Have you ever found yourself in a crowded restaurant on a Saturday night, holding onto one of those little gadgets that blinks and vibrates when it’s your turn to be seated? Next time, bust out the HackRF and follow along with [Tony Tiger] as he shows how it can be used to easily fire them off. Of course, there won’t actually be a table ready when you triumphantly show your blinking pager to the staff; but there’s only so much an SDR can do.
Even if you aren’t looking to jump the line at your favorite dining establishment, the video that [Tony] has put together serves as an excellent practical example of using software defined radio (SDR) to examine and ultimately replicate a wireless communications protocol. The same techniques demonstrated here could be applied to any number of devices out in the wild with little to no modification. Granted these “restaurant pagers” aren’t exactly high security devices to begin with, but you’d be
horrified surprised how many other devices out there take a similarly cavalier attitude towards security.
[Tony] starts by using inspectrum to examine the Frequency-shift keying (FSK) modulation used by the 467.750 Mhz devices, and from there, uses Universal Radio Hacker to capture the actual binary data being sent over the air. Between studying the transmissions and the information he found online, he was eventually able to piece together the packet structure used by the restaurant’s base station.
Finally, he wrote a Python script which generates packets based on which pager he wants to set off. If he’s feeling particularly mischievous, he can even set them all off at once. The script outputs a binary file which is then loaded into GNU Radio for transmission via the HackRF. [Tony] says he’s not quite ready to release his script yet, but he gives enough information in the video that the intrepid hacker could probably get their own version up and running by the time he gets it posted up to GitHub anyway.
We saw some very similar techniques demonstrated at the recent WOPR Summit security conference, so once you’re done hacking the local restaurants, you can take these same lessons and apply them to the rest of the Internet of Things. If you’re wondering, it’s even easier to eavesdrop on the non-restaurant pagers.
Continue reading “Your Table Is Ready, Courtesy Of HackRF”
Before cell phones, pagers were the way to communicate on the go. At first, they were almost a status symbol. Eventually, they became the mark of someone who couldn’t or wouldn’t carry a cell phone. However, apparently, there are still some users that clutch their pagers with a death grip, including medical professionals. In an art project called HolyPager, [Brannon Dorsey] intercepted all the pager messages in a city and printed them on a few old-style roll printers. The results were a little surprising. You can check out the video below.
Almost all the pages were medical and many of them had sensitive information. From a technical standpoint, [Brannon’s] page doesn’t shed much light, but an article about the project says that it and other art projects that show the hidden world or radio waves are using our old friend the RTL-SDR dongle.
Pagers use a protocol — POCSAG — that predates our modern (and well-founded) obsession with privacy and security. That isn’t surprising although the idea that private medical data is flying through the air like this is. Decoding POCSAG isn’t hard. GNU Radio, for example, can easily handle the task.
We’ve looked at pager hacking in the past. You can even run your own pager network, but don’t blame us if you get fined.
Continue reading “Art Eavesdrops On Life And Pagers”
We love pager hacks. One of our earliest head-slappers was completely reverse-engineering a restaurant pager’s protocol, only to find out that it was industry-standard POCSAG. Doh!
[Corn] apparently scratches the same itch, but in the Netherlands where the FLEX protocol is more common. In addition to walking us through all of the details of the FLEX system, he bought a FLEX pager, gutted it, and soldered on an ATMega328 board and an ESP8266. The former does the FLEX decoding, and the latter posts whatever it hears on his local network.
These days, we’re sure that you could do the same thing with a Raspberry Pi and SDR, but we love the old-school approach of buying a pager and tapping into its signals. And it makes a better stand-alone device with a lot lower power budget. If you find yourself in possession of some old POCSAG pagers, you should check out [Corn]’s previous work: an OpenWRT router that sends pages.
[Tinkermax] has been reading about the Internet of Things and wearable computing and decided it was time for him to have a go at building a device that turned computing physical. The result is a vibrating wristband that connects his sense of touch to the Internet.
