HackRF Portapack H4M Beginners Guide

[Music] haar with portter pack is a portable Standalone tool for investigating decoding and probing Wireless communication it can help you get a better insight into how radio works pack runs a custom firmware called Mayhem which includes a bunch of interesting applications for receiving decoding and transmitting signals [Music] in this video I will show you how to use the most common applications on your portter pack but first I will cover the basics of setting up your device if you bought your hacka portra pack h4m preassembled it most likely comes flashed with a recent version of the Mayhem firmware but it most likely does not come with a Micro SD card and you will need to get one to get the most out of your portter pack this is because while some of the applications are embedded into the actual firmware itself a lot of them are not and are only available by being loaded from an SD card on the SD card you also have map files for applications like the adsb decoder as well as a bunch of sample and configuration files the applications on the SD card will only work on the exact same firmware that they are compiled to work on so I will will quickly show you how to update your pter pack firmware in the process as well to make sure that they are matching make sure to get a good micro SD card from a known good seller and a known good brand like SanDisk or Samsung since there are many fake and bad cards being sold out there get a card no bigger than 32 GB and format it s fat 32 now go to the Mayhem GitHub page on the right scroll down to releases and click on the latest one scroll down to assets and download the file named Mayhem version copy to SD card. siip extract the contents onto the micro SD card you formatted earlier and put it into your portter pack it's not enough to Simply insert an SD card containing the latest firmware we need to install it as well this can be done in a number of ways and one of them is directly from the hacker with portra pack itself turn on your portra pack navigate to utilities select flash utility and select the file named portter pack Mayhem if you're a Mac User like me you might also see a second file in the list that begins with a dots don't select this one your portter pack is now updated to the latest stable version of the firmware and all of the latest applications map files and Sample files are on the SD card you only need to set up the SD card once going forward you can update your portra pack by using the online updator available on the website hack rf. apppp and it will update both the firmware as well as the application files on the SD card automatically the web up data doesn't work on a Mac though so you guys will have to do it manually up until the recent 2.1.0 version of the Mayhem firmware you had to use a fat 32 formatted SD card technically you could format cards larger than 32 GB as fat 32 but the default Windows format won't do it however since the release of Mayhem 2.1.0 it now supports X fat as well allowing you to use much bigger cards not that there is really any reason to do so as most of the files you use with a portter pack are fairly small and if your portter pack hasn't been updated yet you still need to start out by using a fat 32 formatted card on the pter pack you might have noticed an application called wipe SD card this could mistakenly be thought of as an SD card formatter but it is not its purpose is to destroy any data on the SD card and you need to reformat the card if you use this application if you ass simpled your hacker with portter pack yourself you will need to do a dfu firmware flash instead and I've made an entire video that explains that process that video might also be helpful if you're having problems firmware flashing your portter pack make absolutely sure to read the pinned comment on that video as well pter pack h4m has a much better charging and power onoff solution than previous portter packs however it has led to a bit of confusion you turn on the portter pack h4m by sliding the right button up tap the little battery icon in the status bar to open the battery information here you can see that the battery is been discharged because the device is on if you plug in a USB cable you can now see that the device is being charged it shows charging but it also shows how many milliamps are currently being put into the battery if you turn the device off by sliding the power button down while it's plugged in you will see that the device is still on but there is no power going into the battery so it is not charging this is because the onoff button physically disconnects the battery from the device and you cannot charge it with the button turned off you will also see a big button where you can change method between IC and volt this does not change how the battery is charged it simply changes how the battery percentage and remaining time is calculated ated if the method is set to volt it will calculate the remaining battery by looking at only the voltage of the battery if the method is set to IC it will be based on the number of charging and discharging cycles and how long they took I find that the IC method is unreliable and I prefer to just use the voltage also I would recommend that you don't let your portter pack discharge completely try to keep the voltage above 3.0

