rfcat on FreeBSD

My Yardstick One appeared yesterday, time to set up RFCat.

RFCat has not yet been packaged on FreeBSD so I had to install it manually. I pulled the RFCat source from bitbucket which includes both the firmware and the client tools. To play with the stock firmware on the YSO I just had to install the client tools.

The client tools depends on libusb-1.0 , which ships in FreeBSD and on pyusb . Pyusb is offered by the py27-usb port.

$ sudo pkg install py27-usb

Then I built the rfcat client tools:

$ cd code
$ hg clone ssh://hg@bitbucket.org/atlas0fd00m/rfcat
$ cd rfcat
$ sudo python setup.py install

I had to set up devfs rules to access the usb devices, with my account in the usb group I have the following:

# /etc/devfs.rules
add path 'usb/*' mode 0660 group usb 


With that all set up I can now try the rfcat tools

$ rfcat -r
'RfCat, the greatest thing since Frequency Hopping!'

Research Mode: enjoy the raw power of rflib

currently your environment has an object called "d" for dongle.  this is how 
you interact with the rfcat dongle:
    >>> d.ping()
    >>> d.setFreq(433000000)
    >>> d.setMdmModulation(MOD_ASK_OOK)
    >>> d.makePktFLEN(250)
    >>> d.RFxmit("HALLO")
    >>> d.RFrecv()
    >>> print d.reprRadioConfig()

The r flag tells the client to throw me into the research prompt and I get left in something that looks sufficiently like ipython. To test that everything was working I decided to transmit some bytes in a loop in the ism 433 band.

In [1]: d.setFreq(433920000)

In [2]: d.setMdmModulation(MOD_ASK_OOK)

In [3]: d.makePktFLEN(4)

In [4]: d.setMdmDRate(4800)

In [5]: for i in range(0,15):d.RFxmit('\xDE\xAD\xBE\xEF');

In [6]: for i in range(0,15):d.RFxmit('\xDE\xAD\xBE\xEF');

In [7]: quit()

I used an rtlsdr dongle and sdrtouch on my phone to get a quick demod of the spectrum and to see a waterfall. I tried this a few times, but I wasn't seeing the expected signal. Right off to the far right edge of the screen I was seeing a jump in strength, tuning around a bit while transmitting I eventually caught my burst packet. It seems that my rtl dongle is about 400KHz off the actual observed frequency.