HackerBox 0089: Wispy

Welcome to HackerBox 0089. We will explore the wispy threads of radio waves surrounding us in tapestries of information. Assemble parallel, multicore microcontroller systems for collecting Radio Frequency signals including Wi-Fi and Bluetooth. Leverage both satellite (GPS) and mobile cellular (GSM) systems for geolocation. Implement data logging and retrieval using Flash storage SD cards. Experiment with the feature-rich wardriver.uk platform. Leverage various mobile antenna structures including omnidirectional antennas, high-gain ceramic antennas for satellite navigation, wire-helical antennas for mobile cellular, and directional PCB Yagi antennas.

HackerBox is the original monthly subscription box for electronics, computer technology, and hacker culture. Each HackerBox is a discovery box, which means all members await and enjoy a new surprise each month. Tech, toys, knowledge, and fun. It's like having a hacker convention, your birthday, and the first day of school - every month - right in your mailbox.

There is a wealth of information for current and prospective members in the HackerBoxes FAQ. Almost all of the non-technical support emails that we receive are already answered there, so we'd really appreciate it if you can take a few minutes to read the FAQ.

This Instructable contains information for getting started with HackerBox 0089. The full box contents are listed on the product page for HackerBox 0089 where the box is also available for purchase while supplies last. If you would like to automatically receive a HackerBox like this right in your mailbox each month, you can subscribe at HackerBoxes.com and join the party. Subscribers save at least $15 every month and get each new HackerBox shipped immediately off of the production line.

A soldering iron, solder, and basic assembly tools are generally needed to work on the monthly HackerBox. A computer for running software tools is also required. Have a look at the HackerBox Workshops for basic tools and a wide array of introductory activities and experiments.

The most import thing you will need is a sense of adventure, hacker spirit, patience, and curiosity. Building and experimenting with electronics, while very rewarding, can be tricky, challenging, and even frustrating at times. The goal is progress, not perfection. When you persist and enjoy the adventure, a great deal of satisfaction can be derived from this hobby. Take each step slowly, mind the details, and don't be afraid to ask for help.

WEAR SAFETY GLASSES WHEN SOLDERING, WHEN TRIMMING WIRE LEADS, OR WHEN CUTTING, DRILLING, ETC.

The HackerBox RF Capture Platform leverages two ESP32 development boards, a GPS module, and a GSM module to collect information from the surrounding electromagnetic environment. The collected Wi-Fi, Bluetooth, GSM, and GPS data can be logged to a MicroSD storage card.

The RF capture hardware is a closely inspired by the amazing Wardriver.uk project from Joseph Hewitt. Please check out Joseph's pages and social media to appreciate his truly impressive work on some very cool projects. The KiCad source and Gerber files for the HackerBox PCBs can be found here.

The ESP32-DevKitC V4 is an ESP32-based development board from Espressif. The ESP32-WROOM-32U variant specifically integrates an IPEX (aka U.FL or IPX) coaxial connector for attaching an external antenna. We will definitely be connecting external antennas for this project. Other features of the ESP32 include:

• Processor Cores:
• Two Xtensa 32-bit LX6 performance cores operating at 240 MHz
• One ultra low power (ULP) co-processor core
• Memory: 320 KiB RAM, 448 KiB ROM
• Wireless connectivity:
• Wi-Fi: 802.11 b/g/n
• Bluetooth: v4.2 BR/EDR and BLE
• Peripheral interfaces:
• 34 × programmable GPIOs
• 12-bit SAR ADC up to 18 channels
• 2 × 8-bit DACs
• 10 × touch sensors (capacitive sensing GPIOs)
• 4 × SPI
• 2 × I2S interfaces
• 2 × I2C interfaces
• 3 × UART
• CAN bus 2.0
• Infrared remote controller (TX/RX, up to 8 channels)
• Security:
• IEEE 802.11 security including WPA, WPA2, WPA3, WAPI
• Secure boot
• Flash encryption
• Cryptographic hardware acceleration: AES, SHA-2, RSA, ECC 
• Random number generator (RNG)

Prior to soldering or otherwise connecting anything to either one of the ESP32 modules, let's get the software toolchain set up and take each of the ESP32 modules for a quick test run.

