Search the Community

when i connected hackRF one on my computer is windows 10 pro can't detected automatically, and when i put hackRF one on DFU mode its detected as LPC (unknown Device) and when i open program zadig i see LPC can not find port Bulk-IN , interface (0) i install-rtlsdr and install SDRSharp.exe i see too many tutorial but i can't fix it please help me...?

V0.4 has been released! https://github.com/notpike/The-Fonz TX all commands as you would with the remote! Passive PIN discovery! Brute Force a command, loops threw all 256 PINs for a single command! Dank ass meme's! Booze, Chicks/Dudes and more! No piratical application but here's a script that uses the YSO (or any other CC1111 radio that uses RfCat) to emulate, brute force, and listen for the TouchTunes Jukebox remote transmissions. With this power you could skip songs, turn up/down the volume, or possibly add promotion credits for free songs. For research purposes only of course :D. -=Here's the quick and dirty on how I reversed this remote=- So… This project all started 2 years ago when my wife and I dropped $20 at the local gay bar to listen to some filthy Dubstep, rad ass EDM, and Beck. After inserting that Jackson, I realized my grand idea of saving money isn’t working out… (We spent $120 that night… $40 on the jukebox…) Next morning, hung over and sad, I made it my mission to figure out how to get free music out of this Jukebox. This is how I started, and here’s how I bumbled my way to to figure out an IoT Jukebox known as TouchTunes. -=Reading=- I would just say research but TBH what I did wasn’t that sexy. Armed with my skill of “Google Fu” I found various manuals about the device. I found some good information in these manuals and it gave me a few ideas on how to score free jams. http://productwarranty.touchtunes.com/download/attachments/655383/900475-001-Virtuo Installation and Setup Guide-Rev08.pdf?api=v2 http://productwarranty.touchtunes.com/download/attachments/1572899/900203-002-Dashboard User Guide-Rev00.pdf?version=1 http://www.touchtunes.com/media/marketing_resources/Remote_Control_Users_Guide_1.pdf -=I called random strangers and sat at a bar=- I made a few phone calls to random TouchTunes Techs who specialize in repairing these devices and got a lot of good info for them. I learned it was Linux box, everything is encrypted, It costs money to own the key, everything is locked down, and you need to own ~10 of them to get true admin rights. I wanted a way to experiment with a VM of the OS to figure out how it ticked. Because I don’t have $5000 laying around I’m kinda forced to black box this device. Thanks to a few local bars who had their IoT Juke box on the public WiFi, I was able to take a quick gander. Sadly the techs where right… It’s locked down... I’ll revisit this approach latter when I can save up for my own personal Jukebox lol. You can also add credits via the Internet BTW. Try to see if there’s a way to make the Jukebox believe I’m god and make it sing and dance. -=Three things I learned=- 1.) You can fill the queue with music to play with out paying for it. This was a marketing plan to make people more committed to pay for music if they made a queue first. 2.) If configured, the jukebox can be set up to receive “promotional credit”. Bar tenders and or managers can add to the balance so more music could be played. This is added by pressing the ‘P1’ button the wireless remote… 3.) There is a wireless remote! It, transmits on 433.92 MHz and it can be found for $50 on ebay! -=My plan of attack=- Add music to the queue Add promotion points Get free music! -=I spent money=- Because I’m cheap, I picked up a after market remote that works with all TouchTunes Jukebox’s Gen 2 and above. The plan was to reverse this remote with my Yard Stick One and HackRF and try to figure out how it works. The remote only has 256 PIN provabilities to keep neighboring bars from walking on each other so I could just hand jam all 256 PIN’s (000-255) to figure out which one they are using. 9 times out of 10, it was 000. So yah, nothing complex here. -=Reversing… Kinda…=- The first thing I did was find the FCC data, not a lot of useful info here but I at least figured out it existed. https://fccid.io/2AHXI-T1 I used a HackRF with the 'osmocom_fft' to monitor and record the wireless remotes transmissions. I then took a look of the raw IQ data with 'inspectrum' to see what I was dealing with. Below is what the On/Off command looks like with a 000 PIN. With this I know I'm working with ASK/OOK. The message in raw binary is... 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, In Hex it would be... FFFF00A2888A2AAAA8888AA2AA2220 I found this by right clicking and added an 'Amplitude Plot in 'inspectrum', moved the bar over the transmission, added a 'Threshold Plot', clicked 'Enable cursors' to count out how many symbols are being used (also tells you the Symbol Rate) and then right clicked to 'Extract Symbols' and the values where outputted in the terminal. -=RfCat=- At this point I switched from using an SDR to RfCat and the YSO. After figuring out the preamble was 1111111111111111 or FFFF in hex, Modulation (ASK/OOK), and symbol rate (~1766) I was able to create a script based off Michael Ossmann's work to help me record the data. https://github.com/mossmann/stealthlock/blob/master/sl.py After a lot of beer and recording every PIN possibility for the On/Off a few patterns emerged. If you want to look threw all my data you can check out the paste bin below but here's what I believe how the transmission is formated. ==Preamble== ==key== ==Mesage== ==?== ffff00a2888a2 aaaa 8888aa2aa22 20 I still no idea what the last 2 hex values are about (I noticed that their where 2 possible messages for each command depending on what PIN was. The last 2 where either 02 or 88... I couldn't figure out the pattern so I just hard coded when which command was used vs the other depending on what PIN in my final script) -=After that=- I expand the original script I used to record all the transmissions of the remote and added a passive PIN discovery feature to it. I then recorded all the message's (All the buttons) the remote would send (Both potabilities) and added the ability to determine which command was used. A week later I figured out how to TX the decoded values and I made a working TouchTunes remote for the YSO. And it's been tested. :D http://pastebin.com/Ue7UYAPg http://www.pressonproducts.com/t1-jukebox-remote-touchtunes-compatible/

