[RF] 逆向工程

你的LoRa在裸奔嗎？

Matt 之前的演講就已經說明如何逆向工程 LoRa RN2483 的解調變，扣都放在 https://github.com/rpp0/gr-lora
https://github.com/rpp0/gr-lora/wiki/Capturing-LoRa-signals-using-an-RTL-SDR-device

HackRF 端執行

gr-lora$ sudo python ./apps/lora_receive_realtime.py

發送端的範例程式

import serial
import time
import sys 

lora = serial.Serial("/dev/ttyACM0", 57600)

# bw=125
print('cmd> radio set bw 125')
lora.write(b'radio set bw 125\r\n')
lora.readline()

# sf=sf12
print('cmd> radio set sf sf11')
lora.write(b'radio set sf sf11\r\n')
lora.readline()

print('cmd> radio set freq 868100000')
lora.write(b'radio set freq 868100000\r\n')
lora.readline()

while True:
    print('----------------------------------')

    lora.write(b'mac pause\r\n')
    lora.readline()

    t = int(time.time())

    cmd = 'radio tx ' + str(t) + '\r\n'
    print('cmd> ' + cmd.strip())

    byte_cmd = bytes(cmd)
    lora.write(byte_cmd)
    lora.readline()
    ret = lora.readline().strip()

    time.sleep(1 + 0.01 * int(len(cmd)))

做完的結果大概長這樣