HackerBox 0105: RF Boy
Welcome to HackerBox 0105. Assemble and experiment with the RF Boy platform for wireless hacks leveraging an external 2.4GHz antenna for the main SOC, a joystick style controller, and a dedicated expansion port that supports add-on radio modules. Assemble and experiment with two different RF transceiver modules; one RF module tuned for the middle subGHz range (centered near 433MHz) and the second module tuned for the upper subGHz rage (centered near 868MHz). Explore RF tools for monitoring, analyzing, and sniffing Wi-Fi signals as well as scanning, inspecting, visualizing, storing, and replaying subGHz signals used by controllers, sensors, and more.
HackerBox is the original monthly subscription box for electronics, computer technology, and hacker culture. Each HackerBox is a discovery box, which means all members await and enjoy a new surprise each month. Tech, toys, knowledge, and fun. It's like having a hacker convention, your birthday, and the first day of school - every month - right in your mailbox.
There is a wealth of information for current and prospective members in the HackerBoxes FAQ. Almost all of the non-technical support emails that we receive are already answered there, so we'd really appreciate it if you can take a few minutes to read the FAQ.
Supplies
This Instructable contains information for getting started with HackerBox 0105. The full box contents are listed on the product page for HackerBox 0105 where the box is also available for purchase while supplies last. If you would like to automatically receive a HackerBox like this right in your mailbox each month, you can subscribe at HackerBoxes.com and join the party. Subscription members save at least $15 every month and automatically receive each new HackerBox shipped immediately off the production line.
A soldering iron, solder, and basic assembly tools are generally needed to work on the monthly HackerBox. A computer for running software tools is also required. Have a look at the HackerBox Workshops for tools and supplies along with a wide array of introductory activities and experiments.
The most import thing you will need is a sense of adventure, hacker spirit, patience, and curiosity. Building and experimenting with electronics, while very rewarding, can be tricky, challenging, and even frustrating at times. The goal is progress, not perfection. When you persist and enjoy the adventure, a great deal of satisfaction can be derived from this hobby. Take each step slowly, mind the details, and don't be afraid to ask for help.
WEAR SAFETY GLASSES WHEN SOLDERING, WHEN TRIMMING WIRE LEADS, OR WHEN CUTTING, DRILLING, ETC.
Oh Boy!
The RF Boy is a variant of the ESPboy, which was based on the Arduboy, which was inspired by the Game Boy.
The Game Boy is a handheld game console developed by Nintendo and launched in 1989. The concept proved highly successful and the Game Boy became a cultural icon of the 90s. The Game Boy uses a custom SoC called the DMG-CPU by Nintendo or the LR35902 by its manufacturer, Sharp. Within the DMG-CPU, the main processor is a Sharp SM83, a hybrid between two other 8-bit processors: the Intel 8080 and the Zilog Z80. The Sharp SM83 operates at a clock rate of 4.194304 MHz. The DMG-CPU also incorporates the Picture Processing Unit, a simple GPU, that renders visuals using 8 KB of Video RAM. The screen can render four shades with a resolution of 160 x 144 pixels. The SoC also contains a 256 B "bootstrap" ROM which is used to start up the device, 127 B of faster "High RAM", and a four channel Audio Processing Unit. The motherboard also features an 8 KB chip for working RAM. (Wikipedia)
The Arduboy is a handheld game console based on the Arduino hardware platform running open source firmware. Development was funded through a Kickstarter campaign in 2015. In August 2020, Arduboy announced 'Arduboy FX', an upgraded version that includes a flash memory chip that stores over 250 games on the device itself. This version began shipping in 2021. Both the Arduboy and the Arduboy FX use an 8-bit ATMega32u4 microcontroller as the primary processor, RAM, and storage device of the system. The system features 2.5 kilobytes of RAM, 32 kilobytes of flash storage, as well as 1 kilobyte of EEPROM. The Arduboy FX features additional storage through the use of an official modchip. (Wikipedia) (see arduboy.com)
The ESPboy is a "multi-gadget development platform" starting with a port to the ESP8266 MCU driving a 128x128 full-color TFT display. (see espboy.com)
The RF Boy is an ESPBoy variant developed by HackerBoxes in June 2024. While compatible with the ESPBoy, the RF Boy focuses on Wireless RF experimentation with the addition of an external 2.4GHz antenna for the main SOC and a dedicated expansion port supporting pluggable RF modules.
