You’d be forgiven for occasionally looking at a project, especially one that involves reverse engineering an unknown communication protocol, and thinking it might be out of your league. We’ve all been there. But as more and more of the devices that we use are becoming wireless black boxes, we’re all going to have to get a bit more comfortable with jumping into the deep end from time to time. Luckily, there are no shortage of success stories out there that we can look at for inspiration.
A case in point are the wireless blinds that [Stuart Hinson] decided would be a lot more useful if he could control them with his Amazon Alexa. There’s plenty of documentation on how to get Alexa to do your bidding, so he wasn’t worried about that. The tricky part was commanding the wireless blinds, as all he had to go on was the frequency printed on the back of the remote.
Luckily, in the era of cheap RTL-SDR devices, that’s often all you need. [Stuart] plugged in his receiver and fired up the incredibly handy Universal Radio Hacker. Since he knew the frequency, it was just a matter of tuning in and hitting the button on the remote a couple times to get a good capture. The software then broke it down to the binary sequence the remote was sending out.
Now here’s where [Stuart] lucked out. The manufacturers took the easy way out and didn’t include any sort of security features, or even bother with acknowledging that the signal had been received. All he needed to do was parrot out the binary sequence with a standard 433MHz transmitter hooked up to an ESP8266, and the blinds took the bait. This does mean that anyone close enough can take control of these particular blinds, but that’s a story for another time.
We took a look at the Universal Radio Hacker a year or so back, and it’s good to see it picking up steam. We’ve also covered the ins and outs of creating your own Alexa skills, if you want to get a jump on that side of the project.
To say that the RTL-SDR project revolutionized hacker’s capabilities in the RF spectrum would be something of an understatement. It used to be that the bar, in terms of both knowledge and hardware, was so high that only those truly dedicated were able to explore the radio spectrum. But today anyone with $20 can pick up an RTL-SDR device, combine it with a wide array of open source software, and gain access to a previously invisible world.
That being said, RTL-SDR is usually considered an “Economy Ticket” to the world of RF. It gets your foot in the door, but experienced RF hackers are quick to point out you’ll need higher-end hardware if you want to start doing more complex experiments. But the KerberosSDR may soon change the perception of RTL-SDR derived hardware. Combining four R820T2 SDRs on a custom designed board, it allows for low-cost access to high concept technologies such as radio direction finding, passive radar, and beam forming. If you get bored with that, you can always just use it as you would four separate RTL-SDR dongles, perfect for applications that require monitoring multiple frequencies such as receiving trunked radio.
KerberosSDR (which was previously known as HydraSDR) is a collaborative effort between the Othernet engineering team and the folks over at RTL-SDR.com, who earlier in the year put out a call for an experienced developer to come onboard specifically for this project. Tamás Peto, a PhD student at Budapest University of Technology and Economics, answered the call and has put together a system which the team plans on releasing as open source so the whole community can benefit from it. In the videos after the break, you can see demonstrations of the direction finding and passive radar capabilities using an in-development version of KerberosSDR.
As for the hardware, it’s a combination of the RTL-SDR radios with an onboard GPIO-controlled wide band noise source for calibration, as well as an integrated USB hub so it only takes up one port. Everything is wrapped up in a shielded metal enclosure, and the team is currently experimenting with a header on the KerberosSDR PCB that would let you plug it directly into a Raspberry Pi or Tinkerboard.
The team hopes to start final hardware production within the next few months, and in the meantime has set up a mailing list so interested parties can stay in the loop and be informed when preorders start.
If you can’t wait until then, we’ve got a detailed write-up on DIY experiments with passive radar using RTL-SDR hardware, and you can always use your browser if you want to get your radio direction finding fix.
Continue reading “Direction Finding And Passive Radar With RTL-SDR”
Between smartphones and tablets, computing is becoming increasingly mobile in nature. It used to be that everyone had a desktop computer, then laptops became the norm, and now many people don’t have anything beyond their mobile device. Unless you’re the kind of person who actually needs the power and versatility offered by a “real” computer, mobile devices are simply a more convenient option to browse the web and consume content.
But what if your needs are somewhere in the middle? You want an x86 computer and full operating system, but you also want something that’s more mobile than a tablet? If you’re like [mnt], you take an old Atom laptop that’s on its last legs and rebuild it as the Hacktop.
[mnt] describes the Hacktop as an “Emergency Gaming/Hacking Station”, and says he uses it everywhere he goes. Inspired by his Nintendo DSi, gaming controls are front-and-center on the Hacktop and he uses the machine to play everything from Half-Life to classic emulators.
But the Hacktop is capable of more than just playing Amiga games. The hand-soldered QWERTZ keyboard can be used with his thumbs, and the D-Pad doubles as the cursor keys. There’s a laptop touch pad on the back of the case, and the ten-inch LCD display is a touch screen as well. Definitely no shortage of input devices on this thing. It’s also packing some interesting special features, such as integrated RTL-SDR and LIRC hardware for mobile exploration and experimentation. [mnt] says the nine-cell battery should keep it alive and kicking for twelve hours or so, but it of course depends on what kind of stuff he gets into while out and about.
