Go Down

Topic: RF Explorer - Universal RF packet sniffer (Read 12839 times) previous topic - next topic

Ariel Rocholl

Background: RF Explorer is a handheld spectrum analyzer which can be used on all popular ISM bands, to keep this thread short I won't extend much on current capabilities, you can get more info at http://www.rf-explorer.com. Let me know if you need any more details.

Now the question: I am going to extend the current firmware with packet sniffer functionality, so RF Explorer can decode and show on screen any wireless packet being OOK or FSK, the two most popular modulation schemes. More interestingly, RF Explorer will be able to send and receive OOK / FSK packets so it can act as a packet monitor but also as a remote control for a configurable frequency and packet format.

I am looking for ideas, suggestions and specific needs to fulfill in this area. It will be implemented in a way that can work with any RF transceiver in the other end, assuming it works with OOK or FSK. Arduino code examples will be used in all cases.

An example of how the Packet Sniffer may work is:

  • You create a project with an Arduino board which uses a RF transceiver for wireless communication (for instance a CC1101 like RFBee or a Si4xxx like HopeRF modules)

  • You easily call the RF module library for a simple "hello world" in a given frequency and baud rate

  • Configuring RF explorer baud rate and frequency will show you the "hello world" string on screen, in addition to showing exact frequency read value and received power

The Open Source Windows PC Client will display packet in a similar way as Texas Instrument Packet Sniffer does for SimpliciTI (see screenshot below), the only difference is RF Explorer is not limited to a specific vendor protocol.

Any suggestions on specific needs beyond that you may suggest?

As a second phase it will include a RAW data decoder so binary signal will be shown on screen. This will allow to hack and decode any signal, including weather stations, door openers, PT2262 and family of coders, etc. Again ideas will be appreciated on how you would like to get this available in the RF Explorer screen so it can be easily reused in an Arduino board with a RF transceiver. Probably an HEX code dump will be all we need...

Thanks in advance!

Ariel Rocholl

RF Explorer Sniffer - public Beta available

This major feature for RF Explorer Spectrum Analyzers is now available as public Beta release.

We have been working hard the last few months to embed a huge list of features, including the ability to create your own decoder Add-ins:

  • Capture OOK/ASK modulation data packets at any frequency supported by your device model (in the range 15-2700MHz)
  • Filter and trim noise out of the data capture
  • Included decoders for PT2264 remote controls and Oregon Scientific weather stations
  • Advanced zoom, contextual menus, text, configuration settings for sample rate and frequency.

There are so many features included, the only way to elaborate them is through an accompanying guide included in the software package.

Download available in the BETA area of the download page.

How the RF sniffer works

You can detect RF transmission and decode data either manually or automatically.

Most gadgets and devices like the ones depicted below can be easily captured and processed by RF Explorer sniffer tool:

The RF transmission would look like a train of pulses at first sight, but it can include a large number of unusable noisy data, as well as duplicated data packets transmitted by the gadget.

Thanks to RF Explorer Sniffer tool advanced features, you can easily remove unwanted noise and detect envelope digital modulated signal, so it can be interpreted according to available documentation or reverse engineering.

If the device transmit a protocol currently supported by one of the included Decoders, the RF Explorer Sniffer will do all decoding with a single click:

Using this extremely advanced feature, checking any RF transmission is now a trivial task.

Below is a fully decoded RF remote control data packet including address and data values when pressing button [1] of that particular remote control. A good example of use for this would be to adjust your remote control receiver to the right address to react to that remote control.

And this is an example of fully decoded Oregon Scientific Weather Station sensor transmitting 7.9C temperature and 55% humidity.

This useful tool enables RF Explorer models such as 433M (by a mere $99) assist you on debugging RF projects, detect wanted and unwanted transmissions and interpret any gadget at hand. As opposed to other tools available, you do not need to disassemble or connect cables to the RF gadget in order to detect what is being transmitted: your RF Explorer connected to a Windows PC is all you need for the antenna capture and sniff around!

Developing your own Decoder add-ins

By using a simple yet effective Add-in model, RF Explorer for Windows can be easily extended with your own Decoders.

You can develop decoders in any language, samples are provided in Python and C#, but others like Perl, VB, C/C++, Java and pretty much any environment you are familiar with can do the work just fine. The only requirement is to produce a command line tool, following certain convention for data communication between the Add-in and the RF Explorer for Windows tool.

Happy hacking!

Go Up

Please enter a valid email to subscribe

Confirm your email address

We need to confirm your email address.
To complete the subscription, please click the link in the email we just sent you.

Thank you for subscribing!

via Egeo 16
Torino, 10131