Tagged: hackrf

Wireless Door Bell 433 MHz ASK Signal Analysis with a HackRF

Paul Rascagneres, an RF experimenter has recently uploaded a document detailing his efforts at reverse engineering a wireless doorbell (pdf file) with a 433 MHz Amplitude Shift Keyed (ASK) signal with his HackRF software defined radio. The HackRF is a SDR similar to the RTL-SDR, but with a wider available bandwidth and transmit capabilities.

To reverse engineer the doorbell, Paul used GNU Radio with the Complex to Mag decoder block to receive and demodulate the ASK signal. Once demodulated he was able to visually see the binary modulated waveform, and manually obtain the serial bit stream. From there he went on to create a GNU Radio program that can automatically obtain the binary strings from the ASK waveform.

In order to replay the signal, Paul found that the simplest way was to use the hackrf_transfer program, which simply records a signal, and then replays it via the HackRF transmitter on demand. With this method Paul was able to ring his doorbell via the HackRF.

Paul also confirmed his SDR results with an Arduino and 433 MHz transceiver. He then took it a step further and used the Arduino to create a system that could automatically receive and replay signals at 433 MHz and 315 MHz.

Decoding an ASK modulated bitstream.
Decoding an ASK modulated bitstream.

HackRF Controlling a Quadcopter

Over on YouTube user Mike has uploaded a video showing a quadcopter being controlled by the HackRF, a low cost transmit capable software defined radio. Mike uses a Hubson X4 quadcopter and controls it with a USB joystick coupled with GNU Radio. According to a tweet by Micheal Ossmann (the inventor of the HackRF), there were initially USB latency issues that caused problems, but have since been fixed by Mike.

HackRF quadcopter control

HackRF Blue: A Lower Cost HackRF

Earlier in the year the HackRF One was released by Micheal Ossmann. It is a transmit and receive capable software defined radio with a 10 MHz to 6 GHz range which currently sells for around $300 USD. Since the HackRF is open source hardware, anyone can make changes to the design and build and sell their own version.

The HackRF Blue is a HackRF clone that aims to sell at a lower cost. By sourcing lower cost parts that still work well in the HackRF circuit, the team behind the HackRF Blue were able to reduce the price of the HackRF down to $200 USD. They claim that the HackRF Blue has the same performance as the HackRF One and is fully compatible with the HackRF software. They are currently seeking funding through an IndieGoGo campaign.

Their main goal through the funding is to help provide underprivileged hackerspaces with a free HackRF.

The HackRF Blue
The HackRF Blue

Reverse Engineering a Wireless Alarm with the HackRF

Wireless alarms consist of multiples devices such as sensors and detectors which all communicate to a central control box via RF signals. Blogger “fun over ip” decided that he wanted to understand the design and security measures used by his Verisure wireless alarm by reverse engineering the system.

First, he took his HackRF software defined radio and monitored the 433 MHz and 868 MHz ISM bands whilst pushing keys on his alarms remote control. In the 868 MHz band he found a corresponding signal that had two spikes in the RF spectrum, indicating that it was likely a 2-FSK (frequency shift keyed) signal.

Next he created a GNU Radio program to demodulate the 2-FSK signal into a binary sequence. He then used Audacity to view and analyze the binary sequence, decoding it into 0’s and 1’s and determining the sync word (or access code). With further analysis he also determined the symbol rate and samples per symbol. With all this information gathered, he was then able to expand his GNU Radio program to automatically detect and decode packets sent by the various wireless devices connected to the alarm system.

His post goes into good detail about the steps that he took and is a great aide in understanding how to reverse engineer wireless protocols.

Decoding Wireless Alarms
Decoding Wireless Alarms

Android App RFAnalyzer Now on Google Play with Support for the RTL-SDR

Previously we posted about the new RFAnalyzer Android app for the HackRF which has a RF spectrum and waterfall display. Now RFAnalyzer is available on the Google Play store with experimental support for the RTL-SDR dongle. The app also now supports AM and FM audio demodulation.

The app is fully open source and the code and APK can be downloaded for free from its Git repository. Alternatively, the app can be downloaded from the Google Play store at a small cost of $0.99 USD.

To use the app you’ll need a USB OTG cable to connect your HackRF or RTL-SDR to your Android phone. More information on the app can be found on the authors blog.

An alternative Android app to RFAnalyzer is SDR Touch.

RF Analyzer Android App for the HackRF and RTL-SDR
RF Analyzer Android App for the HackRF and RTL-SDR

RF Analyzer Android App for the HackRF

Earlier this month we posted about a new port of the HackRF software defined radio Linux library for Android. Now the author of the Android port has created a new app called RF Analyzer. The app is basically a real time spectrum viewer that includes a waterfall display. The app can be downloaded from Github at https://github.com/demantz/RFAnalyzer.

The app currently supports the following features.

  • Browse the spectrum by scrolling horizontally
  • Zoom in and out, both horizontally and vertically
  • Adjust the sample rate and center frequency to match the current view of the screen by double tapping
  • Auto scale the vertical axis
  • Jump directly to a frequency
  • Adjust the gain settings of the HackRF
  • Select a pre-recorded file as source instead of a real HackRF
  • Change the FFT size
  • Setting the frame rate either to a fixed value or to automatic control
  • Activate logging and showing the log file

In the future the author intends to support the RTL-SDR and implement demodulation for basic modes such as AM, FM and SSB.

To use the app you’ll need an USB OTG (on-the-go) cable to connect your Android device to the HackRF.

RF Analyzer Android App for the HackRF
RF Analyzer Android App for the HackRF
RF Analyzer demonstration - Showing a FFT plot by using an Android device and the HackRF

Using the HackRF on Android

Micheal Ossmann’s HackRF Linux library has recently been ported to Android by programmer Dennis Mantz. Dennis has also made a blog post showing how to use the library. In addition he’s uploaded a YouTube video showing off the library using an example app. The app is capable of recording an RF signal and replaying it via the HackRF’s TX capabilities. In the video Dennis shows the example app recording a broadcast FM station and then retransmitting the recording to his car radio.

Using the HackRF on an Android Device

Hak5: Getting Started with the HackRF

On this episode of Hak5, a popular technology YouTube channel, Shannon does a tutorial on how to get started with the HackRF. The HackRF is a recently released software defined radio similar to the RTL-SDR dongle, but with transmit capabilities.

In the video she shows how to set up the HackRF on Pentoo Linux and GNU Radio. She then shows how to use a GNU Radio program that can receive multiple broadcast FM signals simultaneously. The GNU Radio program is one that is based on Micheal Ossmans GNU Radio video tutorials.

Getting Started With The HackRF, Hak5 1707