in addition to sending over this page, previously available at https://eigenellies.space/antennacane, fluora also provided us with a detailed datasheet for the wireless adapter they used.
<barrow> did that TL-WN722N work out well even on arm? wireless drivers are always a pain
<fluora> yeah it did. it's a v1, so it's that nice atheros chip that we think has free firmware available? or something
<fluora> it's like, the most reliable wifi dongle we've used on linux tbh. it even worked on raspbian in the early days of the RPi, when wifi dongles were a huge mess
<fluora> we scored a full datasheet for it a while ago if you want it
<barrow> probably wouldn't hurt :)
<fluora> this datasheet was a surprisingly good find because it's not just a product brief, it actually has a complete register map and stuff and probably includes everything you need to write a driver for it
full list of changes made to the provided files:
If you've met us before, you may already know that we like weird antennas a lot.
They're the magic wands of our age. They direct invisible and mysterious power, they come in a myriad shapes and sizes, and their designs are often equal parts art and science. To design an antenna, you have to really be able to see in your mind how electromagnetic waves behave, and know intuitively how different shapes will behave. It's really a lot like witchcraft, which is why antennas have always captured our imagination in the way they do.
It was only a matter of time, then, before we would set out to construct our own antenna. We weren't sure what sort of antenna we wanted to build for a long time, but eventually, two things happened. One, radio stuff became our obsession of the moment, and two, we played Bloodborne, which contains a bunch of really cool and silly weapons. One of those weapons is a cane that transforms into a chain whip, which is a little mechanically dubious, but undeniably excellent visually. One day, over a cup of tea and a Wikipedia article about the Yagi-Uda antenna, we had a moment of inspiration: what if we made a cane that transforms into an antenna?
Well, it didn't take us too long to get over that idea. Designing and building a working antenna is easily hard enough without the complexity of transformation mechanics, which would also be a challenge on their own. We could envision this contraption in our head to a respectable level of detail, but actually bringing it to life was another matter entirely. We probably didn't have the tools, funds, or, most importantly, attention span to pull it off. We'd have to try something else. Lucky for us, the logical simplification of our idea - a cane that simply contains an antenna, without needing to transform mechanically in order to activate it. This meant that we had to abandon our dreams of creating a large log-periodic dipole array to use with our RTL-SDR receiver for the time being, but we already had a secondary plan that was just as cool: a 2.4 GHz Wi-Fi antenna. Unlike the SDR, this would require only a relatively narrow bandwidth, and operated on a frequency high enough that the half-wave dipole elements of our antenna would be small. It was workable! We now had a very clear picture in our mind of what we wanted to build, and better yet, a plan to build it. We resolved to make it real.
Why a Yagi-Uda antenna? The biggest reason is range. A Yagi-Uda is a relatively simple type of high-gain antenna - that is, an antenna that directs most of its transmission energy into a small angular region, meaning that the power of the transmission is concentrated in a particular direction. In the case of the Yagi-Uda, this gives poor performance when the target is off-axis (not in the area the antenna is pointed towards) but excellent performance if the antenna is aimed right at the target. The reason for this has to do with the complex way in which the many dipole elements resonate with each other and produce interfering waves. Rather than try to explain this, we will simply defer to the nice little animation Wikipedia provides.
We went to several hardware stores in search of a proper boom material. Metal for the antenna elements themselves was almost trivial; 1/8" welding steel is carried by most hardware stores, but something a little bit stockier for the support boom, which we also wanted to be heavy enough to be usable as a cane, was much harder to come by. Our first attempt was to use a rod of 1/4" welding steel, but this turned out to be maddening (have you ever tried to drill perpendicularly through a thin metal rod? it sucks). We needed something square. The folks in the hardware store shook their heads, and told us that if we wanted something weird like that, then we should head over to the little steelyard on the other side of town. Another bike ride (and $20) later, we'd come up with two incredibly rusty five-foot lengths of 3/8" square steel beam. After a good while of belt sanding, they weren't rusty anymore, and we had all the parts we needed to build a thing.
