Tagged: zigbee

A Low Cost 2.4 GHz Downconverter from off the Shelf Dev Boards

Over on GitHub Ian Wraith has released his design and microcontroller code for a low cost 2.4 GHz downconverter circuit. A downconverter is a hardware device that shifts the signals that it receives into a lower frequency band. This is useful in the case of RTL-SDRs and Airspy SDRs, as their maximum frequency range is only 1.7 GHz. Ian's 2.4 GHz downconverter reduces those 2.4 GHz signals down to 1 GHz, which can then be received with his Airspy.

Rather than designing a circuit from scratch, Ian's design makes use of several very cheap Chinese evaluation/development boards that he found on eBay. It costs of a mixer board, oscillator board, and an STM32 development board for controlling the oscillator board via SPI. The whole set of hardware cost him less than £30 (~37 USD).

After spending some time working through the difficulties in programming the SPI interface on the STM32 board, he was able to get the downconverter circuit fully working. He notes that he's been able to receive WiFi, Zigbee, Bluetooth and ISM band signals at 2.4 GHz, as well as 3G and 4G cellular signals at 2.6 GHz.

Ian Wraith's Downconverter consisting of three off the shelf cheap Chinese eBay boards.
Ian Wraith's Downconverter consisting of three off the shelf cheap Chinese eBay boards.

Upcoming Book “Inside Radio: An Attack and Defense Guide”

Unicorn team are information security researchers who often also dabble with wireless security research. Recently they have been promoting their upcoming text book titled "Inside Radio: An Attack and Defense Guide".

Judging from the blurb and released contents the book will be an excellent introduction to anyone interested in today's wireless security issues. They cover topics such as RFID, Bluetooh, ZigBee, GSM, LTE and GPS. In regards to SDRs, the book specifically covers SDRs like the RTL-SDR, HackRF, bladeRF and LimeSDR and their role in wireless security research. They also probably reference and show how to use those SDRs in the  chapters about replay attacks, ADS-B security risks, and GSM security.

The book is yet to be released and is currently available for pre-order on Amazon or Springer for US$59.99. The expected release date is May 9, 2018, and copies will also be for sale at the HITB SECCONF 2018 conference during 9 - 13 April in Amsterdam.

The blurb and released contents are pasted below. See their promo page for the full contents list:

This book discusses the security issues in a wide range of wireless devices and systems, such as RFID, Bluetooth, ZigBee, GSM, LTE, and GPS. It collects the findings of recent research by the UnicornTeam at 360 Technology, and reviews the state-of-the-art literature on wireless security. The book also offers detailed case studies and theoretical treatments – specifically it lists numerous laboratory procedures, results, plots, commands and screenshots from real-world experiments. It is a valuable reference guide for practitioners and researchers who want to learn more about the advanced research findings and use the off-the-shelf tools to explore the wireless world.

Qing YANG is the founder of UnicornTeam & the head of the Radio Security Research Department at 360 Technology. He has vast experience in information security area. He has presented at Black Hat, DEFCON, CanSecWest, HITB, Ruxcon, POC, XCon, China ISC etc.

Lin HUANG is a senior wireless security researcher and SDR technology expert at 360 Technology. Her interests include security issues in wireless communication, especially cellular network security. She was a speaker at Black Hat, DEFCON, and HITB security conferences. She is 360 Technology’s 3GPP SA3 delegate.

This book is a joint effort by the entire UnicornTeam, including Qiren GU, Jun LI, Haoqi SHAN, Yingtao ZENG, and Wanqiao ZHANG etc.


Wireless Analysis of 868 MHz Traffic with an RTL-SDR and the Traffic Detective Software

The Fraunhofer Institute for Integrated Circuits IIS has developed an Android app that allows you to analyze wireless traffic at 868 MHz using an RTL-SDR dongle. In Europe, many wireless IOT, metering and home automation radio standards operate in the 868 MHz band including ZigBee, M-Bus, KNX RF, EnOcean Radio Protocol and s-net.

The software can automatically detect and recognize the wireless protocol being received. It can then be used to catalog what protocols are operating in a network, what frequency they are on and how active they are. That information can then be used for frequency and spectrum planning for new network setups. It can also be used for error diagnosis, intrusion detection and detection of interference.

The Traffic Detective Tool
The Traffic Detective Tool

The promotional pamphlet (pdf) reads:

Numerous applications like smart metering, home automation, building automation, demand side management, ambient assisted living and industrial automation require reliable and cost effective technologies for wireless data transmission. For this purpose the license-free European 868 MHz Short Range Device (SRD) frequency band is prevalently used. Many different and incompatible communication standards and RF-protocols simultaneously occupy this part of the frequency spectrum. Possible negative effects could be interferences, over-occupancy, data collisions and as a result data loss. Special attention must be paid whenever wireless sensor networks are planned or operated. Therefore, network specialists need powerful and flexible tools that provide insights into the wireless data traffic for network planning, operation, fault detection and error diagnosis. The Traffic Detective is such a tool which is easy to use and does not need any knowledge of the different network protocols.

The 868 MHz Traffic Detective is a software-based solution with a user-friendly graphical user interface for monitoring wireless data traffic. A cost-effective and commercially available DVBT USB stick based on a Realtek RTL2832U receiver chip can be used as an analog frontend. In addition to a PC-based implementation, the monitoring software is also available as an app for Android-based mobile devices.

The researchers behind the software have also released an academic paper describing the technology used in the system.

Unfortunately it seems that the app is not actually available for public download yet as we could not see any download links, or find it on Google Play. If you are interested in the app your best bet may be to contact the researchers by email directly.