NodeMCU V3 ESP-07S
The ESP-07S (digikey link) is an ESP8266 variant supporting an external antenna connected to its U.FL I-PEX port instead of the usual ESP8266 PCB trace antenna.
BEFORE SOLDERING ANYTHING...
Power up the NodeMCU module by connecting a USB cable to your computer. Initially, nothing will light up or display on the NodeMCU. This is normal.
Open a terminal program (for example the Arduino IDE, tools > Serial Monitor)
Set the baud rate to 115200
Set the end-of-line coding to "Both NL & CR"
Type AT into the terminal interface.
The NodeMCU should reply with: OK
Next, try AT+GMR to view the version information.
That's enough to just make sure the Node MCU is operational, booting up, and running. However, there are many more ESP8266 AT Commands if you're interested to experiment further.
Assemble the RF Boy Kit
OK, SOLDER TIME...
Two 4.7K SMD 1210 Resistors
Start by flipping over the Exclusive RF Boy PCB to place the two resistors on the back side.
The two resistors can be oriented in either direction.
Two Momentary Tactile Buttons
The two buttons can be oriented in either direction.
Piezo Buzzer
The buzzer can be oriented in either direction.
Right Angle 2x10 Pin Expansion Header
Orient the header pin openings toward the edge of the PCB.
DIP-28 Chip Socket
Match the semi-circular notch in the socket to the marking on the PCB.
NodeMCU v3
Use the male header pins to solder the MCU module into place.
Orient the USB-C connector adjacent to the edge of the PCB.
Color ST7735 TFT Display
A small square of cardboard can be used to hold the display parallel to the main PCB, or the display can be sloped downward. Either will work fine.
Five-Way Navigation Switch
It only fits in one direction so don't force it.
2x4 Pin Female Header
The header can be oriented in either direction.
RP-SMA Female to uFL Pigtail
Orient the SMA (coaxial antenna) port to extend over the edge of the PCB. Gently bend the antenna cable slightly where it exits the SMA block to route the cable down between the display and the NodeMCU. The antenna cable will overlap the corner of the display a bit. There is no need to bend it aggressively. Without kinking the antenna cable, route it around and up onto the U.FL connector of the MCU.
Finishing Touches
Gently press both the sides of the MCP23017 chip against a table surface to straighten the pins.
Insert the chip into the socket matching up the semi-circular notches.
Place the red cap onto the five-way switch.
RP-SMA Antenna
Connect the longer (11cm) antenna onto the RP-SMA pigtail connector.
What's the difference between SMA and RP-SMA?
The two smaller (5cm) antennas are for the subGHz RF Modules that we will use later.
Speaking of the RF Modules
Do not plug in either RF module yet. It will interfere with programming the NodeMCU.
Initial Hardware Demonstration Code
Install the ESP8266 Board Support Package according to these instructions.
Install all of the ESPboy Libraries by copying them into your Arduino Libraries folder.
Grab the ESPboy First Test repository and open the sketch:
ESPboy_FirstTest_ESPboyLibs_TFTeSPI.ino
Select: Tools > Board > ESP8266 > LOLIN(WEMOS) D1 R2 & mini
Select the appropriate USB port under Tools > Port
Compile and upload the sketch to test and demonstrate the TFT display, joystick, ACT button, ESC button, and the speaker.
Wi-Fi Tools
Wi-Fi Packet Monitor
Do you ever wonder how many data packets are flying around you at any given time?
This project shows how many normal Wi-Fi packets and also how many Deauth packets are observed every second on each Wi-Fi channel.
Wi-Fi Analyzer
This project graphically represents detected Wi-Fi channels in proportion to their signal strength measurements.
It requires this library for Unicode support and U8g2 fonts.