Install the Arduino IDE.

Install the ESP32 board definitions for the Arduino IDE as explained on this espressif.com docs page.

Connect one of the ESP32 modules to your PC using a microUSB cable.

The power LED (usually red) will light up.

There is no "user LED" on the module, so nothing will be blinking, and obviously we cannot use the typical embedded "hello world" of manipulating an LED. Instead, we will perform our initial test using one of the buttons built onto the ESP32 module.

Select the correct hardware in the IDE using:

Tools > Board > ESP32 Arduino > ESP32 Dev Module

Then open the example sketch:

File > Examples > Basics > DigitalReadSerial

Find the following line and change it from IO pin 2 to IO pin 0:

int pushButton = 2;

The BOOT button on the module is wired to IO pin 0.

Compile and upload the sketch.

Open the serial monitor and set it to 9600 baud.

The sketch will repeatedly output a "1" to the serial monitor, but the output will change to "0" whenever the BOOT button is depressed. With that, we can be sure that everything is configured correctly to program the ESP32 and the module itself is operational.

Repeat the test for the second ESP32 module:

We strongly suggest performing this initial testing on both ESP32 modules prior to connecting either of them together or to anything else.

Supplying power to two interconnected ESP32 modules:

On the RF capture platform, the two ESP32 modules will ultimately be coupled together, so let's consider what this means for the power supply situation.

Each of the ESP32 modules has a 5V supply rail powered by the 5V line of its USB port. On the RF capture PCB, the 5V rails of the two ESP32 modules are connected together, so it is suggested to only power the MicroUSB port on one of the two ESP32s at any given time. The one that is not powered will obtain its 5V supply from the one that is powered.

As usual with a 5V USB supply, power can be provided from your computer or other USB port. On the go, mobile power can be provided by battery, solar, car adapter, or otherwise. In any case, simply connect a powered MicroUSB cable to either of the ESP32 USB ports.

The 5V power rail on each ESP32 module is diode isolated (using a BAT760-7) from the MicroUSB port, so it shouldn't really be a problem to power both of the USB ports at the same time, but we still suggest avoiding it out of an abundance of caution.

The ATGM336H GPS module (datasheet) is a tiny satellite positioning device capable of connecting with up to six global navigation satellites to compute its location almost anywhere on Earth. The ATGM336H has an accuracy of 2.5m and is capable of updating its coordinates ten times per second. The GPS module uses a serial protocol to communicate with practically any computer or microcontroller.

Assembly Notes:

Solder one of the ESP32 modules onto position A of the RF capture PCB. Note the proper orientation marked by the Antenna and USB connector designations on the PCB silkscreen.

Solder the GPS module into place with the IPEX coax connector facing outward from the RF capture PCB.

Gently connect the beige ceramic antenna to the GPS module via the IPEX coaxial connection.

Connect the USB port of the ESP32 in position "A" to your computer and confirm that the sketch previously uploaded to display output associated with the BOOT button is still operational.

From the IDE menu, use Tools > Manage Libraries to search for and install these two libraries:

• TinyGPSPlus-ESP32
• EspSoftwareSerial

Open File > Example > TinyGPSPlus-ESP32 > DeviceExample

Note that the examples from the TinyGPS+ Library may be placed under the INCOMPATIBLE section of the IDE example files.

Find these two lines in the example sketch:

static const int RXPin = 4, TXPin = 3;
static const uint32_t GPSBaud = 4800;

And change them to the following values:

static const int RXPin = 16, TXPin = 17;
static const uint32_t GPSBaud = 9600;

Compile and upload the sketch.

Open the serial monitor and set it to 115200 baud.

Initially, it may take a few minutes for the GPS module to acquire the necessary satellite connections.

Latitude/Longitude values can be pasted into Google maps, to verify the location.

For additional details on satellite-based geolocation, tracking, logging, and mapping check out the Hacker Tracker box guide from HackerBox 0021. (Not to be confused with the very useful Hacker Tracker mobile app, which you probably also want to get.)