Hackers have been building their own mobile devices for a long time, and we’re always struck by the creative approaches individuals take compared to the rather cookie-cutter world of mobile consumer technology.
When it comes to radio frequency oscillators, crystal controlled is the way to go when you want frequency precision. But not every slab of quartz in a tiny silver case is created equal, so crystals need to be characterized before using them. That’s generally a job for an oscilloscope, but if you’re clever, an SDR dongle can make a dandy crystal checker too.
The back story on [OM0ET]’s little hack is interesting, and one we hope to follow up on. The Slovakian ham is building what looks to be a pretty sophisticated homebrew single-sideband transceiver for the HF bands. Needed for such a rig are good intermediate frequency (IF) filters, which require matched sets of crystals. He wanted a quick and easy way to go through his collection of crystals and get a precise reading of the resonant frequency, so he turned to his cheap little RTL-SDR dongle. Plugged into a PC with SDRSharp running, the dongle’s antenna input is connected to the output of a simple one-transistor crystal oscillator. No schematics are given, but a look at the layout in the video below suggests it’s just a Colpitts oscillator. With the crystal under test plugged in, the oscillator produces a huge spike on the SDRSharp spectrum analyzer display, and [OM0ET] can quickly determine the center frequency. We’d suggest an attenuator to change the clipped plateau into a sharper peak, but other than that it worked like a charm, and he even found a few dud crystals with it.
Fascinated by the electromechanics of quartz crystals? We are too, which is why [Jenny]’s crystal oscillator primer is a good first stop for the curious.
Continue reading “Classifying Crystals With An SDR Dongle”
[Simon Aubury] owns a cat. Or perhaps it is the other way around, we can never really tell. One morning around 6AM, the cat — we don’t know its name — heard a low-flying aircraft and to signal its displeasure at the event, decided to jump onto [Simon’s] face as he slept. Thanks to the well-known mind control abilities of cats, [Simon] decided he had to know what plane was causing this scenario to recur. So he did what any of us what do. He used a Raspberry Pi and a software defined radio dongle to decode the ADS-B signals coming from nearby aircraft.
Picking up the signals and capturing them is easy thanks to the wide availability of USB radios and a program called Dump1090. However, the data is somewhat jumbled and not in a cat-friendly format. [Simon] turned to Apache Kafka — a tool for building real-time data pipelines — to process the data.
Continue reading “Cat Compels Raspberry Pi Flight Tracker”
CubeSats are tiny satellites which tag along as secondary payloads during launches. They have to weigh in at under 1.33 kg, and are often built at low cost. There’s even open source designs for these little spacecrafts. Over 800 CubeSats have been launched over the last few years, with many more launches scheduled in the near future.
[Thomas Cholakov] coupled a homemade cloverleaf antenna to a software-defined radio to track some of these satellites. The antenna is built out of copper-clad wire cut to the correct length to receive 437 MHz signals. Four loops are connected together and terminated to an RF connector.
This homebrew antenna is connected into a RTL-SDR dongle. The dongle picks up the beacon signals sent by the satellites and provides the data to a PC. Due to the motion of the satellites, their beacons can be easily identified by the Doppler shift of the frequency.
[Thomas] uses SDR Console to receive data from the satellites. While the demo only shows basic receiving, much more information on decoding these satellites can be found on the SDR Satellites website.
This looks like a fun weekend project, and probably the cheapest aerospace related project possible. After the break, watch the full video explaining how to build and set up the antenna and dongle.
Continue reading “Tracking CubeSats for $25”
The history of consumer electronics is littered with devices that are relatively uninteresting at first, but become spectacular platforms for hardware exploitation once a few select people figure out how everything ticks. The Linksys WRT54G was just a router until someone figured out how to put a complete Linux system on them. Those RTL-SDR dongles were just for capturing over the air TV until someone realized they were actually a software-defined radio. The CueCat was just dot-com boom marketing garbage until… well, we picked up a lot of CueCats regardless.
Now there’s a new device sitting on the shelves at Walmart just waiting for some Linux hackers to have a go. It’s the Tzumi MagicTV, a device that allows you to watch over-the-air television on your phone. What’s inside? It’s a WiFi router, an RTL-SDR, and a battery pack in one tiny package. The best part? It costs $13, and apparently Walmart is just blowing them out.
Right now, there aren’t too many details on what’s going on inside the Tzumi MagicTV box, however, the discussion over on the RTLSDR subreddit has revealed enough to give us a good idea of what’s going on. The router inside the MagicTV is a TP-Link TL-WR703N, the exact same WiFi router that took the WRT54G’s place as the king of hackable routers a few years ago. The SDR chip is the same as the Astrometa DVB-T2, one of the common TV tuners on-a-stick. Other than that, there are TX and RX pins on the board, SSH is open, no one knows the password, but as of this writing, a few people are putting John the Ripper to work trying to break into this box.
What is the end goal of cracking this Linux box wide open? Well, it’s a WiFi router and an SDR, so if you want to make your own Flightaware ADS-B logger, that could be on the table. Of course, you could actually use it for its intended purpose and pull down over-the-air TV to your local network, but that seems so pedestrian after getting root on a $13 box from Walmart.
Thanks [Adam] for the tip!