A Spectrum Analyzer For The Smart Response XE

Remember the Girl Tech IM-me? It was a hot-pink clearance rack toy that suddenly became one of the hottest commodities in the hacking world when it was discovered they could be used for all sorts of radio frequency shenanigans. Now they go for triple digits on eBay, if you can even find one. Well, we’re probably about to see the same thing happen to the Smart Response XE.

Thanks to the work of a hacker named [ea], this cheap educational gadget is finally starting to live up to the potential we saw in it back when a teardown revealed it was powered by an Arduino-compatible ATmega128RF chip. With a big screen, a decent QWERTY keyboard, and integrated wireless hardware, it seemed obvious that the Smart Response XE was poised to be the next must-have repurposed piece of kit.

Though as it turns out, [ea] isn’t using the device’s built-in wireless hardware. Step one in this exceptionally well documented and photographed project is to tack a CC1101 transceiver module to the SPI pins on the ATmega128RF. Then with the appropriate firmware loaded up, that nice big screen will show you what’s happening on the 300 MHz, 400 Mhz and 900 MHz bands.

But the fun doesn’t stop there. With the CC1101-modified Smart Response XE, there’s a whole new world of radio hacks you can pull off. As a proof of concept, [ea] has also included a POCSAG pager decoder. Granted the RTL-SDR has already made pulling pager messages out of the air pretty easy, but there’s something to be said for being able to do it on something so small and unassuming.

If you can’t tell, we’re exceptionally interested in seeing what the community can do with the Smart Response XE. At the time of this writing, the going rate on eBay for a good condition unit looks to be about $10 USD, plus the $3 or so for the CC1101 module. But the prices went through the roof when we first posted about it, so get them cheap while you still can.

[Thanks to bburky for the tip.]

FLEX Pager Protocol In Depth

We love pager hacks. One of our earliest head-slappers was completely reverse-engineering a restaurant pager’s protocol, only to find out that it was industry-standard POCSAG. Doh!

[Corn] apparently scratches the same itch, but in the Netherlands where the FLEX protocol is more common. In addition to walking us through all of the details of the FLEX system, he bought a FLEX pager, gutted it, and soldered on an ATMega328 board and an ESP8266. The former does the FLEX decoding, and the latter posts whatever it hears on his local network.

These days, we’re sure that you could do the same thing with a Raspberry Pi and SDR, but we love the old-school approach of buying a pager and tapping into its signals. And it makes a better stand-alone device with a lot lower power budget. If you find yourself in possession of some old POCSAG pagers, you should check out [Corn]’s previous work: an OpenWRT router that sends pages.

Bringing A Legacy Pager Network Back To Life

[Jelmer] recently found his old pager in the middle of a move, and decided to fire it up to relive his fond memories of receiving a page. He soon discovered that the pager’s number was no longer active and the pager’s network was completely shut down. To bring his pager back to life, [Jelmer] built his own OpenWRT-based pager base station that emulates the POCSAG RF pager protocol.

[Jelmer] opened up his pager and started probing signals to determine what protocol the pager used. Soon he found the RF receiver and decoder IC which implements the POCSAG pager protocol. [Jelmer] began going through the sparse POCSAG documentation and assembled enough information to implement the protocol himself.

[Jelmer] used a HLK-RM04 WiFi router module for the brains of his build, which talks to an ATMega that controls a SI4432 RF transceiver. The router runs OpenWRT and generates POCSAG control signals that are transmitted by the SI4432 IC. [Jelmer] successfully used this setup to send control signals to several pagers he had on hand, and plans on using the setup to send customizable alerts in the future. [Jelmer] does note that operating this device may be illegal in many countries, so as always, check local frequency allocations and laws before tackling this project. Check out the video after the break where a pager is initialized by [Jelmer]’s transmitter.

Continue reading “Bringing A Legacy Pager Network Back To Life”