Automate Your Home From The Clearance Rack

The month or so after the holidays have always been a great time to pick up some interesting gadgets on steep clearance, but with decorations and lights becoming increasingly complex over the last few years, the “Christmas Clearance” rack is an absolute must see for enterprising hackers. You might just luck out like [ModernHam] and find a couple packs of these dirt cheap wireless light controllers, which can fairly easily be hacked into the start of a home automation system with little more than the Raspberry Pi and a short length of wire.

In the video after the break, [ModernHam] walks the viewer through the start to finish process of commanding these cheap remote plugs. Starting with finding which frequencies the remotes use thanks to the FCC database and ending with using cron to schedule the transmission of control signals from the Pi, his video really is a wealth of information. Even if you don’t have this particular model of remote plug, or don’t necessarily want to setup a home automation system, there’s probably some element of this video that you could still adapt to your own projects.

The first step of the process is figuring out how the remote is communicating to the plugs. [ModernHam] noticed there was no frequency listed on the devices, but using their FCC IDs he was able to find the relevant information. In the United States, devices like these must have their FCC IDs visible (though they could be behind a battery door) by law, so the searchable database is an invaluable tool to do some basic reconnaissance on a poorly documented gadget.

An RTL-SDR receiver is then used to fine tune the information gleaned from the FCC filing. [ModernHam] found that the signals for all four of the remote plugs were being broadcast on the same frequency, which makes controlling them all the easier. Using the rtl-sdr command, he was able to capture the various signals from the transmitter and save them to separate files. Then it’s just a matter of replaying the appropriate file to get the plugs to do your bidding.

Of course, the RTL-SDR can’t transmit so you’ll have to leave your dongle behind for this last step. Luckily all you need to transmit is the rpitx package created by [F5OEO], along with a supported Raspberry Pi and a small length of wire attached to the appropriate GPIO pin. This package contains the tool sendiq which can be used to replay the raw captures made in the previous step. With some scripting, it’s fairly straightforward to automate these transmissions to control the remote plugs however you wish from the Pi.

The RTL-SDR Blog put together their own guide for “brute forcing” simple remote control devices like this as well, and we’ve even seen similar techniques used against automotive key fobs in the past. Amazing what a piece of wire and some clever code can pull off.

Continue reading “Automate Your Home From The Clearance Rack”

Lessons Learned From A 1-Day RTL-SDR Enclosure Project

[ByTechLab] needed an enclosure for his R820T2 based RTL-SDR, which sports an SMA connector. Resolving to design and 3D print one in less than a day, he learned a few things about practical design for 3D printing and shared them online along with his CAD files.

The RTL-SDR is a family of economical software defined radio receivers, and [ByTechLab]’s’ enclosure (CAD files available on GrabCAD and STL on Thingiverse) is specific to his model. However, the lessons he learned are applicable to enclosure design in general, and a few of them specifically apply to 3D printing.

He started by making a basic model of the PCB and being sure to include all large components. With that, he could model the right voids inside the enclosure to ensure a minimum of wasted space. The PCB lacks any sort of mounting holes, so the model was also useful to choose where to place some tabs to hold the PCB in place. That took care of the enclosure design, but it also pays to be mindful of the manufacturing method so as to play to its strengths. For FDM 3D printing, that means most curved shapes and rounded edges are trivial. It also means that the biggest favor you can do yourself is to design parts so that they can be printed in a stable orientation without any supports.

This may be nothing that an experienced 3D printer and modeler doesn’t already know, but everyone is a novice at some point and learning from others’ experiences can be a real timesaver. For the more experienced, we covered a somewhat more in-depth guide to practical 3D printed enclosure design.

[ByTechLab]’s desire for a custom enclosure was partly because RTL-SDR devices come in many shapes and sizes, as you can see in this review of 19 different units (of which only 14 actually worked.)

