Blindly Reverse Engineering a Wireless Protocol

Hackaday has brought to attention a document written by a Rory O’Hare which discusses the journey Rory took in trying a decode an unknown 433 MHz signal received from his SDR dongle.

If you are interested in manually decoding some unknown signals you may be interested in this write up as it discusses his entire journey including the failures he encountered along the way. Basically he records some packets using his SDR dongle, works out their bit patterns manually and then attempts to find correlations between the packets in an attempt to discover their structure. In the end his efforts are successful as he discovers that he is receiving a temperature sensor and is able to decode the temperature readings.

Discovering Correlations in the Received Packets
Discovering Correlations in the Received Packets
Tweet25
Share
Reddit
Vote
Email
25 Shares

Hak5: Autonomous Boats, Hacker Printers And RTL-SDR Plugins

This week on the popular YouTube show Hak5, SDRSharp plugins are discussed once more amongst other topics. This time at around the 17 minute mark, Shannon discusses how to install plugins that do not have automated installers. For an example she shows how to install the Level Meter plugin.

Autonomous Boats, Hacker Printers And RTL-SDR Plugins, Hak5 1623

Tweet
Share
Reddit
Vote
Email

Decoding NXDN using DSD+ and an RTL-SDR

Over on YouTube user John Miller has uploaded a video showing an example of DSD+ decoding an NXDN96 voice signal. NXDN is a digital voice protocol by developed by Kenwood that is often used by public safety organizations.

John uses SDR# to receive the NXDN signal and then pipes the audio to DSD+ using Virtual Audio Cable for decoding.

DSD+ Decoding NXDN

Tweet
Share
Reddit
Vote
Email

Simulating Estimote’s iBeacon using a HackRF

Over on YouTube user Jiao Xianjun has uploaded a video showing a HackRF simulating an Estimote iBeacon which is being received by an iPhone. An Estimote iBeacon is a wireless beacon that uses Bluetooth Low Energy (BLE) and can be use to notify nearby mobile devices of the beacons presence. This can be used for many things like indoor positioning or by retail shops to for example alert owners of special coupons.

Jiao used this tutorial to help clone an iBeacon on his HackRF.

hackrf tx to simulate Estimote' iBeacon, and detected by iPhone successfully

Tweet
Share
Reddit
Vote
Email

Fundraising for RTL-SDR Development

Kyle Keen, the primary author of the well known and highly used rtl_fm, rtl_power, rtl_adsb and recently released rtl_sdl tools has started an indiegogo fundraiser to help raise funds to pay salary for ideally at least one month of dedicated RTL-SDR software coding. Kyle is hoping for $3,000 USD per month of coding. The time he codes for will scale proportionally to the amount of funds raised.

There are several levels to contribute at but the ideal contribution is the ‘Voter’ level at $50 USD. By contributing to the fundraiser at the ‘Voter’ level you will be able to have a vote on what features are to prioritized. It is also possible to contribute at a lower level of $10 USD and forego the voting perk.

The list of features to be implemented and the voting system can be found at igg.kmkeen.com. Important improvements will be made to the librtlsdr library, rtl_sdl, rtl_adsb, rtl_tcp, rtl_power and rtl_fm..

We hope that if you have enjoyed the RTL-SDR in some form you will contribute to this developer and help make this hobby an overall better experience.

Tweet
Share
Reddit
Vote
Email

Using RTL-SDR in Cognitive Radio Energy Detector MATLAB Experiments

Over on YouTube user Guilherme Dattoli Cirigliano Cortes has uploaded a video showing his use of the RTL-SDR in some MATLAB based cognitive radio experiments. Cognitive radio is a upcoming technology which aims to increase radio spectrum use efficiency by finding and using the intermittent periods of unoccupied frequency space.

The uploader explains his task below.

The fundamental task of each Cognitive Radio (CR) user in CR networks, in the most primitive sense is to detect the licenced users, also known as primary users, if they are present and identify the available spectrum if they are absent. This is usually achieved by sensing the RF environment, a process called spectrum sensing. Here we use one of the technique of spectrum sensing called energy detection.

Tweet
Share
Reddit
Vote
Email

Hak5: The NSA Playset and SDRSharp Plugins

Hak5 a popular YouTube hacking and electronics enthusiast channel has uploaded a new video interviewing Micheal Ossman, the creator of the HackRF about the NSA’s ‘Playset’. The NSA playset describes the set of tools the NSA has access to for spying which was leaked by the documents released by Edward Snowden. Previously we posted how the HackRF was used to help reverse engineer some NSA spy tools called retro reflectors.

In the second part of the episode presenter Shannon also shows off the SDRSharp frequency manager and scanner plugin that can be used with the RTL-SDR.

The NSA Playset and SDRSharp Plugins, Hak5 1622

Tweet
Share
Reddit
Vote
Email

Assembling the Chinese RTL-SDR Direct Sampling Kit

A few months ago we posted about a Chinese individual (BA5SBA) who had begun selling RTL-SDR dongle kits for receiving HF frequencies. Back then it wasn’t entirely clear what these kits were or where they came from. Now over on Reddit, poster SidJenkins has bought one of these kits and assembled it. He has uploaded images of the construction which can be found here and the Reddit discussion can be found here. The kit is essentially an RTL-SDR extension PCB board that aids in building a direct sampling RTL-SDR with good performance by including filters and impedance matching.

SidJenkins notes that the kit came with no instructions, so he used this thread in Chinese (use Google translate) to help put the kit together.

Chinese RTL-SDR Kit
Chinese RTL-SDR Kit
Tweet
Share
Reddit
Vote
Email