The important part of the design of our antenna - the specific lengths and spacings of the dipole elements - is not ours. The design we used is a K1FO Yagi-Uda design, scaled and adjusted using a very handy modeler applet to which another article about using Yagi-Uda antennas for Wi-Fi pointed us. After coming up with a radiating pattern, bandwidth, and impedance that we liked (mostly through trial and error), we used the measurements this program provided to drill our boom and cut our dipoles. At the recommendation of the aforementioned article, we used a folded dipole for our driven element, which multiplies the feedpoint impedance by roughly four. Since Yagi-Uda antennas don't have very high impedances if the driven elements are straight, using a folded driven element helps match the impedance to the feedline a lot better. We drilled holes at carefully-measured intervals along the boom with a drill press, fitted our hacksawn-and-filed dipole elements into each one in turn, and locked them into place by pounding the outer faces of the boom with a centerpunch to pinch each element permanently into its home. For the driven element, we first tried a few more obvious methods of securing it in place - bolts, epoxy - but after these resoundingly failed, we went for our favorite golden hammer: solder, the electrical engineer's duct tape. As it turns out, soldering large pieces of metal together like this works remarkably well. You need a blowtorch and a lot of flux, but if you do it patiently, the results are satisfyingly solid. We used lead-free silver solder for this because we didn't want to poison ourselves, and thought the increased cost and reduced durability to be lesser issues. Connection to the boom doesn't need to be electrically sound (in fact, the boom is electrically entirely unnecessary, and could be made of wood or plastic for all the antenna itself cares), but we wanted the joints to be solid and inflexible, so solder proved an effective option.
With the antenna itself done, a few more details still remained. We wanted our cane to have a nice swordlike handle about which it was well-balanced, as well as a cane-like handle to make it usable as a cane. The latter was fairly easy; we had an old metal thinger of some sort left over from a high school project that made a great cane handle and balancing counterweight. The former was a bit less obvious, because the 3/8" steel beam made a terrible handle on its own, and we weren't sure how best to tame it for the soft and squishy human hand. While we were already wrapping the antenna's feedline (a cheap Wi-Fi extender cable we bought online) around the steel boom to serve as a current balun, we worried too much about damaging the cable to use this alone as a handle. Eventually, we settled on a length of copper water pipe, which added a nice color to the cane's overall appearance and provided a very comfortable grip.
By this point, we were nearly done. The antennacane looked like a cane and an antenna, and once we soldered the feedline to the ends of the driven element, we could test it with any Wi-Fi transceiver bearing an RP-SMA connector, verifying that it did, in fact, work as an antenna. One last thing remained to do: attaching the computery bits. We had, since the outset of the project, imagined ourselves attaching a Raspberry Pi or similar to the cane's body and using it as an onboard controller, but after our success with constructing the antenna itself, we became a lot more serious about that idea. We dug up a Pi Zero W, found an adapter for one of our TP-Link WN722N USB transceivers (which work well with aircrack-ng, our main software weapon of choice), bought a USB battery bank, and set about finding a way to attach the whole works to the cane.
As it happened, solder saved us again. If you've ever tried to mount something to a pole, you'll know that there aren't
many nice-looking ways to do it that don't involve drilling into the pole (which we decided against, because we needed
to make sure there was room inside the handle for the feedline windings). We ruled out U-bolts pretty fast, eventually
settling for soldering some flat metal brackets (specifically, flat metal bits that we hacksawed off of angle brackets)
to the side of the copper pipe, then attaching the electronic bits onto those with wall-hook sticky pads. We also cut,
drilled, and tapped a bit of steel bar with a 1/4"-20 threaded hole, which fits a standard American
tripod, and soldered that to the handle too, right at the balance point, so we could mount the contraption on a nice
professional-grade base for when we got tired of holding it.
