rfcat on FreeBSD
My Yardstick One appeared yesterday, time to set up RFCat.
RFCat has not yet been packaged on FreeBSD so I had to install it manually. I pulled the RFCat source from bitbucket which includes both the firmware and the client tools. To play with the stock firmware on the YSO I just had to install the client tools.
The client tools depends on libusb-1.0 , which ships in FreeBSD and on pyusb . Pyusb is offered by the py27-usb port.
$ sudo pkg install py27-usb
Then I built the rfcat client tools:
$ cd code
$ hg clone ssh://hg@bitbucket.org/atlas0fd00m/rfcat
$ cd rfcat
$ sudo python setup.py install
I had to set up devfs rules to access the usb devices, with my account in the usb group I have the following:
# /etc/devfs.rules
[localrules=10]
add path 'usb/*' mode 0660 group usb
#/etc/rc.conf
devfs_system_ruleset="localrules"
devd_enable="YES"
With that all set up I can now try the rfcat tools
$ rfcat -r
'RfCat, the greatest thing since Frequency Hopping!'
Research Mode: enjoy the raw power of rflib
currently your environment has an object called "d" for dongle. this is how
you interact with the rfcat dongle:
>>> d.ping()
>>> d.setFreq(433000000)
>>> d.setMdmModulation(MOD_ASK_OOK)
>>> d.makePktFLEN(250)
>>> d.RFxmit("HALLO")
>>> d.RFrecv()
>>> print d.reprRadioConfig()
The r flag tells the client to throw me into the research prompt and I get left in something that looks sufficiently like ipython. To test that everything was working I decided to transmit some bytes in a loop in the ism 433 band.
In [1]: d.setFreq(433920000)
In [2]: d.setMdmModulation(MOD_ASK_OOK)
In [3]: d.makePktFLEN(4)
In [4]: d.setMdmDRate(4800)
In [5]: for i in range(0,15):d.RFxmit('\xDE\xAD\xBE\xEF');
In [6]: for i in range(0,15):d.RFxmit('\xDE\xAD\xBE\xEF');
In [7]: quit()
I used an rtlsdr dongle and sdrtouch on my phone to get a quick demod of the spectrum and to see a waterfall. I tried this a few times, but I wasn't seeing the expected signal. Right off to the far right edge of the screen I was seeing a jump in strength, tuning around a bit while transmitting I eventually caught my burst packet. It seems that my rtl dongle is about 400KHz off the actual observed frequency.