I am interested in alternative approaches to make the spectrum visible and audible. With SpectroPhone, I captured all WiFi signals and painted them as circles on a canvas. The color indicates the manufacturer of the chip that sent the frame, the size indicates the data that it carries, and the fade duration indicates the signal strength. To make it audible, I mapped the manufacturer to notes on the c major scale and let the signals play the notes.
I noticed that both the buses and the signs at the bus stops are equipped with rather long antennas that—as it turns out—are used to disseminate telemetry data that allows to predict the arrival of the bus. I reversed the physical layer and large parts of the data payload and created an interactive map that displays the position and state of the buses.
Placing two pairs of mobile traffic lights directly in front of our house provided the perfect opportunity to study their signals. I reversed the physical and link layer and implemented my own receiver that outputs the state of the traffic light in a web interface.
I maintain a GNU Radio RDS implementation. That’s a project I continued and extended quite a bit. RDS is a data subcarrier on ordinary FM broadcasts that allows the radio to display the station name, for example. With TMC, RDS can also be used to disseminate traffic information. As the whole system is unencrypted and unauthenticated it can serve as a demonstrator for spoofing traffic messages.
In 2014, I bought a car and, of course, had to reverse its wireless key fob. It uses a rather simple modulation in the 433MHz band. As it turns out, the security of the key is based on a 64-bit rolling code. I made some progress, but did not (yet?) have the big break through.
On a hike through the forest, I found a weather sonde from Vaisala launched by the German military. Fortunately, I found a GNU Radio module from a hacker space in Prague that I restructured and extended with live graphs of the sensor data.
Based on Mathy Vanhoef’s firmware modifcations for some Atheros WiFi cards, we are investigating their potential to operate as reactive jammers. In particular, we are interested in the limitatons in terms of delay, the reliability that a jamming signal is sent, and the effectivenes of the jam signal.
I continued Thomas Schmid’s ZigBee transceiver, which I extended to a complete network stack for IEEE 802.15.4 devices. It even supports the RIME stack of the Contiki operating system, which is—like TinyOS—a well-known operating system for sensor motes.
I implemented an IEEE 802.11a/g/p transceiver based on GNU Radio that supports all modulation and coding schemes, runs completely in software, and supports a wide range of SDRs. It’s well suited for both simulative and experimental performance evaluation of WiFi and Vehicular Ad Hoc Networks.
Wime, which stands for WIreless Measurement and Experimentation, is an umbrella project for my wireless stuff. The idea is to have one spot with information and documentation of the various projects to make them more accessible to others. The project is currently in an early state, but I plan to work on this quite a lot in 2016.
BATS is a multi-disciplinary project funded by the German research foundation. The goal is to equip bats with very light-weight sensor motes to track bats in the wild and study the social behavior in their natural habitat. In our subproject, we designed the data communication and built an SDR-based prototype.
I’m very happy to be the web chair of ACM MobiHoc 2016. I created the website from scratch, using Bootstrap for the frontend and a Gulp workflow—scaffolded with the gulp-webapp Yeoman generator—for the backend.