Building A New RF Remote From Scratch

We’ve seen no shortage of projects that use the ESP8266 or ESP32 to add “smart” features to existing home appliances, often by pairing the microcontroller with a radio or IR transmitter. If your device has an existing remote, integrating it into a custom home automation system is often just a matter of getting a few cheap modular components and writing some simple code to glue it all together.

But what if the appliance you want to control doesn’t use a common frequency? That’s a question that [eigma] recently had to answer after finding the remote control for the bedroom ceiling fan was operating at a somewhat unusual 304 MHz. Something like the MAX1472 could probably have been tuned to this frequency, but the chip doesn’t seem to be available in a turn-key module as the popular 315 MHz transmitters are.

There were a few possible options, including using a software defined radio (SDR), but [eigma] didn’t want to spend a fortune on this project or wait months for parts to get shipped from overseas. The most straightforward solution was to design a custom transmitter tuned to the proper frequency using discrete components; something of a dark art to those of us who’ve been spoiled by the high availability of modular components.

What follows is an fascinating look at the design, testing, and troubleshooting of a truly scratch-built transmitter. You won’t find any ICs here, the carrier signal is generated with just a transistor, some carefully measured pieces of wire, and a handful of passive components. By modulating the signal with an ESP32, [eigma] successfully makes the oddball ceiling fan an honorary member of the Internet of Things.

The write-up that [eigma] has done is an absolutely invaluable resource if you ever find yourself in need of rolling a bespoke transmitter. It easily ranks among some of the most informative radio reverse engineering work we’ve covered, and you’d be wise to file this one away for future reference. That said, most of the newer hardware you’re going to run into will probably be utilizing a widely-supported frequency like 433 MHz.

34C3: Microphone Bugs

Inspiration can come from many places. When [Veronica Valeros] and [Sebastian Garcia] from the MatesLab Hackerspace in Argentina learned that it took [Ai Weiwei] four years to discover his home had been bugged, they decided to have a closer look into some standard audio surveillance devices. Feeling there’s a shortage of research on the subject inside the community, they took matters in their own hands, and presented the outcome in their Spy vs. Spy: A modern study of microphone bugs operation and detection talk at 34C3. You can find the slides here, and their white paper here.

Focusing their research primarily on FM radio transmitter devices, [Veronica] and [Sebastian] start off with some historical examples, and the development of such devices — nowadays available off-the-shelf for little money. While these devices may be shrugged off as a relic of Soviet era spy fiction and tools of analog times, the easy availability and usage still keeps them relevant today. They conclude their research with a game of Hide and Seek as real life experiment, using regular store-bought transmitters.

An undertaking like this would not be complete without the RTL-SDR dongle, so [Sebastian] developed the Salamandra Spy Microphone Detection Tool as alternative for ready-made detection devices. Using the dongle’s power levels, Salamandra detects and locates the presence of potential transmitters, keeping track of all findings. If you’re interested in some of the earliest and most technologically fascinating covert listening devices, there is no better example than Theremin’s bug.

Continue reading “34C3: Microphone Bugs”

Preparing Your Product For The FCC

At some point you’ve decided that you’re going to sell your wireless product (or any product with a clock that operates above 8kHz) in the United States. Good luck! You’re going to have to go through the FCC to get listed on the FCC OET EAS (Office of Engineering and Technology, Equipment Authorization System). Well… maybe.

As with everything FCC related, it’s very complicated, there are TLAs and confusing terms everywhere, and it will take you a lot longer than you’d like to figure out what it means for you. Whether you suffer through this, breeze by without a hitch, or never plan to subject yourself to this process, the FCC dance is an entertaining story so let’s dive in!

Continue reading “Preparing Your Product For The FCC”

Morse Code RF Transmitter From A Micro’s Clock Output

If you’re looking for a simple way to make an RF transmitter, check out [Tomasz]’s Morse code transmitter. His design uses nothing more than a microcontroller and a 16MHz crystal to transmit CW Morse code on 96MHz. We’ve seen some similar designs that work at lower frequencies, but transmitting up at 96MHz is pretty impressive.

[Tomasz] used an STM32L microcontroller for this project, which isn’t specced to run up at the high frequencies he wanted to transmit at. To get around this, [Tomasz] wired a 16Mhz oscillator up to microcontroller’s clock input. The clock input is run into the micro’s PLL which is capable of generating high frequencies. He mentions that you can use the internal oscillator instead of a crystal, but it has a ton of phase noise and splatters all over the spectrum.

