Hi all,
So I've bought a HackRF and been playing around with it, but I thought maybe someone could help me out with something. I'm trying to replicate the following 'hack', but then with an XN297 transceiver chip (instead of nRF24..):
http://blog.ptsecurity.com/2016/06/phd-vi-how-they-stole-our-drone.html
At 2.456GHz for example, I do get a 'similar' graph like the one in that blogpost (see pic 2). However, after demodulating, I get a rather messy output like the one in pic 3. I use the same GRC setup as in the blogpost. Would someone happen to know what I could be doing wrong?
(Also, how do they find out the address 0xa20009890f from that waveform)?
Thanks in advance!
Replies