Hi, I am using a R820T2 DVB-T SDR (USB dongle from NooElec) and was wondering how I can measure the oscillation frequency (crystal) on the PCB. I've hooked up an oscilloscope. Ran an FM receiver program using Gnu Radio. Then I connected the probe of the oscilloscope to the XTALO and connected ground. However the program stops running when I measure and don't get any value. Any suggestions would be great!

Hi, I am trying to simply detect specific signal at specific frequency (as a start) then send signal from raspberry pi to arduino to trigger other command. From my research I found GRC as best option with hackRF one. I got the signal at monitor as below but as I am totally new in GRC I don’t know which blocks can detect the signal, I think the best way is to record the signal in file then detecting it in future using kind of comparison or by measuring the power. Please help me to choose appropriate blocks to achieve this result

I only want to implement SMS via Cellular Broadcast. The idea is to send emergency broadcast messages to nearby cellular phones during emergency/disasters. What is the best SDR for this? If later I would like to use GSM phone to communicate with my rescue volunteers during emergency/disaster (aside from having SMS-CB functionality) what if the best SDR for this? Thanks

Hej, I am trying to capture the FM frequencies using HackRF-one. I don't have the regular antenna, so I am using a different antenna (shown below). When I tried to record the FFT plot for the range of frequencies the receiver is able to capture, I obtained a plot as shown in the image below. I am a bit curious as to why the number of peaks and the height (length) of each peak is small. Can it be due to the antenna that I am using or the place where the SDR is operated? I am unable to receive any FM signal from the audio sink. If you have any ideas, please let me know. Sample rate : 20 MHz Channel center freq : 104.3 MHz

Hi, Starting of on a new project again, I'd be interested to learn more about analysing DECT communication through a HackRF. Is there any specific research that you think I should read up on? I've done my first steps with the hackrf: hacking the garagedoor, listening in on the babymonitor, ... now I'd like to start learning about DECT phones, but I'm 100% new to the subject.

