Hackaday Links: February 6, 2022

February 6, 2022 by Dan Maloney 41 Comments

Last week, the news was filled with stories of Jack Sweeney and his Twitter-bot that tracks the comings and goings of various billionaires in their private jets. This caught the attention of the billionaire-iest of them all, one Elon Musk, who took exception to the 19-year-old’s feat of data integration, which draws from a number of public databases to infer the location of Elon’s plane. After Jack wisely laughed off Elon’s measly offer of $5,000 to take the bot down, Elon ghosted him — pretty childish behavior for the richest man on the planet, we have to say. But Jack might just have the last laugh, as an Orlando-based private jet chartering company has now offered him a job. Seems like his Twitter-bot and the resulting kerfuffle is a real resume builder, so job-seekers should take note.

Here’s hoping that you have a better retirement plan than NASA. The space agency announced its end-of-life plans for the International Space Station this week, the details of which will just be a run-up to the 2031 de-orbit and crash landing of any remaining debris into the lonely waters of Point Nemo. The agency apparently sees the increasingly political handwriting on the ISS’s aging and sometimes perforated walls, and acknowledges that the next phase of LEO space research will be carried out by a fleet of commercial space stations, none of which is close to existing yet. Politics aside, we’d love to dig into the technical details of the plan, and see exactly what will be salvaged from the station before its fiery demise, if anything. The exact method of de-orbiting too would be interesting — seems like the station would need quite a bit of thrust to put on the brakes, and might need the help of a sacrificial spacecraft.

“You break it, you fix it,” is a philosophy that we Hackaday types are probably more comfortable with than the general public, who tend to leave repairs of broken gear to professionals. But that philosophy seems to be at the core of Google’s new Chromebook repair program for schools, which encourages students to fix the Chromebooks they’re breaking in record numbers these days. Google is providing guidance for schools on setting up complete Chromebook repair facilities, including physical layout of the shop, organization of workflows, and complete repair information for at least a couple of popular brands of the stripped-down laptops. Although the repairs are limited to module-level stuff, like swapping power supplies, we still love the sound of this. Here’s hoping that something like this can trigger an interest in electronics for students that would otherwise never think to open up something as complicated as a laptop.

Back in July, we took note of a disturbing report of an RTL-SDR enthusiast in Crimea who was arrested for treason, apparently based on his interest in tracking flights and otherwise monitoring the radio spectrum. Now, as things appear to be heating up in Ukraine again, our friends at RTL-SDR.com are renewing their warning to radio enthusiasts in the area that there may still be risks. Then as now, we have little interest in the politics of all this, but in light of the previous arrest, we’d say it pays to be careful with how some hobbies are perceived.

And finally, aside from the aforementioned flight-tracking dustup, it’s been a tough week for Elon and Tesla. Not only have 817,000 of the expensive electric vehicles been recalled over something as simple as a wonky seatbelt chime, but another 54,000 cars are also being recalled for a software bug that causes them to ignore stop signs in “Full Self-Driving” mode. We’re not sure if this video of this Tesla hell-ride has anything to do with that bug, but it sure illustrates the point that FSD isn’t really ready for prime time. Then again, as a former Boston resident, we can pretty safely say that what that Tesla was doing isn’t really that much different than the meat-based drivers there.

SDR Toolkit Bends Weather Station To Hacker’s Whims

December 17, 2021 by Tom Nardi 9 Comments

We probably don’t have to tell most Hackaday readers why the current wave of low-cost software defined radios (SDRs) are such a big deal for hackers looking to explore the wide world of wireless signals. But if you do need a refresher as to what kind of SDR hardware and software should be in your bag of tricks, then this fantastically detailed account from [RK] about how he hacked his La Crosse WS-9611U-IT weather station is a perfect example.

Looking to brush up his radio hacking skills, [RK] set out to use the ADALM-PLUTO software defined radio from Analog Devices to intercept signals between the La Crosse base station and its assorted wireless sensors. He notes that a $20 USD RTL-SDR dongle could do just as well if you only wanted to receive, but since his ultimate goal was to spoof a temperature sensor and introduce spurious data into the system, he needed an SDR that had transmit capabilities.

No matter your hardware, Universal Radio Hacker (URH) is the software that’s going to be doing the heavy lifting. In his write-up, [RK] walks the reader through every step required to find, capture, and eventually decode the transmissions coming from a TX29U wireless temperature sensor. While the specifics will naturally change a bit depending on the device you’re personally looking to listen in on, the general workflow is going to be more or less the same.

In the end, [RK] is not only able to receive the data coming from the wireless sensors, but he can transmit his own spoofed data that the weather station accepts as legitimate. Getting there took some extra effort, as he had to figure out the proper CRC algorithm being used. But as luck would have it, he found a Hackaday article from a couple years back that talked about doing exactly that, which help put him on the right path. Now he can make the little animated guy on the weather station’s screen don a winter coat in the middle of July. Check out the video below for a demonstration of this particular piece of radio prestidigitation.

Continue reading “SDR Toolkit Bends Weather Station To Hacker’s Whims” →

More Software-Defined Radio Projects Using DragonOS

November 3, 2021 by Bryan Cockfield 14 Comments

DragonOS, a Debian-based Linux distribution specifically packaged for software-defined radio functionality, roared onto the wavelengths during the beginnings of the various pandemic lockdowns last year. Since then [Aaron], the creator of the OS, has been busy adding features to the distribution as well as creating plenty of videos which show off its capabilities and also function as how-tos for people who might want to learn about software-defined radio. The latest is a video about using this software to detect radio signals in certain specified spectrums.

