User:Bertrik Sikken

From RevSpace
(Redirected from Bertrik)
Jump to: navigation, search
User info Bertrik Sikken
Name Bertrik Sikken
Nick bertrik
Tagline heb ik niet

You can reach me at or

Studied Electrical Engineering at Twente University.

Main interests:

  • reverse-engineering things (USB stuff, mp3 players), working on
  • studying bats and making electronics for recording/listening to bat sounds
  • radio stuff, in particular software-defined radio

Projects I work(ed) on (refresh):

 Project Status
Pico TrackersAbandoned
Secure iButtonCompleted
CrawlSpaceSensorIn progress
DecodingLoraIn progress
EncodingLoraIn progress
EspWifiTrackerIn progress
LoraWanNodeIn progress
RC522HackingIn progress
RevRadioIn progress
STM32In progress
StereoBatRecorderIn progress
UltrasonicPlayerIn progress

Project ideas

This is a list of ideas I'm thinking about, but have not fully developed into an actual project yet.

WiFi "top"

This idea is about a simple demo application that shows the number of unique WiFi stations detected. This gives an idea about how busy a place is.

A bit like the CPU load in the unix/linux "top" tool, this is indicated as a number at different timescales, e.g. number of unique WiFi stations detected in the last minute, last 5 minutes and last 15 minute, last hour, etc.

The implementation is done using an ESP8266 in promiscuous mode. Using the callback for promiscuous mode, a table is built with an entry for each unique MAC address:

  • only "stations" (like phones, laptops, etc) are recorded in this table, not access points
  • the table records the following:
    • the unique MAC address
    • the time is has been seen first
    • the time is has been seen last
  • the wifi channel is switched at some interval
  • every minute (for example), the stats are calculated from the table and published on MQTT

Operations on this table:

  • entries older than 60 minutes are removed from the table.
  • when we see a new unknown MAC, it's added to the table (if it fits) and we set the first-seen timestamp
  • when we see a known MAC, the last-seen timestamp is updated
  • getting stats from the table, for example:
    • number of unique station MACs seen in the last minute
    • number of unique station MACs seen in the last 5 minutes
    • number of unique station MACs seen in the last 15 minutes
    • number of unique station MACs seen in the last 60 minutes
  • perhaps we can get stats using either the first-seen or the last-seen timestap?

Possible issues:

  • privacy: the unique MAC of any Wifi station is never exposed, only cumulative numbers. If you're really concerned, consider turning off your WiFi devices (e.g. using airplane mode)
  • random MACs: apparently some devices randomize their MAC address if they're not connected to a station. Not sure yet how to handle that.
  • switching between promiscuous mode (for sniffing) and station mode (for reporting stats): I don't know how complicated this is, we'll see.

Understand Bluetooth AP

I'm trying to understand how to set up a bluetooth AP on a basic Linux system, such that you can connect to it using an Android phone or tablet.

The idea is that there is some kind of useful application running on the Linux system, and that the "app" on the tablet/phone provides the user interface, connecting to the Linux system using REST.

Possible useful links:

My starting point is:

  • a Yocto based Linux distribution
  • a Linux 4.1 kernel
  • Bluez 5

Understanding the various Linux drivers and tools in the Linux bluetooth stack

  • btusb: the Linux kernel driver module for many USB/bluetooth adapters, 'modprobe'-ing this module also magically takes care of downloading firmware needed
  • hciconfig, low-level configuration utility for manipulating a bluetooth controller. A bit like ifconfig, it can bring the interface up or down, set options, etc.
  • hcitool, yet another utility to perform low-level bluetooth operations, like querying the name of paired devices
  • bluetoothd, the bluetooth daemon
    • /etc/bluetooth/main.conf : supposedly (one of) the configuration files for bluetoothd
    • bluetoothd can be accessed over DBUS apparently, see Bluez docs
  • bluetoothctl, a more high-level configuration utility, basically a command line user interface towards bluetoothd as I understand it.

And some acronyms:

  • NAP: network access protocol
  • PAN: personal area network
  • BNEP: bluetooth network encapsulation protocol

Getting somewhere: ?

investigate quadcopter remote control

It turns out that the typical little cheap Chinese quadcopters use a remote-control protocol that can be easily recreated using the famous NRF24L01+ chip (< $1 and easily connected to an arduino). This gives nice opportunity to either:

  1. transmit our own control signal, to control a quadcopter from something different than the manual remote control, e.g. automatic control
  2. receive the control signal, so the manual remote control that comes with a quadcopter can be used to steer other things (like a model car).

I haven't found a good overview of quadcopter remote control protocol specifications yet, there seem to be plenty examples of "here-is-the-code" however.

mini word clock in dutch

Basically an monochrome 8x8 word clock, in Dutch, showing local time in the Netherlands.

This git repo has the current code.

See here for a demo running on an arduino nano.

The plan is to run this from an ESP8266 instead of an arduino nano, so it can get the time from the internet using NTP. The time offset will be fixed to Dutch local time, i.e. GMT+1 taking into account summer time. Summer time will be determined using the general rule "from 2:00 local time on the last sunday of March until 3:00 local time on the last sunday of October".

Local date calculation:

Understanding LoRa

Ultimate goal is to create an SDR algorithm to decode LoRa without the need for dedicated LoRa hardware. This could be useful when tracking HABs transmitting LoRa for example. See DecodingLora and EncodingLora.