Hello, just wondering what folks have to say about the HackRF One units selling on eBay from China for $155, half the U.S. price. They all appear to have clear cases. Are these knockoffs, counterfeits, earlier model, or what? ... When i get a HackRF, i want it to be compatible with the PortaPack which i'll buy later.

UPDATE: FIXED! After flashing the firmware on the hackrf to the latest, i forgot to the flash the newer CPLD image! GG. ------------------------------------------ Hey guys, just recently got a hackrf one and every station I tune into with SDR# sounds like chipmunks. I tried it on a fresh copy/install on my other windows 10 machine. Same results. I did upgrade the firmware on it to the latest from the github repo, without any results. I don't even know if I can trust this device or if it's fault because I literally can not get a decent answer or get pointed towards the possible issue. This is an example of what all radio stations around me sound like: instaud.io recording These are the current settings I used: imgur screenshots

Well I been getting the parts I got the coax cabling and my software radio is programmed and I got orbitron I just need to know what is the simplest antenna to make and if there are any decent tutorials with pictures now I don't got anything to really solder with so the simpler the design the better. If any one has had practice doing this with SDR let me know what you prefer to do. Also I plan to use my usb rubber ducky or my digispark to pull up the programs and set everything up for recording and automatically stop recording when pass is done. Also if it isn't much and the design is simple I might make a video on making it on my YouTube. Everythingdigital1

Hi, we have been engaged for a pentest and we would like to build a device that will allow us to 1) drop an SDR in the vicinity of the radio-controlled gate of our client 2) the SDR should be listening for keys constantly, but only record when there really is traffic. For this I think the device should constantly buffer the past say 15sec and store those 15sec only to file if they actually contain significant data. 3) remote control the device to monitor the number of collected samples, battery-level and potential discovery of the device by security personnel I was thinking of a raspberry pi on a batterypack with a usb gprs-modem. But would the pi's CPU be fast enough to handle the samplerate from the hackrf? How long would a decent batterypack last with a pi, a gprs-modem and an hackrf running on it? Are there any examples in GNURadio that I could take a look at for this scenario? Anyone ever done such a thing before? Thanks!

I am wondering if it's practical to have an SDR transmitter small enough to fit in a person't pocket? The range doesn't need to be great (4 meters). I just need to transmit data at a rate of 1mbs from an untethered person (WiFi is not allowed) back to a base station. Any advice?

I found out that if you make simple chains out of soda tabs its the perfect material to make a super bendable antenna that is super easy to store and when it done you can hook some non metal clips to the end to attach it too what ever you want. Now heres the best part if you don't got a soldering tool but hot glue this actually still works really well. Step 1. Strip some 50 ohm to 75 ohm coax cable and separate the shielding from the main cable and then when you done doing that put the cable off to the side and work on the chain. Step 2. Get soda tabs a lot of them and cut the ends of the tabs so that you can bend them apart and hook them together for best results use 5 tabs per-chain although you might get away with 4 per-chain if you need help making the soda tab chain just google it although I will eventually make a video on it and all the steps to put this together. Step 3. After you built 2 chains preferably about 20 to 21 inchs long so that you can use this later to pick up weather satellites cause that will be the right frequency of length just solder them too the the shielding of the coax and the main cable although if you can't solder hot glue will work just be sure to lay it on thick and cover at least the first soda tab chain. As a bonus add heat shrink to make it all blend to the cable. I was having issues posting the images of the one I made but if you make one too feel free to reply and send a picture. :D Image 1 Image 2 Image 3

I thought this was cool I tried a few designs ended up botching them up but I found out just some simple rabbit ears extended to the right length plugged in via coax to my SDR was just enough to make this work even if for a little. I still got to remove the rabbit ears from tv antenna there used for to help increase the image quality then solder them to some coax but even when it was storming and I lost power I still got a image barely so this is a good start can't wait to make a video on it when I get it all clear and automated. Recent attempt turned out a little better managed to get it in false color as well as all the other channels when I get good with Noaa satellites i'm gonna try Meteor satellites.

