ฝัง
- เผยแพร่เมื่อ 24 มี.ค. 2024
- Code/Writeup/Resources: github.com/cnlohr/lolra
Patreon: / cnlohr
Memes, in order of appearance: Tiny Paper Senior Chang, Trollface Rage Comic, Nerdy RF Mixer, 69-420, Sanic Gotta Go Fast, Midwit IQ Bell Curve, “Y U NO” Guy, Feels Good, This Is Fine, Great Gatsby Reaction
If anyone wants to join my discord, feel free to ping me directly, we are open, but not public. - วิทยาศาสตร์และเทคโนโลยี
You’re crazy. I’m convinced that all RF engineers are wizards.
I was convinced long ago that Charles was a wizard.
Aleays have been
RF engineering is basically Black Magic (or so I've heard).
Yeah I did a lora project before starting my engineering degree... Sweet and tears man, but mostly a huge amount of datasheet and theory to read
Yet they remix ideas every 4 years for children wonderment.
Charles: so I made the GPIO pin go real fast. FCC: and I took that personally.
I dont think there is a better meme for this video
😂
I am unfamiliar with this meme
I think the FCC can't even complain if the signal is below the noise floor, could it?
@@red13emerald, The problem with this is that the desired signal is below the noise floor, but there are other undesired signals being produced that aren’t. These need to be removed with a high pass filter.
@@red13emerald fair point
"That final output is 69.420 MHz"
Nice.
Nice.
Nice
Nice.
Nice.
Nice
Incredible as always. And simultaneously terrifying.
Now we just wait for the headline “Gaming keyboards had firmware undetectably overwritten to broadcast key strokes hundreds of meters via LoRa, without physical access, from user-mode application”
It would only work at a very small volume, right? Otherwise there'd be a ton of noise from thousands of different keyboards.
@@GeekProdigyGuy thats the beauty of spread spectrum! just think about how many bluetooth devices are around you and it still works flawlessly.
well maybe not if everyone was just spewing out subharmonics to get a few picowatts of actual signal 😅
there's far scarier things goin on in the world, no need to freak out over this.
@@CNLohr The only correct response
There have been plenty of security research papers along this line
This Is The Most Insane "Doing Alot with a Little " Project ive eve seen
Does it beat space invaders on an ATtiny10? Maybe.
@@Scroganin my opinion yes lol
Oh man... I have never heard that turn of phrase but it speaks to my soul.
@@CNLohr I kinda made it up lol. But it’s so true. Amazing job! Can’t wait to see what you make next!
@@aurorajunior6328 Sorry but that phrase predates you. It's been around for quite awhile.
Aggressive bandpass filtering could probably make this fcc passable. Amazing work
Yeah but that makes this become radio circuitry with a filter and amplifier, etcc
Aggressive badass work 😅
@@kreuner11 Not really, a bp filter can be some traces scratched off copper pcb. It''s dumb (and illegal) to not make or use one tbh.
Was thinking the same thing. This could be a real fun network filter design process
@@nobodynoone2500 I think he started with that proviso
You are a rare human, gifted, tenacious in your pursuit of knowledge, and incredibly generous. Thanks for sharing, the light shines brightly through you.
I'll buy that for a dollar!
I appreciate your kind words.
dude even attempting this is insane. that you managed to get it working is borderline lunacy.
what you're doing is absolutely masterful and i cannot express how impressed i am
Don't let silly things like feasibility stand in your way. Just keep pushing.
Bandpass filters make these kinda hacks easier, more effective, and more polite to those around you. Every radio hacker should have a pile of remade ones, a tunable one, and the know how to throw one together from scrap. It's a rare but useful superpower in the rf world.
I agree! This was just to get things working with minimal hardware, not getting things working well.
God damn, you just made the CIA’s wet dream of data ex filtration
Trust me, they are already doing it.
@@microcolonel have you seen seytonics video about using a SATA cable to do that
@@aurorajunior6328 no but that seems highly doable. IIRC SATA is unshielded and that would make it easier.
@@microcolonel I don’t trust anyone that has to say trust me
@@geekswithfeet9137trust me: you don't trust anyone who starts their argument with "trust me"
this is the purest definition of knowing how to break all the rules
You can't break rules when there aren't any.