In particular, I should definitely check out this gr-lora project. Perhaps make it work for decoding balloon telemetry modes.

Cypress PSOC5

Play with the Cypress PSOC5 platform, which combines a ARM Cortex-m3 processor with configurable analog blocks. I'm thinking of combining it with a 24 GHz doppler radar sensor, to process the signal and present it as a USB audio device (stereo signal contains I and Q parts). See RadarOnAStick.

Simple Doppler motion sensors

You can find basic doppler microwave motion sensors based on a single transistor, with some weird traces on the PCB very cheaply, for example

Typically the microwave part of these consists of a single transistor with a rectangular area on one leg and a meandering trace (with lots of vias to the other side) on the other leg. The output of this circuit seems to go into a chip very much like the ones used in PIR sensors.

See also for a reverse engineering effort of these doppler radar modules.


Investigate the rust language.


I have a Wemos "LOLIN32 V1.0.0" ESP32 board, play with it. Discover Bluetooth capabilities, low power modes. Compare it with ESP8266.

Bare-bones Arduino bat detector

This is an idea for a very basic heterodyne bat detector, doing signal processing on an Arduino, requiring minimal external components.

The basic principle of a heterodyne detector is that it just mixes (multiplies) the audio signal with a square wave, low-pass filters the result and puts it on a speaker.

Multiplying with a square wave can also be considered to be just alternatively inverting and not-inverting the signal. So if you sample an ultrasonic signal at twice the rate you want to multiply, you can just subtract odd samples from even samples and low-pass filter that.

How this can be done in an AVR Arduino:

  • sample the audio signal at twice the detection frequency, say 84 kHz. An AVR should just be able to do that.
  • apply a 1-pole IIR high-pass filter to remove DC bias, this takes one shift instruction and one addition.
  • multiply by the detection frequency, this means just inverting the odd samples.
  • low-pass filter the signal, this can be done using a moving average filter, say 16 samples long (first null at 5.25 kHz). Theoretically, averaging 16 samples should result in two bits extra accuracy. This operation takes some storage, an addition and a subtraction.
  • output the filtered signal using PWM, possibly at the same rate that we are sampling the input audio.

The microphone can be a 40 kHz piezo transducer, to keep it cheap (but also limited to 40 kHz). The pre-amplifier can be a single transistor with some resistors around it, providing about 40x gain. The arduino does the signal processing (mixing, low-pass filter) to shift the bat audio to human range. The speaker amplifier can just be a simple two transistor push-pull circuit, since the output from the Arduino is digital/PWM.

AVR Arduino sample rate

As far as I understand, the ADC clock can be set to 1 MHz. Conversion takes 13 cycles, so this can be a problem to reach a sample rate above 80 kHz.

Example C code

(this is the general idea, but I don't know if it compiles):

#define BUF_SIZE    16

static void ISR(void)
    static int16_t buffer[BUF_SIZE];
    static int16_t lowpass = 0;
    static int32_t sum = 0;
    static bool even = false;

    int16_t input, signal, mixed;

    // sample signal as 16 bits (10 bits significant)
    input = ....

    // HPF input signal
    signal = input - lowpass;
    lowpass += signal >> 4;

    // multiply by carrier
    mixed = even ? signal : -signal;
    even = !even;

    // calculate moving average sum
    sum += mixed ;
    sum -= buffer[index];
    buffer[index] = mixed ;
    index = (index + 1) % BUF_SIZE;

    // output LPF as 8-bit number
    out = sum >> 7;

Bat call cleaner

This idea is about a simple push-button tool to clean up bat call recordings, to make them more suitable for playback in a bat lure.

By cleaning up, I mean removing the background noise and turning it into a pure sine wave like signal characterized only by an instantaneous frequency and amplitude. Any harmonics will be lost.

This way, you can pick a nice bat call recording and turn it into a file suitable for playing back at relatively loud volume from a bat call player / lure, without the broadband noise.

The signal is put through the following signal processing stages:

  • Apply a high-pass filter to get rid of non-ultrasonics like speech, say at 10 kHz
  • Convert the signal into a complex analytic signal, by creating the imaginary part using a Hilbert transform.
    • The Hilbert transform can be approximated by a FIR filter of appropriate length to get the desired bandwidth.
  • Split the complex signal into an instantaneous frequency and amplitude.
    • The frequency is determined by differentiating the instantaneous phase (inverse tangens i/q).
    • The amplitude is determined by calculating the norm of the complex signal (sqrt of i^2 + q^2)
  • Average/low-pass the frequency component, say at 0.1 ms intervals. Do the same to the amplitude.
  • Re-synthesize the signal s using the simple model s = A.sin(2.pi.t/f) where A is amplitude, t is time and f is frequency, interpolating A and f.


  • Apply a high-pass filter to get rid of non-ultrasonics like speech, say at 10 kHz
  • chop the signal up in segments of (say) 100 ms and determine the total energy content in each segment
  • choose the quietest segment and use this as a "background noise template"
    • perform a fourier analysis on the template
  • reduce the noise on the signal using the template:
    • for each segment, apply for each frequency an attenuation based on the signal level compared to the template level
    • resynthesize from fourier back into the time domain using an overlap-add method

=> perhaps there is already software which performs these steps?