I'm going to dive down the rabbit hole and make my own personal base station using a BladeRF and YatesBTS. Has anyone else tried doing this? https://evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/ (Not a good Tutorial) http://yatebts.com/

I just purchased the SDR starter kit and I am trying to get it working on Windows 7. However, I cannot seem to find a driver package for it. Where might I locate it?

Picture: Picture with wrong AM waves: Hello guys, I recieved and recorded an ASK_OOK signal from an auto remote key. But when I opened the wav file there wasn't the right wave forms( like in hak5 youtube show (reply attacks with yardstick one)). Please look at the pic. It would be very nice if someone can help me. Thanx JoJo

Hello, I got Hackrf One, and am trying to work with it on my raspberry pi. I am constantly getting the following error: hackrf_info: symbol lookup error: hackrf_info: undefined symbol: hackrf_device_list I tried everything. First installing gnu-radio via apt-get and building hackrf master from source code, it didn't work. Then I removed gnu-radio and installed it by PyBombs which a lot of people recommended, but it didn't work as well. My last try was downloading the source codes of gnu-radio, osmosdr, iqbal by git clone and building them one by one which took days for gnu-radio. But still I am always getting the same error when I try to run hackrf_info. Does anyone know what can I do? Please I'd appreciate any help! I've been trying to solve this for 2 weeks, I looked everywhere on the net and found nothing to solve this. Thanks.

Greetings, Recently, Mozilla sponsored an "art show" in NYC called "The Glass Room." The topic was privacy and data. One of the exhibits, by "Critical Engineering Working Group", had yagi-uda antennas passively scanning and collecting wifi enabled devices (phones, laptops, etc), that were looking to connect to a network. The data they were able to collect were things like device name, MAC address, preferred network list, and location. I want to recreate this exhibit. Ideally, the collected data would dump into a database where it could be interpreted later to establish a pattern. In the community's mind, what is the best way to complete this project? Here's the link to "The Glass Room" https://theglassroomnyc.org/artists-2/ Any information would be huge! Cheers

I found an old UHF TV at the thrift store today and I thought to myself, what not a better way to learn how NTSC works! Simple stuff relay. If you want to transmit using a HackRF or BladeRF all you need to do is encode a .dat file with a Python script, run it threw GRC, and boom, Bob's your uncle! https://en.wikipedia.org/wiki/NTSC\ ttps://github.com/argilo/sdr-examples/tree/master/ntsc

What is the difference between HackRF One, YARD Stick One, Ubertooth One, Software Defined Radio Mobile Kit?

Has anyone ever got PyBOMBS to work in Ubuntu 16.04? After following the instructions from their GitHub page (https://github.com/gnuradio/pybombs/), both pip install and building from source, I'm running into the same error when trying to run gnuradio-companion. root@robot:/pybombs# pybombs run gnuradio-companion PyBOMBS - INFO - PyBOMBS Version 2.2.0 Traceback (most recent call last): File "/home/pike/prefix/bin/gnuradio-companion", line 99, in <module> run_main() File "/home/pike/prefix/bin/gnuradio-companion", line 87, in run_main from gnuradio.grc.main import main ImportError: No module named main Or... root@robot:/pybombs# source ~/prefix/setup_env.sh root@robot:/pybombs# gnuradio-companion Traceback (most recent call last): File "/home/pike/prefix/bin/gnuradio-companion", line 99, in <module> run_main() File "/home/pike/prefix/bin/gnuradio-companion", line 87, in run_main from gnuradio.grc.main import main ImportError: No module named main It's failing to import main from gnuradio.grc.main but when I dove into the gnuradio.grc python module, main didn't exist :/. Anyone else experience this before?

