Doing WiFi With Software Defined Radio

Software defined radio lets RF hardware take on a broad spectrum of tasks, all based on how that hardware is utilized in code. The bladeRF 2.0 micro xA9 is one such device, packing a fat FPGA with plenty of room for signal processing chains on board. As a demonstration of its abilities, [Robert Ghilduta] set about writing a software-defined WiFi implementation for the platform.

The work is known as bladeRF-wiphy, as it implements the PHY, or physical layer of the WiFi connection, in the 7-layer OSI networking model. Modulation and demodulation of the WiFi signal is all handled onboard the Cyclone V FPGA, with the decoded 802.11 WiFI packets handed over to the Linux mac80211 module which handles the MAC level, or medium access control. Thanks to the capability baked into mac80211, the system can act as either an access point or an individual station depending on the task at hand.

[Robert] does a great job of explaining the why and the how of implementing WiFi modulation on an FPGA, as well as some basics of modem development in both software and hardware. It’s dense stuff, so for those new to the field of software defined radio, consider taking some classes to get yourself up to speed!

Roll Your Own Tracking

The smartphone is perhaps the signature device of our modern lives. For most of the population it is never more than an arm’s length away, it’s on your person more than any other device in your life. Smartphones are packed with all sorts of radios and ways to communicate wireless. [Amine Mansouri] built an ESP8266 based tracking device that takes advantage of this.

Most WiFi-enabled devices will send out “probe requests” frames trying to search for the SSIDs they were connected to. These packets contain the device MAC address as well as the SSIDs you’ve connected to. Using about 12 components, [Amine] laid out a small board in Eagle. By putting the ESP8266 in monitor mode, the probe frames can be logged and uploaded. The code can be updated OTA making it easy to service while in the field.

With permission from his local library, eight repeater boards were scattered throughout the building to forward the probe packets to where the tracker could pick them up. A simple web interface was built that allows the library to figure out how many people are in the library and how often they frequent the premises.

While an awesome project with open-source code on Github, it is important to stress how important is it to get permission to do this kind of tracking. While some phones implement MAC randomization, there are still many out in the wild that don’t. While this is similar to another project that listens to radio signals to determine the coming and going of ships and planes, tracking people with this sort of granularity is in a different category altogether.

Thanks [Amine] for sending this one in!

Hackaday Links: November 22, 2020

Remember DSRC? If the initialism doesn’t ring a bell, don’t worry — Dedicated Short-Range Communications, a radio service intended to let cars in traffic talk to each other, never really caught on. Back in 1999, when the Federal Communications Commission set aside 75 MHz of spectrum in the 5.9-GHz band, it probably seemed like a good idea — after all, the flying cars of the future would surely need a way to communicate with each other. Only about 15,000 vehicles in the US have DSRC, and so the FCC decided to snatch back the whole 75-MHz slice and reallocate it. The lower 45 MHz will be tacked onto the existing unlicensed 5.8-GHz band where WiFi now lives, providing interesting opportunities in wireless networking. Fans of chatty cars need not fret, though — the upper 30 MHz block is being reallocated to a different Intelligent Transportation System Service called C-V2X, for Cellular Vehicle to Everything, which by its name alone is far cooler and therefore more likely to succeed.

NASA keeps dropping cool teasers of the Mars 2020 mission as the package containing the Perseverance rover hurtles across space on its way to a February rendezvous with the Red Planet. The latest: you can listen to the faint sounds the rover is making as it gets ready for its date with destiny. While we’ve heard sounds from Mars before — the InSight lander used its seismometer to record the Martian windPerseverance is the first Mars rover equipped with actual microphones. It’s pretty neat to hear the faint whirring of the rover’s thermal management system pump doing its thing in interplanetary space, and even cooler to think that we’ll soon hear what it sounds like to land on Mars.

Speaking of space, back at the beginning of 2020 — you know, a couple of million years ago — we kicked off the Hack Chat series by talking with Alberto Caballero about his “Habitable Exoplanets” project, a crowd-sourced search for “Earth 2.0”. We found it fascinating that amateur astronomers using off-the-shelf gear could detect the subtle signs of planets orbiting stars half a galaxy away. We’ve kept in touch with Alberto since then, and he recently tipped us off to his new SETI Project. Following the citizen-science model of the Habitable Exoplanets project, Alberto is looking to recruit amateur radio astronomers willing to turn their antennas in the direction of stars similar to the Sun, where it just might be possible for intelligent life to have formed. Check out the PDF summary of the project which includes the modest technical requirements for getting in on the SETI action.

Continue reading “Hackaday Links: November 22, 2020”

Modern Network Adapter For Retro Computers

Universal Serial Bus, or USB, is so ingrained in modern computing that it’s hard to imagine a time without it. That time did exist, though, and it was a wild west of connector types, standards, and interfacing methods. One of the more interesting interfaces of the time was the SIO system found in 8-bit Atari computers which ended up sharing a lot of the features of modern USB, and its adaptability is displayed in this modern project which brings WiFi, Bluetooth, USB, and SD card slots to any old Atari with an SIO port.

The project is called FujiNet and it uses the lightweight protocol of SIO to add a number of modern features to the 8-bit machine. It’s based on an ESP32, and the chip performs the functions of a network adapter by bridging WiFi and Bluetooth to the Atari. It does this by simulating drives that would have potentially been used on the Atari in its time, such as a floppy disk drive, an RS232 interface, or a modem, and translating them to the modern wireless communication protocols. It even has the ability to emulate a printer by taking the output of the print job from the Atari and converting it to PDF within the device itself.

