Your Table Is Ready, Courtesy Of HackRF

Have you ever found yourself in a crowded restaurant on a Saturday night, holding onto one of those little gadgets that blinks and vibrates when it’s your turn to be seated? Next time, bust out the HackRF and follow along with [Tony Tiger] as he shows how it can be used to easily fire them off. Of course, there won’t actually be a table ready when you triumphantly show your blinking pager to the staff; but there’s only so much an SDR can do.

Even if you aren’t looking to jump the line at your favorite dining establishment, the video that [Tony] has put together serves as an excellent practical example of using software defined radio (SDR) to examine and ultimately replicate a wireless communications protocol. The same techniques demonstrated here could be applied to any number of devices out in the wild with little to no modification. Granted these “restaurant pagers” aren’t exactly high security devices to begin with, but you’d be horrified surprised how many other devices out there take a similarly cavalier attitude towards security.

[Tony] starts by using inspectrum to examine the Frequency-shift keying (FSK) modulation used by the 467.750 Mhz devices, and from there, uses Universal Radio Hacker to capture the actual binary data being sent over the air. Between studying the transmissions and the information he found online, he was eventually able to piece together the packet structure used by the restaurant’s base station.

Finally, he wrote a Python script which generates packets based on which pager he wants to set off. If he’s feeling particularly mischievous, he can even set them all off at once. The script outputs a binary file which is then loaded into GNU Radio for transmission via the HackRF. [Tony] says he’s not quite ready to release his script yet, but he gives enough information in the video that the intrepid hacker could probably get their own version up and running by the time he gets it posted up to GitHub anyway.

We saw some very similar techniques demonstrated at the recent WOPR Summit security conference, so once you’re done hacking the local restaurants, you can take these same lessons and apply them to the rest of the Internet of Things. If you’re wondering, it’s even easier to eavesdrop on the non-restaurant pagers.

Continue reading “Your Table Is Ready, Courtesy Of HackRF”

RTL-SDR Paves Way To Alexa Controlled Blinds

You’d be forgiven for occasionally looking at a project, especially one that involves reverse engineering an unknown communication protocol, and thinking it might be out of your league. We’ve all been there. But as more and more of the devices that we use are becoming wireless black boxes, we’re all going to have to get a bit more comfortable with jumping into the deep end from time to time. Luckily, there are no shortage of success stories out there that we can look at for inspiration.

A case in point are the wireless blinds that [Stuart Hinson] decided would be a lot more useful if he could control them with his Amazon Alexa. There’s plenty of documentation on how to get Alexa to do your bidding, so he wasn’t worried about that. The tricky part was commanding the wireless blinds, as all he had to go on was the frequency printed on the back of the remote.

Luckily, in the era of cheap RTL-SDR devices, that’s often all you need. [Stuart] plugged in his receiver and fired up the incredibly handy Universal Radio Hacker. Since he knew the frequency, it was just a matter of tuning in and hitting the button on the remote a couple times to get a good capture. The software then broke it down to the binary sequence the remote was sending out.

Now here’s where [Stuart] lucked out. The manufacturers took the easy way out and didn’t include any sort of security features, or even bother with acknowledging that the signal had been received. All he needed to do was parrot out the binary sequence with a standard 433MHz transmitter hooked up to an ESP8266, and the blinds took the bait. This does mean that anyone close enough can take control of these particular blinds, but that’s a story for another time.

We took a look at the Universal Radio Hacker a year or so back, and it’s good to see it picking up steam. We’ve also covered the ins and outs of creating your own Alexa skills, if you want to get a jump on that side of the project.