For no real reason but to learn something new, I built Raspberry Pi tablet with Kali and a couple of RTL-SDR's for radio monitoring. I'm naming this computer, "Seirēn" because I think it's pretty and she's a killer lol. She's a work in progress being that I need to see how it runs two RTL's, give it touch screen capabilities, give it sound, and paint the thing some dumb color like pink... More to come!

Hello, I need to implement WiFi 802.11 a/b/g/n/ac protocol with SDR at 470MHz. - Is it possible to implement WiFi at this frequency? - Is any existing implementations about it?

Good morning all. and thank you in advance for your interest and assistance. Let me apologize for the length of this first post, but trying to get most all the info on hardware / software / configuration / etc in the initial post rather than taking up the thread posting them later... The Project: The Boot Key Harbor Cruisers Net is a marine vhf net that meets every morning at 0900 in support of the local community of cruising boats here in Marathon. In the winter "season" we can have as many as 300+ boats in the harbor and surrounding area. After discussions with some of the other net-controllers, we decided it would be good to push the broadcast onto the internet so folks not able to participate on the live VHF net due to moving outside the local area or time constraints like a job, can still listen Goals and Requirements: Eventually, we would like to be able to record and push the mp3 encoded files to the internet server unattended. Currently the recordings are started and stopped manualy using the hardware/software listed below. If we can get the physical footprint small enough and operate "headless" we may be able to convince the Marathon City Marina (one of our sponsors) to allow us to hang the system off their tower with an ethernet connection to the public wifi router. To this end, my logic dictates a RasPi2 or 3 running linux and arm compatible software. The low power requirements of the Pi would allow it to run 24/7 with recording and SFTP functions controlled by simple bash scripts. Therefor, we are looking at linux only software that also can be run from the command line only (No gui). Hardware: (Current) Standrd 1/4 wave loaded VHF whip antenna. Elevation aprox 15'. Rtl-Sdr usb dongle (RTL2832U with 1ppm TCXO). Coupled direct to antenna with PL-259/SMA male adaptor. 15' usb cable (no balun) IBM t42 laptop running linux OS Software: (Installed) Navigatrix OS (Debian/Ubuntu 14.04) RTL-SDR (current latest) GnuRadio (current latest) Gqrx (current latest) History, Issues, Current Status: Initial setup using rtl_fm tested on VHF WX2 (162.4M)with good results. 1Kw station with tall tower located about 25 miles distant. rtl_fm test on Cruisers Net VHF 68 (156.425M) very poor quality do to interfering signal at about 156.125M (See gqrx waterfall screen shot below). Testing using gqrx usuable to good quality despite strong nearby signal. Encoded udp stream as mp3 using | sox and pushed to server via sftp (manual). Usuable gqrx settings as follow: Filter: Wide [li]Mode: Narrow FM AGC: Fast Squelch: -58.5 dBFS LNB LO: 0Mhz Gain: 10 Freq Correction: 0ppm Stream as UDP Freq 156.425 Have been unable to duplicate gqrx settings in rtl_fm after numerous tries despite going over the rtl_fm documentation numerous times. While gqrx works as long as I am here to interact with the gui, it is not command line happy as far as scheduled control via bash. Rtl_fm also has another issue with how it handles squelch. When squelch kicks in, it stops output and busts the sox recording pipe. Found a modified version that is supposed to address this issue, plus another that includes outputing a udp stream rather than a raw file, but until I can get the command line switches set up to match the working gqrx config, its kinda a moot point... One thing at a time. Specific Questions: Can anyone help us configure the gqrx command line to the same config as gqrx listed above? Any suggestions as to software we have not tried yet that will meet the requirements of command line operation? Have not tried RTLSharp yet... know it will run on linux under mono, but not sure on raspian. If you have read this far, thanks for your patience. You can listen to test recordings on our partial website at bootkeycruisers.net Screen shot of typical gqrx waterfall below (no traffic on target freq). Looking forward to your replies David