In the market for a software defined radio? [Taylor Killian] wrote a comprehensive comparison of several models that are within the price range of amateurs and hobbyists.
You can get started with SDR using a $20 TV tuner card, but there’s a lot of limitations. These cards only work as receivers, are limited to a small chunk of the radio spectrum, and have limited bandwidth and sample rates. The new SDRs on the market, including the bladeRF, HackRF, and USRP offerings are purpose built for SDR experimentation. You might want an SDR to set up a cellular base station at Burning Man, scan Police and Fire radio channels, or to track ships.
[Taylor] breaks down the various specifications of each radio, and discusses the components used in each SDR in depth. In the end, the choice depends on what you want to do and how much you’re willing to spend. This breakdown should help you choose a hacker friendly SDR.
The cheap software defined radio platforms that can be built out of a USB TV tuner aren’t getting much love on the Hackaday tip line of late. Thankfully, [Adam] sent in a great guide to cracking sub-GHz wireless protocols wide open, and ringing doorbells, opening cars, and potentially setting houses on fire in the process.
The first wireless hack [Adam] managed to whip up is figuring out how a wireless doorbell transmitter communicates with its receiver. [Adam] connected a FUNcube software defined radio dongle (although any one of the many USB TV tuner dongles we’ve seen would also work) and used GNU Radio to send the radio signals received to a WAV file. When looking at this audio file in Audacity, [Adam] saw the tell-tale signs of digital data, leaving with a string of 1s and 0s that would trigger his wireless doorbell.
The FUNcube dongle doesn’t have the ability to transmit, though, so [Adam] needed a more capable software defined radio to emulate the inner workings of a doorbell transmitter. He found one in the Ettus Research USRP, a software designed radio that’s doing a good job of keeping [Balint], Hackaday SDR extraordinaire, very busy. By sending the data [Adam] decoded with the FUNcube dongle over the USRP, he was able to trigger his wireless doorbell using nothing but a few hundred dollars of radio equipment and software ingenuity.
Doorbells are a low-stakes game, so [Adam] decided to step things up a little and unlock his son’s car by capturing and replaying the signals from a key fob remote. Modern cars use a rolling code for their keyless entry, so that entire endeavour is just a party trick. Other RF-enabled appliances, such as a remote-controlled mains outlet, are a much larger threat to home and office security, but still one [Adam] managed to crack wide open.
[Mr.Pantz] pointed us to a web page we thought you would find interesting. It deals with hacking PC lock using a Universal Software Radio Peripheral (USRP) . Following the good practice of logging off or locking your workstation while your not at it, it is darn hard to get users to actually do it. These little gadgets are a 2 piece setup one being a usb dongle, and the other being a badge like device. If the badge is turned off or is a distance greater than ~30 feet, the signal is lost and the pc is locked.
From there all you really need to do is figure out what frequency the 2 are running at and what codes are flying around the air. Some careful eyeballing suggests that this operates in the 434MHz region much like remote lock dongles for your car, and once the device is apart some research of 2 of the IC’s on board confirms it. Using the GNU Radio spectrum analyzer a signal is quickly captured, dumped, and a script is created to send the signal back out, provided you have the correct hardware to do so.
When we first saw [Chris Paget]’s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.
The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.
Continue reading “ShmooCon 2009: Chris Paget’s RFID cloning talk”