Tuning Into Medical Implants With The RTL-SDR

July 11, 2021 by Tom Nardi 12 Comments

With a bit of luck, you’ll live your whole life without needing an implanted medical device. But if you do end up getting the news that your doctor will be installing an active transmitter inside your body, you might as well crack out the software defined radio (SDR) and see if you can’t decode its transmission like [James Wu] recently did.

Before the Medtronic Bravo Reflux Capsule was attached to his lower esophagus, [James] got a good look at a demo unit of the pencil-width gadget. Despite the medical technician telling him the device used a “Bluetooth-like” communications protocol to transmit his esophageal pH to a wearable receiver, the big 433 emblazoned on the hardware made him think it was worth taking a closer look at the documentation. Sure enough, its entry in the FCC database not only confirmed the radio transmitted a 433.92 MHz OOK-PWM encoded signal, but it even broke down the contents of each packet. If only it was always that easy, right?

The 433 ended up being a coincidence, but it got him on the right track.

Of course he still had to put this information into practice, so the next step was to craft a configuration file for the popular rtl_433 program which split each packet into its principle parts. This part of the write-up is particularly interesting for those who might be looking to pull data in from their own 433 MHz sensors, medical or otherwise

Unfortunately, there was still one piece of the puzzle missing. [James] knew which field was the pH value from the FCC database, but the 16-bit integer he was receiving didn’t make any sense. After some more research into the hardware, which uncovered another attempt at decoding the transmissions from the early days of the RTL-SDR project, he realized what he was actually seeing was the combination of two 8-bit pH measurements that are sent out simultaneously.

We were pleasantly surprised to see how much public information [James] was able to find about the Medtronic Bravo Reflux Capsule, but in a perfect world, this would be the norm. You deserve to know everything there is to know about a piece of electronics that’s going to be placed inside your body, but so far, the movement towards open hardware medical devices has struggled to gain much traction.

The Evil Crow Is Ready To Cause Some RF Mayhem

April 27, 2021 by Tom Nardi 34 Comments

There’s no doubt that the RTL-SDR project has made radio hacking more accessible than ever, but there’s only so far you can go with a repurposed TV tuner. Obviously the biggest shortcoming is the fact that you can only listen to signals, and not transmit them. If you’re ready to reach out and touch someone, but don’t necessarily want to spend the money on something like the HackRF, the Evil Crow RF might be your ideal next step.

This Creative Commons licensed board combines two CC1101 radio transceivers and an ESP32 in one handy package. The radios give you access to frequencies between 300 and 928 MHz (with some gaps), and the fact that there are two of them means you can listen on one frequency while transmitting on another; opening up interesting possibilities for relaying signals. With the standard firmware you connect to a web interface running on the ESP32 to configure basic reception and transmission options, but there’s also a more advanced RFQuack firmware that allows you to control the hardware via Python running on the host computer.

Using the Evil Crow RF without a computer.

One particularly nice feature is the series of buttons located down the side of the Evil Crow RF. Since the device is compatible with the Arduino IDE, you can easily modify the firmware to assign various functions or actions to the buttons.

In a demonstration by lead developer [Joel Serna], the physical buttons are used to trigger a replay attack while the device is plugged into a standard USB power bank. There’s a lot of potential there for covert operation, which makes sense, as the device was designed with pentesters in mind.

As an open source project you’re free to spin up your own build of the Evil Crow RF, but those looking for a more turn-key experience can order an assembled board from AliExpress for $27 USD. This approach to hardware manufacturing seems to be getting popular among the open source crowd, with the Open-SmartWatch offering a similar option.

[Thanks to DJ Biohazard for the tip.]

Tightly Packed Raspberry Pi Tricorder Impresses

April 15, 2021 by Tom Nardi 22 Comments

We’ll say upfront that we don’t have nearly as much information about this 3D printed Star Trek: The Next Generation tricorder as we’d like. But from the image galleries [Himmelen] has posted we know it’s running on the Raspberry Pi Zero W, has a color LCD in addition to a monochrome OLED, and that it’s absolutely packed with gear.

