DDDDD FFFFFFFFF SSSSSS D D FF S D D FFFFF S D D FF SSSSSS D D FF S DDDDD FFFF SSSSSSS (ASCii By AD!) Damned Fucking Shit Issue #38 Title: Radio Data Date: 7/13/94 By: Jeeb ------------------------------------------------------------------------------ Radio Data by Jeeb Computers used to be tools available only to rich companies and individuals. Today, you see beggars post ads on BBSes (sysops). My point is, the computer is the greatest invention since the radio, and that's why people like to combine them. There's one vital flaw in this, however. Radio signals are often easy to intercept and computers often depend on security. The goal of this text file is to explain how you can (ab)use this flaw for your personal enjoyment. There are many types of data signals that you will find on the radio. Radio faxes, pagers, Mobile Data Terminals, and remote controls are just a few. Before you get bored with this, let me explain what these are used for. Radio faxes are used to transfer weather maps, AP news photos, and even some newspapers. Pagers are somewhat boring to watch but can be fun to hack. Mobile Data Terminals are often used by police for communicating information about cars and people. Remote controls are stupidly used on car alarms, house alarms, garage door openers, etc. Now I know you're staring at your Optima 28.8 and thinking "hmm how do I rig this thing up to my scanner?" Don't. Telephone modems handshake too slowly for them to decode data transmissions. You might be able to get a few messages but the best way is to build your own. No, this won't take you $300 and two years. Most data transmissions under 800 MHz are under 2400 baud. This means that there are many easy ways to build an interface. IC modems are now available that are capable of 300 and 1200 baud. For slower speeds (yes, you will encounter SLOWER speeds), you can build your own modem by simply using an op-amp filter and a 567 decoder IC. I'm not going to go into the details of this though, check with your electronic parts supplier (no, not Radio Shack!) for part info. The soundblaster card is capable of decoding audio data transmissions, but I haven't seen any decent software for it yet. Maybe I'll write some, but don't hold your breath. There are a few things you need to be aware of when you receive a signal. First is the baud rate. Sometimes you can figure this out by ear, other times you have to guess. Common baud rates are 55,110,300,1200, and 2400 baud. Next is the frequency shift. Most data transmissions consist of a low tone, indicating a binary 0, and a high tone, indicating a binary 1. High speed data transmissions are different, but right now we're not worrying about them. The frequency shift is the difference between high tone and low tone. You will find that some transmissions are standard frequency shift and others are unique. Your biggest enemy is encryption. Data transmissions are much easier to encrypt than voice transmissions. Nevertheless, several data transmissions are unencrypted. Remote controls aren't as much of a problem though. There may be 30 trillion possible codes, but if you get a high quality sample of the transmission, you can just duplicate it and break into the car or house or whatever. Cars that automatically unlock when you press the transmitter are great fun, especially when they leave the keys in the car. If you can't hack a transmission by careful examination and simple translate tables, you might want to consider moving on to another transmission. Remember, excessive crap might mean that you're not tuned in right, not necessarily that it is encrypted. Another thing worth mentioning are accidental transmissions. The Van Eck syndrome. Most computer equipment emits radio waves (that's why they all have that FCC part 15 compliance thing). It takes an indepth study, but you can learn what a computer is doing just by its RF leakage. On a side note, its always good to find some strong leakage frequencies for your laptop, so if your brother stole it and is using it in the next room, you can tune it in and go beat the crap outta him. Be smart though, because most leakage doesn't contain any useable data. Well this is the part where I list things you can try listening to. Unfortunately I don't have much reference material with me but this should be enough to get you started. All signals are FM unless otherwise indicated. 144.91-145.09 MHz Amateur Packet Radio, usually 1200 baud AFSK 152-153,158-159 MHz, Digital pagers. Shift varies. 929-932 MHz If you're serious about this stuff, then I recommend buying a frequency counter. If you're near the transmitting antenna it will tell you the frequency so you won't have to search forever. If you're really elite you might want to get a transmitter to play with. Watch out for CRC checks and time stamps or your transmissions won't work. Also remember that they can and sometimes do track down repeat abusers. If there's one frequency you really want to attack, do it from different locations for a short period of time, or use a directional antenna pointed in different directions. It is illegal for a mortal to transmit almost any type of data via radio waves using homemade equipment. It is also illegal to decrypt any encrypted transmission. (These are FCC laws in the US.) Finally, let me know what you think. Did you like the file? Hate it? Need to know more? I'd also like to hear what you've tried and how it went. Until August 8th you can contact me any of the following ways: (in order of preference) rmitra@iastate.edu 1-800-298-MAIL box 3504 +1 515 296 0600 voice and, of course, I'll always be Jeeb on Paradise Lost. Find DFS On These Fine Systems ========================================================================== | Paradise Lost +1.414.476.3181 DFS World HQ | | Temporary Insanity +1.ITS.NOW.DOWN DFS Affiliate HQ | | Plan 9 Information Archives +1.716.881.FONE (3663) DFS Southern HQ | | Arrested Development +31.77.547477 DFS European HQ | | Under World Element +1.203.740.9571 DFS Eastern HQ | | 7th Heaven +1.216.464.6789 DFS Ohio HQ | | Lucifer's Exile +1.513.459.1278 DFS Midwest HQ | | Twilight Of The Idols +1.613.226.3386 DFS Canada HQ | | | | AE - Plan 9 Information Archives - Login: DFS | | FTP - etext.archive.umich.edu - /pub/Zines/DFS | | IRC - #DFS (Whenever Access Denied or Incarnate is on) | | VMB - 1.800.298.6245 x3508 | | | | To submit, call Paradise Lost and log on as DFS. The password is: | | JINGLE JINGLE | ==========================================================================