Page 3 of 6

Hello RTL-SDR

A new cool gadget has fallen into my hands: a SDR DVB-T dongle based on the Realtek RTL2832U chipset. Little did I know I was gonna get so fascinated about this world and first thing I wanted to try is to open my garage door from an Arduino as a “Hello World” exercise.

remote

Firstly, I installed the necessary software on a Kali Linux distribution and checked the frequency of the remote with the gqrx tool:

GQRX

Then, I dumped the signal for further analysis into a wav file using the gnuradio-companion software:

gnuradio-companion

This flowgraph will let us sample the signal sent by the remote and write it into a Wav file. After pressing the buttons on the remote we can see how it looks like in Audacity:

The modulation used by the remote is OOK and looks like it uses Manchester codification. Using the rtl_433 tool, I was able to decode the frame and correlate it with the waveform above:

*** signal_start = 2189802, signal_end = 2300238
signal_len = 110436,  pulses = 86
Iteration 1. t: 404    min: 110 (47)    max: 699 (39)    delta 241
Iteration 2. t: 404    min: 110 (47)    max: 699 (39)    delta 0
Pulse coding: Short pulse length 110 - Long pulse length 699

Short distance: 83, long distance: 675, packet distance: 4804

p_limit: 404
bitbuffer:: Number of rows: 6 
[00] {4} f0 : 1111
[01] {18} 23 23 c0 : 00100011 00100011 11
[02] {18} 23 23 c0 : 00100011 00100011 11
[03] {18} 23 23 c0 : 00100011 00100011 11
[04] {18} 23 23 c0 : 00100011 00100011 11
[05] {10} 23 00 : 00100011 00

As long as the button’s pressed, the remote will keep on transmitting the 18-bit frame which we have identified as:   00100011 00100011 11. This bitstream can be clearly seen on Audacity.

From the output above, the short pulses got 110 counts and the long pulses 699. Since the rtl_433 tool samples at 250KHz, it means that they last 440us while the long ones last 2800us. All we need to do now is write the software for the Arduino board to replicate the signal:

#define rfTransmitPin 4
#define ledPin 13
#define buttonPin 9      

void setup(){

	pinMode(rfTransmitPin, OUTPUT);
	pinMode(ledPin, OUTPUT);
	pinMode(botonPin, INPUT);       

	digitalWrite(rfTransmitPin, LOW);
 }

  void loop(){
    if(digitalRead(buttonPin) == HIGH)   // if the button is pressed, tx the code
      transmitCode();
  }

#define SHORT_WAIT	delayMicroseconds(440)
#define LONG_WAIT	delayMicroseconds(2800)
#define TX_LOW		digitalWrite(rfTransmitPin, LOW)
#define TX_HIGH		digitalWrite(rfTransmitPin, HIGH)
#define OUTPUT_0	{TX_HIGH; SHORT_WAIT; TX_LOW; LONG_WAIT;}
#define OUTPUT_1	{TX_HIGH; LONG_WAIT;  TX_LOW; SHORT_WAIT;}

#define FRAME_SIZE        18

unsigned char code[] = {0,0,1,0,0,0,1,1,0,0,1,0,0,0,1,1,1,1};

void transmitCode() {

    digitalWrite(ledPin, HIGH);

	for(int i=0;i<CODE_SIZE;i++)
	{
		if(code_left[i] == 1)
		{
			OUTPUT_1;
		}
		else
		{
			OUTPUT_0;
		}
	}
	digitalWrite(rfTransmitPin, LOW);
	delay(200);

    digitalWrite(ledPin, LOW);
 }
 

Now, let’s download it into the microcontroller and capture what it’s sent to see if it matches the original code:

Arduino Sample

 

 

The waveform looks pretty much the same as the one sent by the remote. Also, the rtl_433 tool is able to decode it properly and the timing looks quite nice too:

