Alright, you wanted me to do it, so here goes.
A real quick and dirty tutorial on how to use #Universal #Radio #Hacker or #URH to do something useful.
You can find the tool here: github.com/jopohl/urh
It's a bit flaky at times, but it appears to support capture and replay on most hardware out in the field today, which is GREAT
The tool comes in useful when you're confronted with a radio link and want to find out the details (modulation, bitrate, etc) when those aren't made public by the manufacturer. It's also handy when you just have a signal and no device in hand.
In my area, we have quite a lot of activity in the "IoT" bands. Here's what goes on around 433.925MHz. Remember energy at a particular freq is plotted horizontally while time flows (falls?) vertically.
Quite a few blips of energy there! But what do they mean? Who knows!
This is what URH may help us to investigate.
First and foremost, you can record right from URH, very handy. Lots of knobs to twiddle! They also provided a button to start over if the signal you wanted was not recorded for whatever reason -- most of them come at intervals.
Signal power is shown live when recording.
With any luck, you got your signal saved on your disk. It also gets added for the analysis -- this is what it looked like for me, about a minute of noise and blips. The tool tries to guesstimate the noise level for you (in red) but this often needs adjustment.
That's more like it. Most of noise is within the red while signal blips stick outside.
The noise level influences what the software takes as "signal" -- if the level is above, then it's processed. Which is exactly what we want.
As I have NO CLUE whatsoever as to what I'll be looking at, I just picked the thickest blip, which is probably the lowest bit rate too. Let's zoom in on that one.
Clearly, this is composed of three distinct elements: short pulse, long pulse, and a pause. So maybe this is a simple modulation scheme like on-off keying (OOK)? But it's a tad hard on the eyes, let's tweak things a bit.
Setting modulation to ASK (here same as OOK) and switching the signal view from "analog" to "demodulated" we get this image. The pattern is a bit more distinct; this view also shows that would be taken as 1 and 0 with color and this is adjustable.
Conveniently enough, you can also zoom in more and measure the features via click-and-drag selection method; selection is highlighted. The program reports how many samples got selected as well as converting that into a time interval.
After extremely precise measurement, I got the short pulse of 487us, the long pulse of 1463us, and the pause of 982us!
Completely useless at this point, but if the short pulse is 1 unit long, then the long pulse is 3 units and the pause is 2 units. Not random at all.
Setting the "samples/symbol" to our measures 487us and enabling the "show signal" thing, we get the "bits!" 1001001001001001001001110010011100111...
Of course, they are not real bits. At least, it's not what the device probably thinks it transmits. Why's that? Because there is too much redundancy. More likely than not, the device actually encodes a "0" as a short pulse + pause, and a "1" as a long pulse + pause.
But you can work around that using the analysis features the software provides! Specifically, decoding -- it is quite configurable. Switching to the "analysis" tab, here are our ASK messages (there are two identical copies)
You can configure the decoding via Edit -> Decoding menu and dialog box, and then apply the custom decoding via the "decoding" drop-down in the tab (where is says Non Return To Zero now).
Rummaging in the options, the "morse" base function fits well. Add it and test:
Oh wow, it did replace 100 with 0 and 11100 with 1, as expected! There is a chance it will actually work. Remember to "save as" your new decoding method and then apply:
Boom! Done. We figured out how to go from noise in the air to ones and zeros. We can go ahead and collect a few hundred of these and see if we can figure out what the bits mean! Maybe. Possibly.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Dmitry DJ Janushkevich

Dmitry DJ Janushkevich Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(