRF24L01+ to send broadcast packets and any BLE-supporting device that’s listening to receive them. Admittedly not as useful as having a fully functional BLE stack, but good enough for broadcasting something like sensor data. It also raises the question of which alternative released in the intervening decade to the venerable nRF24L01+ might fill in the missing features, without making a dedicated BLE IC (or ESP32 variant) look more cost-effective.

It’s always a good day when a new project from [Dmitry] hits the tip line. We’ve previously covered his impressive efforts to add more RAM to the RP2040, and his business card that can boot Linux on an ATSAMD21.