Project

General

Profile

nRfMon - RFM12B forensics

Added by dzach about 4 years ago

nRf Mon is coming of age and now has it’s own project page in JeeLabs. The project page will eventually become a guide on how to use the nRf Mon spectrum analyzer. The code is in github .

Sample Display:

Full Control Panel:

Transceiver settings
Quick Settings:

Quick settings

rf12forensics31.png - Transceiver settings (97 KB)

rf12forensics30.png - Quick settings (28.8 KB)

rf12forensics32_c.png (118 KB)


Replies (244)

RE: nRfMon - RFM12B forensics - Added by martynj almost 4 years ago

The radio chip is completely under software control - chose what band you like. However, the antenna matching circuit contains several components that are band specific (hence the different module builds and markings). 
Operating away from the “native” band is possible, but the antenna mismatch gives the RF output stage a hard time with reflected energy and the range is severely reduced - often to a few feet only.
By reciprocity, this mismatch affects the receiver section too, throwing in a strong and uncalibrated attenuation of the received signal.   IMHO, this limits mismatched band use to close up investigations only and restricts the use for general scanning and evaluation of “quiet” zones.

RE: nRfMon - RFM12B forensics - Added by jpadie almost 4 years ago

Hi dzach

(with no changes in hardware) I am today receiving no input from nrfmon and a message saying no hw id … disconnected.

can you point me in the right direction for a resolution?

thanks
Justin

RE: nRfMon - RFM12B forensics - Added by dzach almost 4 years ago

@jpadie

Either the port the node is connected has changed (or the speed?) or the sketch running in the node is not rf12mon.ino.

RE: nRfMon - RFM12B forensics - Added by damonb almost 4 years ago

@dzach - thanks for sharing this amazing tool. I have been following its development for a while but am just trying it for the first time… using the Windows binary on Win7 x64… haven’t tried the TCL version.

I am in Australia, hence using the 915MHz band. When I select 915MHz, the frequency scale at the bottom of screen and the cursor live scale at top of screen still show as centred on 868MHz. (sorry…I don’t seem to have privilege to upload an image)

Is there a setting I have missed?

And do you prefer this kind of question/feedback here, or via github issues?

cheers…

RE: nRfMon - RFM12B forensics - Added by martynj almost 4 years ago

damonb, try now. You should have a Files:‘Browse’ button below the edit window when you reply to a topic.
A graphic gets spliced in where you insert !down_loaded_name!

RE: nRfMon - RFM12B forensics - Added by dzach almost 4 years ago

damonb wrote:
> When I select 915MHz, the frequency scale at the bottom of screen and the cursor live scale at top of screen still show as centred on 868MHz.

Changing band happens automatically when changing frequency, if the new frequency is in one of the supported bands. This was tested and worked in earlier versions but the protocol between nRfMon and the sketch has changed lately and, obviously, that part was not tested again. I’ll fix it asap.

In the meanwhile you can use the Freq. Band setting to change the band first and then set the frequency. I checked it and it works fine in Linux.

RE: nRfMon - RFM12B forensics - Added by dzach almost 4 years ago

damonb wrote:

When I select 915MHz, the frequency scale at the bottom of screen and the cursor live scale at top of screen still show as centred on 868MHz.

Fixed in new version 0.7.5. Changing frequency also changes band, if necessary.

RE: nRfMon - RFM12B forensics - Added by damonb almost 4 years ago

@dzach - thanks for the fix, it seems to work.

Now to ask another dumb question - what do I change in the rf12cw.ino sketch to have it transmnit on 915MHz?
The comment next to “config.nodeId = 0x80;” says 868 MHz, but isn’t that line just settng the node id?
My guess is I need to change “config.FSC = 0xA000 | 1600;” - but is it just changing the 1600 to 2000 ?

EDIT: yep, tried it and it works. A few visual clues in the nrfMon UI helped a lot.

RE: nRfMon - RFM12B forensics - Added by damonb almost 4 years ago

P.S. - re that fix for the 915MHz band… after selecting 915, if you click Listen, then go back to Scan, it reverts to 868MHz scale again. Easily fixed by re-selecting 915 on the Band control, but next time you’re in there dabbling ;-).

RE: nRfMon - RFM12B forensics - Added by dzach almost 4 years ago

Thanks for the report! Changing mode should not reset nRfMon to its defaults. Will be fixed.

damonb wrote:
> what do I change in the rf12cw.ino sketch to have it transmnit on 915MHz?

The band setting command is 0x80nn, where nn represents a number of fields, among which is the band setting field.

Receiving/transmitting CW has been dropped in recent versions of nRfMon since FSK transmission offers additional decoding possibilities. The rf12cw.ino code was a cut & paste first step that helped me understand the RFM12B module and as I see now it doesn’t use the rf_initialize() function correctly. I’d suggest you use a simple loop to transmit an FSK symbol; it can also be decoded on the other side by nRfMon and give additional clues about the communication link’s quality.