*** signal_start = 12434285, signal_end = 12748315
signal_len = 314030,  pulses = 144
Iteration 1. t: 413    min: 115 (84)    max: 711 (60)    delta 8
Iteration 2. t: 413    min: 115 (84)    max: 711 (60)    delta 0
Pulse coding: Short pulse length 115 - Long pulse length 711
Short distance: 112, long distance: 708, packet distance: 25527

p_limit: 413
bitbuffer:: Number of rows: 8
[00] {18} 23 23 c0 : 00100011 00100011 11
[01] {18} 23 23 c0 : 00100011 00100011 11
[02] {18} 23 23 c0 : 00100011 00100011 11
[03] {18} 23 23 c0 : 00100011 00100011 11
[04] {18} 23 23 c0 : 00100011 00100011 11
[05] {18} 23 23 c0 : 00100011 00100011 11
[06] {18} 23 23 c0 : 00100011 00100011 11
[07] {18} 23 23 c0 : 00100011 00100011 11

Now we’re sure that the Arduino board will transmit the same signal, it’s time to try it by the garage door and… it WORKS! 🙂

It is a very simple project but as a first contact with the RTL-SDR world I had a lot of fun. I’m looking forward to learning more about it, especially the gnuradio-companion software for signal processing and analysis.

 

OpenVPN & OpenWRT – Secure Browsing from your mobile phone

Some time ago, I bought a TL-WR703N WiFi router for less than 15€. It came with a Chinese firmware that I overwrote with an OpenWRT image and connected to my ADSL router.

This device is really cool but once you flash it with an OpenWRT image you’ll find out that there’s almost no free space  (4MB total flash) so I decided to use an external USB memory to increase the available space and turn it into a useful gadget 🙂
WR703N

 

I used to have stunnel and OpenVPN servers running on my PC but since I didn’t want to have the computer on all day, I decided to replace it with this small device which makes no noise and consumes very low power (around 80mA/~0.4W with WiFi on if I disable the blue LED :))

First thing I did was setting up an AP and disable my router’s WiFi network since its antenna was surprisingly better and my old router doesn’t support WiFi n. So my devices at home would connect to the WR703N WiFi network which was bridged with the ethernet interface to the ADSL router.

After this introduction, I’ll explain how to set up an OpenVPN server to browse securely anywhere from your phone which is especially useful if you’re using free or untrusted wifi networks out there.

 

OpenVPN Diagram

OpenVPN Diagram

At the moment of writing, I’m on the latest OpenWRT version which is Attitude Adjustment 12.09, r36088.

Required packages:

  • openvpn-easy-rsa – 2.2.2-2 – Simple shell scripts to manage a Certificate Authority
  • openvpn – 2.2.2-2 – Open source VPN solution using SSL

 

1. Certificates and keys generation

The easy-rsa package helps you create the CA, server and client certificates but you can either create them yourself or use existing ones created somehow (as long as you keep your private keys secret 🙂

I created 2048 bit RSA certificates with the help of the easy-rsa tool:

Edit the /etc/easy-rsa/vars file and change the KEY_SIZE value to 2048

export KEY_SIZE=2048

Also, feel free to change the certificate public data such as the common name, country, etc.

 

root@OpenWrt:/etc/easy-rsa# build-ca
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/easy-rsa/keys
Generating a 2048 bit RSA private key
..................................+++
writing new private key to 'ca.key'
-----

Now generate the DH parameters and the server and client certificates signed by the previous CA.

build-dh
build-key-server server
build-key-pkcs12 daniiphone

Afterwards, all those files will be located under /etc/easy-rsa/keys and must be copied over to the openvpn directory:
root@OpenWrt:/etc/easy-rsa/keys# cp ca.crt ca.key dh2048.pem server.crt server.key /etc/openvpn/

The client certificate is not needed on the server side but we’ve generated it inside the WR703N and must be copied onto the client (in this case, my iPhone). We’ve generated the client certificate (daniiphone) in PKCS12 format which includes both the public certificate and the private key. It’s really important to protect it with a password because you’re gonna send it to your e-mail in order to import it from the OpenVPN iOS app. At the time of creating it, you’ll be prompted to enter a password.