So far, [Himmelen] has fit an NESDR RTL-SDR dongle, a GPS receiver, an accelerometer, and the battery charging circuitry in the top half of the case. Calling it a tight fit would be something of an understatement, especially when you take into account all the wires snaking around in there. But as mentioned in the Reddit thread about the device, a custom PCB backplane of sorts is in the works so all these modules will have something a little neater to plug into.

There are a lot of fantastic little details in this build that have us very excited to see it cross the finish line. The female USB port that’s been embedded into the top of the device is a nice touch, as it will make it easy to add storage or additional hardware in the field. We also love the keyboard, made up of 30 individual tact switches with 3D printed caps. It’s hard to imagine what actually typing on such an input device would be like, but even if each button just fired off its own program or function, we’d be happy.

Judging by the fact that the LCD shows the Pi sitting at a login prompt in all the images, we’re going to go out on a limb and assume [Himmelen] hasn’t gotten to writing much software for this little gadget yet. Once the hardware is done and it’s time to start pushing pixels though, something like Pygame could be used to make short work of a LCARS-style user interface that would fit the visual style of The Next Generation. In fact, off the top of our heads we can think of a few turn-key projects out there designed for creating Trek UIs, though the relatively limited computational power of the Pi Zero might be a problem.

We’ve seen several projects that tried to turn the iconic tricorder into a functional device. Some have focused on the arguably more recognizable Next Generation style such as this one, and others have targeted the more forgiving brick-shaped unit from Kirk and Spock’s era. The Wand Company is even working on a officially licensed tricorder that will supposedly be as close to we can get to the real thing with modern tech and a $250 USD price tag, though we’d wager COVID has slowed progress down on that one. In any event, whether you build it or buy it, the tricorder seems destined to become reality before too long.

Fan-tastic Misuse Of Raspberry Pi GPIO

April 6, 2021 by Stephen Ogier 36 Comments

[River] is a big fan of home automation. After moving into a new house, he wanted to assimilate two wirelessly controlled fan lights into his home automation system. The problem was this: although the fans were wireless, their frequency and protocol were incompatible with the home automation system.

Step one was to determine the frequency the fan’s remote used. Although public FCC records will reveal the frequency of operation, [River] thought it would be faster to use an inexpensive USB RTL-SDR with the Spektrum program to sweep the range of likely frequencies, and quickly found the fans speak 304.2 MHz.

Next was to reverse-engineer the protocol. Universal Radio Hacker is a tool designed to make deciphering unknown wireless protocols relatively painless using an RTL-SDR. [River] digitized a button press with it and immediately recognized it as simple on-off keying (OOK). With that knowledge, he digitized the radio commands from all seven buttons and was quickly able to reverse-engineer the entire protocol.

[River] wanted to use a Raspberry Pi to bring the fans into his home automation system, but the Raspberry Pi doesn’t have a 304.2 MHz radio. What it does have is user-programmable GPIO and the rpitx package, which converts a GPIO pin into a basic radio transmitter. Of course, the Pi’s GPIO pin’s aren’t long enough to efficiently transmit at 304.2 MHz, so [River] added a proper antenna, as well as a low-pass filter to clean up the transmitted signal. The rpitx package supports OOK out of the box, so [River] was quickly able get the Pi controlling his fan in no time!

If you’d like to do some more low-cost home automation, check out this approach to using a Raspberry Pi to control some bargain-bin smart plugs.

