Tagged: LoRa

Hackaday Supercon 2024: Microcontrollers Are Just Radios in Disguise

Thank you to RTL-SDR.COM reader David for letting us know about an excellent talk from Charles Lohr (@cnlohr) at the 2024 Hackaday Supercon about turning microcontrollers into radios by abusing their output GPIOs to create RF generators.

This talk explores ways to leverage every cycle of underpowered microcontrollers to get them doing the work of parts ten times their price, including operations normally done with dedicated radio hardware.

This is a concept we have seen quite often before in projects like RPiTX and Osmo-FL2K which turns a Raspberry Pi and cheap VGA adapter respectively, into an arbitrary RF signal transmitter with no transmit components required.

In his talk Charles Lohr takes this concept further, showing how almost any microcontroller like an ATTiny85, ESP8266, CH32v203, and ESP32-S2 can be turned into a transmitter. In the talk, Charles shows how he used the I2S bus on an ESP8266 to transmit NTSC color video to a TV and transmit LoRa via his LoLRa software. He then notes that he was able to use the ESP32-S2 to transmit LoRa over 2.5 miles away.

Finally, Charles shows how the CH32v203 microcontroller can also be used as a receiver. With some code he wrote he is able to display the received signal on an FFT computed directly on the CH32v203, and even have a web interface to tune to specific frequencies and playback AM audio.

Hackaday Supercon 2024 - Microcontrollers Are Just Radios in Disguise - Charles Lohr

CNLohr's own YouTube video on the topic is also an excellent overview.

How far can I broadcast LoRa packets WITHOUT a radio? - LoLRa

Tech Minds: Testing Meshtastic Compatible Lilygo LoRa Devices

In the latest video on the Tech Minds YouTube channel Matt tests out the Meshtastic software running on varius Lilygo LoRa devices. Meshtastic is software that can run on cheap LoRa hardware that enables off-grid mesh network based communications.

Being mesh network based means that there are no central repeaters, and instead each device can extend the range of the network by being a repeater itself. Meshtastic can run on various cheap 'Lilygo' branded LoRa devices that come in 433, 868 or 915 MHz license free frequencies depending on your regional band plan.

In his video Matt tests out various models in the Lilygo range, including a ESP32 based wrist watch and he also shows how to install the firmware on each using the online flasher.

Meshtastic Compatible Lilygo Lora Devices

Tech Minds: Demonstrating RTL_433 Running on ESP32 Devices

Earlier in the month we posted about how rtl_433 has been ported to ESP32 devices that are combined with CC1101 or SC127X transceiver chips, such as the low cost LILYGO LoRa 32 boards available on Aliexpress.

Over on YouTube Matt from the Tech Minds channel has uploaded a video showing how to set up rtl_433 on an ESP32 device, and how to set it up with a home automation service like Home Assistant, Node Red or OpenHAB via an MQTT broker.

RTL 433 ON ESP32 DEVICE - MQTT HOME ASSISTANT

rtl_433 ported to ESP32 microcontrollers with CC1101 or SX127X Transceiver Chips

Receiving wireless sensors operating in the unlicensed ISM band has been made almost universal with rtl_433 and RTL-SDRs. However, recently rtl_433 has been ported over for use on ESP32 microcontrollers that are combined with CC1101 or SC127X transceiver chips.

PCB boards that combine these two chips can be found cheaply on Aliexpress as LoRa boards, under the name "LILYGO LoRa 32". If you are unaware, ESP32 chips cheaply combine a WiFi and Bluetooth modem with a microcontroller that is capable of hosting a webserver. CC1101 and SC127X are low cost low power hardware transceiver chips made for IOT devices. We've posted about LILYGO boards in the past as they've been used with interesting projects such as Meshtastic, and for weather balloon tracking.

This project could be useful for home automation as a module has been made available for openMQTTGateway. Instead of dedicating a more powerful Raspberry Pi and RTL-SDR, you can now dedicate a much cheaper and much lower power device to the task. 

[Also seen on Hackaday.]

RTL_433 running on a LILYGO LoRa V2 Board
RTL_433 running on a LILYGO LoRa V2 Board

SDRangel Now Available on Android: Mobile ADS-B, AIS, APT, Digital Voice, POCSAG, APRS, RS41 Radiosonde Decoders

SDRangel is a free open source software defined radio program that is compatible with many SDRs, including RTL-SDRs. SDRAngel is set apart from other programs because of it's huge swath of built in demodulators and decoders.