This all worked like a charm, except for the part where we dropped a solder bead on our left foot and got a second-degree burn. If you're also an impatient cavalier of a woman like we are, take our advice: don't do hot work in bare feet. It's not worth the extra few minutes it saves.
With the electronics attached as the last finishing touch, we had a very sharp-looking instrument.
It's a very fun tool to use. With 12 or so hours of continuous runtime on a charge, it's got enough battery life to last through a solid day of hacking. The battery bank is one of those newfangled ones that detects automatically when something gets plugged into it, so all you have to do to power it up is hit the button on the side, and powering it down can be done from software - the bank notices the drop in current draw and helpfully cuts power once the Pi shuts down. During operation, we have the Pi set to broadcast a low-power hotspot from its own onboard transceiver that we can use to connect to it and access its console over SSH; we've wanted to get bluetooth working for a while so that we can have proper out-of-band control, but bluetooth is really frustrating on linux, so that's eluded us so far.
The actual transmission/reception range of the main antenna is something we still haven't worked out a good way of measuring. We did try setting it to broadcast a wireless hotspot at full power, aiming it off down a beach, and walking ahead of it with our phone to see when we lost the signal, but we ended up hitting the water and having to turn back long before the signal became too weak to pick up. That test gave us a lower bound of about 200 meters, but it's easily possible that it reaches multiple kilometers, especially if the antenna at the other end is also directional and aimed back at it over flat, open terrain. While probably not as capable as professional-grade gear, its range is clearly nothing trivial, and its onboard Linux system and two independent transceivers make it an incredibly versatile instrument of wireless shenanigans.
The weight and balance of the cane are both quite satisfying. The whole thing weighs around a kilogram, maybe a bit more, which is startling to feel if you're expecting it to be made out of aluminum. It's almost perfectly balanced on the tripod mount and sword-style handle, which makes carrying it feel very dramatic and graceful. We also added a strap to it to allow it to be carried across our back like a rifle, just for that added bit of flair. It's certainly not something you'll see every day, and it's a great conversation starter anytime we meet someone with similar interests to us while we're using it. A lot of people think it looks like a weapon, but we think - or perhaps hope - that anyone with half a lick of sense could tell from a cursory examination that it is neither a blade nor a firearm, and that its purpose is a bit more unusual than that.
The most common question by far that we hear whenever we show people our projects is also the most obvious (and valid) question to ask:
As you might have guessed, this question has a lot of answers. We could sit here and try to convince you that our antennacane is a legitimately useful tool for our hobby - or perhaps even professional - work, and that we had this in mind when we came up with the idea (it's true, after all). However, the real reason we made it is far simpler:
Creating a new thing, no matter how weird, is always more interesting than not creating a new thing.
We had an idea that, as far as we know, hadn't been had before. We could have amused ourselves with the idea alone, eventually
letting go of it and moving on to other, more practical things, but that would have been boring. We like adventures, so we
decided to make it real, and we did. Now we have a very unusual kind of wifi multitool that suits a few interesting purposes.
To name a few, here are some things for which we've found the device useful so far:
Since the cane's Raspberry Pi has its own Wi-Fi transceiver, it's possible to use the long-range transceiver to hook into a distant wireless hotspot, then re-share the connection in a small area surrounding the cane with the short-range transceiver. This is great for when we're down the street from a public access point, to which our laptop or phone can't quite shout loud enough to connect.
The reverse of the above also works equally well: connect the short-range transceiver to a nearby hotspot, then throw it off into the distance so that someone far away can use it too. If we were to organize this with someone else who had their own antennacane, we could likely reach a very long distance indeed.
