As you know, hackathons often start with idea pitches. Then, groups assemble for bringing these ideas into reality. The ideas that don't collect enough people, do not continue. This one did, with one hell of a pitch:

I have this device controlling my heart, and I have no idea what it tells about my condition. It sends some data to my doctors, and I see them once a year only to hear that I've had an attack in February, having no recollection what I did back then and if there was something I could have avoided. 
I talked with my doctors and they said they have this data accessible, but they basically don't care enough to send it to me. What I want is to hack this device, to myself see the data it collects and make informed decisions about my lifestyle.

At that point, a roar of applause broke out.

The pitch brought a lot of attention, but not many participants have come to take part afterwards. However, a small team formed and I got to be a part of it.

I myself went to this hackathon with one goal - work on something interesting, preferably a learning experience. I work with Raspberry Pi, electronics and Python, but I never got any experience with wireless communication so closely. I had to do some research before joining to make sure the project wasn't a dead end. This is what I've found:

• Model of implant's base station - Merlin@home EX1150
• BS communicates with the Implanted Cardiac Defibrillator in 402-405MHz range (MICS band)
• BS communicates with the doctors using a USB 3G modem - most likely with a "worldwide" SIM
• Base station and the implant usually communicate each night, at undetermined time
• I wouldn't be able to disassemble the station (luckily, people have done it before)
• The communications are highly unlikely to be secured

Naturally, it started to look like a great learning opportunity, as well as a great thought piece for the media. I joined the team without second thoughts.

---

Our team found ourselves a nice cubicle upstairs, with enough room for 4 people and enough wall sockets for 16. We got to work right away, I started to prepare the equipment&software we'd need and other guys started to search for materials on the transmitter, previous attempts on hacking this kind of equipment.

GNU/Radio has a good rep among hackers working with wireless communications, and I decided to bet on it (mind you, that was my first experience with SDR!). Not only that would be a great opportunity to use open-source software, but I also could use the capturing/decoding workflow on, say, a Raspberry Pi, when the need for a separate capturing device would arise. So, it all started with a fresh install of Debian and, while it took its time, learning about the people who have done it before. Also, I needed an SDR. Badly. I didn't have one, and it wouldn't be possible to intercept anything without one.

The finding results came back from other team members. Well, what a great learning experience it promised to be. A hacker that was working on it and that was about to present the results of his findings, died a week before the conference he'd present them on.

Not that it influenced our motivation in any negative way. But still, I have to say this:

RIP Barnaby Jack (22 November 1977 – 25 July 2013). You will be missed.

---

Debian installing, the base station, the SDR and first of numerous bottles of Coca-Cola consumed over that weekend

During the research phase, we talked about different outcomes possible. As it was mentioned already, the communication between base station and ICD took place at nights - moreover, the exact time wasn't known. Were we to miss the transmission, it didn't seem like we could catch another one. It wouldn't be that big of an issue, but we only had 48 hours and therefore 2 nights available. Oh snap.

We had agreed that I would stay up that night and make sure I have a setup able to record data, then go and see if the base station would know it had missed a communication window and try to communicate right after the bootup. Were it to not happen, we would only have one night and therefore one try to catch the communication occuring - after failing that, we would have nothing to tell people. It was already night, and the tension was building up.

---

After the Debian install was ready, I went onto installing GNU/Radio. I also have found an RTL-SDR - one of the participants had one and was OK to give it to us for the weekend. Not modified, with the stock antenna but still good enough for all our needs. As usual with Linux and running things as an unprivileged user, I had permission problem with accessing the SDR - but that got solved after running GNU/Radio as root, and I decided not to investigate it further. By that time all the other team members, including the girl with the implant, went to sleep in a separate room - as it made no sense to do otherwise.

The receiving part was looking like it worked. I was receiving noise on most bands but no way to verify this setup could actually receive anything. By the time I had an install with all the quirks ready, it was 4AM. Hardly anybody was awake at that point, but I had to try my luck. So, I went downstairs and found one of our mentors. The following conversation occured:

- Hey, do you have a car?
- ...Yeah.
- Can you give me your car keys?
- ...

I got the keys, but there was some explanation to do and some promises to be made. After pointing my GNU/Radio workflow at 433MHz and pressing some buttons on the car remote, I had peaks at my FFT visualiser.

Success!

---

I was the only one awake, and I finally got the setup able to capture RF data. Still at my cubicle and far away from the implant, I turned the base station on. It started flashing its status lights. Nothing could be registered. Maybe it needed to be close to the implant?

Not pictured - the girl sleeping nearby, oh, and the implant.

I asked a friend for help, we picked up my equipment and transferred it to the room where the girl was sleeping. We powered the base station up and started recording everything the SDR would catch.

---

Complete silence on 402-405MHz. It was clear our efforts had to be continued at the next night. Would we succeed or not - that seem to depend on a random chance and our effort put into the next day's preparations. It promised to be a stressful day for me.