I believe something like the following would be enough to transmit FSK packets continuously on the 915MHz band (adapted from the RFM12B and ATTiny85 thread):

#include 

char payload[] = "0 1 2 3 4 5 4 3 2 1 0";

void setup () {
  rf12_initialize(1, RF12_915MHZ, 1);
}

void loop () {
  rf12_sendNow(0, payload, sizeof payload);
}

RE: nRfMon - RFM12B forensics - Added by dzach almost 4 years ago

New version 0.7.6 fixes a problem with BERT not functioning.
Band setting when changing mode should now work.
Bug reports are very welcome.

RE: nRfMon - RFM12B forensics - Added by dzach almost 4 years ago

The other day I bought myself a cheap DVB dongle , at 13.5€, to use it as a Software Defined Radio (SDR). There are even cheaper ones, with somewhat limited band coverage. This one covers the radio spectrum from 50 to 2100MHz !.

One of the first things to try was the spectrum/waterfall display. Here is how the RFM12B BERT transmission from nrfmon appears on a GNUradio application, Gqrx . TX and RX are next to each other.

and here is how one 9byte packet appears (left), together with a couple of “mystery” packets on 868.333MHz (right). TX ~12m away through 2 reinforced concrete floors:

It would be interesting to develop a software decoder for the JeeLib packets. There is code floating around and I might give it a try.

gqrx_shot3.png (145 KB)

gqrx_shot1c.png (178 KB)

RE: nRfMon - RFM12B forensics - Added by MichelV almost 4 years ago

Cool, I got myself on of those as well, but it has been sitting idle on my desk because of lack of time ;)
I’m following your thread with even greater interest now :
). (btw, did you know that you can receive information from aircraft positions near you with these as well?)

RE: nRfMon - RFM12B forensics - Added by dzach almost 4 years ago

Oh yeah, I’ve been a fan of Gnuradio for years now, but didn’t want to make a investment in more radios until I saw the story for this RTL2832U USB dongle. Cudos to Antti Palosaari for discovering the SDR capabilities of the chip.

Here is some code relevant to the RFM12B by Matthew Venn. I’ve run it, but still have to grok the details and see how to produce decoded payload data.

RE: nRfMon - RFM12B forensics - Added by jpadie 8 months ago

is nrfmon still under support?

I am trying to use it to decipher a bunch of generic 433Mhz 4 btn remote controls that I bought in error. Rather than throw them away, I thought it would be interesting to see what they are emitting.

Is this use case within the realms of practicality for nrfmon coupled with an RFM12B?

I have hooked up a test rig using a mega2560 and intriguingly I get very sporadic information back from the module, and no responses to serial input at all (using the serial monitor, not the tcl app). Checked this across two computers. checked that the mega2560 is functioning properly by loading alternative sketches.

so there are two issues really.
1. can someone set me on the right path for debugging the software? I am using the standard nrfmon sketch with a couple of extra footprints in. This leads me to suspect that the code is hanging in the scanrssi() function at this line
if (((rf12_control(0x0000) >> 8) & 1) == 0){

it does not always fail at this line. i.e. sometimes the line completes adequately and the break is executed. but when the script hangs, it always hangs at this point.

  1. assuming I can get the nrfmon script working again, can anyone assist with the steps required to decipher the commands sent by a remote control keyfob? I assume that it will be frequency keyed.
    the circuit board is marked gv-806. it has two ICs. one is 14pin and not marked (well, looks like it may be filed off). the second is an 8pin ATMEL583 24C02N . I can't find much about this chip. the atmel 583x chip is and RF xmitter. The 24C02N is an EEPROM. the latter fits the 8pin form factor whereas the former is a 32 pin package. the remotes are 'learning' so probably the chip is just eeprom. There is also an AURK433A crystal and a bunch of passives together with 5 different transistors.

many thanks for any help that can be offered.
Justin

RE: nRfMon - RFM12B forensics - Added by dzach 8 months ago

Did you have a look at http://jeelabs.org/2009/05/06/rfm12-vs-rfm12b-revisited/index.html ?
RFM12 is not exactly the same as RFM12B which is used by nrfmon.

RE: nRfMon - RFM12B forensics - Added by jpadie 8 months ago

forgive my sloppiness. the modules I have tried are all RFM12B.

RE: nRfMon - RFM12B forensics - Added by dzach 8 months ago

In that case I would suggest you try a known to work RFM12B + Arduino + Jeelib setup, and after having that working, try the nrfmon firmware and TCL software with the same setup. The TCL software can display bad packets with their contents in a number of formats that might make it somehow easier to identify the problems you have. The packet display can give you an intuitive visual indication about what kind of data, if any, you might be receiving.

RE: nRfMon - RFM12B forensics - Added by BrodGasko 7 months ago

Hi...as per my knowledge it can be included into RF12Demo, because RF12Demo is supposed to run on its own, while this sketch requires an additional program, nRfMon.However, I have another version which works with just the serial terminal of the Arduino IDE which could be included into RFDemo, if it’s found worth the memory it occupies.

http://www.7pcb.com/

(226-244/244)