This video terrifies me
Me too in an "in complete awe" sort of way, and also because the implications of it are that a large amount of digital hardware can potentially leak data via LoRa packets induced in software and radiated off existing structures in the product. 🤯
@@DanielSMatthewsmost commercial products can’t as they are designed around emc requirements
@@UKsystems They are designed to pass tests when used as designed, change the code and they are out of spec and Tempest like tricks apply. Same with most of the attacks against air gapped computers, you need to be able to run code on them to get them to behave in unanticipated ways.
@@DanielSMatthews"can" = does
@@DanielSMatthews there are also tests for adverse use cases and checking for anything that can be used as an antenna or at least for ukca aprooval
holy shit that's nuts. When you started talking about using reflections to get your desired carrier frequency my brain started expanding. I'm so shocked that you didnt run into any issues with this by nature of your antenna being a wire that was bent. I figured that any little change would greatly effect the outcome of the reflections, but I guess so long as the actual length of the wire is not changing, the reflections should still be there relatively unchanged. Also the idea to just add wireless connectivity to existing devices that we can hack was just brilliant. Lastly throughout the video I was thinking how it would be a cool project to draw vector graphics in the waterfall view like some people do with the xy plot on a scope and the last few seconds I see the outro graphic. Brilliant
Expanding your brain is what I am here for. I love helping people grow and learn. The outro was something I thought of at the last second.
Now build 10 element beams for both ends. :)
I've blanketed 1/3 of the USA with a 7 mW BPSK LowFER signal from my 30 foot tall antenna with 2 miles of hand-wound 22 gauge wire and a loading coil with 35 pounds of 8 gauge wire wound on a 3 foot diameter Styrofoam core, and I've been called crazy. But you have gone far beyond me. Well done, sir! I salute you! BTW, the most fun I've ever had was doing range tests. I drove 900 miles on I-80 across the USA watching my beacon message play on and on on the computer on the seat beside me. I smiled every inch of the way. Same sort of thing happened with my range tests with Hi-Fi audio sent via a dollar store laser, further and further, 6+ miles of smiling in the cold and dark with rain sprinkling down on me. I think we both know exactly how Marconi felt as his radios worked further, and further, and further.
The days of Marconi would have been a wild time time to be alive. But yeah, WSPR and other protocols would be pretty cool to explore like this.
That laser thing sounds really interesting
You realize the FCC prohibits LowFER antennas longer than 49ft, right? (Including the feed line)
@@scottdotjazzman is the load coil factored into that? It seems strange if it would be because you could just use a higher voltage higher impedance output and no load coil for the same output, right?
@@CNLohr Yea, but if he is using stock retail radios the output will be fixed 50ohm impedence and if the antenna is too short relative to 1/4 wavelength it will have too much capacitance vs impedance so you add a load coil to give that capacitance some more inductance to resonate into- bringing it closer to 50ohm purely resistive.
This is cool... basically you're bit-banging into the air!!! NICE!
That's a really good way to put it.
You saw the term "wave-banging" here first.
@@ceeam NICE!
@@ceeam gosh I wish that didn't sound as inappropriate.
What an absolute madlad! And here I am just using cheap LoRa modules to send messages! I definitely got some inspiration from this.
What cheap. modules?
How much are they?
I bought an llcc68 module from cdebyte but i think they were defective. I could write to their spi registers and read them back, but could never broadcast (no signal ever showed up on a sdr receiver).
Cdebyte world never send me sample code. So i used code from generic modules but either the modules were defective, or the code needed proprietary magic.
@@TheRainHarvester They're called "Ra-01 modules" and they go for about 3-4€ from china. I haven't had any issues with them and the range seems pretty good.
Doing it with modules is way better for everyone involved, this was more of a to-see-if-I-can.
Huge respect for making such limited hardware spit those radio signals. This is even one step beyond VUSB !
Seems crazy to receive data under the noise floor, but the spreading for measly 3000 bits/s over a big bandwidth 125 kHz is what makes it possible.
Indeed! And those bits are spread so broadly in time.
The projects excites me the most are things that are cheap and massively adapted, your stuff always hits the mark. This is a great work that enables people, you are a good human we are lucky we have people like you.
Those are definitely the things I find most compelling.
So maybe for diversity you could put an antenna on multiple pins & transmit sequentially on each one?
