Touch Anything And Everything

Powering IoT devices is often a question of batteries or mains power, but in rare exceptions to this rule there is no power supply (PDF Warning). At the University of Wisconsin-Madison and the University of California, San Diego, researchers have gone the extra mile to make advanced backscatter devices, and these new tags don’t need the discrete components we have seen in previous versions. They are calling it LiveTag, and it doesn’t need anything aside from a layer of foil printed or etched on a flexible ceramic-PTFE laminate. PTFE is mostly seen in the RF sector as a substrate for circuit boards.

We have seen some of the wild creations with wifi backscatter that range from dials to pushbuttons. RF backscatter works by modulating the RF signals in which we are continuously swimming. Those radio waves power the device and disrupt the ambient signals, which disruption can be detected by a receiver. With a BOM that looks like a statement more than a list, integration with many devices becomes a cost-effective reality. Do not however broadcast important data because you cannot expect great security from backscatter.

[Via IEEE Spectrum]

Classroom Gadget Turned Arduino Compatible

Cheap second-hand hardware is usually a fertile ground for hacking, and by looks of this project, the digital classroom aids that were all the rage a few years back are no exception. [is0-mick] writes in to tell us how he managed to hack one of these devices, a SMART Reponse XE, into an Arduboy compatible game system. As it turns out, this particular gadget is powered by an ATmega128RFA, which is essentially an Arduino-compatible AVR microcontroller with a 2.4GHz RF transceiver tacked on. This makes it an extremely interesting platform for hacking, especially since they are going for as little as $3 USD on eBay.

There’s no USB-Serial converter built into the SMART Response XE, so you’ll need to provide your own external programmer to flash the device. But luckily there’s a labeled ISP connector right on the board which makes it pretty straightforward to get everything wired up.

Of course, getting the hardware working was slightly more complicated than just flashing an Arduino Sketch onto the thing. [is0-mick] has provided his bootloader and modified libraries to get the device’s QWERTY keyboard and ST7586S controlled 384×160 LCD working.

Playing games is fun, but when his friend [en4rab] sent him the SMART Response XE to fiddle with, the goal was actually to turn them into cheap 2.4 GHz analyzers similar to what was done with the IM-ME. It seems they’re well on their way, and [is0-mick] invites anyone who might be interested in filling in some of the blanks on the RF side to get involved.

Continue reading “Classroom Gadget Turned Arduino Compatible”

Reverse Engineering Quadcopter Protocols

Necessity is the mother of invention, but cheap crap from China is the mother of reverse engineering. [Michael] found a very, very cheap toy quadcopter in his local shop, and issued a challenge to himself. He would reverse engineer this quadcopter’s radio protocol. His four-post series of exploits covers finding the right frequency for the radio, figuring out the protocol, and building his own remote for this cheap toy.

[Michael] was already familiar with the capabilities of these cheap toys after reading a Hackaday post, and the 75-page, four language manual cleared a few things up for him. The ‘Quadro-Copter’ operated on 2.4GHz, but did not give any further information. [Michael] didn’t know what channel the toy was receiving on, what data rate, or what the header for the transmission was. SDR would be a good tool for figuring this out, but thanks to Travis Goodspeed, there’s a really neat trick that will put a 2.4GHz nRF24L01+ radio into promiscuous mode, allowing [Michael] to read the transmissions between the transmitter and quadcopter. This code is available on [Michael]’s github.

A needle in an electromagnetic haystack was found and [Michael] could listen in on the quadcopter commands. The next step was interpreting the ones and zeros, and with the help of a small breakout board and soldering directly to the SPI bus on the transmitter, [Michael] was able to do just that. By going through the nRF24 documentation, he was able to suss out the pairing protocol and read the stream of bytes that commanded the quadcopter.

What [Michael] was left with is a series of eight bytes sent in a continuous stream from the transmitter to the toy. These bytes contained the throttle, yaw, pitch, roll, and a ‘flip’ settings, along with three bytes of ‘counters’ that didn’t seem to do anything.  With that info in hand, [Michael] took an Arduino Nano, an nRF04L01+ transceiver, and a Wii nunchuck to build his own transmitter. If you’re looking for a ‘how to reverse engineer’ guide, it generally doesn’t get better than this.

You can check out a video of [Michael] flying his Wiimoted quadcopter below.

Continue reading “Reverse Engineering Quadcopter Protocols”

Reading 2.4GHz Transmitters With An Arduino

QuadThere are a lot of cheap quadcopter kits out there, sold ready to fly with a transmitter and battery for right around $50 USD. One of the more popular of these micro quads is the V2X2 series. They are, unfortunately not compatible with any other radio protocol out there, but [Alexandre] has managed to use the transmitter included with his V202 quad to send data to an Arduino.

Like most quads, the transmitter that came with [Alexandre]’s V202 operates on 2.4GHz. Listening in on that band required a little bit of hardware, in this case a nordic Semiconductors nRF24L01p. Attached to this chip is a regular ‘ol Arduino running a bit of code that includes [Alexandre]’s V202 library.

Right now, the build can detect if the quad is bound or not, and read the current position of the throttle, yaw, pitch, and roll, as well as all the associated trims. It’s just the beginnings of [Alexandre]’s project, but his eventual goal is to build an Arduino bot based on the code, complete with RC servos. Not bad for a transmitter that will be utterly useless when the microquad eventually breaks.

Continue reading “Reading 2.4GHz Transmitters With An Arduino”

Viewing CCTV on every street corner

2.4 GHz video transmitters are everywhere these days, in many, many products ranging from baby monitors to CCTV setups. Surprisingly, most owners of these video devices don’t realize they’re transmitting an unencrypted video signal, a belief [Benjamin] hopes to rectify.

[Ben]’s project started with him driving around cities recording unencrypted 2.4GHz video feeds. His idea has since expanded to include building metal boxes with an LCD display and attaching them to light poles. Think of it as an education via technology; most people don’t know these devices are receivable by everybody, and showing them it is possible is the first step in learning.

If you’re looking for something a little more creepy than a metal box attached to a lamp-post, [Ben] is also the brainchild behind the Surveillance Video Entertainment Network, an installation (also in van form) that exposes unencrypted 2.4 GHz video transmissions in cities around the world.

You can check out a few intercepted surveillance videos after the break.

Continue reading “Viewing CCTV on every street corner”

PCB trace antenna

If you’re working on a device that includes RF wireless, [Colin’s] Guide to PCB Trace Antenna Design might clear some headaches when sending off for PCBs. While it is directed at devices transmitting at 2.4GHz, the techniques and recommended equipment (read: espresso smith charts and network analyzers) should work for almost any frequency. While trace antennas aren’t as easy to implement as a measured wire, the space benefits make up for the difficulty. Unless you don’t mind how larger your project is, did someone say cantenna?