0×00前言前段时间在文章《HackRF入门:家用无线门铃信号重放》中通过HackRF录制并回放了无线遥控信号,但是一直没有时间信号分析,看国外网站就可以了有大牛对遥控器信号进行了分析(详见refer部分)。在这里,我们就按照国外专家分析无线遥控信号的方法来照葫芦画瓢。*本文只分享信号分析方法,因为信号调制和编码方式不同,数据分析如有错误,希望大家不要打我= ̄ω ̄=Momoda0×01环境即可用于构建Macport(/www.macports.org)或brew(brew.sh)安装GnuRadio依赖套件:sudoportinstallgnuradiossudoportinstallhackrfsudoportinstallrtl-sdrssudoportinstallgr-osmosdrgqrxsudoportinstallhackrf完成以上工作后,就可以使用TVdongle、HackRF和GnuRadio了在Mac环境中。0×02RecordingSignal遥控信号的录制方式有很多种,比如电视棒+SDR-sharp录制wav音频格式数据,HackRF命令终端录制RAW格式数据。本文使用GNURadio+SDR硬件(rtl-sdr、HackRF、BladeRF等)实现此功能:左边的RTL-SDRSource将使用SDR硬件接收315MHz无线信号,采样率为2M,以及WXGUI右上角的Waterfallsink会通过瀑布图的形式在PC端展示捕获到的无线信号。右下角的FileSink将捕获到的无线数据包存储到/tmp/test.cfile文件中。执行流程图按下遥控器可以看到如下效果图:个人比较喜欢使用gr-fosphor的瀑布图模块,将捕捉到的信号显示在瀑布图上:完成GnuRadio流程图后,查看/tmp目录test.cfile:0×03AnalysisSignalAnalysis可以用音频处理软件Audacity来分析信号:但是这种方法需要肉眼将波形转换成0和1,容易眼花。也许,只有老司机才能用这种方式快速准确地完成分析任务。3.1安装inspectrum在本文中,我们将使用工具inspectrum(https://github.com/miek/inspectrum)对信号进行分析,并配合Python将信号转换为二进制数据。sudoportinstallfftw-3-singlecmakepkgconfigqt5gitclonehttps://github.com/miek/inspectrum.gitmkdirbuildcdbuildcmake..makesudomakeinstallinspectrum-hUsage:inspectrum[options]filespectrumviewerOptions:-h,--helpDisplaysthishelp.-r,--rateSetsamplerate.Argument.3.2数据导入分析inspectrum/tmp/test.cfile通过左侧Spectrogram参数的调整和缩??放工具,我们可以实现波形图的放大和缩小,调整颜色深度:下面的Time选择可以分波形:增加Symbols,直到包含信号波形区域:右键—>Adddervedplot—>Addamplitudeplot:效果如下:微调部分参数:导出波形数据:此时获取波形终端宽度数据:3.3解码接下来我们可以用Python将这些数据转换成0、1,test.py代码如下:(如果i>xx的值根据自己的实际情况确定,建议拍自然nu最大值和最小值区间之间的数字)。s=''a=[0.121182,0.00224696,0.00227361,0.00222253,0.121036,0.121293,0.12126,0.00220722,0.121013,0.00221486,0.00230146,0.00230048,0.120959,0.120975,0.12077,0.00227199,0.120701,0.00226761,0.00234306,0.00225335,0.120851,0.120784,0.12084,0.00224014,0.120892,0.00221627,0.00222881,0.00219768,0.121157,0.00224349,0.00221741,0.00223827,0.120798,0.00237988,0.00226093,0.00232855,0.120649,0.120813,0.121032,0.00222553,0.120876,0.00221533,0.00225347,0.00228226,0.120759,0.120718,0.12042,0.00218557,0.120344,0.00222487,0.00224753,0.00227552,0.120383,0.120384,0.120275,0.00224362,0.120611,0.00219556,0.00227022,0.00224123,0.120514,0.120328,0.12068,0.0022916,0.120735,0.12043,0.120697,0.00224807,0.120399,0.120808,0.120405,0.00222214,0.120512,0.120833,0.120495,0.00226469,0.120727,0.120617,0.120534,0.00222499,0.120441,0.120626,0.120297,0.00208249,0.120539,0.120365,0.120612,0.00214876,0.120545,0.120262,0.120739,0.00228899,0.12051,0.120525,0.120172,0.00214644,0.120678]为我ina:ifi>0.03:s+='1'else:s+='0'0×04replaySignalreplay通过上面的方法,我们分析了SDR捕获的无线信号,并将信号文件转换成二进制数据,那么你可以使用GnuRadio重播数据,修改测试,或者使用RFcat+Python实现廉价重播Hacking0×05参考https://medium.com/@eoindcoolest/decoding-a-garage-door-opener-with-an-rtl-sdr-5a47292e2bda#.qu46ncrr3MikeWalters:使用inspectrum反转数字信号–YouTube我在2016年最快最简单的OOK信号解码和复制方法–YouTube