Phase coherent output pins
Probably, but would be trickier to figure out how to send the signal.
I learned more about LoRa from your video than many other ones. Great useful research. Cheers
Thanks! I really tried to express the insights I gathered.
In recent days the TH-cam algorithm has giving me more and more smaller channels that are doing amazing things. You're part of that group, looking forward to more content from you my dude! Also, as a software engineer, RF is absolute black magic to me..
I am also a software engineer. And I agree it feels like black magic at first, but then you get the hang of it.
About 3min in and loving the way you bent the pin to see where the antenna plugs in, it probably secures it a bit better aswell. Genius! 👍
I didn't expect anyone would notice that. I just did it so I could tell where it goes.
Lohr-A !
How did this never come up!?
@@CNLohrI said it to you!
@@davidwillmore I just don't remember or maybe I Was too embarrassed?
This video inspired me like very few videos do. Not only am I now way more interested in RF transmission and its theory, but now it all makes sense in a way it never has before. Thank you for gifting this beautiful project to the world!!!! You are amazing!
I'm normally quite put off by the thought of spurious emissions, even if they are very low power. But this has completely turned my conception of them on its head! Though I would be lying if I said I didn't spend half the video trying to think how I would filter it. Bravo!
If the thought of doing this without extra hardware wasn't so central to this video's thesis I would have totally added the filtering.
Literally just need a bandpass filter. There's no other way to do that reliably when you can't bit-bang about the Nyquist frequency.
Wow, this was amazing to watch. You did a fantastic job documenting all of this! Well done!
Thanks!
I rarely ever leave comments on TH-cam videos, in fact, this might be the first deliberate comment I've left in YEARS. But I had to because for more than half of the duration of this video I was sat at my desk with my jaw so widely open that it could have almost hit the desk. Thank you for this insanity, and for open sourcing your code - I learned a hell of a lot watching this video, and I'm sure I will learn even more from the repository. Unbelievable, outstanding work.
I'm really glad to have earned that comment then!
This is simultaneously crazy, ingenious, awe-inspiring, insane, impressive and scary.
Considering the still rampant lack of security of large parts of the IoT Appliances market, this makes me shudder - *even* if parts aren’t connected (or connectable) to WiFi (or even worse, various WANs).
Just wow.
I somehow missed you watching these old videos. Good to see you here too even if it did take me a few months.
Creative uses of aliasing in sampled systems, under-noisefloor communication and hacking ucs beyond their stated limits are the favourite topics of my supervisor from the university days. I will send him this video. Great work on this, must have been a bumpy ride. Congrats!
BOY HOWDY WAS IT BUMPY, but it was steady process for all the weeks.
This bro about to learn why the FCC is a 3-letter agency
Lora has already been approved for communication on... go stroke an old boomer HAM operator off...
But most of use 4 letter words to describe them
I work with LoRaWAN in my day job. This is the coolest thing I have seen in a long time 😂 Bravo!
So impressive, I knew this was going to be a wild ride when you said the best square wave frequency you could achieve was 69.420MHz
I hope it didn't disappoint.
When I heard that I checked the release date of the video to ensure it wasn't April 1st.
@@jrr851 I learned my lesson about releasing real but ridiculous videos on April first
man LoRa is an insane protocol
IKR!
Very cool, am reminded of an exercise from a wonderful book Make AVR, where the chapter on timers had you code an AM transmitter, by toggling the pins quickly using the compare registers.
Love seeing the hype things like Meshtastic, LoRa, HackRF and Flipper Zero are bringing to these types of protocols.
I wish this sort of RF radiation stuff was taught more, like in schools, etc.
Just one word: impressive!
Really well done work - from the crazy idea at the beginning till this video for documentation.
I'm fascinated! 🤯
Glad you liked it, I hope to keep making content like this (even if I am slow at doing it)
I'm not sure what is more impressive, the end result or your persistence to get there. In any case, the two made it a great inspiring video!
"things that only have a tiny chance of success" time to join the Qowat Milat 🤣 Well done, worked better than I would've expected.
Great, now devices that I previously thought were completely disconnected from the Internet can leak my data
Active defense will always be more effective than passive defense. Guess you need to invest in a jammer equivalent.
Only 5 minutes in and this energy is so inspirational. Thanks for getting me up and working on my projects (and for what I expect is going to be a great video)
Keep goooing. Just go go go. That's the reason I want to make these videos is to point as an omen what can be done by just keeping on pushing on a problem until it gives way. Even though most of my projects do end up being failures, if you just keep pushing, keep pushing, you will find success.
It's really all about the performance of the receiver. I agree that constraints drives creativity. Being able to generate the LoRa protocol from a simple controller is very, very clever. Also, the emissions from a digital signal is a function of the rise and fall times as well as the period. The sharper the edges, the stronger the harmonics.
So good to see you back!
Only twice a year or so.
This is amazing. So glad the algorithm sent me this!
Glad to have you - hope I earned a sub.
*The concept is SO COOL!*
I have used a website about 10 Years ago, that used a Java web application to Transmit Audio to a AM Radio (I think, maybe it was FM). It used CPU EMI. 😮 (Sadly can't find it anymore)
Security researchers also used GPUs to get data off of Air-Gapped systems.
I'd just subscribed from all your past videos that you mentioned here. So many interesting videos!
OMG! You were the guy who broadcasted NTSC with ESP!!
Indeed... I have a lot of videos on NTSC
This reminds me of the PiFMplay, which is also magically awesome. It uses an raspberry pi to sent FM radio in to the ether. Just attach a wire to the board on 1/2 labda or something and you're good to go x-D
There's so many GPIO projects, I just enjoyed bringing another one to light.
Unbelievable dude. Well done
Thanks
I just checked out your IDF-Sandbox repo and it’s the best thing ever thanks mate
Amazing story. The engineering makes no sense to me, but explained in such a way that I could come with you on the journey. Really makes me wonder what the 3-letter-agencies are able to achieve with funtennas.
There's already a lot of papers about all sorts of things average researchers are able to achieve with them.
GPIO pin: "So anyway, I started blasting..."
Make a meme!
Have you checked the RPiTx project? The concept is similar, I have have already played with it to transmit Whisper signals in HF and my signal was spotted thousands of Km away, but of course based on ionospheric refraction. However you could use RPiTx concept to transmit Lora, i think they didn't do it yet.
There's so many of these all around, and I haven't checked it out. I just don't do much dev with rpi.
Amazing as always! You are inspiring so many engineers, thank you!
Thank you for your comment, too.
Dude, you are a wizard!!! Amazing video! Amazing research 👏🏻
Thank you!
I'm guessing it wont pass FCC limits 😂 incredible work.
Later in the video he actually makes it have very little extra noise outside of the desire frequency which is interesting
make a lil bandpass. a bit of loss is worth the better signal imho.
@@nobodynoone2500 it will require a SAW filter plus a class C amp to produce a decent RF output (in term of regulations), but i fear the side products of the class C will require one more SAW (not cheap) and still be too problematic, another way would be using the fundamental and a mixer, but the BOM cost will be too high. There is some cheap RF chips with registers access which could be torn to emulate LoRa TX properly (we did that at the time of sigfox in DBPSK), however a radio without RX isnt very useful.
Small MCUs are capable of demodulating and decoding a 868/900MHz signal by using their fast ADC, a mixer and a 800KHz IF but again given the low price of an LLCC68 this would probably be a futile exercise (i did that for a mini sigfox basestation few years ago, using an STM32F4).
It's such a small amount of power it just might. But a SAW+Class C would be hoppin!
Next step: make a receiver
Oof. Too soon.
This is the most insane project I have seen lately. By the end of the video I was nutting with the range you manage to achieve just by bit banging the air.
You are truly an RF Chad.
I'm glad you watched it all the way though. It's a balance giving away the punchline up front, verses making people wait til the end.
Your results are truly amazing. Bravo!
Thanks!
69.420 mhz! Sounds nice...😊
This scares me. I frequently consider how a state actor might exfiltrate data via compromised hardware/firmware. I had always reassured myself that they would never send it over the wire/air because of the risk that it would be detected with traditional network infrastructure monitoring. I also reassure myself that bit-banging something out over a funtenna to other compromised devices acting as relays would require so many compromised devices that they'd risk being discovered. But I hadn't considered LoRa... The infrastructure already exists, gateways are popping up everywhere, it operates far below the noise floor... Do you have any idea how easy it would be to exfiltrate private keys using malicious firmware or even silicon? A crypto co-processor? Hmm... maybe that thought deserves a PoC...
I think this is already being used...
This tech has been used by state actors for about 40 years. Do with that what you will.
There's so many other scarier things in the world. Don't worry about this stuff.
This is such a cool project and video. Thanks for sharing such awesome and insightful content!!!
Thank you for the comment!
INSANE! I will have to replicate it to believe...
Amazing video, thank you very much!
I learned tons in this video I will have to watch multiple time. Glad I found your channel!
Love seeing Nyquist in the wild
Or not seeing Nyquist in the wild. 🪄🪄🪄
Data exfiltration by gpio sounds scary now.
It's not exacxtly unheard of in the hacking world. There was a rather famous use about 25-30 years ago.
It is pretty common nowdays, with several different air-gap techniques
@@CNLohr Now a 1000 meters away. Balloon heights!
This is freaking awesome. You can essentially create the baseband using a cheap micro + 900MHz SAW + gain block.
BTW, it's "megacycles" not "megasamples".
I am completely blown away by you knowledge and methods of engineering. Charles, you are a true wonder or out-of-the box engineering.
Tear down those barriers between disciplines. We weren't meant to live in little boxes.
Interesting how much of this I already knew from playing with audio. Rf and audio has a lot of overlap.
It's all wave theory. You will be suprised to see that other energy like light can be approached in a very similar way.
Indeed. There's so many parts of the way our universe work that are all so interconnected.
If you have VGA in your laptop you can probably do this without any extra hardware just by showing an image and with some xrandr magic.
You could have shared effect that sends Loar
You're saying I could broadcast a chip tune of rickroll audio with a legitimate rickroll gif?
@@andrewferguson6901
with the gif working is a bit harder...
but search for "tempest for elise"
I think VGA would be able to do this all incredibly well. But it's been a long time since I messed with it.
This is absolutely crazy o.O
I was thinking about something similar before, but it just stayed as an idea with no plan of how to actually make it
And you somehow managed to do it!!! And with such a protocol too.. I wasn't even thinking of LoRa
You earned a subscriber)
Thanks! You could totally use my stuff as a basis to get started with taking this even further!
This is an amazing project, LoRa has ingruiged me for some time, but to see this kind of a deep dive into it was very cool. I only wish I had the technical skills to attempt things like this! Very impressive.
I hope this filled in a lot of the spooky unknowns with LoRa.
This is absolutely scary for IoT, imagine someone hacking into your freaking toaster and making a funtenna open your garage door
Ok, you'd have to be a fucking FSB agent to have that happen to you, there are much more psychical and easier ways
But I want my garage door to open 8 minutes after my toast pops up...
You CMAC code is chef's kiss! Thanks man!
Wow! Absolutely fantastic video! And so unexpectedly large transmission distance! Thanks a lot for your work!
Thank you for your comment.
Awesome work. Your dedication to pursuing the unlikely is an inspiration.
Inspiration is the goal - get people to realize what they can do if they apply themselves
The most amazing engeering video I've seen the past year. Awesome!
Thanks. My other videos are envious
That is some clever stuff, aliasing all around and using harmonics to get signals out, beautiful
It was a lot of fun too!
This is the hack of the decade, awesome video. Thanks for sharing!
Thanks!
Instant subscribe !
Saw the title and knew this was going to be good
We went through a ton of different titles before we finally settled on this one.
I danced a little when TH-cam recommended your new video. Dammn!!! You're crazy good. Now i gotta go back to hardware ❤
Software or hardware, it doesn't matter which as long as you keep going.
To help you on your journey.
Eric Bogatin - There are those who intentionally make antennas, And those who aren't.
Rick Hartley - Every trace needs a ground return plane or ground return path.
Rise in full-time is what creates the frequency Not the frequency that you request from the micro controller
this is just too insane for my brain to comprehend. major props to you sir
Absolutely amazing stuff as always, here's hoping we eventually get that video on esp32-s2 overclocking. Knowing how cagey Espressif gets about that sort of thing it would be incredibly funny (and hopefully useful!!!) to have a chip running at more than twice the clock of their announced "High Performance" P4 (400MHZ)
It may or may not happen. I have to get more LN2. I wasn't able to get a lot of the tests and shots I wanted.
