If you have an RTL-SDR compatible radio there’s an excellent chance you’ve heard of the rtl_433 project, which lets you receive and decode signals from an ever-expanding list of supported devices in the ISM radio bands. It’s an incredibly useful piece of software, but the fact that it requires an external software defined radio and a full-fledged computer to run dictated the sort of projects it could realistically be used for.
But thanks to the rtl_433_ESP Arduino library developed by [NorthernMan54], we’re now able to pack that functionality into a much smaller package. All you need is an ESP32 microcontroller and a CC1101 or SX127X transceiver module. If you’re looking for a turn-key hardware platform, the documentation notes the LILYGO LoRa32 V2 board includes the required hardware, plus adds a handy OLED display and microSD slot. It should be noted that the range of these radios don’t compare particularly well to a full-size RTL-SDR device, but that probably won’t come as much of a surprise. Continue reading “Arduino Library Brings Rtl_433 To The ESP32”→
[Mare] has a visual guide and simple instructions for making DIY mini helical 868 MHz antennas for LoRa applications. 868 MHz is a license-free band in Europe, and this method yields a perfectly serviceable antenna that’s useful where space is constrained.
The process is simple and well-documented, but as usual with antenna design it requires attention to detail. Wire for the antenna is silver-plated copper, salvaged from the core of RG214U coaxial cable. After straightening, the wire is wound tightly around a 5 mm core. 7 turns are each carefully spaced 2 mm apart. After that, it’s just a matter of measuring and bending the end for soldering to the wireless device in question. [Mare] has used this method for wireless LoRa sensors in space-constrained designs, and it also has the benefit of lowering part costs since it can be made and tested in-house.
Antennas have of course been made from far stranger things than salvaged wire; one of our favorites is this Yagi antenna made from segments of measuring tape.
If you own one of the ubiquitous RTL-SDR software defined radio receivers derived from a USB digital TV receiver, one of the first things you may have done with it was to snoop on wide frequency bands using the waterfall view present in most SDR software. Since the VHF and UHF bands the RTL covers are sometimes a little devoid of signals, chances are you homed in upon one of the ISM bands as used by plenty of inexpensive wireless devices for all sorts of mundane control tasks. Unless you reside in the depths of the wilderness, ISM band sniffing will show a continuous procession of chirps; short bursts of digital data. It is surprising, the number of radio-controlled devices you weren’t aware were in your surroundings.
It’s not the most refined of attack because all it does is take the recorded file and retransmit it with the [F5OEO] RPiTX software. But they do demonstrate it in action with a wireless lightbulb, a door bell, a wireless relay, and a remote-controlled switched socket. Since the data in question is transmitted as OOK, or on-off keying, the RPiTX AM mode stands in for the transmitter.
You can see it in action in the video below the break. Now, have you investigated the ISM band chirps in your locality?
If you want to wirelessly communicate between devices, WiFi and Bluetooth are obvious choices. But there’s also the ISM (industrial, scientific, and medical) band that you use. There are inexpensive modules like the SX1278 that can handle this for you using LoRa modulation, but they haven’t been handy to use with an Arduino. [Jan] noticed the same thing and set out to build a shield that allowed an Arduino to communicate using LoRa. You can find the design data on GitHub. [Jan] calls it the LoRenz shield.
According to [Jan], the boards cost about $20 to $30 each to make, and most of that cost was in having PC boards shipped. LoRa lets you trade data rate for bandwidth, but typical data rates are fairly modest. As for range, that depends on a lot of factors, too, but we’ve seen ranges quoted in terms of miles.
Depending on where you live, there may be legal restrictions on how you use a radio like the SX1278. You should understand your local laws before you buy into using the ISM bands. We aren’t sure it would be wise, but the board can coexist with three other similar shields. So you could get 4 radios going on one Arduino if you had too and could manage the power, RF, and other issues involved. The breakout board the module uses has an antenna connector, so depending on your local laws, you could get a good bit of range out of one of these.
[Jan] promises a post on the library that makes it all work shortly, but you can find the code on GitHub now. If you look at the code in the examples directory, it seems pretty easy. You’d have to sling some software, but the SX1278 can support other modes in addition to LoRA including FSK and other data modulation techniques.
We’ve seen other LoRa shields, but not many. If you are interested in other wireless technologies, we’ve talked about them quite a bit. If you want a basic introduction to LoRa, [Andreas Spiess’] video below is a good place to start.
We’re all charmed with the ease of use that the ESP8266 brings to the table — plug it in and you’re talking to your existing WiFi network — but we hate the power consumption for battery-powered applications. WiFi is a power hog. And although ISM-band radio modules make point-to-point communications cheap and power-saving, getting them to talk with your computer takes an adapter.
So [Johan] combined the two radios and made a sweet ISM-radio-to-WiFi bridge. His demo application takes whatever data is sent over the ISM band and pushes it to an MQTT broker on his WiFi network. Hardware and firmware are up on GitHub.
We’ve been wanting a device like this for our home network for a while now. Kudos, [Johan] for making it so easy!
As far as entries for The Hackaday Prize go, Moteino is exceptionally interesting. It’s the only project to be used in other projects for The Hackaday Prize. The two other projects making use of the Moteino, 433MHz transceiver and Plant Friends didn’t make the cut, but [Felix]’s Moteino did.
Like many of the Internet of Things project, Moteino is a radio module and a microcontroller in an extremely convenient package. The radio is a HopeRF RFM69 operating in the 315, 433, 868 and 915MHz ISM bands. The microcontroller is everyone’s favorite – the ATMega328, but [Felix] also has a Mega version with the ATMega1284 on board. Already there are a few great examples of what the Moteino can do, including a mailbox notifier, a sump pump monitor, and a way to Internetify a water meter.
Remember that episode of Leverage (season 5, episode 3),where Alec uses Marvin to wirelessly change all the street lights green so they can catch up to an SUV? And you scoffed and said “that’s so not real!”… well actually they got it right. A new study out of the University of Michigan (PDF warning), shows just how easy it is to make your morning commute green lights all the way.
The study points out that a large portion of traffic lights in the United States communicate with each other wirelessly over the 900Mhz and 5.8Ghz ISM band with absolutely no encryption. In order to connect to the 5.8Ghz traffic signals, you simply need the SSID (which is set to broadcast) and the proper protocol. In the study the researchers used a wireless card that is not available to the public, but they do point out that with a bit of social engineering you could probably get one. Another route is the HackRF SDR, which could be used to both sniff and transmit the required protocol. Once connected to the network you will need the default username and password, which can be found on the traffic light manufacturer’s website. To gain access to the 900Mhz networks you need all of the above and a 16-bit slave ID. This can be brute forced, and as the study shows, no ID was greater than 100. Now you have full access, not to just one traffic signal, but EVERY signal connected to the network.
Once on the network you have two options. The completely open debug port in the VxWorks OS which allows you to read-modify-write any memory register. Or by sending a(n) UDP packet where the last byte encodes the button pressed on the controller’s keypad. Using the remote keypad you can freeze the current intersection state, modify the signal timing, or change the state of any light. However the hardware Malfunction Management Unit (MMU) will still detect any illegal states (conflicting green or yellow lights), and take over with the familiar 4-way red flashing. Since a technician will have to come out and manually reset the traffic signal to recover from an illegal state, you could turn every intersection on the network into a 4-way stop.
So the next time you stop at a red light, and it seems to take forever to change, keep an eye out for the hacker who just green lit their commute.