 

2.  Server side configuration

I’ve configured the OpenVPN server as follows using uci (you can do it by editing /etc/config/openvpn file).

root@OpenWrt:/etc/openvpn# uci show openvpn
openvpn.myvpn=openvpn
openvpn.myvpn.enable=1
openvpn.myvpn.port=1194
openvpn.myvpn.proto=udp
openvpn.myvpn.dev=tun
openvpn.myvpn.ca=/etc/openvpn/ca.crt
openvpn.myvpn.cert=/etc/openvpn/server.crt
openvpn.myvpn.key=/etc/openvpn/server.key
openvpn.myvpn.dh=/etc/openvpn/dh2048.pem
openvpn.myvpn.ifconfig_pool_persist=/tmp/ipp.txt
openvpn.myvpn.keepalive=10 120
openvpn.myvpn.persist_key=1
openvpn.myvpn.persist_tun=1
openvpn.myvpn.status=/var/log/openvpn-status.log
openvpn.myvpn.verb=3
openvpn.myvpn.server=10.8.0.0 255.255.255.0
openvpn.myvpn.client_to_client=1
openvpn.myvpn.comp_lzo=1
openvpn.myvpn.push=route 192.168.1.0 255.255.255.0 dhcp-option DNS 192.168.1.1 dhcp-option DOMAIN 192.168.1.1

These settings tell the server to listen on UDP port 1194 (which needs to be forwarded in your ADSL router to the WR703N IP address) and sets the VPN network at 10.8.0.0/24 (clients will be assigned an IP address in this subnet).
The last line creates a default route to my lan network 192.168.1.0/24 and shall be replaced with your own configuration.

Now we need to create a rule in the firewall to permit the VPN traffic. Add the following rule to the /etc/config/firewall file on the OpenWRT system:
config 'rule'
option 'target' 'ACCEPT'
option 'name' 'vpn'
option 'src' 'wan'
option 'proto' 'udp'
option 'dest_port' '1194'

In order to forward traffic from the VPN to the wan connection, we need to enable forwarding on the tun interface and create an NAT to the local interface:

iptables -I INPUT -i tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 192.168.1.5

Replace the 192.168.1.5 with your OpenWRT lan IP address and start the openvpn service:

Enable OpenVPN service autostart
root@OpenWrt:~# /etc/init.d/openvpn enable
Start the service
root@OpenWrt:~# /etc/init.d/openvpn start

 

2.  Client side configuration

Now we need to setup the iPhone (it should work on Android phones or any computer running OpenVPN) to connect to our VPN server. First we need to transfer the .p12 file created in the first step and import it to the phone from an e-mail attachment.

Install Certificate

Install Certificate

Certificate Installed

Certificate Installed


Once you have successfully imported the certificate file to the iPhone, it’s time to load the OpenVPN configuration. In order to load it easily, create a .OVPN file like this one:

client
dev tun
proto udp
remote your-public-ip-address 1194
comp-lzo
redirect-gateway
<ca>
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIB/
....
oZEG
-----END CERTIFICATE-----
</ca>
nobind
persist-key
persist-tun
user nobody
group nogroup
resolv-restry infinite

Make sure you specify your public IP address and your CA certificate inside the configuration. This CA is needed because we have used a self-signed CA which is not trusted by the OS so if we didn’t include this certificate within the configuration, the OpenVPN client would not trust the certificate presented by the server during the TLS negotiation.

This .OVPN file has to be imported from an e-mail attachment directly into the OpenVNP app. Once imported, click on the green “Add” button to associate the previous certificate and its private key to this profile. In your configuration you should be able to see your remote IP address (or hostname) instead of “80.80.” which I’ve edited in the screenshots below.

Import OVPN file

Import OVPN file

Add imported certificate

Add imported certificate

 

OpenVPN Profile

OpenVPN Profile

OpenVPN connected

OpenVPN connected

Now that the tunnel has been setup, you should be able to see the “VPN” symbol on the status bar of your iPhone and all your traffic will be encrypted up to your home network. In order to test the connectivity and the forwarding rules, I try to access the OpenWRT Luci web configuration by typing the WR703N IP address in Safari:

OpenWRT Luci

OpenWRT Luci

Now, your iPhone is connected to your home network and all the traffic will go through your ADSL connection. Anyone trying to eavesdrop on the WiFi network will only be able to see tons of encrypted traffic.

It’s very important that you keep the CA private key secret in order to avoid “man-in-the-middle” attacks, as well as protect the .p12 file when you send it over to your phone.

L8 SmartLight – Our Kickstarter adventure!

