Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Communications Encryption Transportation

Tapping Data From Radio-Controlled Bus Stop Displays 75

jones_supa writes "A couple of weeks ago hacker Oona Räisänen told about finding a 16 kbps data stream on FM broadcast frequencies, and her suspicion was that it's being used by the public transit display system in Helsinki, Finland. Now it's time to find out the truth. She had the opportunity to observe a display stuck in the middle of its bootup sequence, displaying a version string. This revealed that the system is called IBus and it's made by the Swedish company Axentia. Sure enough, their website talks about DARC and how it requires no return channel, making it possible to use battery-powered displays in remote areas. Other than that, there are no public specs for the proprietary protocol. So she implemented the five-layer DARC protocol stack in Perl and was left with a stream of fully error-corrected packets on top of Layer 5, separated into hundreds of subchannels. Some of these contained human-readable strings with names of terminal stations. They seemed like an easy starting point for reverse engineering..."
This discussion has been archived. No new comments can be posted.

Tapping Data From Radio-Controlled Bus Stop Displays

Comments Filter:
  • by Anonymous Coward

    An interesting article on Slashdot... that's amazing... it's like ARM chips running windows... well, ok... we thought that was going to be amazing... :P

  • The roots of hacking (Score:2, Interesting)

    by Anonymous Coward

    This, my friends, is true hacking. While this sort of stuff has become less common over the years, it is people such as this that provide real value to the community in terms of improving security for the masses. I wish that I had more time (and equipment...and hand't forgotten so many of my skills) as there are a few projects like this that I'd like to dig into. For instance, I have a home security/automation system out at my farm. I am fully cognizant that the security provided by it is a joke, as any

    • by AK Marc ( 707885 )
      It's all security through obscurity. Everything is security through obscurity (for differing definitions of obscurity). The lock on my house works because nobody "knows" the key, other than me, and I don't even know it because it's a physical token I don't understand. But if someone took an impression of the key, they they could gain access because the obscurity was lifted. Encryption works because your keys are obscured/hidden. So yes, likely your security system is grossly insecure, but won't be hacke
      • You're blurring the definition of security and obscurity, which is already well defined. Obscurity refers to the logic of the system. Your system must be secure even if an attacker knows everything about how it works, because there is a separate part, the secret key, that is completely arbitrary and assumed to be kept secure. A key is only secret, arbitrary data; a cipher is only well-known logic; security though obscurity by definition means mixing your secret data with your public logic, a bad idea.

        The bi

        • by AK Marc ( 707885 )

          A home invader shouldn't be able to break into my house even if they know everything about my lock and door, what matters is that they don't have the key (which has no mechanical components - it's not part of the system until I want to unlock the door).

          But your key is nothing but obscurity. I had a car. It was 30 years old (a classic). The keys I had for it were wearing out, and became more tempermental. So I looked for a way to get original keys cut. I called the dealer, and they said "no, can't be done" (yes, they knew I was a legitimate owner of the car). So I ended up emailing a picture of the key to an Australian company, who cut a key to the factory spec, not a duplicate of the ancient, worn keys. Worked much better. Soon after, my glove-box

          • If someone is using your VIN to make keys after, then the key isn't an arbitrary secret.

            If someone has a picture of your key, then they know your secret outright, even if it is arbitrary.

            What you describe is no better than me copying your passwords off a Post-It note you left on your monitor.

            A proper key is not "obscurity" -- it is secret! No, those are not the same things, a key has no logic to obscure. This discussion is no longer at the point were we can employ layman's definitions and continue to talk s

            • by AK Marc ( 707885 )
              The process of using a VIN to obtain your "Secret" is obscurity. Your secret isn't. It's stored openly at the manufacturer. It's available for $100 and a 1-week wait. How is that "secret"?

              Obscurity: the state of being unknown, inconspicuous, or unimportant. Your "secret" is a "secret" because it's unknown, inconspicuous, or unimportant. What was the complaint again?
  • by 50000BTU_barbecue ( 588132 ) on Sunday November 24, 2013 @09:43AM (#45506821) Journal
    when I said you don't need an oscilloscope anymore. Probably a SDR receiver that goes to a PC. What possible interest is there in looking at the raw RF at the antenna, which you won't see with an oscilloscope anyways (because I don't know any scopes with nV/cm settings yet), or the countless undocumented signals inside the receiver, which you won't access anyways because it's all on one chip?

    You're better off just finding what's already done and buy it. I myself have looked at the FM band on my old analog spectrum analyzer to look for SCA signals. http://en.wikipedia.org/wiki/Subsidiary_Communications_Authority [wikipedia.org]

    It's all wonderful fun, but when you can do the same with a 15$ USB receiver and some software, it all starts to look rather silly, no?

    • by Desler ( 1608317 ) on Sunday November 24, 2013 @09:56AM (#45506863)

      when I said you don't need an oscilloscope anymore. Probably a SDR receiver that goes to a PC.

      At what stage in this project would an oscilloscope have been needed anyway? Yes, she used an SDR for scanning radio frequencies.

      What possible interest is there in looking at the raw RF at the antenna, which you won't see with an oscilloscope anyways (because I don't know any scopes with nV/cm settings yet), or the countless undocumented signals inside the receiver, which you won't access anyways because it's all on one chip?

      What is all on one chip? How is this rambling statement even applicable to this article?

      It's all wonderful fun, but when you can do the same with a 15$ USB receiver and some software, it all starts to look rather silly, no?

      You can decode these IBus messages with a $15 USB receiver? Link please?