[Music] there are a few different settings that I prefer to change when setting up a new ports pack first of all it can be a good idea to calibrate the touch screen by going into settings and choosing calibration be aware that you need to hold down on the markers not just tap them then let's set the date and time by going into settings and date and time I also like to change a few things in user interface I enable show splash as well as the back button in menu and then I hide all the status bar icons that I don't need especially the little agent icon causes some confusion this is called stealth mode and if you activate this which mostly happens by accident it will turn off the screen every time you use a transmitting application this is how I usually have my icons set up going back to settings you can style your portal pack by configuring the menu colors individually but you can also select pre-made color themes and of course I prefer the green one you need to turn your portter pack off and on for the theme to fully take effect all of the settings we just changed are saved in the persistent memory which is kept by the separate real time clock battery on the portter pack if the battery goes flat you will lose these settings you can reset these settings or save them to the SD card by using the P memory management option in settings I also like to set a custom Splash image you can make your own Splash images they just need to be 240x 304 pixels and saved as a 24-bit BMP file you can find a bunch of pre-made Splash images on this website including mine put the BMP files and your SD card in the folder named Splash go to utilities and select file manager scroll down to the splash folder and select the image you want to preview you can now press the right button to update this to be your new Splash image turn your device off and on to see it working your portter pack is now fully set up ready and looking good so let's dive into some of the most important applications I think the first application you should learn to use is the audio application go to receive and select audio the audio application allow you to see and listen to any radio signal in the frequency range that hack if ports from 1 MHz to 6 GHz let's first try and listen to a local fm broadcast station like the ones you would listen to on your car radio in the top of the application you see a bunch of numbers select the one on the far right this is the volume setting but even if we set it to 99 we still don't hear anything this is because we have to choose a modulation type first analog audio radio Transmissions can be transmitted in a few different modulation types that we can scroll through on the top left of the application by default it says spec which is sort for spectrum and this means that we just get a visual representation of the signal but no audio by scrolling we can pick between am n FM which is short for narrow FM and W FM which is short for wide FM and this is the one we need we now need to find a signal to listen to local FM broadcast stations are located within in the frequency range 88 to 108 MHz the number up top second from the left is the currently tuned frequency you can click on this and type in h8 every top number setting in this application has a second option below it that is visible when the number is selected when frequency is selected we can adjust the step size below this is how much of the frequency is adjusted up or down when scrolling the wheel adjust this to 100 khz and select the frequency again now start scrolling up until you reach a strong signal the final two number settings on top in the middle are the gain settings known as LNA and VGA these are used to increase or decrease the receive sensitivity turn them down if your signal is too strong and turn them up if it's too weak although at some point you will just get a bunch of noise and false signals if turned up to far I found it best to keep them around 16 to 32 DB when they are selected you can also see another setting below which is called amp and this is an extra fixed 14db LNA that can be chuckled on or off to boost the signal strength however this specific LNA component on the regular hacker ref boards can very easily accidentally be destroyed from random static or other voltage on the antenna connection and and if it's dead any received signal will completely disappear when it's turned on yours might already be fried without you even realizing it I've made an entire video about the problem if you want to know more it's probably best to keep it turned off if you don't desperately needed or if it's already broken to get good signal reception it's best to have the antenna be outside or at least near a window far away from other noise emitting electronics and and preferably up high and to use a proper antenna for the frequency as well for most receiving it's perfectly fine to just use the included telescopic whip but I've also made an entire video about antennas if you want to know what antenna is the best one and how to use [Music] them if we want to find a signal that we are not entirely sure what frequency is on then we can use the Looking Glass application [Music] Looking Glass does not output audio but it will show you a wide frequency spectrum and let you find strong signals visually in the top of the application you can set the minimum and maximum frequency that the waterfall below will show you could set it to the entire range of the hack RF but the signals would be absolutely tiny impossible to find and the display would update very slowly so having at least some idea of what frequency range you want to expect is necessary you can scroll through a bunch of default preset frequency ranges to find one suitable for what you're specifically looking for for instance if we pick fm broadcast we can see all the FM broadcast stations that we can receive show up as bright lines in the waterfall display in this application we can also adjust LNA VGA and amp