Wi-Fi Sniffer
This project shows some additional detail but without the graphical display.
CC1101 Transceiver
The CC1101 chip (datasheet) is a subGHz radio transceiver designed for low-power wireless applications. The circuit can easily be programmed for operation at frequencies in the 300-348 MHz, 387-464 MHz, and 779-928 MHz bands.
Operation at particular frequencies benefits from tuning component values in the analog front-end "matching circuit" between the antenna and the CC1101. An upper subGHz frequency range (868/915 MHz) example is detailed in Texas Instruments design note DN017.
Interesting side note: The Flipper Zero actually employs three different front-end circuits for the CC1101. Examining the "Sub-1 GHz CC1101" sheet from the Flipper Zero Schematic set shows how the system selects between the three different front-end circuits using two SP3T RF switch components. This allows the system to select the matching circuit optimized for the desired frequency range - just one of the many cool features baked into the Flipper Zero.
We're going to use two different frequency bands that we can switch manually by plugging and un-plugging between two different CC1101-based RF Modules. One module tuned for the middle subGHz range (centered near 433MHz) and another module tuned for the upper subGHz rage (centered near 868MHz).
Experiment will demonstrate that the two modules "work" at any of the CC1101 supported frequencies but the signal handling is noticeably better in the range tuned for each respective module.
On a similar note, the two smaller (5cm) antennas are probably quite similar even though they are nominally specified for the two different frequency bands. We should attempt to keep the antenna that comes in the bag with the blue (mid band) module associated with that module; and keep the other 5cm antenna associated with the upper band module built upon the white PCB.
SubGHz RF Modules
The BLUE middle frequency module is center tuned near 433MHz. It comes packed in a bag with a matched 5cm antenna and it's ready to roll once the antenna is connected to the blue PCB.
The GREEN/WHITE upper frequency module is center tuned near 868MHz. We get to DIY this one.
- Ready the small white CC1101 carrier PCB
- Position the GREEN CC1101 868MHz Module onto the PCB
- Solder each pad:
- Generously tin the rectangular pad on the white PCB
- Insert the soldering iron tip into the hole next to the pad to wick solder from the pad up into the hole
- Solder the SMA female edge-launch antenna connector
- Solder the 2x4 male header as shown in the image
- Twist the 5cm 900MHz omnidirectional antenna onto the SMA connector
RF Applications
Sub1GHzInspector
The Sub1GHzInspector Project can leverage the CC1101 chip to inspect subGHz signals (300-348MHz, 387-464MHz, 779-928MHz) to scan, decode, store, open garage doors, barriers, IoT sensors, and more.
The RF module must be unplugged to program the NodeMCU.
If you start getting "....____....____" then just remove the RF Module until the programming is completed.
Sub1GHzScanner
The Sub1GHzScanner Project displays a waterfall of the radio signals received by the CC1101 chip.
Additional CC1101 Example Projects
These may be adapted for use on the RF Boy platform. We will add links above as we get any additional projects working or as others share progress.
CC1101 Tool - Jammer, Sniffer, Replay
RfPwnOn and Touchtunes
Web App Store
Check out this demo version of the ESPboy AppStore on the Web. Uploading applications is easy with the ESPboy Flasher. Connect the RF Boy to your PC with a USB cable and turn it on, then install the application of your choice. Most of these ESPboy apps run fine on the RF Boy, but some do not. Many of the games pay homage to the RF Boy's Nintendo Game Boy roots.
Burning Chrome
We hope you are enjoying this month's HackerBox adventure into electronics, computer technology, and hacker culture. Reach out and share your success in the comments below or on other social media. Email support@hackerboxes.com anytime with questions or whenever you need some help.
Want more? Surf over to HackerBoxes.com and join us as a monthly HackerBox subscription member. You'll get a cool box of hackable gear delivered right to your mailbox every month and you'll enjoy a generous member discount.
Please consider sharing this free Instructable with others who may be interested in learning about these subjects. We really appreciate your support and "word of mouth advertising" is the greatest compliment that we can receive.