Hardware components | ||||||
 |
| × | 1 | |||
HackRF Blue is a cost-optimized of the open source HackRF One. It is a Software Defined Radio (SDR), you can think of it as a sound card for radio. It allows to observe and manipulate radio signals from ~1MHz up to 6GHz within a maximum bandwidth of 20MHz. We use it with GNU Radio on the PC which is a signal processing library that contains all we need to do using SDR. Gnuradio has a nice GUI, the Gnu Radio companion, that allows to start testing without having to write code (this GUI actually output a Python program). Getting into SDR is not easy, we have been looking at the Michael Ossmann’s SDR videos (I suggest you look at them if you want to learn about SDR!) and it helps a lot understanding what to do.
In this project I will go throw the step required to detect and decode the Crazyradio nRF24 signal. The beginning of the procedure can be used to detect and decode any radio device.
To test the HackRF we can just create a very simple python script that sends 10 packets per seconds with Crazyradio. I assumes that cflib is installed in your system. If not install it with "pip install cflib".
from crazyradio import Crazyradio
import time
cr = Crazyradio()
cr.set_channel(26)
cr.set_data_rate(cr.DR_1MPS)
while True:
cr.send_packet((0,1,2,3,4))
time.sleep(0.1)
Then we just tune HackRF to the Crazyradio frequency, and we can see the GFSK signal!
GFSK is a kind of Frequency Modulation. Which means that it should be a cosine wave of constant amplitude. So calulating the magnitude of the complex signal allows to locate data packets by setting the scope trigger:
Now that we can synchronize on a packet, we can add a filter and a quadrature demodulator to demodulate the fm signal and show the data packet (in green):
The preamble (series of 0101010101) is clearly visible followed by the radio address which is 0xe7e7e7e7e7. Now the ‘only’ things left would be to decode the packet. Hopefully for us Cyber Explorer already did the hard work and all we have to do is to send the demodulated data in a unix fifo and send the fifo in the decoder. This procedure is explained in the wiki. As a result we receives the packets:
As a conclusion we found that with the current setup we have a lot of packet lost. We also have a sniffer made out of an nRF51 evaluation kit and it gets much more packets so it is still preferred to analyse protocols. However we can still enhance the SDR algorithm and the 20MHz bandwidth of the HackRF will allow us to sniff on many channels at once, making it perfect to debug channel hopping when we implement it for the Crazyflie.
Comments