The long-range transceiver we selected works quite well as a monitor-mode interface, meaning we can shut down the transmitter part and just listen to what nearby networks are saying. Don't worry; encryption means we can't view the actual traffic being exchanged by clients, but we can see a good amount of metadata: how many devices are in range, how talkative they are, what their MAC addresses are (unless spoofed, this tells us what manufacturers produced them and, if we were so inclined, would allow us to track specific devices), as well as access point information such as network name and time since last reset. We have an academic interest in all of this information, and we approach our explorations with due respect - making sure to keep people's privacy in mind, and not attempting to find out information that we would not ordinarily be able to find through other, less esoteric methods. We're hackers, not cops or a corporation, after all.
Okay, so we're not actually much for making trouble, but everyone always seems to want to know what evil things you can do
with our cane. The answer, which may or may not surprise you, is "not much".
"Hacking Wi-Fi" in the action-movie sense isn't really a thing. Well, it is in some sense, but it generally takes a very long time and requires a level of resourcefulness that is beyond even us. If our antennacane were built for actual attacks of this sort, it would need a far more powerful processor than the single-core BCM2835 carried by the Pi Zero W, for starters, and we'd want the ability to operate on the 5 GHz band as well (something the cane is currently not capable of). The only effective way of breaking into a hotspot without knowing the password (or resorting to social engineering) is really to just guess all the possible passwords and try to use them to decrypt traffic from the access point, which is extremely time-consuming, especially since most access points nowadays have randomly-generated passwords that are extremely hard to crack. Beyond the typical break-and-enter "hacking" people usually think of in Wi-Fi contexts, it's also possible to be annoying by flooding an access point's vicinity with spoofed deauthentication packets, which forces devices to disconnect and renders the network unusable, but this is both not very much fun (who wants to be that damn kid anyway?) and also increasingly not possible due to the implementation of newer security measures.
Basically, breaking Wi-Fi is no fun. We'd rather use our device to respectfully explore it instead.
Okay, you got us: we're able-bodied, and we don't need a cane to walk. In fact, our ADHD-induced impatience drives us to walk so fast that whenever we try to actually walk with our cane as one would with a regular cane, we find that our hand is not strong enough to move the cane as fast as our legs want to go. It's not a lightweight cane, after all. Worse still, it's not really suitable for use indoors due to the hard metal end's propensity to scratch floors, and it doesn't deal with soft ground very well either. Basically, we don't need a cane, and even if we did, this wouldn't be a very good choice. Oh well... It's still very cool-looking and makes for a very neat cyberpunk prop when it's not actively serving as an antenna.
There are a lot more things we could do in this newfound world of antennacanes. One big thing that's missing from our current design is the ability to operate on the increasingly-popular 5 GHz Wi-Fi band, used by the likes of the blazing-fast new specifications like 802.11ac or 802.11ax. For this, we would need an entire secondary antenna - the one we've got now does not have the bandwidth to stray that far from the 2.4 GHz region. On the plus side, the even-smaller dipole elements that 5 GHz would involve means that we could try more interesting design methods, such as embedding wires inside an unassuming-looking wooden cane, which is definitely a cool possibility. For now, we're stalling on that a little because 802.11ac chipsets have incredibly bad support under Linux, with flaky drivers that have to be built from source. Hopefully, the scene will improve a bit in the coming years.
We feel obligated, at some point, to assemble some detailed information for how we put the cane together, or at least some more specific ideas about how to build one. While we're certainly not going to make and sell antennacanes (the time it takes to make one the way we did would not result in an affordable price tag), we think it would be really cool to see other people try their hands at making portable antennas like this. We didn't really follow a particular design plan with this one, and instead just kind of threw it together, basing our constructions off of a sort of platonic ideal of what an antennacane should be like. Rather than publishing detailed and precise schematics and instructions, we're more inclined to encourage anyone else who wants their own antennacane to do the same - imagine what you want as clearly as you can, and make it real. It's not easy, but it's a fantastic learning experience in so many ways, and that was the real fun of this project for us all along. If you are interested in doing this kind of project yourself, then we hope this write-up gives you the inspiration you need to start your own adventures.