It Might Be Possible To Build A Stingray With A Raspberry Pi

If there’s one thing that’s making you insecure, it’s your smartphone. Your smartphone is constantly pinging the cell towers, giving out your location and potentially leaking your private information to anyone with a radio. This is the idea behind an IMSI catcher, or Stingray in common parlance, and now you too can build one with parts you can buy off of Amazon.

The key to this hack is a software defined radio dongle, or RTL-SDR, that has been repurposed to listen in on a GSM network. Literally the only hardware required is an RTL-SDR that can be bought online for less than fifteen dollars, and you can identify the IMSI, or unique ID linked to every SIM card, in smartphones around you. The only bit of software required is a small Python script from [Oros42], freely available on GitHub.

Of course, building an IMSI catcher with a desktop is of limited utility, and using a laptop is still a bit too bulky to surreptitiously conceal in a public location. No, to really get the bang for your buck out of this, you need to do this with a small single-board computer running off a battery pack. Luckily, [Joseph Cox] over at Motherboard reports, “It is likely possible” to run this on a Raspberry-Pi. We’re guessing it’s even more than “likely” possible.

All The Goodies You Need For Your RTL-SDR

When the RTL2832-based USB digital TV sticks were revealed to have hidden capabilities that made the  an exceptionally cheap software-defined radio receiver, it was nothing short of a game-changing moment for the home radio experimenter. The RTL might not be the best radio available, but remains a pretty good deal for only $10 from your favourite online supplier.

Having bought your RTL SDR, you will soon find yourself needing a few accessories. A decent antenna perhaps, an HF upconverter, and maybe an attenuator. To help you, [IgrikXD] has come up with a repository containing open-source implementations of all those projects and more. There’s an HF upconverter handily in both SMD and through-hole versions, as well as a wideband active antenna. A resonant antenna for a single band will always out-perfom a wideband device if your interest lies on only one frequency, but when your receiver has such a wide range as that of the RTL it’s irresistible to look further afield so the wideband antenna is a useful choice.

The RTL SDR is a device that just keeps on giving, and has featured innumerable times here since since its first appearance a few years ago. Whether you are into passive radar or using it to decode data from RF-equipped devices it’s the unit of choice, though we rather like it as a piece of inexpensive test equipment.

Via Hacker News.

Header image: Joeceads [CC BY-SA 4.0].

RTL-SDR Paves Way To Alexa Controlled Blinds

You’d be forgiven for occasionally looking at a project, especially one that involves reverse engineering an unknown communication protocol, and thinking it might be out of your league. We’ve all been there. But as more and more of the devices that we use are becoming wireless black boxes, we’re all going to have to get a bit more comfortable with jumping into the deep end from time to time. Luckily, there are no shortage of success stories out there that we can look at for inspiration.

A case in point are the wireless blinds that [Stuart Hinson] decided would be a lot more useful if he could control them with his Amazon Alexa. There’s plenty of documentation on how to get Alexa to do your bidding, so he wasn’t worried about that. The tricky part was commanding the wireless blinds, as all he had to go on was the frequency printed on the back of the remote.

Luckily, in the era of cheap RTL-SDR devices, that’s often all you need. [Stuart] plugged in his receiver and fired up the incredibly handy Universal Radio Hacker. Since he knew the frequency, it was just a matter of tuning in and hitting the button on the remote a couple times to get a good capture. The software then broke it down to the binary sequence the remote was sending out.

Now here’s where [Stuart] lucked out. The manufacturers took the easy way out and didn’t include any sort of security features, or even bother with acknowledging that the signal had been received. All he needed to do was parrot out the binary sequence with a standard 433MHz transmitter hooked up to an ESP8266, and the blinds took the bait. This does mean that anyone close enough can take control of these particular blinds, but that’s a story for another time.

We took a look at the Universal Radio Hacker a year or so back, and it’s good to see it picking up steam. We’ve also covered the ins and outs of creating your own Alexa skills, if you want to get a jump on that side of the project.