to make the signals appear more clearly without too much noise I want to try and find the frequency for local ham radio repeat on the 2 m ham radio band so I select ham 2 m as the preset it looks like there's a strong continuous signal always in the middle but this is what's called a DC Spike and it's just part of how an SDR receiver works so just ignore it depending on how high I sit the gains there might also be other continuous lines showing up at the waterfall maybe even mirrored on either side of the central line these are most likely not Sur real signals and can either be internal or external noise sources most of the signals we are interested in do not broadcast continuously we can see a signal come and go in the lower part of this band to find out what frequency it's on we can go to the marker setting and move the little red marker until it is above the signal this shows us that the signal is located at about 144.5 MHz which I know is the local aprs frequency a kind of M tastic for ham radio system which poche can also decode in a separate dedicated app but that's not what I'm looking for right now though eventually the ham radio repeater that I'm looking for is in use and it pops up at a frequency that I quickly move the marker to now if I press down on the middle button the audio application is automatically opened on this frequency ham radio on these frequencies is transmitted mostly As narrow FM so we pick nfm and in the options below we can also set a squelch level squelch is a setting that can automatically turn off the audio if no signal is present on the frequency which makes it a bit easier on the ears to listen to you need to adjust it to your local noise level though so start out at 99 and scroll down until the background noise disappears I also want to dial in the frequency since I'm slightly off so I changed the step size down to something like 5 khz and adjust it so that I'm closer to 145. 650 MHz which appears to be the correct frequency you can also click the frequency to type it in here it's also possible to save the frequencies you find this way you will have to create a frequency list first though using the frequency Manager application which is found in utilities once you've created a list of frequencies you can use the scanner application to quickly scan through them by pressing load and selecting your list you will notice that there are a bunch of default frequency lists as well for instance I can quickly monitor local pm frequencies just by selecting them here and if there is any transmission on any of the frequencies the application will automatically stop and listen to that one be very careful not to use a transmitting Radio close to your hack RF as you can overload or even damage the receiv receiver inside move it away at least a couple of meters one of the things that I find the most fascinating about radio is that some of the signals can travel around the globe V bhf and UHF signals that is frequencies above 30 MHz are generally speaking purely line of sight you need a relatively clear path between the transmitter and receiver for the signal to be heard besides buildings trees and Hills the thing that mostly limits radio range is simply the curvature of Earth and the Earth curves much closer than you think which is why height is might if your antenna is up higher it can see farther in a relatively flat environment you shouldn't expect to pick up signals farther than at best 30 to 40 kilomet away even with a good antenna height which means that most VHF and UHF signals you pick up are quite local to you but frequencies below 30 MHz are different and can bounce off the ionosphere and be reflected back down to earth Beyond the Horizon sometimes several times over carrying the radio signals all around the globe and you can listen to these signals with your hack portter pack as well you cannot pick up any of these signals using a short telescopic antenna though you will need to use a longer antenna because the wavelength of the lower frequencies is longer but you can use something as simple as a cheap piece of wire it needs to be at least 5 m or longer and it needs to be stretched out outside preferbly up high the frequency spectrum of 3 to 30 MHz is called h F and it has a bunch of interesting signals the easiest to receive are shortwave am broadcast stations you need to set your audio application to am and go down and set the mode to dsb and you can start tuning around to find signals during daytime you will mostly get good signals above 10 MHz but during night time these signals can completely disappear you will have to go lower to receive anything longdistance signals can come and go and are generally more likely to happen during summertime and during the height of the 11-year solar cycle in between the broadcast AM stations there are also a bunch of amateur radio bands these are bands dedicated for hobby use and require a license to transmit on that is available to the general public by taking a test here you can find people talking to each other and experimenting with various digital modes the most used ham radio HF band is known as 20 M which is the wavelength of the band and it ranges from 14.0 MHz to