[Tomasz] chose to start transmitting at 96MHz, which can be picked up by a standard FM radio. To generate this frequency, he set the PLL to multiply the 16MHz crystal up to 192MHz followed by a clock divide of 2 which brings it down to 96MHz. The microcontroller’s CPU runs on the 16MHz crystal input before it goes into the PLL. Next [Tomasz] enabled the MCO clock output pin which routes the 96MHz signal to the outside world.

Transmitting CW is pretty simple; it just involves turning a fixed-frequency transmitter on and off. [Tomasz] wrote a function that enables and disables the MCO output pin. This has the effect of keying any Morse code string you throw at it. Check out the video after the break to see the transmitter in action.

Continue reading “Morse Code RF Transmitter From A Micro’s Clock Output”

Bringing A Legacy Pager Network Back To Life

[Jelmer] recently found his old pager in the middle of a move, and decided to fire it up to relive his fond memories of receiving a page. He soon discovered that the pager’s number was no longer active and the pager’s network was completely shut down. To bring his pager back to life, [Jelmer] built his own OpenWRT-based pager base station that emulates the POCSAG RF pager protocol.

[Jelmer] opened up his pager and started probing signals to determine what protocol the pager used. Soon he found the RF receiver and decoder IC which implements the POCSAG pager protocol. [Jelmer] began going through the sparse POCSAG documentation and assembled enough information to implement the protocol himself.

[Jelmer] used a HLK-RM04 WiFi router module for the brains of his build, which talks to an ATMega that controls a SI4432 RF transceiver. The router runs OpenWRT and generates POCSAG control signals that are transmitted by the SI4432 IC. [Jelmer] successfully used this setup to send control signals to several pagers he had on hand, and plans on using the setup to send customizable alerts in the future. [Jelmer] does note that operating this device may be illegal in many countries, so as always, check local frequency allocations and laws before tackling this project. Check out the video after the break where a pager is initialized by [Jelmer]’s transmitter.

Continue reading “Bringing A Legacy Pager Network Back To Life”

How To: Hack Your Way Into Your Own Gated Community

RF Signal Decryption and Emulation

Does your Gated Community make you feel secure due to the remote-controlled gate keeping the riffraff out? Residents of such Gated Communities in Poland are now shaking in fear since [Tomasz] has hacked into his own neighborhood by emulating the signal that opens the entrance gate. Shockingly, this only took about 4 hours from start to finish and only about $20 in parts.

Most of these type of systems use RF communication and [Tomasz’s] is no difference. The first step was to record the signal sent out by his remote. A USB Software Defined Radio transmitter/receiver coupled with a program called SDR# read and recorded the signal without a hitch. [Tomasz] was expecting a serialized communication but after recording and analyzing the signal from several people entering the community it became clear that there was only one code transmitted by everyone’s remote.

Now that he knows the code, [Tomasz] has to figure out a way to send that signal to the receiver. He has done this by making an RF transmitter from just a handful of parts, the meat and potatoes being a Colpitts oscillator and a power amplifier. This simple transmitter is connected to a DISCOVERY board that is responsible for the modulation tasks. [Tomasz] was nice enough to make his code available on his site for anyone that is interested in stopping by for a visit.

Hackaday Links: December 29, 2013

hackaday-links-chainThere are a ton of cheap RF transceiver boards available. [Martin] recently took a look at several of the most common ones and reports back on what you want to look for when acquiring wireless hardware for your projects.

Ikea picture frame plus old laptop equals a roll-your-own digital picture frame which [Victor] built. It runs Ubuntu and is more powerful and extensible than anything you could purchase outright.

Our friend [HowToLou] sure loves the FlowRider. So much so that he’s trying to figure out how to make them less expensive to operate. He put together an example of how he thinks a standing wave can be created that follows the rider as they move along the surfing area.

[Garrett] released an Arduino library that offers threading, debugging, and error handling. The usertools package can be downloaded from his Github repository.

There’s only one way to gauge your Christmas cheer — hook yourself up to the XMeter built by [Geoff]. He’s the same guy who built a breathalyzer a couple of years back. It flashes images of holiday activities on a television while measuring galvanic response using a couple of DIY probes.

And finally, play around with a virtual x86 system. [Fabian Hemmer] wrote the incredibly full-featured virtual machine in JavaScript. You can get your hands on the code via his GitHub repo. [Thanks Martin]