Monitor SpaceX Rocket Launches With Software-Defined Radio

March 11, 2021 by Bryan Cockfield 15 Comments

The amateur radio community has exploded with activity lately especially in the software-defined radio (SDR) area since it was found that a small inexpensive TV tuner could be wrangled to do what only expensive equipment was able to do before. One common build with these cards is monitoring air traffic, which send data about their flights out in packets over the radio and can easily be received and decoded now. It turns out another type of vehicle, SpaceX’s Falcon 9 spacecraft, reports data via radio as well and with some slightly upgraded hardware it’s possible to “listen in” to these flights in a similar way.

Reddit users [derekcz] and [Xerbot] used a HackRF module to listen in to the Falcon 9’s data transmissions during its latest launch. While the HackRF is a much more expensive piece of equipment compared to the RTL-SDR dongles used to listen in on aircraft, it is much more capable as well, with a range from 1 MHz to 6 GHz. Using this SDR peripheral as well as a 1.2 m repurposed satellite dish, the duo were able to intercept the radio transmissions from the in-flight rocket. From there, they were recorded with GNU Radio, converted into binary data, and then translated into text.

It seems as though the data feed included a number of different elements including time, location information, and other real-time data about the rocket’s flight. It’s a great build that demonstrates the wide appeal of software-defined radio, and if you want to get started it’s pretty easy to grab a much cheaper dongle and use it for all kinds of applications like this. Go check out [Tom Nardi]’s piece on the last seven years of RTL-SDR to get caught up to speed.

Thanks to [Adrian] for the tip!

Decoding NOAA Satellite Images In Python

January 27, 2021 by Tom Nardi 10 Comments

You’d be forgiven for thinking that receiving data transmissions from orbiting satellites requires a complex array of hardware and software, because for a long time it did. These days we have the benefit of cheap software defined radios (SDRs) that let our computers easily tune into arbitrary frequencies. But what about the software side of things? As [Dmitrii Eliuseev] shows, decoding the data satellites are beaming down to Earth is probably a lot easier than you might think.

Well, at least in this case. The data [Dmitrii] is after happens to be broadcast from a relatively old fleet of satellites operated by the National Oceanic and Atmospheric Administration (NOAA). These birds (NOAA-15, NOAA-18 and NOAA-19) are somewhat unique in that they fly fairly low and utilize a simple analog signal transmitted at 137 MHz. This makes them especially good targets for hobbyists who are just dipping their toes into the world of satellite reception.

Continue reading “Decoding NOAA Satellite Images In Python” →

Remoticon Video: Basics Of RF Emissions Debugging Workshop

January 8, 2021 by Mike Szczys 5 Comments

These days we’re surrounded by high-speed electronics and it’s no small feat that they can all play nicely in near proximity to each other. We have RF emissions standards to thank, which ensure new products don’t spew forth errant signals that would interfere with the data signals traveling through the ether. It’s long been the stuff of uber-expensive emissions testing labs, and failure to pass can leave you scratching your head. But as Alex Whittimore shows in this workshop from the 2020 Hackaday Remoticon, you can do a lot of RF emissions debugging with simple and inexpensive tools.

Professionally-made probes in several sizes

You can get a surprisingly clear picture of what kind of RF might be coming off of a product by probing it on your own workbench. Considering the cost of the labs performing FCC and other certifications, this is a necessary skill for anyone who is designing a product headed to market — and still damn interesting for everyone else. Here you can see two examples of the probes used in the process. Although one is a pack of professional tools and other is a bit of enameled wire (magnet wire), both are essentially the same: a loop of wire on which a magnetic field will induce a very small current. Add a Low-Noise Amplifier (LNA) and you’ll be up and measuring in no-time.

I really enjoyed how Alex started his demo with “The Right Way^TM” of doing things — using a proper spectrum analyzer to visualize data from the probes. But the real interesting part is “The Hacker Way^TM” which leverages an RTL-SDR dongle and some open-source software to get the same job done. Primarily that means using SDRAngel and QSpectrumAnalyzer which are both included in the DragonOS_LTS which can be run inside of a virtual machine.
Continue reading “Remoticon Video: Basics Of RF Emissions Debugging Workshop” →