14.35 MHz these HF bands are quite small so most people use the narrow modulation type known as SSB single Side Band which is kind of half of an AM signal without the carrier you will need to change the am mode of the audio app to USB upper side band to receive the signals on the 20m band and also set the step size to something small like 1 khz as we scroll through the band we will first find some more signals then some digital stuff and eventually some voice communication if you hear some call signs you can look them up on the website QR set.com and see how far away from you they are another popular HF handband is 40 m which is found at 7 megaherz all handbands below 10 MHz use the lower sideband modulation known as LSB in between the hand bands and the broadcast am bands you can also find a bunch of other communication like Marine airplanes and Military communication as well as some weird mysterious number stations and other Oddities all mostly broadcast in USB modulation regardless of the frequency you never know what you're going to find and it can be quite fun exploring the airwaves let's track down some airplanes with the portter [Music] pack go to receive and open adsb airplanes transmit a signal on 1,90 MHz that contains their cold sign GPS position heading speed Etc we can pick up this signal and decode it and because the planes are high up in the sky we can receive the signals from quite far away as long as we have a clear view of the the sky as with the audio app we can also adjust the LNA VGA and app in this application but since we're not hearing or seeing a visual representation of the signal received it can be quite difficult to tell if we should increase the gains or not to help with this it is possible to open a debug window by pressing the top left button of the portter pack twice this DBU window will flicker a bit but you will see a value named RX saturation percent this is basically the internal volume level of the received signal if it's all the way up at 100% it will distort and you won't get good decodes and if it's too low the signal would be too weak to be heard so adjust your gains to set it somewhere in the middle and press the top left button again to close the debug window you can select planes on the list click on them to get more information as well as having their position displayed on the map when in the map view you can move the cursor down to the map and scroll to zoom in and out the map image resolution isn't great though since it covers the entire Earth and has to work on the limited memory of the portter pack portter pack can not only track planes but also ships since they use a similar system known as AIS to broadcast their position heading speed Etc you will find the AIS boats application in receive as well and ham radio also has a similar system known as aprs that pter pack can also decode in this application you have to select what AR area you are in to set it to the correct frequency if you're in North America set it to na I'm in Europe so I set it to EU the raw decoded aprs package will start appearing below and in the list tab you will see a list of call signs of the stations received that you can also select to see the location on a map just like flipper zero hackrf portter pack can also record and play back signals from wireless remote controls like this one since we're going to be transmitting a signal we first need to get the correct antenna for this frequency if you transmit using a nonresonant antenna like the telescopic web you risk destroying your transmitter since the power you attempt to transmit will instead be reflected back into the transmitter itself causing it to heat up and possibly be destroyed this is the case for all kinds of radio transmitters even Wii access points mustastic and handheld radios never use antennas not specifically designed for the frequency they transmit on most antennas are only resonant on a very narrow frequency regardless of how wide band they are advertised to be and this frequency can be measured with a nano BNA these kinds of Wireless door bus remotes and similar usually use one of the standard license-free ISM bands such as 315 433 or 915 MHz it will usually say on the device which band it uses and you need to buy an antenna for this specific band to to start playing around with it see my antenna video for a deeper explanation of why and how you can build your own antennas ism is short for industrial scientific and medical and it's a bunch of different license-free frequencies that wireless devices can legally use as long as they adhere to regulations of low power output and other limitations Wi-Fi and Bluetooth also use ISM bands such as 2.4 and 5.8 GHz and metastic does as well usually at either 915 or 868 MHz depending on where you live since the regulations are slightly different around the world even though it says what ISM band it uses on the device it probably won't say the actual specific frequency Channel it uses and this is where we can get some help from the Search application on the portal pack I know this device uses the 433 band so I set the range from 433 to 435 then I turned down again a lot since we will be transmitting quite close to the portch pack and I don't want to overload the receiver or pick up unwanted signals then I set the snap to 2.5 khz and press the remote the application will now detect what frequency the signal is transmitted on it might not be completely accurate but it will get us close enough you can also use this application to figure out what band your device uses if it doesn't say so on it note the frequency and go back and open the capture application here we can input and fine-tune the frequency and gains until we get a good-looking signal in the center of the waterfall click the red record button push the button on the remote and stop the recording this recording has now been automatically saved as the file name to the right of the record button you can now go to the replay application and open your recording by pressing the page with a plus symbol on it and finding it in the list the replay application