It’s been quite a long time since I don’t update this blog. The reason why is that I’ve been too busy with L8 Smartlight, a new entrepreneurship project that some friends and I have started a few months ago.

We’re very proud of being the first Spanish project to be successful on Kickstarter and, now that the funding project is about to finish, we’re very keen on starting the production of this new gadget and looking forward to spreading the world with it!

So far, the project’s had sparked the interest of many important sites such as Mashable:

We’re currently working on fully supporting Bluetooth EDR and 4.0 to cover most of the smartphones in the Market. Also there’s still a long way to go to define all the APIs and functionality that will be hopefully ready in the next few months.

I’ll try to update the status on the L8 project in this blog but, we’ll make sure that the latest information will be available right away at Kickstarter

Dani

Silvestre – Cosmobot 2012 Champion!

Silvestre Champion

Silvestre became champion of the Cosmobot 2012, one of the main robotics contests in Spain, after a really tough competition.

During the qualifying session in the morning, Silvestre made the fastest time with an average speed of 2.45 meters per second. Later in the evening, 16 robots went into the knockout phase and Silvestre had to make the most out of itself to push into an speed of 3 meters per second during the final round.

Knockout phase

The strongest point of Silvestre was, undoubtedly , his ability to learn the track and accelerate/brake at the right moments. Unlike past years, Silvestre doesn’t need any parameter to be entered manually but he will dynamically extract the key parameters of the track thanks to the encoders and inertial sensors. After the track’s been successfuly learnt, he will store it into memory for later runs in order to save the learning process every time. However if the data reported from the sensors is different from the expected track, he will learn again or modify it accordingly allowing him to self-adapt to changing conditions.

Cosmobot 2012 Track

The track was really good for our algorithm even though the zig-zag zone was tricky but also a good sucession of events that provided a more accurate positioning 🙂  The rules of the contest state that if a robot touches the internal lane, it would get disqualified but nothing prevents a smart robot from going through the zig-zag area as if it was a straight.

Silvestre was able to recognize the zig-zag area and, depending on the selected profile, he would “patch” the stored track to navigate inertially without reading the line, strictly during the zig-zag turns. This involves a risk because the top speed was about 6m/s and the navigation had to be as accurate as possible but it was robust enough so I used it on the final round :)

Semifinals:

Finals:

I don’t know what happened during the first round but Silvestre missed the line (Murphy’s law pushed him?) and started to learn the track again but, before this happened, the rival caught him up. The next two rounds, everything worked great and Silvestre won the championship!

After the contest, people wondered if Silvestre could learn the track clockwise and here’s the video:

Another video of Silvestre from another angle:

Slow motion video of the zigzag turns:

And below is the proof that what the videos show is not easy at all and took many hours analyzing data and trying:

Silvestre Wheels

New vs. used wheels after some training days

Unfortunatelly, my friend Alberto and I, don’t have as much time as we’d like to spend on the robots but we’re still enjoying competing and getting home at 2AM after a 20-hour of hard work the day before the competition 🙂  It’s great to see how racing robots have improved during the past two years and how innovative one must be in order to keep up pace.

UPDATE: video of the two semifinals and the final. Awesome!

Daniel

Silvestre 2012 improvements

Unfortunately, Silvestre is not getting too much attention this year due to the lack of time but there was still some work to do regarding the acceleration: https://dani.foroselectronica.es/silvestre-getting-ready-for-2012-230/

The acceleration graph was quite good but still not as good as it could be. One of the main problems was the DC-DC converter which was unable to provide enough current at stall so we designed a new one and these are the results:

Silvestre Acceleration Improvements

  X axis represent time in 4.8 ms units

Compared to the results obtained last year, Silvestre is able to run 1 meter longer in the same time and its top speed is also higher. The price to be paid for this extra power is a higher current consumption which has to be taken into account when choosing the right battery for the competition.

The new DC-DC converter board has to be carefully analyzed and I hope to write a new post about it soon.

Dani

Silvestre getting ready for 2012

After some months resting, Silvestre’s got back to work this past weekend and the first thing we’ve done is to enhance the communication protocol in order to get even more data in real time on the PC. This data is essential to study software, hardware and mechanical aspects now that we’ve got a quite stable platform, and we need to focus on subtle things.