A cellular mobile radio (like the one in your cellphone) can be used to scan the airwaves for cellular network information. This information includes the locations of nearby cell towers. Scanning for this information does not even require a SIM card.

The SIM800L GSM/GPRS Module provides the radio functionality of a typical cellphone. It is based on the SIM800L GSM cellular chip from SimCom and supports voice calling, SMS text messaging, and data connections to the Internet. We will be leveraging the SIM800L for geolocation based on the identification of cellular radio towers. SIM800L Tutorial.

ASSEMBLY NOTES

This portion is done with the first ESP32 and the GPS receiver already in place. They will not interfere.

Solder the Zener diode onto the RF capture PCB. Orient the diode such that the black band on the diode is oriented to match the band on the silkscreen graphic. What the heck is this diode for? Good question... The SIM800L requires a power supply between 3.7 and 4.2 Volts, so the diode is used to drop the 5V power rail below 4.2V to safely supply the SIM800L module. This is how Joseph Hewitt powers up the SIM800L on his wardriver projects and it seems to work great.

Solder the second ESP32 module into position "B". Note the proper orientation marked by the Antenna and USB connector designations on the PCB silkscreen.

Solder the Helical Antenna to the NET through-hole of the SIM800L module. This is the header pin hole just adjacent to the IPEX antenna connector. We suggest positioning the antenna such that it "floats" about 4mm above the module's metal shielding as shown in the photo.

Next we will need a strip of six header pins and a strip of five header pins. Yes, it looks like the SIM800L has two sets of six header pin holes, but remember that we already put the helical antenna in one of them, so that hole does not need a header pin and does not connect through to the RF capture PCB.

Using the two strips of header pins, solder the SIM800L module into place as shown. Note the proper orientation indicated by the antenna designation on the PCB silkscreen.

Connect the USB port of the ESP32 in position "B" and confirm that the sketch previously uploaded to display output associated with the BOOT button is still operational.

Once power is applied, an LED on the SIM800L module should start blinking. If it does not, it may be that the USB power rail is under-powered, which may occur when using a non-powered USB hub. The LED actually blinks at different rates to indicate the radio's connection status, but this doesn't matter in our geolocation use case where no SIM card is present. We simply want to verify that the LED is blinking at all.

CELLULAR GEOLOCATION TEST CODE

From the IDE menu, use Tools > Manage Libraries to search for and install the library:

TinyGSM from Volodymyr Shykanskyy

Grab the GSM_Location.ino sketch attached here.

Compile and upload the sketch to the ESP32 in the B position.

Open the serial monitor and set it to 115200 baud.

The output data should look something like:

“T-Mobile”,MCC:234,MNC:30,Rxlev:53,Cellid:74E2,Arfcn:649,Lac:09E1,Bsic:11

Convert the values for "Cell ID" and "LAC" from Hex to Decimal.

Plug the information into CellTower Locator.

Solder the MicroSD Card Module to the RF capture board. For a nice tight fit, you may opt to very carefully slide the plastic insulating spacer off of the module's header pins prior to soldering.

The module should be oriented as shown in the main box image with the card slot opening off of the edge of the PCB.

Using the MicroSD Module, the ESP32 in position "A" can log collected data to a MicroSD (aka TF) card such as the included 16GB SanDisk Ultra MicroSD Card.

The USB MicroSD Card Reader Keychain can then be used to read data from the MicroSD card into a computer.

The Antenna Mount PCB is a board that, as its name implies, can be used to affix two SMA antenna connections onto whatever housing you may wish to use for the RF Capture system. The PCB also supports the OLED status display of the system.

Solder the OLED module to the Antenna Mount PCB. Mount the module to the side of the PCB with the white silkscreen printing. For a nice tight fit, you may opt to very carefully slide the plastic insulating spacer off of the OLED module's header pins prior to soldering.

Also solder a four pin section of male header pins to the PCB. These pins should extend inward on the opposite side (back side) of the PCB from the OLED display

The SMA connectors on the Pigtail Cables are referred to as "bulkhead connectors" because they are intended to be mounted into a panel or housing.