has settings labeled G and a just like when receiving you can adjust the output gain but here we only have one setting and just like when receiving we also have an identical fixed 14db LNA available here to chuggle on or off I would suggest turning down the gains completely and disabling the amp when transmitting and turning it up only to the amount that is necessary for triggering the device press the green arrow button to transmit the signal if you have a bunch of recordings you can set them up in the remote application by creating buttons and assigning recordings to them before you go around and try out all the transmitting applications on portter Pac I want to give you some advice there is a limited amount of radio spectrum available for us in the world and it is used by every wireless device in our life from simple doorbells Wi-Fi and Bluetooth to Police emergency airplanes and even cell phone GPS and satellite communication because of this radio communication is heavily regulated world worldwide and transmitting on any frequency without permission is illegal because if you don't know what you're doing you can potentially cause fatal interference while hack RF is capable of generating RF signals it's primarily designed to be used for local testing analyzing and experimenting on the workbench its purpose is to help you get an insight into how radio signals work it's not meant to be used as an actual Communications radio the transmit output power of hack RF is very low at 10 to 20 M depending on the frequency by comparison a regular handheld radio typically has an output power of 5 wat or 5,000 m that's usually considered low power compared to other communication radios some people want to try and use hacker to jam their Wi-Fi or Bluetooth signal but hacker is not a Jammer jamming essentially boils down to shouting louder than the the original transmitter to make a receiver not able to hear the signal onner specific frequency jamming is illegal and hack RF is no good at it anyway besides not transmitting a very powerful signal modern Wi-Fi and Bluetooth Protocols are very resilient to interference because lots of devices in our everyday life create RF interference not just intentional Transmissions but also some regular LED lights phone charges computers solar panels inverters and more Wi-Fi and Bluetooth can error corrects and do frequency hopping to keep a strong connection even in noisy environments even if you wanted to only test jamming on your own equipment the signal will still potentially disrupt other communication nearby to avoid causing unintentional interference I would suggest that you buy a dummy load to use with your hacker ref when experimenting with transmitting a dumil load is basically a 50 ohm resistor with a cooling element connected directly instead of an antenna this allows you to transmit on any frequency without worrying about using a resonant antenna and most of the signal is absorbed by the resistor and never radiated into the world a very tiny bit of signal will still Escape very locally which can be used for testing purposes if you're interested in playing around with radio like hack RF then you're basically already interested in ham radio playing around with radio transmitters receivers and antennas is exactly what the hobby is all about getting a ham radio license is like getting a driver's license and it gives you access not to transmit anywhere you want just like you can't drive your car into someone's Garden but to transmit on specific ham radio frequencies and with any type of equipment including hacker ref for homemade transmitters and at much higher power levels you have to take a test to get the license which can seem a bit annoying but understanding the questions in the test really help you understand how to avoid causing interference how to make successful transmissions and how to avoid breaking your own equipment even kids take ham radio licenses so it's not really that difficult there's probably a ham radio club nearby who will help you get started finally I want to help you adjust your expectations to what hacker ref portter pack is all about the open source design of the hacker board is over 10 years old and it's based on cheap available components it covers a wide frequency spectrum at a quite high bandwidth but it's not a very sensitive receiver it has a limited dynamic range and only an 8bit analog to digital converter it has no filtering and it's easily overloaded you can improve the reception by using external filters to narrow in on what you want to receive the transmit power of hack RF is very low at about 10 to 20 M you might think that you could just amplify this signal but since every radio transmitter also creates unwanted harmonic duplicate signals at several other frequencies any attempt to amplify the signal would also amplify these harmonic signals and cause unwanted interference which is why all radios need filters for the specific frequencies they are capable of transmitting on it's much cheaper to Simply get a dedicated radio made for those frequencies hackro Pac is not designed programmed and manufactured by a single company with a single Vision it's bunch of different open-source projects matched together and working mostly by luck and good intentions there are things that do not work things that might break and things that could have been done better but it's also much cheaper than the better Alternatives and the nature of Open Source means that you can also contribute with your ideas and refinement I hope I've given you a small insight into what the hacker with ptoc h4m is all about [Music]

2025-02-28 11:44

Other news