We plan to make some improvements over the way Silvestre speeds up and brakes so we definitely need to know how it behaves in both situations:

silvestre_acceleration_g

 

Blue line shows the maximum speed of the wheels (no friction) whereas red line shows Silvestre speed when motors are set to 100% from a stopped position. The track surface is pretty much the same as the one used in most of line followers contests in Spain and wheels were carefully cleaned beforehand. The result after mixing up the signals from the accelerometer and encoders (graph) showed that, during the acceleration phase, wheels didn’t skid.

As you can see, the robot can reach up to 5.6m/s in 0.9 seconds after having traveled a distance of about 4 meters and, in a typical straight in contests of around 2 meters, Silvestre would have to face a turn at about 5 meters per second yet making it harder to get back to a safe speed if the next turn is very close. Hence, we need to learn the track very well during the first laps so that we can precisely know the highest safe speed at every point of the circuit and also, we need to get a great control over the braking phase to slow down into such speed as fast as possible.

So far we had little time to improve the braking and graph isn’t showing good data from second 1 ahead but special attention has to be paid on how weights are transferred while deccelerating because the robot might lose traction thus making it to brake earlier. I look forward to working more on characterizing dynamic aspects of the robot and making the most out of it :)

SecuDroid – Android Anti Theft Loss app Review

SecuDroid - Anti Theft/Loss app for Android

Google is now activating over 500,000 devices each day, growing at 4.4% week on week. This huge raise, led to a big explosion of apps being downloaded from the Android Market, which – at the time of this writing – is 6,148,593,955 (more info at http://www.androlib.com/appstats.aspx).

Among these, there is one particular kind of application which is potentially useful for every single Android user: an app which allows you to locate, track or find your phone in case of theft or loss. SecuDroid is one of those must-have apps which you’d better not need to use, but you’ll definitely be glad to have it when somebody steals your phone or you lose it somewhere.

 Features: 

  • Location information including accuracy, speed and altitude 
  • Periodic tracking
  • Silent pictures using either the front or back camera
  • Remote Lock & Wipe functions
  • SIM card change notification 
  • FindMe Ringtone
  • Invisible Mode
  • E-mail integration  

FAQ: 

  • How does SecuDroid work?

SecuDroid sleeps silently in your Android device waiting for commands sent from any cellphone by SMS. The answer to these comands will be sent by SecuDroid either by e-mail or by SMS.

These SMS will not show up on your phone because they are intercepted by SecuDroid, so the thief will not suspect that you are on your way to recover your phone.

  • How can I be sure that nobody will be able to track me if I install SecuDroid?

When you request an action from SecuDroid you must precede the command with a password. This password can be changed at any times from the SecuDroid configuration window and, by default, it is set to “PW” (without quotes).  Anyone who knows this password will be able to track you or even wipe your data off your phone.

  • How can I hide SecuDroid so that noone knows that it’s there?

SecuDroid will appear as “eNotes” under the installed applications list. Also, you will be able to remove the launcher icon from the configuration window.

  • If I remove the launcher icon, how can I modify the settings?

You’ll be able to launch the configuration window by dialing a pre-configured code from the stock phone app. This code, by default, is 3535 but you can change it at any times.

  • Will SecuDroid be able to determine my location even if GPS is off?

In order to switch GPS on, Android enforces the user to do it manually. However, SecuDroid will enable the GPS hardware without user interaction (by tricking the OS) to get the location and, afterwards, it will switch it off automatically to hide itself. Nonetheless, it is highly recommended that you test this feature in your particular device because this is likely to be avoided by Android in the future. In this case, just leave the GPS setting on (no impact on battery life) or you’ll only get positions based on GSM towers triangulation.

  • Somebody stole my phone and I want to find out who, will the thief be able to locate the pictures in the phone storage?

No. Pictures are stored temporally without image extensions and they will be erased right after being sent

  • If I take a picture remotelly, will the thief hear the camera shutter sound?

SecuDroid will take pictures silently by disabling the shutter sound. However, some devices are impossible to get the shutter sound disabled due to legal restrictions so you must make sure how your device works by testing it first. You’ll probably be able to disable it by some other means like rooting your phone and removing the sound but SecuDroid doesn’t encourage you to root your phone unlike other apps.

