wifi

457 Articles

New Pi Zero Gains Unapproved Antennas Yet Again

December 13, 2021 by 25 Comments

We’ve only started to tap into the potential of the brand new Pi Zero 2. Having finally received his board, [Brian Dorey] shows us how to boost your Pi’s WiFi, the hacker way. Inline with the onboard WiFi antenna can be found a u.FL footprint, and you just know that someone had to add an external antenna. This is where [Brian] comes in, with a photo-rich writeup and video tutorial, embedded below, that will have you modify your own Zero in no time. His measurements show seeing fourteen networks available in a spot where he’d only see four before, and the RSSI levels reported have improved by 5 dB -10 dB, big when it comes to getting a further or more stable connection.

With old laptops being a decent source of WiFi antennas, you only need to procure a u.FL connector and practice soldering a bit before you take this on! The hardest part of such a project tends to be not accidentally putting any solder on the u.FL connector’s metal can – and [Brian] mostly succeeds in that! He shows how to disconnect the external antenna to avoid signal reflections and the like, and, of course, you will be expected to never power your Pi Zero on without an attached antenna afterwards, lest you have your transmitter become fatally confused by the mismatch of hardware-defined impedance expectations. A Pi Zero isn’t the only place where you’ll encounter footprints for connectors you can add, and arguably, that’s your duty as a hacker – modifying the things you work with in a way that adds functionality. Don’t forget to share how you did it!

This trick should be pretty helpful if you’re ever to put your new Pi Zero in a full-metal enclosure. Curious about the Raspberry Pi antenna’s inner workings? We’ve covered them before! If you’d like to see some previous Raspberry Pi mods, here’s one for the Pi 3, and here’s one for the original Zero W – from [Brian], too!
Continue reading “New Pi Zero Gains Unapproved Antennas Yet Again”

Comfortable, wearable packaging for biometric device for monitoring physiological data and pushing the data to the cloud

A DIY Biometric Device With Some Security Considerations

December 11, 2021 by 8 Comments

Biohacking projects are not new to Hackaday and it’s certainly a genre that really piques our interest. Our latest biohacking device comes courtesy of [Manivannan] who brings his flavor of a wearable biosensor with some security elements built-in through AWS.

The hardware is composed of some impressive components we have seen. He has an AD8232 electrocardiogram front end, the MAX30102 integrated pulse oximeter IC for determining blood oxygen and heart rate, and the ever-popular LM35 for measuring body temperature. Either of these chips would be perfect for your next DIY biosensor project though you might try the MAX30205 body temperature sensor given its 0.1-degree Celsius accuracy. However, what really piqued our interest was the use of Microchip’s AVR-IoT WA Development Board. Now we’ve talked about this board before and also mentioned you could probably do all the same things with an ESP-device, but perhaps now we get to see the board a bit more in action.

[Manivannan] walks the reader through the board’s setup and everything looks to be pretty straightforward. He ultimately rigged together a very primitive dashboard for viewing all his vitals in real-time, demonstrating how you could put together your own patient dashboard for remote monitoring of vitals or other sensor signals. He emphasizes that all this is powered through AWS, giving him some added security layers that are critical for protecting his data from unwanted viewers.

Though [Manivannan’s] security implementation doesn’t rise to the standard of medical devices, maybe it will serve as a case study in the growing open-source medical device movement.

Continue reading “A DIY Biometric Device With Some Security Considerations”

wifi scanner

Visualizing WiFi With A Converted 3D Printer

November 22, 2021 by 8 Comments

We all know we live in a soup of electromagnetic radiation, everything from AM radio broadcasts to cosmic rays. Some of it is useful, some is a nuisance, but all of it is invisible. We know it’s there, but we have no idea what the fields look like. Unless you put something like this 3D WiFi field strength visualizer to work, of course.

Granted, based as it is on the gantry of an old 3D printer, [Neumi]’s WiFi scanner has a somewhat limited work envelope. A NodeMCU ESP32 module rides where the printer’s extruder normally resides, and scans through a series of points one centimeter apart. A received signal strength indicator (RSSI) reading is taken from the NodeMCU’s WiFi at each point, and the position and RSSI data for each point are saved to a CSV file. A couple of Python programs then digest the raw data to produce both 2D and 3D scans. The 3D scans are the most revealing — you can actually see a 12.5-cm spacing of signal strength, which corresponds to the wavelength of 2.4-GHz WiFi. The video below shows the data capture process and some of the visualizations.

While it’s still pretty cool at this scale, we’d love to see this scaled up. [Neumi] has already done a large-scale 3D visualization project, using ultrasound rather than radio waves, so he’s had some experience in this area. But perhaps a cable bot or something similar would work for a room-sized experiment. A nice touch would be using an SDR dongle to collect signal strength data, too — it would allow you to look at different parts of the spectrum.

Continue reading “Visualizing WiFi With A Converted 3D Printer”

Super 8 Camera Brought Back To Life

September 30, 2021 by 32 Comments

The Super 8 camera, while a groundbreaking video recorder in its time, is borderline unusable now. Even if you can get film for it (and afford its often enormous price), it still only records on 8mm film which isn’t exactly the best quality of film around, not to mention that a good percentage of these cameras couldn’t even record audio. They were largely made obsolete by camcorders in the late ’80s and early ’90s, although some are still used for niche artistic purposes. If you’d rather not foot the bill for the film, though, you can still put one of these to work with the help of a Raspberry Pi.

