My Yardstick One appeared yesterday, time to set up RFCat.
RFCat has not yet been packaged on FreeBSD so I had to install it manually. I pulled the RFCat source from bitbucket which includes both the firmware and the client tools. To play with the stock firmware on the YSO I just had to install the client tools.
The client tools depends on libusb-1.0, which ships in FreeBSD and on pyusb. Pyusb is offered by the py27-usb port.
$ sudo pkg install py27-usb
Then I built the rfcat client tools:
$ cd code $ hg clone ssh://email@example.com/atlas0fd00m/rfcat $ cd rfcat $ sudo python setup.py install
I had to set up devfs rules to access the usb devices, with my account in the usb group I have the following:
# /etc/devfs.rules [localrules=10] add path 'usb/*' mode 0660 group usb #/etc/rc.conf devfs_system_ruleset="localrules" devd_enable="YES"
With that all set up I can now try the rfcat tools
$ rfcat -r 'RfCat, the greatest thing since Frequency Hopping!' Research Mode: enjoy the raw power of rflib currently your environment has an object called "d" for dongle. this is how you interact with the rfcat dongle: >>> d.ping() >>> d.setFreq(433000000) >>> d.setMdmModulation(MOD_ASK_OOK) >>> d.makePktFLEN(250) >>> d.RFxmit("HALLO") >>> d.RFrecv() >>> print d.reprRadioConfig()
The r flag tells the client to throw me into the research prompt and I get left in something that looks sufficiently like ipython. To test that everything was working I decided to transmit some bytes in a loop in the ism 433 band.
In : d.setFreq(433920000) In : d.setMdmModulation(MOD_ASK_OOK) In : d.makePktFLEN(4) In : d.setMdmDRate(4800) In : for i in range(0,15):d.RFxmit('\xDE\xAD\xBE\xEF'); In : for i in range(0,15):d.RFxmit('\xDE\xAD\xBE\xEF'); In : quit()
I used an rtlsdr dongle and sdrtouch on my phone to get a quick demod of the spectrum and to see a waterfall. I tried this a few times, but I wasn't seeing the expected signal. Right off to the far right edge of the screen I was seeing a jump in strength, tuning around a bit while transmitting I eventually caught my burst packet. It seems that my rtl dongle is about 400KHz off the actual observed frequency.