Direction Finding And Passive Radar With RTL-SDR

To say that the RTL-SDR project revolutionized hacker’s capabilities in the RF spectrum would be something of an understatement. It used to be that the bar, in terms of both knowledge and hardware, was so high that only those truly dedicated were able to explore the radio spectrum. But today anyone with $20 can pick up an RTL-SDR device, combine it with a wide array of open source software, and gain access to a previously invisible world.

That being said, RTL-SDR is usually considered an “Economy Ticket” to the world of RF. It gets your foot in the door, but experienced RF hackers are quick to point out you’ll need higher-end hardware if you want to start doing more complex experiments. But the KerberosSDR may soon change the perception of RTL-SDR derived hardware. Combining four R820T2 SDRs on a custom designed board, it allows for low-cost access to high concept technologies such as radio direction finding, passive radar, and beam forming. If you get bored with that, you can always just use it as you would four separate RTL-SDR dongles, perfect for applications that require monitoring multiple frequencies such as receiving trunked radio.

KerberosSDR (which was previously known as HydraSDR) is a collaborative effort between the Othernet engineering team and the folks over at RTL-SDR.com, who earlier in the year put out a call for an experienced developer to come onboard specifically for this project. Tamás Peto, a PhD student at Budapest University of Technology and Economics, answered the call and has put together a system which the team plans on releasing as open source so the whole community can benefit from it. In the videos after the break, you can see demonstrations of the direction finding and passive radar capabilities using an in-development version of KerberosSDR.

As for the hardware, it’s a combination of the RTL-SDR radios with an onboard GPIO-controlled wide band noise source for calibration, as well as an integrated USB hub so it only takes up one port. Everything is wrapped up in a shielded metal enclosure, and the team is currently experimenting with a header on the KerberosSDR PCB that would let you plug it directly into a Raspberry Pi or Tinkerboard.

The team hopes to start final hardware production within the next few months, and in the meantime has set up a mailing list so interested parties can stay in the loop and be informed when preorders start.

If you can’t wait until then, we’ve got a detailed write-up on DIY experiments with passive radar using RTL-SDR hardware, and you can always use your browser if you want to get your radio direction finding fix.

Continue reading “Direction Finding And Passive Radar With RTL-SDR”

Old Laptop? Mobile X86 Game System!

Between smartphones and tablets, computing is becoming increasingly mobile in nature. It used to be that everyone had a desktop computer, then laptops became the norm, and now many people don’t have anything beyond their mobile device. Unless you’re the kind of person who actually needs the power and versatility offered by a “real” computer, mobile devices are simply a more convenient option to browse the web and consume content.

But what if your needs are somewhere in the middle? You want an x86 computer and full operating system, but you also want something that’s more mobile than a tablet? If you’re like [mnt], you take an old Atom laptop that’s on its last legs and rebuild it as the Hacktop.

[mnt] describes the Hacktop as an “Emergency Gaming/Hacking Station”, and says he uses it everywhere he goes. Inspired by his Nintendo DSi, gaming controls are front-and-center on the Hacktop and he uses the machine to play everything from Half-Life to classic emulators.

But the Hacktop is capable of more than just playing Amiga games. The hand-soldered QWERTZ keyboard can be used with his thumbs, and the D-Pad doubles as the cursor keys. There’s a laptop touch pad on the back of the case, and the ten-inch LCD display is a touch screen as well. Definitely no shortage of input devices on this thing. It’s also packing some interesting special features, such as integrated RTL-SDR and LIRC hardware for mobile exploration and experimentation. [mnt] says the nine-cell battery should keep it alive and kicking for twelve hours or so, but it of course depends on what kind of stuff he gets into while out and about.

Hackers have been building their own mobile devices for a long time, and we’re always struck by the creative approaches individuals take compared to the rather cookie-cutter world of mobile consumer technology.