We probably don’t need to explain to most Hackaday readers why the current wave of inexpensive software-defined radios (SDRs) is such a big deal for hackers looking to explore the wide world of wireless signals. But if you to do Then you need a refresher on what kind of SDR hardware and software should be in your bag of tricks this fantastically detailed report by [RK] about how he hacked his La Crosse WS-9611U-IT weather station is a perfect example.
To brush up on his funk hacking skills, [RK] set out to use Analog Devices’ ADALM-PLUTO software-defined radio to intercept signals between the La Crosse base station and its various wireless sensors. He notes that a $20 RTL-SDR dongle might work just as well if you just wanted to receive, but since his ultimate goal was to fake a temperature sensor and introduce false data into the system, he needed one SDR with transmission capabilities.
Regardless of your hardware, Universal Radio Hacker (URH) is the software that will do the heavy lifting. In his essay [RK] guides the reader through each step required to find, capture and ultimately decode the transmissions coming from a TX29U wireless temperature sensor. While the specifics will of course change a bit depending on the device you choose to listen to in person, the general workflow will be more or less the same.
Finally, [RK] can not only receive the data from the wireless sensors, but also transmit its own fake data, which the weather station accepts as legitimate. Getting there took some extra effort as he had to figure out the correct CRC algorithm that was being used. But as luck would have it, a few years ago he found a hackaday article about doing exactly what helped him on the right path. Now he can put a winter coat on the little animated guy on the weather station screen in mid-July. Check out the video below for a demonstration of this particular piece of radio plunder.
While we often see the power of tools like URH brought up in conversations, there’s nothing quite like a step-by-step explanation of how someone used software and hardware from the modern hacker’s toolkit to achieve their goals. If reading this post doesn’t get you to finally pull the trigger on a cheap RTL-SDR and cruise through the ether, maybe nothing will.