We are fortunate to live in an age surrounded by means of easy communication, and like never before we can have friends on the other side of the world as well as just down the road. But as many readers will know, this ease of communication comes at a price of sharing public and commercial infrastructure. To communicate with privacy and entirely off-grid remains an elusive prize, but it’s one pursued by Scott Powell with his LoRa QWERTY Messenger. This is a simple pager device that forms a LoRa mesh network with its peers, and passes encrypted messages to those in the same group.
At its heart is a LoRa ESP32 module with a small OLED display and a Blackberry QWERTY keyboard, and an SD card slot. The device’s identity is contained on an SD card, which gives ease of reconfiguration. It’s doubly useful, because it is also a complement to his already existing Ripple LoRa communication project, that uses a smartphone as the front end for a similar board.
I have a problem. If I go to a swap meet , or even a particularly well stocked yard sale, I feel compelled to buy something. Especially if that something happens to be an oddball piece of electronics. While on the whole I’m a man of few vices, I simply can’t walk away from a good deal; doubly so if it has a bunch of buttons, LEDs, and antennas on it.
Which is exactly how I came into the possession of a Catel CPT300 restaurant paging system for just $20 a few months ago. I do not, as you may have guessed, operate a restaurant. In fact, as many of my meals take the form of military rations eaten in front of my computer, I’m about as far away from a restaurateur as is humanly possible. But I was so enamored with the rows of little plastic pagers neatly lined up in their combination charging dock and base station that I had to have it.
The man selling it swore the system worked perfectly. Even more so after he plugged it in and it didn’t do anything. But appearances can be deceiving, and his assurance that all the pagers needed was a good charge before they’d burst back to life seemed reasonable enough to me. Of course, it hardly mattered. The regular Hackaday reader at this point knows the fate of the CPT300 was to be the same whether or not it worked.
Incidentally, those cute little pagers would not burst back to life with a good charge. They may well have burst into something, but we’ll get to that in a moment. For now, let’s take a look at a gadget that most of us have used at one time or another, but few have had the opportunity to dissect.
Have you ever found yourself in a crowded restaurant on a Saturday night, holding onto one of those little gadgets that blinks and vibrates when it’s your turn to be seated? Next time, bust out the HackRF and follow along with [Tony Tiger] as he shows how it can be used to easily fire them off. Of course, there won’t actually be a table ready when you triumphantly show your blinking pager to the staff; but there’s only so much an SDR can do.
Even if you aren’t looking to jump the line at your favorite dining establishment, the video that [Tony] has put together serves as an excellent practical example of using software defined radio (SDR) to examine and ultimately replicate a wireless communications protocol. The same techniques demonstrated here could be applied to any number of devices out in the wild with little to no modification. Granted these “restaurant pagers” aren’t exactly high security devices to begin with, but you’d be horrified surprised how many other devices out there take a similarly cavalier attitude towards security.
[Tony] starts by using inspectrum to examine the Frequency-shift keying (FSK) modulation used by the 467.750 Mhz devices, and from there, uses Universal Radio Hacker to capture the actual binary data being sent over the air. Between studying the transmissions and the information he found online, he was eventually able to piece together the packet structure used by the restaurant’s base station.
Finally, he wrote a Python script which generates packets based on which pager he wants to set off. If he’s feeling particularly mischievous, he can even set them all off at once. The script outputs a binary file which is then loaded into GNU Radio for transmission via the HackRF. [Tony] says he’s not quite ready to release his script yet, but he gives enough information in the video that the intrepid hacker could probably get their own version up and running by the time he gets it posted up to GitHub anyway.
Before cell phones, pagers were the way to communicate on the go. At first, they were almost a status symbol. Eventually, they became the mark of someone who couldn’t or wouldn’t carry a cell phone. However, apparently, there are still some users that clutch their pagers with a death grip, including medical professionals. In an art project called HolyPager, [Brannon Dorsey] intercepted all the pager messages in a city and printed them on a few old-style roll printers. The results were a little surprising. You can check out the video below.
Almost all the pages were medical and many of them had sensitive information. From a technical standpoint, [Brannon’s] page doesn’t shed much light, but an article about the project says that it and other art projects that show the hidden world or radio waves are using our old friend the RTL-SDR dongle.
Pagers use a protocol — POCSAG — that predates our modern (and well-founded) obsession with privacy and security. That isn’t surprising although the idea that private medical data is flying through the air like this is. Decoding POCSAG isn’t hard. GNU Radio, for example, can easily handle the task.
These days, we’re sure that you could do the same thing with a Raspberry Pi and SDR, but we love the old-school approach of buying a pager and tapping into its signals. And it makes a better stand-alone device with a lot lower power budget. If you find yourself in possession of some old POCSAG pagers, you should check out [Corn]’s previous work: an OpenWRT router that sends pages.
[Tinkermax] has been reading about the Internet of Things and wearable computing and decided it was time for him to have a go at building a device that turned computing physical. The result is a vibrating wristband that connects his sense of touch to the Internet.
The electronics for this haptic wristband are a mix of old and new technology. The radio and microcontroller come from an ESP-8266 module that was programmed with [Mikhail Grigorev]’s unofficial SDK. The mechanics for the wrist-mounted computer consist of six pager motors mounted around the wrist. These are driven somewhat ingeniously by a TLC5917 LED driver chip. This meant the ESP would only need to use two of its GPIOs to control six motors.
Right now the software is simple enough; just a web page, a few buttons, and the ability to buzz any of the pager motors on the wrist band over the Internet. Now it’s just a question of making this wearable useful, but connecting each pager motor to different notifications – a new email, a new SMS, or some emergency on the Internet – should be pretty easy.
[Jelmer] recently found his old pager in the middle of a move, and decided to fire it up to relive his fond memories of receiving a page. He soon discovered that the pager’s number was no longer active and the pager’s network was completely shut down. To bring his pager back to life, [Jelmer] built his own OpenWRT-based pager base station that emulates the POCSAG RF pager protocol.
[Jelmer] opened up his pager and started probing signals to determine what protocol the pager used. Soon he found the RF receiver and decoder IC which implements the POCSAG pager protocol. [Jelmer] began going through the sparse POCSAG documentation and assembled enough information to implement the protocol himself.
[Jelmer] used a HLK-RM04 WiFi router module for the brains of his build, which talks to an ATMega that controls a SI4432 RF transceiver. The router runs OpenWRT and generates POCSAG control signals that are transmitted by the SI4432 IC. [Jelmer] successfully used this setup to send control signals to several pagers he had on hand, and plans on using the setup to send customizable alerts in the future. [Jelmer] does note that operating this device may be illegal in many countries, so as always, check local frequency allocations and laws before tackling this project. Check out the video after the break where a pager is initialized by [Jelmer]’s transmitter.