[befinitiv] has a knack for repurposing antique analog equipment like this while preserving its aesthetic. While the bulk of the space inside of this camera would normally be used for housing film, this makes a perfect spot to place a Raspberry Pi Zero, a rechargeable battery, and a power converter circuit all in a 3D printed enclosure that snaps into the camera just as a film roll would have. It uses the Pi camera module but still makes use of the camera’s built in optics which include a zoom function. [befinitiv] also incorporated the original record button so that from the outside this looks like a completely unmodified Super 8 camera.

The camera can connect to a WiFi network and can stream live video to a computer, or it can record video files to an internal SD card. As a bonus, thanks to the power converter circuit, it is also capable of charging a cell phone. [befinitiv] notes that many of the aesthetic properties of 8 mm film seem to be preserved when using this method, and he has several theories as to why but no definitive answer. If you’d like to take a look at some of his other projects like this, check out this analog camera that is now able to take digital pictures. Continue reading “Super 8 Camera Brought Back To Life”

Extracting The WiFi Firmware And Putting Back A Keylogger

July 20, 2021 by 35 Comments

In the interest of simplification or abstraction, we like to think of the laptop on the kitchen table as a single discrete unit of processing. In fact, there is a surprisingly large number of small processors alongside the many cores that make up the processor. [8051enthusiast] dove into the Realtek rtl8821ae WiFi chip on his laptop and extracted the firmware. The Realtek rtl8821ae chip is a fairly standard Realtek chip as seen in this unboxing (which is where the main image comes from).

True to his name, [8051enthusiast] was pleased to find that the rtl8821ae was clearly based on the Intel 8051. The firmware was loaded on startup from a known file path and loaded onto the chip sitting in an M.2 slot. Careful consideration, [8051enthusiast] reasoned that the firmware was using RTX51 Tiny, which is a small real-time kernel.

The firmware is loaded at 0x4000 but it calls to code below that address, which means there is a ROM on the chip that contains some code. The easiest way to extract it would be to write some custom code that just copies the masked ROM back to the main CPU via the shared memory-mapped config space, but the firmware is checksummed by the masked ROM code. However, the checksum is just a 16-bit XOR. With a tweak in the kernel to allow accessing the shared config space from userspace, [8051enthusiast] was on his way to a complete firmware image.

Next, [8051enthusiast] looked at what could be done with his newfound hackability. The keyboard matrix is read by the Embedded Controller (EC), which happens to be another 8051 based microcontroller. There also happens to be an RX and a TX trace from the EC to the m.2 slot (where the rtl8821ae is). This has to do with 0x80 postcodes from the processor being routed out somewhere accessible via the EC. With a bit of custom code on both the EC and the WiFi chip, [8051enthusiast] had a keylogger that didn’t run on the main processor broadcasting the PS/2 keystrokes as UDP packets.

Of course, there are plenty of other 8051 based devices out there just waiting to be discovered. Like this 8051 based e-ink display controller.

[Main image source: Realtek RTL8821AE unboxing on YouTube by Евгений Горохов]

Bringing The Game Boy Camera Into The 21st Century

July 8, 2021 by 6 Comments

The Game Boy Camera is probably one of the most limited-specification digital cameras to have been mass-marketed, yet it occupies a special position in the hearts of many because despite being a toy with a paltry 128×128 monochrome sensor it was for many the first camera they owned. [Matt Grey] was among those people, and was always frustrated by the device’s inability to export pictures except to the Game Boy printer. So after having bodged together an interface a decade ago but not being happy with it, he returned to the project and made a wireless carrier for the camera that allows easy transfer through WiFi to his mobile phone.

Inside the slab-like 3D-printed enclosure lies a GBxCart RW Game Boy cartridge reader, whose USB port is wired to a Raspberry Pi Zero on which are a set of scripts to read the camera and make its photos available for download via a web browser. At last the camera is a stand-alone unit, allowing the easy snapping and retrieval of as many tiny black and white images as he likes. There’s a video showing the device in action, which we’ve placed for your enjoyment below the break.

This camera has appeared in so many projects on these pages over the years, but we’re guessing that the work on whose shoulders this one stands would be the moment its workings were reverse engineered.

Continue reading “Bringing The Game Boy Camera Into The 21st Century”

WiFi Penetration Testing With An ESP32

May 27, 2021 by 13 Comments

WiFi is one of those technologies that most of us would have trouble living without. Unfortunately, there are several vulnerabilities in the underlying 802.11 standards that could potentially be exploited. To demonstrate just how simple this can be, [risinek] developed the ESP32 Wi-Fi Penetration Tool that runs on cheap dev boards and can execute deauthentication and Denial of Service attacks, and capture handshakes and PMKIDs.

The main challenge in this project is to implement these attacks while using the ESP-IDF development framework. The closed source WiFi libraries of the ESP-IDF block specific arbitrary frames like deauthentication frames. To get around this [risinek] used two different approaches. The first is to bypass the declaration of the blocking function at compile-time, which is borrowed from the esp32-deauther project. The second approach doesn’t require any modifications to the ESP-IDF. It works by creating a rogue access point (AP) identical to the targeted access point, which will send a deauthentication frame whenever one of the devices tries to connect to it instead of the real AP.

WPA/WPA2 handshakes are captured by passively listening for devices connecting to the target network, or running a deauth attack and then listening for when devices reconnect. PMKIDs are captured from APs with the roaming feature enabled, by analyzing the first message of a WPA handshake. ESP32 Wi-Fi Penetration Tool will also format the captured data into PCAP and HCCAPX files ready to be used with Wireshark and Hashcat. To manage the tool, it creates a management access point where the target and attack type is selected, and the resulting data can be downloaded. Pair the ESP32 with a battery, and everything can be done on the go. The project is part of [risinek]’s master’s thesis, and the full academic article is an educating read. Continue reading “WiFi Penetration Testing With An ESP32”