AirSpyHF+ on Spyserver on Raspberry Pi
What is a Spyserver and why do you NEED one? A spyserver takes an RTL-SDR software radio and allows it to be used over the network or controlled from the internet if you allow.
For this project I’m using the AirSpyHF+ ($199 USD). The AirSpyHF+ is probably the BEST HF SDR radio you can get. This project will let us operate from about 9kHz to about 31 MHz where AM radio, and Short Wave Radio reside.
I run RTL_433 to push data from several sensors and a motion detector to an MQTT server for home automation. For some reason as of late it is just not that stable. Could even be a hardware failure with the dongle….I dunno. I generally just run the program command inside a terminal on the raspberry pi it is installed on and just walk away. When it crashes I have to log back in the Pi and re-run the command. Un-cool.
The command I use specifically is this:
rtl_433 -F json -M utc | mosquitto_pub -t home/rtl_433 -l
Again, that pushes data found on 433.920 MHz devices to publish a topic on my MQTT server called “home/rtl_433”.
Found these cool little outlets on Amazon and verified they can be flashed with Tasmota Over The Air (OTA). They are technically called “Home Awesome Breathing Light Smart Light.
They are also sold under the name TMRLife Plug
They are another made in China device that is controlled via phone app and I generally don’t trust such things. Flashing the device with Open Source firmware is MUCH better for securities sake.
Last week I showed you how you can capture the remote codes for cheap radio controlled electrical outlets and this week the theme is MOTION DETECTORS. With a properly configured motion detector you can then trigger that outlet. For example……..when you open the pantry door the light comes on………when you walk in the laundry room, the light comes on……..when someone presses the smart doorbell, the lights come on. Pretty handy stuff.
Most home automation motion sensors send TWO signals. One when they are tripped and one when they reset. Most of them will stay tripped for a predetermined amount of time. Usually for 2-4 minutes or so. Good idea to know the state of the motion detector BEFORE you buy it.
For example I have a motion detector with a 4 minute reset on it in my garage and laundry closet. That means that both of those lights that get triggered are staying on for 4 minutes whether I like it or not (unless I write some crazy code).
I have a hot tub.
I have a fear that one day the hot tub will quit heating.
I have a fear that when it quits heating it will freeze over and crack.
So I’ve been living in fear for a few years until last week when I discovered 433 MHz devices.
So I took a chance and bought this pool temperature sensor:
I’ve been dabbling with 433 MHz devices over the past few days and tying those devices in with my home automation software named HomeAssistant. A decent transmitter receiver kit will set you back a whopping $10 or so. I opted for this one.
It performs extremely well in a home environment and has great specs.
One of the gotchas of this device though is it comes with ABSOLUTELY NO DOCUMENTATION WHATSOEVER. You’d be hard pressed to find much useful on line as well. So that’s where I come in.
Fortunately the wiring is pretty basic and the pins are clearly marked on the back side of the circuit boards.
Did you ever stop to think about all those radio waves flying around us all the time? Of course you didn’t. That’s why you have me!
I have what I consider to be a pretty extensive Home Automation setup.
I use the program HomeAssistant on a Raspberry Pi3 with an Aeotech ZWave controller . Also I have some wifi devices such as a Nest Thermostat, Ring Doorbell, Ethernet Security Cameras, a WiFi Light Switch, and some smart light bulbs.
Was walking around Target and saw an inexpensive remote outlet which I was pretty sure I could perform the Replay Attack on.
The Replay Attack is when you record a signal from something and transmit it back to perform the operation.
These devices typically transmit around 433 MHz and have no encryption of any kind whatsoever. Just a simple transmit burst for on and off functions.