After the S4 conference, I attended the RFCat class taught by atlas 0f d00m(@at1as on twitter). The RFCat is a combination of hardware and software used to explore the 300-928 Mhz radio spectrum. It’s not SDR, but it’s LIKE SDR. The intent, and I’m paraphrasing here, is to open the sub-1ghz spectrum for analysis by hackers and other concerned individuals. It opens a channel, reducing the complexity of these devices to something that can be, well… hacked at.
For me, the training was a blast. I love it when training blends all the different aspects of a subject together, not just the nuts and bolts of the tool. atlas discussed the history of radio (I loved his story about the original radio hacker, Nevil Maskelyne, read about it) and the regulations surrounding it’s use. He goes into the basic theory of how radio works, what frequency is, what modulation is, and touched on some advanced concepts that made my head spin at the time. Even patents found their way in, because atlas found they were one of the best ways to determine hopping patterns for devices that use FHSS.
Getting into the setup, we did have some problems. First, the WiFi for the conference had a blocker in place for the repositories we needed. This took some troubleshooting because there was another repository that had a package of a similar name that fried a bunch of machines, and handy assistance from a former DB’er who had a cell access point. Second, RFCat is not VMWare friendly. I’ve had great experiences with other wireless devices and VMWare Workstation, but not here. Communication would appear to happen, but would quickly time out. Use a LiveCD, or your own Linux box, for RFCat.
The software used is Python based, and is basically an interactive API, if that makes sense. Through the API, you can set modulation, frequency, and other variables important to radio communication. RFCat then has a couple of routines that will the dump the raw HEX for analysis. There are few commands to massage the data, but anything you wanted to do could be purpose built in Python.
atlas had a host of wireless transmitters communicating during the training, and these all capable of communication via RFCat. We didn’t get into each one, but I did find myself with a few minutes of breathing room to try and find the devices. I had some limited successes with reception, but nothing with transmission (I need to try harder). It’s a tool, not a solution.
In short, the training was great, I’ve got a new tool to explore the radio world, and a lot of good ideas. The basics were all there in the RFCat training, I’ve got a handle on on the variables I’m using, and it’s ignited some curiosity there.
As far as improvements, the labs would each benefit from “This is what you should see and why” slides. Oftentimes, troubleshooting all the variables is super difficult because I didn’t know what I was looking for. Having atlas explain was good, but that solid I’mRight/I’mWrong decision point was missing. Had I had this, I would have spent much less time trying to fit background noise into a modulation. And if you are planning to use the RFCat in the field, be aware there is no power management. It drained my normally 2.5 hour battery in about 25 minutes.
I’d talk more about it, but there’s a 403 Mhz receiver right outside my window that opens a large car gate. I’ve got the transmitter sitting right here, and I got explorin’ to do.
Kinda OT: It’s funny how the development of multipurpose, simple, and easily extended tools always end up bringing a complex or downright daunting subject into the reach of hundreds, or thousands, of motivated individuals. In the hacker world, this brings awareness of just how fragile things can be, and awareness breeds action. Fundamentally, we are not a populace that excels at pure theory, everything must be brought into reach of our senses for us to take action. I’m thankful for those who understand the theory, and build the tools that make it possible for me to more easily explore the world.
RFCat Google Code Project - http://code.google.com/p/rfcat/
title image from grrcon.org, where the rfcat can be bought.