  • The FindMe function is pretty cool but what if I left the phone in silent/vibration mode?

Just send a BEEP command to your phone and SecuDroid will ring loud for 60 seconds or until you switch the screen on/off no matter what the previous state was. After this command, volume will be set at maximum leve so you’re free now to call and find out where the sound comes from

  • Just realized that I lost my phone with critical information. How can SecuDroid help me?

Before trying to track or locate your phone, you should lock it with a password to make sure that noone can access to your sensitive data or even make calls. If you feel that the information inside your phone is even more important than the device itself, wipe the data within a few seconds by issuing a WIPE command.

  • Transparency is really important. Does SecuDroid include any phone-home component that could compromise my privacy?

SecuDroid does NOT include any phone-home component. You can be completely sure that SecuDroid will not connect to a 3rd party server and will not use your location or personal information in any ways.

  • What e-mail account does SecuDroid use to send the pictures and location info to?

You can configure a GMail account from SecuDroid settings window and this will be the account used to send the answers to remote requests. If, for example, this account is removed or you change the password, the answers will be sent back via SMS (or MMS if a picture was requested). The default destination e-mail address is also configured and has not necessarily to be a GMail address.

Details: http://www.secudroidapp.com/secudroid
Instructions: http://www.secudroidapp.com/instructions
FAQ: http://www.secudroidapp.com/faq

Campus Party 2011

I’m back from the 15th edition of Campus Party and it was a great success for us regarding the competitions we took part in. Here are the results:

  • Web/Mobile App Development Challenge by Coritel (Accenture) – Innovation Area: 1st place!
  • “Best of Show” Robotics competition: 1st place
  • “Speed Runners” Robotics competition: 1st and 2nd places
  • “Campus Climbers” Robotics competition: 3rd place

CP prizes

I enjoyed very much this edition of Campus Party attending  great conferences  and meeting up with some old friends again and new people into robotics and technology. I’m already looking forward to the next edition and seeing more cool stuff during a whole week in Valencia 🙂

D.

Drive the uXbot from your Android device

I wrote an application for Android OS based devices to control the uXbot robot remotelly via Bluetooth. This has been my first experience with Android development and, even though the UI creation isn’t very straightforward, the rest of the features such as Bluetooth discovering, pairing or sensor data acquisition have been fairly easy.

 uXbot Mobile Manager SplashuXbot Mobile Manager

Features:

I’ll be uploading some videos in the next few days and, when it’s a little bit more tested, I’ll be glad to publish the sources so that anyone can add new features (IR sensor readings, battery voltage, firmware uploading using uXbot internal bluetooth bootloader,…).

UPDATE:

 

Daniel

Silvestre & uXbot – Line Following Champions

Last week, we attended two of the most important championships in Spain with Silvestre and uXbot.

SilvestreuXbot

  • In Hispabot, the track had a ramp which was pretty challenging for our robots since they were not designed with this in mind. The major problem was that the robots got blind for a while in their way up and also in their way down. This problem was worse for Silvestre since it’s larger and its sensors spent more time in the air, reason why the uXbot managed to get to the top of the podium with Silvestre right behind him on the 2nd place.
  • Robolid hold a really crowded championship with around 80 robots taking part in the robotrackers category and 20 robots in the Line Following contest. Silvestre and uXbot had to fight with most of the best robots in Spain and they finally won with Silvestre in the 1st place and uXbot 2nd.  On a side note, a new electronic system was used during the contest to measure lap times, average and top speeds and Silvestre’s top speed was over 5 meters per second (18 km/h)!

The most remarkable features of the robots are:

  • DC Maxon motors
  • FPGA to accurately read the quadrature signals from the encoders and real-time processing (Silvestre)
  • Inertial sensors
  • Track learning: the algorithm takes about 2-2.5 laps to identify when the lap starts over and extract the characteristics and speed-up/braking points.
  • Adaptative behaviour: Throughout the laps, the robots modify their parameters (speed, speed-up/braking points,…) for each part of the track. This allows the robot to adapt themselves to the track conditions (dust, creases, …)

Below you can see a video from the training days to the final round of the latest contest. Some slow motion parts show how the robots performed over the ramp at Hispabot and how they had to fight with the skids right after the downhill 😉

D.