      • by Anonymous Coward

        You can decode these IBus messages with a $15 USB receiver? Link please?

        OsmoSDR [osmocom.org]

        • On what planet does 180 Euro [sysmocom.de] translate into 15 USD?

          • by Anonymous Coward

            On what planet does 180 Euro [sysmocom.de] translate into 15 USD?

            I'm poster of that link OsmoSDR, not anyone you have been discussing above or ever earlier. I genuinely have no idea what you are smoking, and how did you ended up referring to that sysmocom.de site and $180, device.

            The blog refers to RTL-SDR which probably cheapest SDR you can get, even though since it was discovered that some DVB-T USB sticks can be used as SDR's, compatible can be hard to find these days any more as models have changed and what's still left usually have been priced higher obviously becau

      • Its the RTL-SDR project. A Linux developer discovered that a digital TV receiver chip made by Realtek (used in $15 dongles) had the ability to receive the raw sampled RF data. The bandwidth is nearly 3Mhz so that means you can view a HUGE chunk of the RF spectrum at once and decode the signals via software. AM/FM/USB/LSB you name it. Dongles based on the R820T tuner receiver from 22Mhz to 1600Mhz! Pipe the output into some digital speech decoder programs and you have a police scanner that would normal cost

        • Its the RTL-SDR project. A Linux developer discovered that a digital TV receiver chip made by Realtek (used in $15 dongles) had the ability to receive the raw sampled RF data. The bandwidth is nearly 3Mhz so that means you can view a HUGE chunk of the RF spectrum at once and decode the signals via software.

          Now if only it could transmit.

          Or if it could also convert digital signals into I/Q and we could feed that into the Rx mixer of the block downconverter, run backward. Then two $11 - $15 dongles, one of th

          • The dongle receivers are typically I/Q receivers.

            • The dongle receivers are typically I/Q receivers.

              Yes, I understand that. I guess I phrased it ambiguously.

              What I meant is "convert data from the USB to I/Q OUTPUT, i.e. do the TRANSMIT side of a transceiver, too, not convert the receive side to I/Q from something else.

              Then we need a local oscillator and mixer to boost it back UP to the desired frequency band (which might be done with the companion block downconverter chip if the appropriate signals are accessible or if it is actually also a transciever chi

      • by dlgeek ( 1065796 )
        www.amazon.com/gp/product/B00C37AZXK is $11 with free 2-day shipping for prime members (US). It's a cheap DV-B TV dongle using a chipset that has a "debug mode" where it spits out the raw RF data, and wide ranging tuning chip that makes it usable as a general purpose SDR reciever (known as an RTL-SDR). Windy's mentioned using one on her blog in many of her other posts.

        I just got one this week, and it's been awesome to play with. Check out rtlsdr.org for more information about how to set it up, and rtl-sd
      • Go to eBay and do some shopping. The point is you play with electronics these days by reverse-engineering existing products and using software to re-purpose things. Which is my point. You don't need an oscilloscope to be working in electronics on a hobby level anymore.

        What is all on one chip? Um, the SDR receiver is certainly NOT a sprawling set of discrete LC filters and transistors, is it?

        Just another example of why an oscilloscope is not the "must have" instrument it once was.

        Is that rambling and inco

    • [See, this is kinda what I meant] when I said you don't need an oscilloscope anymore.

      And, if you only consider the tiny sub-set of 'electronics' that is 'dicking around writing software for pre-built toys', you were right.

      Fortunately, real electronics engineers and technicians are designing and building those toys for you. And, even more fortunately, they know when oscilloscopes are still useful.

    • by Agripa ( 139780 )

      Oscilloscopes make very handy back end modulation analyzers when combined with a demodulator and would also be used in designing the demodulator itself. The common RF applications I see them used for are broadband envelope measurement and broadband RMS measurement where they can often be used to calibrate other instruments.

      If you are buying turnkey solutions, then obviously an oscilloscope is of less use since even if you used it to diagnose a problem, you will be reliant on the vendor to fix it. Not ever

  • Encryption (Score:5, Funny)

    by sunderland56 ( 621843 ) on Sunday November 24, 2013 @09:56AM (#45506865)

    Pity she couldn't break the text encryption - then she could have displayed the station names in English, instead of nonsense strings.

  • As a sidenote, HSL has also set up a live map [wspgroup.fi] of the Helsinki trams buzzing around.
  • by tuukkah ( 120824 ) on Sunday November 24, 2013 @11:28AM (#45507279) Homepage

    Cool reverse engineering indeed! For those who want it easier, the Helsinki Region Transport Authority HSL offers the arrival time predictions through a service called "Omat lähdöt", which has an open API too. However, the textual messages are not available so that's new. As the post mentions, the predictions are based on the GPS locations sent by the busses, which are not available to third parties (unlike the locations of the metro, trams and trains). For more information about the HSL Developer Community and open data at HSL, see dev.hsl.fi [dev.hsl.fi].

  • by VortexCortex ( 1117377 ) <VortexCortex AT ... trograde DOT com> on Sunday November 24, 2013 @01:19PM (#45507901)

    That which can be received unsecured, can be broadcast as such. Only a matter of time now before the displays feature zombie attack warnings.

  • This couldn't happen in America because we don't have your fancy-dancy electronic bus annunciators. We believe that standing on a street corner in the rain builds character. Apparently, it also opens up new venues for hacking.
  • There's an excellent article [google.com] about how the signs work in Stockholm with some technical details.

If you didn't have to work so hard, you'd have more time to be depressed.

Working...