Reverse Engineering Traffic Lights with an RTL-SDR Part 2

Back in September 2015 we made a post about how Bastian Bloessl was able to use his RTL-SDR dongle to reverse engineer and decode the signals coming from portable wirelessly synchronized traffic lights which are commonly set up around road construction zones.

Recently Bastian noticed that a new set of wireless traffic lights had been set up at his University, so he got to work on trying to reverse engineer those. He found that these new lights use the same frequency band, but work using a different modulation and frame format scheme.

The reverse engineered wireless traffic lights.
The reverse engineered wireless traffic lights.

To reverse engineer these new lights he made a recording of the signals in GQRX and then opened them up in Inspectrum, which is a very nice tool for helping to reverse engineer digital signals. Thanks to Inspectrum he was easily able to extract the preamble and decode the data in GNU Radio.

Bastian has also uploaded a video that shows him reverse engineering the binary frame format in the Vim text editor which may be useful for those wishing to understand how it’s done.

Reversing Frame Format with Vim

Once the frame format was reverse engineered, he was able to use the program he created last year which allows him to view the status of the lights remotely in real time.

Tweet
Share55
Reddit
Vote
Email
55 Shares

Related posts:

  1. Hak5: Reverse Engineering Radio Protocols with SDR and the Yardstick One
  2. FOSDEM 2017/2018 SDR Conference Videos: Passive Radar, Radio Telescopes, SatNOGS and Wireless Traffic Lights
  3. Reverse Engineering Bus Telemetry Data with an RTL-SDR
  4. Reverse Engineering Wireless Mobile Traffic Lights with an RTL-SDR
  5. Reverse Engineering Radio Controlled Power Outlets with Help from the RTL-SDR
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments