ฝัง
- เผยแพร่เมื่อ 24 มี.ค. 2024
- Code/Writeup/Resources: github.com/cnlohr/lolra
Patreon: / cnlohr
Memes, in order of appearance: Tiny Paper Senior Chang, Trollface Rage Comic, Nerdy RF Mixer, 69-420, Sanic Gotta Go Fast, Midwit IQ Bell Curve, “Y U NO” Guy, Feels Good, This Is Fine, Great Gatsby Reaction
If anyone wants to join my discord, feel free to ping me directly, we are open, but not public. - วิทยาศาสตร์และเทคโนโลยี
You’re crazy. I’m convinced that all RF engineers are wizards.
I was convinced long ago that Charles was a wizard.
Aleays have been
RF engineering is basically Black Magic (or so I've heard).
Yeah I did a lora project before starting my engineering degree... Sweet and tears man, but mostly a huge amount of datasheet and theory to read
Yet they remix ideas every 4 years for children wonderment.
Charles: so I made the GPIO pin go real fast. FCC: and I took that personally.
I dont think there is a better meme for this video
😂
I am unfamiliar with this meme
I think the FCC can't even complain if the signal is below the noise floor, could it?
@@red13emerald, The problem with this is that the desired signal is below the noise floor, but there are other undesired signals being produced that aren’t. These need to be removed with a high pass filter.
@@red13emerald fair point
"That final output is 69.420 MHz"
Nice.
Nice.
Nice
Nice.
Nice.
Nice
Incredible as always. And simultaneously terrifying.
Now we just wait for the headline “Gaming keyboards had firmware undetectably overwritten to broadcast key strokes hundreds of meters via LoRa, without physical access, from user-mode application”
It would only work at a very small volume, right? Otherwise there'd be a ton of noise from thousands of different keyboards.
@@GeekProdigyGuy thats the beauty of spread spectrum! just think about how many bluetooth devices are around you and it still works flawlessly.
well maybe not if everyone was just spewing out subharmonics to get a few picowatts of actual signal 😅
there's far scarier things goin on in the world, no need to freak out over this.
@@CNLohr The only correct response
There have been plenty of security research papers along this line
This Is The Most Insane "Doing Alot with a Little " Project ive eve seen
Does it beat space invaders on an ATtiny10? Maybe.
@@Scroganin my opinion yes lol
Oh man... I have never heard that turn of phrase but it speaks to my soul.
@@CNLohr I kinda made it up lol. But it’s so true. Amazing job! Can’t wait to see what you make next!
@@aurorajunior6328 Sorry but that phrase predates you. It's been around for quite awhile.
You are a rare human, gifted, tenacious in your pursuit of knowledge, and incredibly generous. Thanks for sharing, the light shines brightly through you.
I'll buy that for a dollar!
I appreciate your kind words.
Aggressive bandpass filtering could probably make this fcc passable. Amazing work
Yeah but that makes this become radio circuitry with a filter and amplifier, etcc
Aggressive badass work 😅
@@kreuner11 Not really, a bp filter can be some traces scratched off copper pcb. It''s dumb (and illegal) to not make or use one tbh.
Was thinking the same thing. This could be a real fun network filter design process
@@nobodynoone2500 I think he started with that proviso
Bandpass filters make these kinda hacks easier, more effective, and more polite to those around you. Every radio hacker should have a pile of remade ones, a tunable one, and the know how to throw one together from scrap. It's a rare but useful superpower in the rf world.
I agree! This was just to get things working with minimal hardware, not getting things working well.
So maybe for diversity you could put an antenna on multiple pins & transmit sequentially on each one?
Phase coherent output pins
Probably, but would be trickier to figure out how to send the signal.
dude even attempting this is insane. that you managed to get it working is borderline lunacy.
what you're doing is absolutely masterful and i cannot express how impressed i am
Don't let silly things like feasibility stand in your way. Just keep pushing.
This video terrifies me
Me too in an "in complete awe" sort of way, and also because the implications of it are that a large amount of digital hardware can potentially leak data via LoRa packets induced in software and radiated off existing structures in the product. 🤯
@@DanielSMatthewsmost commercial products can’t as they are designed around emc requirements
@@UKsystems They are designed to pass tests when used as designed, change the code and they are out of spec and Tempest like tricks apply. Same with most of the attacks against air gapped computers, you need to be able to run code on them to get them to behave in unanticipated ways.
@@DanielSMatthews"can" = does
@@DanielSMatthews there are also tests for adverse use cases and checking for anything that can be used as an antenna or at least for ukca aprooval
this is the purest definition of knowing how to break all the rules
You can't break rules when there aren't any.
God damn, you just made the CIA’s wet dream of data ex filtration
Trust me, they are already doing it.
@@microcolonel have you seen seytonics video about using a SATA cable to do that
@@aurorajunior6328 no but that seems highly doable. IIRC SATA is unshielded and that would make it easier.
@@microcolonel I don’t trust anyone that has to say trust me
@@geekswithfeet9137trust me: you don't trust anyone who starts their argument with "trust me"
holy shit that's nuts. When you started talking about using reflections to get your desired carrier frequency my brain started expanding. I'm so shocked that you didnt run into any issues with this by nature of your antenna being a wire that was bent. I figured that any little change would greatly effect the outcome of the reflections, but I guess so long as the actual length of the wire is not changing, the reflections should still be there relatively unchanged. Also the idea to just add wireless connectivity to existing devices that we can hack was just brilliant. Lastly throughout the video I was thinking how it would be a cool project to draw vector graphics in the waterfall view like some people do with the xy plot on a scope and the last few seconds I see the outro graphic. Brilliant
Expanding your brain is what I am here for. I love helping people grow and learn. The outro was something I thought of at the last second.
This is cool... basically you're bit-banging into the air!!! NICE!
That's a really good way to put it.
You saw the term "wave-banging" here first.
@@ceeam NICE!
@@ceeam gosh I wish that didn't sound as inappropriate.
Now build 10 element beams for both ends. :)
I've blanketed 1/3 of the USA with a 7 mW BPSK LowFER signal from my 30 foot tall antenna with 2 miles of hand-wound 22 gauge wire and a loading coil with 35 pounds of 8 gauge wire wound on a 3 foot diameter Styrofoam core, and I've been called crazy. But you have gone far beyond me. Well done, sir! I salute you! BTW, the most fun I've ever had was doing range tests. I drove 900 miles on I-80 across the USA watching my beacon message play on and on on the computer on the seat beside me. I smiled every inch of the way. Same sort of thing happened with my range tests with Hi-Fi audio sent via a dollar store laser, further and further, 6+ miles of smiling in the cold and dark with rain sprinkling down on me. I think we both know exactly how Marconi felt as his radios worked further, and further, and further.
The days of Marconi would have been a wild time time to be alive. But yeah, WSPR and other protocols would be pretty cool to explore like this.
That laser thing sounds really interesting
You realize the FCC prohibits LowFER antennas longer than 49ft, right? (Including the feed line)
@@scottdotjazzman is the load coil factored into that? It seems strange if it would be because you could just use a higher voltage higher impedance output and no load coil for the same output, right?
@@CNLohr Yea, but if he is using stock retail radios the output will be fixed 50ohm impedence and if the antenna is too short relative to 1/4 wavelength it will have too much capacitance vs impedance so you add a load coil to give that capacitance some more inductance to resonate into- bringing it closer to 50ohm purely resistive.
The projects excites me the most are things that are cheap and massively adapted, your stuff always hits the mark. This is a great work that enables people, you are a good human we are lucky we have people like you.
Those are definitely the things I find most compelling.
What an absolute madlad! And here I am just using cheap LoRa modules to send messages! I definitely got some inspiration from this.
What cheap. modules?
How much are they?
I bought an llcc68 module from cdebyte but i think they were defective. I could write to their spi registers and read them back, but could never broadcast (no signal ever showed up on a sdr receiver).
Cdebyte world never send me sample code. So i used code from generic modules but either the modules were defective, or the code needed proprietary magic.
@@TheRainHarvester They're called "Ra-01 modules" and they go for about 3-4€ from china. I haven't had any issues with them and the range seems pretty good.
Doing it with modules is way better for everyone involved, this was more of a to-see-if-I-can.
Huge respect for making such limited hardware spit those radio signals. This is even one step beyond VUSB !
Seems crazy to receive data under the noise floor, but the spreading for measly 3000 bits/s over a big bandwidth 125 kHz is what makes it possible.
Indeed! And those bits are spread so broadly in time.
I learned more about LoRa from your video than many other ones. Great useful research. Cheers
Thanks! I really tried to express the insights I gathered.
About 3min in and loving the way you bent the pin to see where the antenna plugs in, it probably secures it a bit better aswell. Genius! 👍
I didn't expect anyone would notice that. I just did it so I could tell where it goes.
Wow, this was amazing to watch. You did a fantastic job documenting all of this! Well done!
Thanks!
This video inspired me like very few videos do. Not only am I now way more interested in RF transmission and its theory, but now it all makes sense in a way it never has before. Thank you for gifting this beautiful project to the world!!!! You are amazing!
Just one word: impressive!
Really well done work - from the crazy idea at the beginning till this video for documentation.
I'm fascinated! 🤯
Glad you liked it, I hope to keep making content like this (even if I am slow at doing it)
So good to see you back!
Only twice a year or so.
Very cool, am reminded of an exercise from a wonderful book Make AVR, where the chapter on timers had you code an AM transmitter, by toggling the pins quickly using the compare registers.
Love seeing the hype things like Meshtastic, LoRa, HackRF and Flipper Zero are bringing to these types of protocols.
I wish this sort of RF radiation stuff was taught more, like in schools, etc.
Your results are truly amazing. Bravo!
Thanks!
Amazing as always! You are inspiring so many engineers, thank you!
Thank you for your comment, too.
Lohr-A !
How did this never come up!?
@@CNLohrI said it to you!
@@davidwillmore I just don't remember or maybe I Was too embarrassed?
man LoRa is an insane protocol
IKR!
I just checked out your IDF-Sandbox repo and it’s the best thing ever thanks mate
Dude, you are a wizard!!! Amazing video! Amazing research 👏🏻
Thank you!
Creative uses of aliasing in sampled systems, under-noisefloor communication and hacking ucs beyond their stated limits are the favourite topics of my supervisor from the university days. I will send him this video. Great work on this, must have been a bumpy ride. Congrats!
BOY HOWDY WAS IT BUMPY, but it was steady process for all the weeks.
This is amazing. So glad the algorithm sent me this!
Glad to have you - hope I earned a sub.
Only 5 minutes in and this energy is so inspirational. Thanks for getting me up and working on my projects (and for what I expect is going to be a great video)
Keep goooing. Just go go go. That's the reason I want to make these videos is to point as an omen what can be done by just keeping on pushing on a problem until it gives way. Even though most of my projects do end up being failures, if you just keep pushing, keep pushing, you will find success.
This is such a cool project and video. Thanks for sharing such awesome and insightful content!!!
Thank you for the comment!
This bro about to learn why the FCC is a 3-letter agency
Lora has already been approved for communication on... go stroke an old boomer HAM operator off...
But most of use 4 letter words to describe them
I'm normally quite put off by the thought of spurious emissions, even if they are very low power. But this has completely turned my conception of them on its head! Though I would be lying if I said I didn't spend half the video trying to think how I would filter it. Bravo!
If the thought of doing this without extra hardware wasn't so central to this video's thesis I would have totally added the filtering.
Literally just need a bandpass filter. There's no other way to do that reliably when you can't bit-bang about the Nyquist frequency.
this is just too insane for my brain to comprehend. major props to you sir
I'd just subscribed from all your past videos that you mentioned here. So many interesting videos!
OMG! You were the guy who broadcasted NTSC with ESP!!
Indeed... I have a lot of videos on NTSC
Unbelievable dude. Well done
Thanks
In recent days the TH-cam algorithm has giving me more and more smaller channels that are doing amazing things. You're part of that group, looking forward to more content from you my dude! Also, as a software engineer, RF is absolute black magic to me..
I am also a software engineer. And I agree it feels like black magic at first, but then you get the hang of it.
The most amazing engeering video I've seen the past year. Awesome!
Thanks. My other videos are envious
Wow! Absolutely fantastic video! And so unexpectedly large transmission distance! Thanks a lot for your work!
Thank you for your comment.
I rarely ever leave comments on TH-cam videos, in fact, this might be the first deliberate comment I've left in YEARS. But I had to because for more than half of the duration of this video I was sat at my desk with my jaw so widely open that it could have almost hit the desk. Thank you for this insanity, and for open sourcing your code - I learned a hell of a lot watching this video, and I'm sure I will learn even more from the repository. Unbelievable, outstanding work.
I'm really glad to have earned that comment then!
Great, now devices that I previously thought were completely disconnected from the Internet can leak my data
This is the most insane project I have seen lately. By the end of the video I was nutting with the range you manage to achieve just by bit banging the air.
You are truly an RF Chad.
I'm glad you watched it all the way though. It's a balance giving away the punchline up front, verses making people wait til the end.
INSANE! I will have to replicate it to believe...
Amazing video, thank you very much!
I learned tons in this video I will have to watch multiple time. Glad I found your channel!
This is simultaneously crazy, ingenious, awe-inspiring, insane, impressive and scary.
Considering the still rampant lack of security of large parts of the IoT Appliances market, this makes me shudder - *even* if parts aren’t connected (or connectable) to WiFi (or even worse, various WANs).
Just wow.
I somehow missed you watching these old videos. Good to see you here too even if it did take me a few months.
"things that only have a tiny chance of success" time to join the Qowat Milat 🤣 Well done, worked better than I would've expected.
Instant subscribe !
Saw the title and knew this was going to be good
We went through a ton of different titles before we finally settled on this one.
I'm not sure what is more impressive, the end result or your persistence to get there. In any case, the two made it a great inspiring video!
So impressive, I knew this was going to be a wild ride when you said the best square wave frequency you could achieve was 69.420MHz
I hope it didn't disappoint.
When I heard that I checked the release date of the video to ensure it wasn't April 1st.
@@jrr851 I learned my lesson about releasing real but ridiculous videos on April first
GPIO pin: "So anyway, I started blasting..."
Make a meme!
This is the hack of the decade, awesome video. Thanks for sharing!
Thanks!
Awesome work. Your dedication to pursuing the unlikely is an inspiration.
Inspiration is the goal - get people to realize what they can do if they apply themselves
This reminds me of the PiFMplay, which is also magically awesome. It uses an raspberry pi to sent FM radio in to the ether. Just attach a wire to the board on 1/2 labda or something and you're good to go x-D
There's so many GPIO projects, I just enjoyed bringing another one to light.
Have you checked the RPiTx project? The concept is similar, I have have already played with it to transmit Whisper signals in HF and my signal was spotted thousands of Km away, but of course based on ionospheric refraction. However you could use RPiTx concept to transmit Lora, i think they didn't do it yet.
There's so many of these all around, and I haven't checked it out. I just don't do much dev with rpi.
That's incredible work!! Thank you!
Thank you for the comment
This opens so many opportunities. Thanks dude
69.420 mhz! Sounds nice...😊
I'm guessing it wont pass FCC limits 😂 incredible work.
Later in the video he actually makes it have very little extra noise outside of the desire frequency which is interesting
make a lil bandpass. a bit of loss is worth the better signal imho.
@@nobodynoone2500 it will require a SAW filter plus a class C amp to produce a decent RF output (in term of regulations), but i fear the side products of the class C will require one more SAW (not cheap) and still be too problematic, another way would be using the fundamental and a mixer, but the BOM cost will be too high. There is some cheap RF chips with registers access which could be torn to emulate LoRa TX properly (we did that at the time of sigfox in DBPSK), however a radio without RX isnt very useful.
Small MCUs are capable of demodulating and decoding a 868/900MHz signal by using their fast ADC, a mixer and a 800KHz IF but again given the low price of an LLCC68 this would probably be a futile exercise (i did that for a mini sigfox basestation few years ago, using an STM32F4).
It's such a small amount of power it just might. But a SAW+Class C would be hoppin!
This is absolutely crazy o.O
I was thinking about something similar before, but it just stayed as an idea with no plan of how to actually make it
And you somehow managed to do it!!! And with such a protocol too.. I wasn't even thinking of LoRa
You earned a subscriber)
Thanks! You could totally use my stuff as a basis to get started with taking this even further!
That is some clever stuff, aliasing all around and using harmonics to get signals out, beautiful
It was a lot of fun too!
This scares me. I frequently consider how a state actor might exfiltrate data via compromised hardware/firmware. I had always reassured myself that they would never send it over the wire/air because of the risk that it would be detected with traditional network infrastructure monitoring. I also reassure myself that bit-banging something out over a funtenna to other compromised devices acting as relays would require so many compromised devices that they'd risk being discovered. But I hadn't considered LoRa... The infrastructure already exists, gateways are popping up everywhere, it operates far below the noise floor... Do you have any idea how easy it would be to exfiltrate private keys using malicious firmware or even silicon? A crypto co-processor? Hmm... maybe that thought deserves a PoC...
I think this is already being used...
This tech has been used by state actors for about 40 years. Do with that what you will.
There's so many other scarier things in the world. Don't worry about this stuff.
Next step: make a receiver
Oof. Too soon.
This is an amazing project, LoRa has ingruiged me for some time, but to see this kind of a deep dive into it was very cool. I only wish I had the technical skills to attempt things like this! Very impressive.
I hope this filled in a lot of the spooky unknowns with LoRa.
Nice. Thank you for your hard work and proof of operation.
Welcome!
Data exfiltration by gpio sounds scary now.
It's not exacxtly unheard of in the hacking world. There was a rather famous use about 25-30 years ago.
It is pretty common nowdays, with several different air-gap techniques
@@CNLohr Now a 1000 meters away. Balloon heights!
Love seeing Nyquist in the wild
Or not seeing Nyquist in the wild. 🪄🪄🪄
you are a god. I whish I had an attention span as "short" as yours!! :D thanks for the effort you put in.
It does take some discipline to quiet the more spongy things in our lives, like social media scrolling and YT shorts, but if you reject the petty fluff, it makes it a lot easier for even limited focus to develop. Sadly, I don't know if I'll ever fully recover from what facebook and instagram had done to my brain.
I'm in awe. Thank you!
Thank you for watching
If you have VGA in your laptop you can probably do this without any extra hardware just by showing an image and with some xrandr magic.
You could have shared effect that sends Loar
You're saying I could broadcast a chip tune of rickroll audio with a legitimate rickroll gif?
@@andrewferguson6901
with the gif working is a bit harder...
but search for "tempest for elise"
I think VGA would be able to do this all incredibly well. But it's been a long time since I messed with it.
Interesting how much of this I already knew from playing with audio. Rf and audio has a lot of overlap.
It's all wave theory. You will be suprised to see that other energy like light can be approached in a very similar way.
Indeed. There's so many parts of the way our universe work that are all so interconnected.
I danced a little when TH-cam recommended your new video. Dammn!!! You're crazy good. Now i gotta go back to hardware ❤
Software or hardware, it doesn't matter which as long as you keep going.
I am completely blown away by you knowledge and methods of engineering. Charles, you are a true wonder or out-of-the box engineering.
Tear down those barriers between disciplines. We weren't meant to live in little boxes.
This is absolutely scary for IoT, imagine someone hacking into your freaking toaster and making a funtenna open your garage door
Ok, you'd have to be a fucking FSB agent to have that happen to you, there are much more psychical and easier ways
But I want my garage door to open 8 minutes after my toast pops up...
Ohh bio at last 😂😂had to wait so long to get to see some of your interesting stuffs
bio? What does that mean?
Congratulations, one of the best things I've seen in a while!
Thanks!
Incredible as always!
Thanks!
This is absurd. In a good way. You are inasane. I am properly impressed. Great work !
Thanks!
i subscribed immediately, amazing video.
Glad to have earned your sub.
This is incredible. Absolutely incredible.
But now you need to receive the packets!
I'll leave that as an exercise of the viewer.
@@CNLohr /me purchases Mikrotik receiver as seen in video 👨🍳💋🤌🤘😁
lmao @@CNLohr
Thanks for this, I never knew that LoRA was actually a *closed* standard/protocol!
you are a freaking stubborn genius!
So glad you dropped new content plz.plz plz make more on RF world make a series breaking down everything including buidling setups or flashing processes coding etc.
I generally only make videos when I do projects and they turn out well. A do typically 5-10 BIG projects per year, some are success some are failures, but I only want to spend the time on the real gems to make a video for them.
@@CNLohr thank you for your time and energy spent. I will continue to learn from you salute.
nice work & well put together video/upload .
Thanks!
It's a serious big brain energy here! Subscribed!
Thanks, glad I earned it.
Legend.
It's really all about the performance of the receiver. I agree that constraints drives creativity. Being able to generate the LoRa protocol from a simple controller is very, very clever. Also, the emissions from a digital signal is a function of the rise and fall times as well as the period. The sharper the edges, the stronger the harmonics.
Unbelievable! That is, amazing.
Absolutely amazing stuff as always, here's hoping we eventually get that video on esp32-s2 overclocking. Knowing how cagey Espressif gets about that sort of thing it would be incredibly funny (and hopefully useful!!!) to have a chip running at more than twice the clock of their announced "High Performance" P4 (400MHZ)
It may or may not happen. I have to get more LN2. I wasn't able to get a lot of the tests and shots I wanted.
This is one of the coolest things I've ever seen! Lora is one hell of a protocol, and you are one hell of a hardware hacker!
thank you
Epic video! Epic hacking, epic results, and an excellent presentation that was fascinating and informative.
Also, that quick ESP programming tool sounds useful. Even when using the SDK, couldn't we flash that code once, and just re-flash the parts where our own code resides?
Absolutely. that's all I did, really. You just have to transfer the code to the part somehow to run it.
Phenomenal work!
Thanks!
dude you are freaking incredible :O
thanks
Thank you. I didn't really know about Lora until now. Having watched this. It's clear that the only thing slowing down adoption is knowing it's benefits and it being proprietary.
Optical Fibre transmission chirps over long distance transmission, and subsea regen reshapes chirped signals before they lose too much shape. I never thought chirping was beneficial before now. ID'ing a signal by the chirp I'm sure has been considered previously.
Being able to pull the signal out at femto watts at a few km is going to create many many IoT applications where routing a wire or reinforced concrete radio blocking is an issue.
This was very instructive.
Thank you.
Now all that's needed is a non proprietary version.
I'm glad you liked it. To note - one of the major benefits of LoRa is you can get silicon to easily send/receive packets. So, while proprietary, it means we get chips.
Subscribing for more Frank. Awesome work dude!! 🤙
I hope I can snag frank for more of these too! But he is a busy man.
Incredible!
ffs! well done mate, an epic lid opener on Lora and bitbang'd RF. Bravo
Thanks