Detecting car keyfob jamming using a Raspberry Pi and a DVB-T dongle

The use of RF jammers or blockers by criminals to break into cars is spreading – this BBC News report is from December 2016, and this from May 2017.  How can you protect yourself?  This Hackaday post describes a simple “yes/no” receiver to detect jamming on the car-keyfob frequency.  Better than nothing, but it doesn’t tell you whether you’re right in the crims’ target zone, or half a mile away.

I had been messing around with a cheap RTL-2832 DVB-T dongle, and it seemed like it should be quite straightforward to use it as a direction-finding/homing receiver to give a “warmer/colder” indication and work out exactly where a jammer was being used.  As it turned out, the software-radio bit was quite easy – the tricky part was making Linux generate simple beep-tones to indicate the signal-strength!  (anyone else fondly remember the ZX Spectrum Basic BEEP command?)

Low_cropped

Jammer-Detect running on a laptop – the bar-graph extends across the screen and changes colour to indicate RSSI on every “sample”, while beep-tones about play once a second indicating the maximum signal-strength received in the last 32 samples.

The main part of the code is written in Python 3, with the RF-power calculation implemented in C for efficiency.  It can be run on a laptop, but the real fun starts when you install it on a Raspberry Pi that fits in your pocket – a single earphone feeds you audio tones that indicate “warmer / colder”, and you can then walk or drive around an area to track down the source of a jamming signal.

Jammer_detection_setup

Pocket-size jammer-detection kit: Raspberry Pi 2 in plastic case, right-angle micro-USB cable to rechargeable power-pack, small DVB-T dongle (larger alternative in background), antenna and earphones.

How to build it

Create a Raspbian bootable micro-SD card by following the instructions here.  Raspbian Lite will boot faster than the “With Desktop” version, so I used that.

Put the micro-SD card into the Pi, and connect a monitor, USB keyboard, network cable and power-supply.  When the Pi finishes booting and shows a “raspberrypi login:” prompt, log in as “pi”, “raspberry” and execute the following commands to install required packages and download the source-code from Github:

mkdir jamdet
cd jamdet
sudo apt install git automake shtool libtool libusb-1.0 python3 python3-pip libasound-dev
wget http://www.portaudio.com/archives/pa_stable_v190600_20161030.tgz
sudo pip3 install --upgrade pip wheel setuptools
git clone https://github.com/mikeh69/librtlsdr
git clone https://github.com/mikeh69/pyrtlsdr
git clone https://github.com/mikeh69/JammerDetect

Build and install PortAudio and its Python bindings:

tar -xvf pa_stable_v190600_20161030.tgz
cd portaudio
./configure
make && sudo make install && sudo ldconfig
sudo pip3 install pyaudio

At this point you can disconnect the Pi from the Internet if you prefer to.

Now build and install the RTL-SDR library and Python bindings for it:

cd librtlsdr
autoreconf -i 
./configure
sudo rm /usr/lib/librtlsdr.*
make && sudo make install && sudo ldconfig 
cd ../pyrtlsdr 
sudo python3 setup.py install 
cd ..

Finally, install a Udev rule and driver-blacklist to allow user-mode access to the DVB-T dongle:

cd JammerDetect
sudo cp 88-dvb-t.rules /etc/udev/rules.d/
sudo cp blacklist-dvb-t.conf /etc/modprobe.d/
sudo reboot

(and log in again as pi – raspberry).  The Udev rules file also includes an “unplug” rule that tells the Pi to shut down in an orderly fashion if the DVB-T dongle is unplugged – a cleaner solution than just pulling the power!

Now try out the program.  The first time it runs, it will take a minute or so to generate the audio-tone data and save it to a file.  On subsequent runs, the tone-data will be loaded from the file, which is much quicker.  Plug in your DVB-T dongle, and type:

sudo amixer cset numid=1 100%

to set the audio-output volume to 100%, then:

cd jamdet/JammerDetect/src
python3 jammer_detect_main.py

(Press Ctrl – C to break out of the program).

To make the program run automatically when the Pi boots, do:

crontab -e

(which opens the “cron table” file in an editor), and to the end of the file add this line:

@reboot /usr/bin/python3 /home/pi/jamdet/JammerDetect/src/jammer_detect_no_ui.py

(Press Ctrl-X, Y to save and exit from the Nano editor).  This runs a version of the program that has no graphical display, just the audio tones, because an automatically-run program has no console to send graphics to.

sudo reboot

and listen to the earphone…

The centre-frequency of the band is currently hard-coded to 433.92MHz (the European car-keyfob band), but the Python script (jammer_detect_main.py or jammer_detect_no_ui.py) can simply be edited to change this to any frequency that the DVB-T dongle is able to tune to – see this page for tuning ranges of various dongles.

The antenna doesn’t have to be particularly “good”, or well-matched to the frequency of interest – if a jammer is putting out enough power to be effective, your receiver won’t need great sensitivity to pick it up!

Next bit of work might be to improve the large-area survey (driving around a city) – go back to running on a laptop, add a USB GPS puck and keep a log of signal-strength against lat/long, then generate a “heat-map” KML file to display on Google Earth…


Acknowledgements:  Thank you to Steve Markgraf for LibRtlSdr, and to “Roger” for the Python bindings.  I’m standing on the shoulders of giants…


I mentioned earlier the trouble I had generating simple audio tones.  The difficulty was in preventing unpleasant clicks at the start and end of a “beep”.  It turned out to be necessary to fade IN, as well as fade out, each tone.  audio_tones.py generates sets of samples for PortAudio to create beeps at semitone intervals – it’s completely self-contained and can be used in other projects.

Advertisements

3 thoughts on “Detecting car keyfob jamming using a Raspberry Pi and a DVB-T dongle

  1. […] We all do it — park our cars, thumb the lock button on the key fob, and trust that our ride will be there when we get back. But there could be evildoers lurking in that parking lot, preventing you from locking up by using a powerful RF jammer. If you want to be sure your car is safe, you might want to scan the lot with a Raspberry Pi and SDR jammer range finder. […]

    Like

  2. […] We all do it — park our cars, thumb the lock button on the key fob, and trust that our ride will be there when we get back. But there could be evildoers lurking in that parking lot, preventing you from locking up by using a powerful RF jammer. If you want to be sure your car is safe, you might want to scan the lot with a Raspberry Pi and SDR jammer range finder. […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s