Not only does this bring a lot of functionality to the Atari, which you may be able to use to view sites like, but the FujiNet is housed in a period-appropriate 3D-printed case that matches the look and feel of the original Atari. If you need a more generic solution for your retrocomputing networking adventures that isn’t limited to SIO, we recommend grabbing a Raspberry Pi to handle that.

Thanks to [Gavin] for the tip!

Rolling Your Own TiVo WiFi Adapter

The only thing more surprising than finding out TiVo actually put out a new 4K set-top box recently is learning that somehow they didn’t bother to build WiFi into the thing. You’re forced to buy a special wireless adapter to the tune of $60 USD to add the feature. We’d make a joke about the company living in the past, but frankly, it would be too easy.

Having to buy just one of these expensive dongles in 2020 would be insulting enough, but TiVo superfan [xxbiohazrdxx] needed four of them. Rather than hand nearly $250 to the antennae-headed overlords, they decided to reverse engineer the adapter and produce their own low-cost version. While the final result might not be as slim and svelte as the original, it does come in at less than 1/4 the price.

Operating under the assumption that the TiVo would only talk to a WiFi adapter based on the same Broadcom BCM43569 chipset used in the official one, [xxbiohazrdxx] started by trying to find a standard USB dongle that might be a drop-in replacement. Unfortunately, it looks like this particular chip was almost exclusively used in proprietary applications, most commonly as a WiFi board inside of smart TVs. But as it turns out, that wasn’t necessarily a deal breaker.

After some searching, [xxbiohazrdxx] eventually found the promising CyberTAN NU361-HS board. Not only was it based on the right chipset and ran from 5 volts, but its FCC ID entry had a complete pinout for the connector. This particular WiFi module is used in a number of budget TVs and is widely available as a spare part for less than $10. By combing the board and a USB breakout PCB inside of a 3D printed case, you’ve got a plug-and-play WiFi adapter that the TiVo thinks is the real deal.

There was a time when Hackaday was flooded with TiVo hacks, but it’s now been more than a decade since cheap carrier-provided DVRs ate the company’s lunch. Realistically, there’s an excellent chance that this post will be the only time a mention of the once-mighty DVR graces the front page in 2020. While the reign of the TiVo might be at its end, the impact it had as one of the first Linux-powered consumer devices will be etched in hacker history forever.

Long Range WiFi Broadcasts Open-Source Video Conferencing

WiFi is an ubiquitous feature of the modern landscape, but due to power restrictions on most hardware alongside the high-frequency signal it’s typically fairly limited in range. This of course leads to frustration where a WiFi signal can be seen, but the connection is unreliable or slow. While most would reach for a range extender or other hardware bridge, [tak786] was able to roll out a better solution for his workplace by using a high-gain antenna and a single-board computer which gets him an amazing kilometer-wide WiFi network.

The build uses a 10 dBi antenna from TP-Link that’s rated for outdoor use and a single-board computer which acts as a sort of router. The antenna is placed at the top of a building which certainly helps with the extreme range as well. This setup doesn’t actually broadcast an open Internet connection, though. [tak786]’s employer needed a teleconferencing solution for their building, and he also created a fully open-source video conferencing solution called trango that can run on any LAN and doesn’t require an Internet connection. The WiFi setup in this build is effectively just a bonus to make the conferencing system more effective.

[tak786] is planning on releasing a whitepaper about this build shortly, but for now you can access the source code for the video conferencing system at his GitHub page. And, before anyone jumps to conclusions, apparently this is well within FCC rules as well. Some of the comments in the linked Reddit post suggest that with an amateur radio license this system could be pushed much further, too. If you need more range than a kilometer, though, it’s not too much more difficult to do once you have all the right hardware.

Automated Tools For WiFi Cracking

Knowing how WiFi networks can be attacked is a big part of properly securing them, and the best way to learn about it is to (legally) run some attacks. [Matt Agius] has been going down the WiFi-cracking rabbit hole, and in the process created Pwnagotchi Tools to automate the actual password cracking part.

The first step in cracking a WiFi network is to record the handshake that gets exchanged when a client connects to an access point. This has been made very simple thanks to Pwnagotchi, which turns a Raspberry Pi into an automated handshake collection tool and Pwnagothi Tools helps to automate the steps that follow. It downloads the handshakes (pcap files) from the pwnagotchi, and converts it to pmkid/hccapx files to use with the hashcat password recovery tool. Hashcat scripts can then be generated for the actual cracking using any of the attacks that [Matt] has compiled. WPA/WPA2 is slow to crack and requires a lot of processing power, so [Matt] also added the option to automatically provision AWS GPU instances to run the cracking task in the cloud. It also keeps track of the status of each of the handshakes being cracked.

As wireless networks and IoT devices become more pervasive, it’s important to know the dangers, and how to protect against them. WiFi and Bluetooth security is probably the easiest to learn about, but other networks are just as vulnerable when an RTL-SDR is used. Another option Flipper Zero, a hacking gadget for Sub-1 GHz networks inspired by Pwnagotchi, which recently hit $4.8 million in its Kickstarter campaign.