The burger pager

A multinational burger chain has a restaurant nearby. One day I went there and ordered a take-away burger that was not readily available. (Exceptional circumstances; Ludum Dare was underway and I really needed fast food.) The clerk gave me a device that looked like a thick coaster, and told me I could fetch the burger from the counter when the coaster starts blinking its lights and make noises.

Of course, this device deserved a second look! (We can forget about the burger now) The device looked like a futuristic coaster with red LEDs all around it. I've blurred the text on top of it for dramatic effect.

[Image: Photo of a saucer-shaped device sitting on the edge of a table, with red LEDs all around it. It has a label sticker with a logo that is redacted from the photo.]

Several people in the restaurant were waiting for orders with their similar devices, which suggested to me this could be a pager system of some sort. Turning the receiver over, we see stickers with interesting information, including a UHF carrier frequency.

[Image: Photo of a smaller sticker on the bottom of the device, reading 'BASE ID:070 FRQ:450.2500MHZ'.]

For this kind of situations I often carry my RTL2832U-based television receiver dongle with me (the so-called rtl-sdr). Luckily this was one of those days! I couldn't help but tune in to 450.2500 MHz and see what's going on there.

[Image: Photo of a very small radio hotglued inside a Hello Kitty branded tin.]

And indeed, just before a pager went off somewhere, this burst could be heard on the frequency (FM demodulated audio):

Googling the device's model number, I found out it's using POCSAG, a common asynchronous pager protocol at 2400 bits per second. The modulation is binary FSK, which means we should be able to directly read the data from the above demodulated waveform, even by visual inspection if necessary. And here's the data.

10101010101010101010101010101010  preamble for bit sync
01111100110100100001010111011000  sync codeword
00101010101110101011001001001000  pager address
01111010100010011100000110010111  idle

There's no actual message being paged, just an 18-bit device address. It's preceded by a preamble of alternating 1's and 0's that the receiver can grab onto, and a fixed synchronization codeword that tells where the data begins. It's followed by numerous repetitions of the idle codeword.

The next question is inevitable. How much havoc would ensue if someone were to loop through all 262,144 possible addresses and send a message like this? I'll leave it as hypothetical.

LAN file transfer with netcat

Need to quickly transfer a file from one computer to another? They don't have AirDrop and you can't find a memory stick? No worries; netcat comes to the rescue. This tip works on Linux as well as OSX.

I'm going to suppose you're on the same LAN, and you want to transfer a file called First, open up a terminal on the receiving computer and type ifconfig|grep "inet " to find out its IP address:

$ ifconfig|grep "inet "
         inet netmask 0xff000000
         inet netmask 0xffffff00 broadcast
$ █

The IP address is (We don't want, because that's a loopback address that only works locally.)

Then make netcat listen to a port by typing nc -l 12345 > On the sending side, type nc 12345 < (or whatever the IP address and file name are). And magic happens!