The electronics for this haptic wristband are a mix of old and new technology. The radio and microcontroller come from an ESP-8266 module that was programmed with [Mikhail Grigorev]’s unofficial SDK. The mechanics for the wrist-mounted computer consist of six pager motors mounted around the wrist. These are driven somewhat ingeniously by a TLC5917 LED driver chip. This meant the ESP would only need to use two of its GPIOs to control six motors.
Right now the software is simple enough; just a web page, a few buttons, and the ability to buzz any of the pager motors on the wrist band over the Internet. Now it’s just a question of making this wearable useful, but connecting each pager motor to different notifications – a new email, a new SMS, or some emergency on the Internet – should be pretty easy.
Continue reading “A Haptic Bracelet For Physical Computing”
[Jelmer] recently found his old pager in the middle of a move, and decided to fire it up to relive his fond memories of receiving a page. He soon discovered that the pager’s number was no longer active and the pager’s network was completely shut down. To bring his pager back to life, [Jelmer] built his own OpenWRT-based pager base station that emulates the POCSAG RF pager protocol.
[Jelmer] opened up his pager and started probing signals to determine what protocol the pager used. Soon he found the RF receiver and decoder IC which implements the POCSAG pager protocol. [Jelmer] began going through the sparse POCSAG documentation and assembled enough information to implement the protocol himself.
[Jelmer] used a HLK-RM04 WiFi router module for the brains of his build, which talks to an ATMega that controls a SI4432 RF transceiver. The router runs OpenWRT and generates POCSAG control signals that are transmitted by the SI4432 IC. [Jelmer] successfully used this setup to send control signals to several pagers he had on hand, and plans on using the setup to send customizable alerts in the future. [Jelmer] does note that operating this device may be illegal in many countries, so as always, check local frequency allocations and laws before tackling this project. Check out the video after the break where a pager is initialized by [Jelmer]’s transmitter.
Continue reading “Bringing A Legacy Pager Network Back To Life”
The 1990’s called, they want you to use modern technology to listen in on your friends’ pager messages. Seriously, how many people are still using pagers these days? We guess you can find out by building your own Software-Define Radio pager message decoder.
[Sonny_Jim] bought an RTL2832 based USB dongle to listen in on ADS-B airplane communications only to find out the hardware wasn’t capable of communicating in that bandwidth range. So he set out to find a project the hardware was suited for and ended up exploring the POCSAG protocol used by paging devices. It turns out it’s not just used for person-to-person communications. There are still many automated systems that use the technology.
Setting things up is not all that hard. Reading the comments on the project log show some folks are having dependency issues, but these sound rather banal and will be a good chance for you to brush up on your Linux-fu. Once all the packages are installed you’re simply working with text which can be displayed in a myriad of ways. [Sonny] set up a text files on the Pi’s webserver so that he can check out the latest captures from a smartphone.
This is [Lee von Kraus’] new experimental propulsion system for an underwater ROV. He developed the concept when considering how one might adapt the Bristlebot, which uses vibration to shimmy across a solid surface, for use under water.
As with its dry-land relative, this technique uses a tiny pager motor. The device is designed to vibrate when the motor spins, thanks to an off-center weight attached to the spindle. [Lee’s] first experiment was to shove the motor in a centrifuge tube and give it an underwater whirl. He could see waves emanating from the motor and travelling outward, but the thing didn’t go anywhere. What he needed were some toothbrush bristles. He started thinking about how those bristles actually work. They allow the device to move in one direction more easily than in another. The aquatic equivalent of this is an angled platform that has more drag in one direction. He grabbed a bendy straw, using the flexible portion to provide the needed surface.
Check out the demo video after the break. He hasn’t got it connected to a vessel, but there is definitely movement.
Continue reading “‘Vortex-drive’ For Underwater ROV Propulsion”