This build uses two RTL-SDR devices paired with the DragonOS software suite to automatically detect active frequencies within a specified frequency range and that aslo exceed a threshold measured above the average noise floor. The video includes the setup of the software and its use in detecting these signals, but also includes setup of influxdb and Grafana which provide logging capabilities as well. Using this setup, multiple receivers either local or over the internet can then be configured to dump all the identified frequencies, powers, and time stamps into DragonOS.

[Aaron] has also been helping developers to build the SDR4space.lite application which includes GPS support, so he hopes that in a future video a user will be able to easily associate location to identified frequencies. Projects like these also serve as a reminder that getting into software-defined radio is as easy as buying a $10 USB radio receiver and configuring some free software to do anything that you can imagine like tracking ships and airplanes in real time.

Continue reading “More Software-Defined Radio Projects Using DragonOS” →

Ethernet Cable Turned Into Antenna To Exploit Air-Gapped Computers

October 27, 2021 by Dan Maloney 30 Comments

Good news, everyone! Security researcher [Mordechai Guri] has given us yet another reason to look askance at our computers and wonder who might be sniffing in our private doings.

This time, your suspicious gaze will settle on the lowly Ethernet cable, which he has used to exfiltrate data across an air gap. The exploit requires almost nothing in the way of fancy hardware — he used both an RTL-SDR dongle and a HackRF to receive the exfiltrated data, and didn’t exactly splurge on the receiving antenna, which was just a random chunk of wire. The attack, dubbed “LANtenna”, does require some software running on the target machine, which modulates the desired data and transmits it over the Ethernet cable using one of two methods: by toggling the speed of the network connection, or by sending raw UDP packets. Either way, an RF signal is radiated by the Ethernet cable, which was easily received and decoded over a distance of at least two meters. The bit rate is low — only a few bits per second — but that may be all a malicious actor needs to achieve their goal.

To be sure, this exploit is quite contrived, and fairly optimized for demonstration purposes. But it’s a pretty effective demonstration, but along with the previously demonstrated hard drive activity lights, power supply fans, and even networked security cameras, it adds another seemingly innocuous element to the list of potential vectors for side-channel attacks.

[via The Register]

Raspberry Pi Tablet Gets Radio Surgical Enhancement

October 20, 2021 by Al Williams 27 Comments

We always get excited when we buy a new tablet. But after a few months, it usually winds up at the bottom of a pile of papers on the credenza, a victim of not being as powerful as our desktop computers and not being as convenient as our phones. However, if you don’t mind a thick tablet, you can get the RasPad enclosure to fit around your own Raspberry Pi so it can be used as a tablet. Honestly, we weren’t that impressed until we saw [RTL-SDR] add an SDR dongle inside the case, making it a very portable Raspberry Pi SDR platform.

The box is a little interesting by itself, although be warned it costs over $200. For that price you get an LCD and driver board, a battery system, speakers, and an SD extension slot with some control buttons for volume and brightness. There’s a video of the whole setup (in German) below.

Continue reading “Raspberry Pi Tablet Gets Radio Surgical Enhancement” →

Phase Coherent Beamforming SDR

August 4, 2021 by Al Williams 18 Comments

The days when software defined radio techniques were exotic are long gone, and we don’t miss them one bit. A case in point: [Laakso Mikko’s] research group has built a multichannel receiver using 21 cheap RTL-SDR dongles to create a phase coherent array. This is useful for everything from direction finding and passive radar or beam forming. The code is also available on GitHub.

The phase coherence does require the dongle’s tuner can turn off dithering. That means the code only works with dongles that use the R820T/2. The project modifies the dongles to use a common clock and a switchable reference noise generator.

Continue reading “Phase Coherent Beamforming SDR” →

Tuning Into Medical Implants With The RTL-SDR

July 11, 2021 by Tom Nardi 12 Comments

With a bit of luck, you’ll live your whole life without needing an implanted medical device. But if you do end up getting the news that your doctor will be installing an active transmitter inside your body, you might as well crack out the software defined radio (SDR) and see if you can’t decode its transmission like [James Wu] recently did.

Before the Medtronic Bravo Reflux Capsule was attached to his lower esophagus, [James] got a good look at a demo unit of the pencil-width gadget. Despite the medical technician telling him the device used a “Bluetooth-like” communications protocol to transmit his esophageal pH to a wearable receiver, the big 433 emblazoned on the hardware made him think it was worth taking a closer look at the documentation. Sure enough, its entry in the FCC database not only confirmed the radio transmitted a 433.92 MHz OOK-PWM encoded signal, but it even broke down the contents of each packet. If only it was always that easy, right?

The 433 ended up being a coincidence, but it got him on the right track.

Of course he still had to put this information into practice, so the next step was to craft a configuration file for the popular rtl_433 program which split each packet into its principle parts. This part of the write-up is particularly interesting for those who might be looking to pull data in from their own 433 MHz sensors, medical or otherwise

Unfortunately, there was still one piece of the puzzle missing. [James] knew which field was the pH value from the FCC database, but the 16-bit integer he was receiving didn’t make any sense. After some more research into the hardware, which uncovered another attempt at decoding the transmissions from the early days of the RTL-SDR project, he realized what he was actually seeing was the combination of two 8-bit pH measurements that are sent out simultaneously.

We were pleasantly surprised to see how much public information [James] was able to find about the Medtronic Bravo Reflux Capsule, but in a perfect world, this would be the norm. You deserve to know everything there is to know about a piece of electronics that’s going to be placed inside your body, but so far, the movement towards open hardware medical devices has struggled to gain much traction.