Thanks for this, I never knew that LoRA was actually a *closed* standard/protocol!
This is incredible. Absolutely incredible.
But now you need to receive the packets!
I'll leave that as an exercise of the viewer.
@@CNLohr /me purchases Mikrotik receiver as seen in video 👨🍳💋🤌🤘😁
lmao @@CNLohr
That's incredible work!! Thank you!
Thank you for the comment
Would it be possible to produce a slightly cleaner, narrower, signal by firing up a few separate digital outputs with slight offset, or even hooking the same output to multiple antennas with increasingly longer delay lines, to produce a stairsteppy sine wave ? Or I really don't know what I'm talking about?
Would that kill the harmonics you need to make this work or enhance them?
Adding a filter would be a great way to improve this project! But, I just wanted to see what would happen with no external components.
Good video, it is a method used in radio frequency to obtain high frequencies from a stable time base of a lower frequency, the idea is to use overtone and filter the output so that it only delivers the corresponding harmonic. It is used a lot. Maybe if you add a bandpass filter and an amplifier you could have an interesting device. Regards from Argentina!
A bandpass or maybe a class c would certainly help
Epic video! Epic hacking, epic results, and an excellent presentation that was fascinating and informative.
Also, that quick ESP programming tool sounds useful. Even when using the SDK, couldn't we flash that code once, and just re-flash the parts where our own code resides?
Absolutely. that's all I did, really. You just have to transfer the code to the part somehow to run it.
you are a god. I whish I had an attention span as "short" as yours!! :D thanks for the effort you put in.
It does take some discipline to quiet the more spongy things in our lives, like social media scrolling and YT shorts, but if you reject the petty fluff, it makes it a lot easier for even limited focus to develop. Sadly, I don't know if I'll ever fully recover from what facebook and instagram had done to my brain.
This is one of the coolest things I've ever seen! Lora is one hell of a protocol, and you are one hell of a hardware hacker!
thank you
It's a serious big brain energy here! Subscribed!
Thanks, glad I earned it.
So glad you dropped new content plz.plz plz make more on RF world make a series breaking down everything including buidling setups or flashing processes coding etc.
I generally only make videos when I do projects and they turn out well. A do typically 5-10 BIG projects per year, some are success some are failures, but I only want to spend the time on the real gems to make a video for them.
@@CNLohr thank you for your time and energy spent. I will continue to learn from you salute.
This opens so many opportunities. Thanks dude
Congratulations, one of the best things I've seen in a while!
Thanks!
i subscribed immediately, amazing video.
Glad to have earned your sub.
Hey, what's that pretty terminal font you're using (for example around 17:30)?
it's from audiolink - see audiolink.dev
Nice. Thank you for your hard work and proof of operation.
Welcome!
LoRa is amazing. We did a range test with TBS Crossfire LoRa TX and RX and managed 23 km with 10mW on a drone.
10kW on a drone what?
@@CNLohr damn, *mW 😅
@@CNLohr 100km test th-cam.com/video/ULVwMSL5xac/w-d-xo.htmlsi=wzknpe34vWhc4tGc
@@ChrisPrefect Whew. That's more like it. I'm surprised there's such a discrepancy. I'm putting out such little power, and yet it still somehow goes pretty far. 10mW is a LOT more power than even my EIRP.
Incredible as always!
Thanks!
I'm in awe. Thank you!
Thank you for watching
OH my god he's back!!! What an amazing discovery, incredible how hardware is able to do things thought impossible if one has enough motivation. And what a great protocol LoRa is. ESPs have no business being as good as they are, what a great invention.
I'm glad to be back, but I'm only here long enough to scurry away again. I think releasing only about 2 videos a year is going to stay my new norm.
Whatever you need man, as long as you're happy! These things take time, the community will support you in any way.
Besides, you're already more consistent than some movie studios and your content is always interesting.
This or some other project really, could be a great exhibition at OpenSauce
Hands down, this is one of the most impressive and craziest projects i've seen here on youtube. You Sir, have a new suscriber, and can't wait to see more crazy stuff like this :D
PD: Can you update the discord link please? it says the invitation is no longer valid :(
We've made the server a little less public. If you message me directly I can invite you.