Using the provided brass mounting hardware, affix the two SMA to IPEX Pigtail Cables onto the Antenna Mount Board. Orient the SMA connections such that the open threaded ports face outward on the front side of the PCB, which is the same side with the OLED module. Thus, the connected coax leads will extend from the back of the board where the four header pins were soldered.

Snuggly tighten the SMA bulkhead hardware to the Antenna Mount Board to prevent the connections from coming loose when attaching or removing antennas or cables. However, be very careful not to put any force on the thin coax cables attached to the SMA connectors as they can be easily damaged.

Jumper the OLED Display to the main RF Capture PCB

Solder another four pin section of male header pins onto the main RF capture PCB next to the "OLED" silkscreen marking.

Use four Female-Female Dupont Jumpers to connect the four pin header on the Antenna Mount PCB to the four pin header on the main RF capture PCB.

The four header pins on the Antenna Mount PCB connect (by internal traces) directly to the nearest corresponding pins of the OLED display. Accordingly, pin one of the header (with the "L shaped" corner marking) corresponds to the SDA pin of the OLED display. This pin gets jumper-wired to the pin on the main board nearest to the ESP32 antenna connector. Continue connecting the jumper wires in order, resulting in the GND pin of the display connecting to the pin on the main board header closest to the "OLED" silkscreen marking.

ESP32 Antenna Connections

Carefully Press the IPEX connectors of the pigtail cables onto the ESP32 modules.

The RF capture system can be packaged in pretty much any enclosure - even a carboard HackerBox mailing box.

Obviously, the enclosure should be nonconducting to avoid signal attenuation to the GSM and GPS antennas within the enclosure.

With the HackerBox RF capture Hardware assembled as shown, the two ESP32 modules are able to run Joseph Hewitt's Portable Wardriver Rev3 Firmware directly.

As noted in the repository, five different Arduino libraries are required. They can all be installed using using "Tools > Manage Libraries" in the Arduino IDE. Be sure to have all five installed.

Download, compile, and program the two sketches from the repository. Sketch A.ino onto the ESP32 in slot A, and Sketch B.ino onto the ESP32 in slot B.

Insert the MicroSD Card

Proceed as directed by the Usage Instructions.

A Yagi Antenna, is a directional antenna consisting of multiple parallel elements positioned along the line of signal propagation. The parallel elements are usually half-wave dipoles made of conductive metal.

The Printed Circuit Board (PCB) Yagi is tuned to 2.4GHz. It consists of a single driven dipole element coupled to an edge-launch SMA connector, a large reflector plane, four director elements, and an integrated tapered balun.

Compared to an omnidirectional antenna where energy is "wasted" in all directions, a directional antenna has a good bit more gain (and thus reach distance) but only in the direction of propagation. Consider the difference between an omnidirectional lightbulb and a directional laser beam having the same total radiated power.

The Yagi Antenna PCB design was inspired by this Texas Instruments Application Note.

Our featured Cyberpunk Bear artwork is adorable but also subtly disturbing. It's a design of creative A.I. prompting by hacker/artist rez0 - check out his work online.

If you appreciate Cyberpunk literature, art, movies, games, and music as much we do, you will probably enjoy the Cyberpunk Documentary. Part 1, Part 2, and Part 3 are all free to watch on YouTube.

“We're presently in the midst of a third intellectual revolution. The first came with Newton: the planets obey physical laws. The second came with Darwin: biology obeys genetic laws. In today’s third revolution, were coming to realize that even minds and societies emerge from interacting laws that can be regarded as computations. Everything is a computation.” - Rudy Rucker

We hope you are enjoying this month's HackerBox adventure into electronics, computer technology, and hacker culture. Reach out and share your success in the comments below or other social media. Also, remember that you can email support@hackerboxes.com anytime if you have a question or need some help.

What's Next? Join the party and live the HackLife. Get a cool box of hackable gear delivered right to your mailbox each month and enjoy a generous member discount. Surf over to HackerBoxes.com right now to sign up for your monthly HackerBox subscription.

Please consider sharing this free Instructable with others who may be interested in learning about these subjects. We really appreciate your support and "word of mouth advertising" is the greatest compliment that we can receive!