Saturday, 30 May 2009

Hacking a pager (part 1)

I bought this weekend a pager for 2 euros and decided to plug my scope on it to see what could I find out. The case mentions 147.250MHz, and "RTT/SMF/X205", unfortunately this didn't help much!

I plug my scope on the digital output of the receiver and I noticed a burst of serial data every 1 second exactly.



I zoomed in to see how this bursts look like and this is what I got:



BTW the blue channel is hooked to a pin that goes low every time there is serial data coming in the red channel.

The next think I noted, is that once in a while I get loooong bursts of serial data that last for 4 seconds



Any idea what protocol this could be? It doesn't look like FLEX or POGSAC...

Thanks everyone for reading, any info is welcome!

8 comments:

  1. funny! Did you get it at Elak? I just picked one up there as well, not sure why really, just thought it looked nice to hack or at least steal the buzzer from!
    I'll play with it soon and let you know what I find out, but I don't think I'll dig into the frequency... thought mine has some company name written on it, maybe we could just find out what gear they used, find it again and make our own secret paging network!

    ReplyDelete
  2. hey, yes I did buy it at Elak so it is probably the same one, it has written on it RAMACOM. BTW Do you know other shops here in Brussels besides Elak?

    ReplyDelete
  3. no, I don't know any other shops. I just moved here.

    ReplyDelete
  4. Hi,
    There is Cotubex.be and Triac.be but I think you'll find the most geeky stuff at elak :-)
    Try also www.dealextreme.com which is based in Hongkong

    ReplyDelete
  5. Hi the first CRO shot indicates the battery saver is still on.
    If you can send me a bit more info I might be able to help (It has been 20 years since I worked on pagers)
    make our own secret paging network!
    We built some in building paging systems using VHF twoway radios and PC's with simple interface and software.

    The project got out sourced when the clients wanted it to send messages to an "area wide" provider when the doctors left the building and to interface the system to their PABX. (We spent more time playing with it than repairing pagers)

    Rod
    neutron.modulator@gmail.com

    ReplyDelete
  6. Would you be so kind as to send me a digital recording of the signal? Decoding it would be a nice little challenge for a dull flight or trainride.

    --Travis at TNBelt.com

    ReplyDelete
  7. any news about this hack ?, i m in the same situation with a old pager, i got signal, its POCSAG, but i dont really no idea how to use it

    ReplyDelete
  8. No news unfortunately, but i still remember about this once in a while... It's can't be so difficult to crack the messages! I'll be happy to follow you if you have a blog where you plan to track your progress!

    ReplyDelete