Thank you to reader Jon for writing in and noting that SDRangel has recently been released for Android as a free Google Play download. This is an amazing development that could open up many doors into portable decoding setups as the Android version supports almost every decoder implemented on the desktop version. Jon writes:

It includes most of the functionality of the desktop version of SDRangel, including:

  • AM, FM, SSB, Broadcast FM and DAB, AIS, ADS-B, Digital Voice (DMR, dPMR, D-Star, FreeDV), Video (DVB-S, DVB-S2, NTSC, PAL), VOR, LoRa, M17, Packet (AX.25), Pager (POCSAG), Radiosonde (RS41), Time signal (MSF, DCF77, TDF and WWVB) modems.
  • RTL SDR, Airspy, Airspy HF, LimeSDR, HackRF and SDRplay support via USB OTG as well as networked SDRs
  • 2D and 3D signal analysis in both time and frequency domain with statistical measurements of SNR, THD, THD+N, SINAD, SFDR and channel power
  • Satellite tracker, star tracker, maps and rotator controller

It should work on Android 6 and up. It’s a straight port of the desktop application, so although it will run on a phone, probably best used on a large tablet with a stylus or mouse.

SDRangel on Android
SDRangel on Android
SDRangel

Evaluating LoRaWAN Security with an RTL-SDR

Over on their blog Trend Micro have uploaded a post describing how they evaluated the security of LoRaWAN communications using an RTL-SDR. LoRaWAN is a wireless communications technology that allows for Internet of Things (IoT) connectivity at a much lower cost compared to cellular infrastructure. However, as described in their post LoRaWAN incorporates very little security, making connected devices an easy target for hackers.

The researchers at Trend Micro used an RTL-SDR together with the LoRaPWN software tool which is an improved version of the LoRa Craft Project. With LoRaPWN the researchers were able to intercept uplink and downlink packets. Then when combined with a brute force dictionary attack, they were then able to recover the encryption keys allowing them to decode the data.  Finally they were also able to demonstrate a denial of service attack which results in a device being unable to send further data.

For more information the technical paper (pdf) describing their full setup and tests is available, as well as an older post describing possible LoRaWAN attacks. There is also a YouTube video from "The Things Conference" which we have embedded below. In the video researcher Sebastian Dudek presents some of his findings on LoRaWAN security.

An RTL-SDR Blog V3 Intercepting LoRaWAN packets.
LoRaPWNing: Practical radio attacks on LoRaWAN - Sebastian Dudek (Trend Micro)

MySondy: Radiosonde Tracking Firmware for a TTGO ESP32 LORA Board

A radiosonde is a small sensor and radio package normally attached to a weather balloon. Meteorological agencies around the world typically launch two balloons a day from several locations to gather data for weather prediction. We have featured radiosondes several times on this blog as it is easy to use an RTL-SDR and computer to receive and decode their signals, which can used to hunt down the fallen sonde, or to receive the weather telemetry data.

Recently RTL-SDR.COM reader António submitted a link to an interesting project called "MySondy" which is created by Mirko Dalmonte (IZ4PNN). MySondy is custom firmware for TTGO Lora32 433 MHz boards which allows them to be turned into a radiosonde tracker. A TTGO is a cheap ~US$20 LoRa32 IoT dev board with an onboard WiFi + Bluetooth enabled ESP32 microcontroller and OLED display. Some of the slightly higher priced units come with a built in GPS receiver as well. With the custom firmware it is capable of receiving and decoding common radiosonde protocols such as RS41, M10, RS92 and DFM.

A TTGO ESP32 LoRa Board
A TTGO running MySondy firmware enclosed in a 3D Printed Case

There is also an Android App called MySondy Go and MySondy FINDER which connect to the TTGO via Bluetooth. This app plots the location of the radiosonde on a map, allowing you to easily follow and track down the balloon. You can also go to mysondy.altervista.org to see public MySondy stations. Clicking on a blinking dot will connect you with the MySondy server, allowing you to see tracked sondes.

MySondy Web Interface

The firmware and software appear to be fairly new, so there isn't much information about this that we could find just yet. Also we note that all manuals and information about the project is written in Italian, except for a French magazine article (pdf) that António sent us to upload.

We note that these TTGO ESP32 LoRa boards are quite interesting by themselves, with other custom firmware available to do things like create a Paxcounter which counts the number of mobile devices in an area via WiFi and Bluetooth signals, and the ability to use them as a GPS enabled Mesh network based text message radio.

Tech Minds: LoRa Text Chat with Two Othernet Dreamcatcher Boards

Back in the middle of last year we posted about Othernet's Dreamcatcher hardware and the LoRa chat application. The Dreamcatcher is Othernet's receiver and computing platform that is designed for receiving their satellite data broadcast. It is currently available for US$79.

Although the Othernet datacast is one way receive only, the Dreamcatcher board uses a LoRa radio chipset that has TX capabilities that can be leveraged for experimental purposes. One experimental piece of software that they developed is a chat application that works with two Dreamcatcher boards. It allows you to initiate a text based chat between two boards using the on board LoRa radio chips.

The TechMinds YouTube channel has recently released a video demonstrating the chat application in action, and the video shows how to set up, install and use it too. We note that since our post last year, the Dreamcatcher board has gone through a revision and no longer includes an LCD screen. The company name has also changed from "Outernet" to "Othernet".

What can you do with two Othernet Dreamcatcher Boards?