Is there an unsecured wireless network near you?
FLEX Pager Protocol in Depth
Sunday, 13 August 2017 10:00

We love pager hacks. One of our earliest head-slappers was completely reverse-engineering a restaurant pager’s protocol, only to find out that it was industry-standard POCSAG. Doh!

[Corn] apparently scratches the same itch, but in the Netherlands where the FLEX protocol is more common. In addition to walking us through all of the details of the FLEX system, he bought a FLEX pager, gutted it, and soldered on an ATMega328 board and an ESP8266. The former does the FLEX decoding, and the latter posts whatever it hears on his local network.

These days, we’re sure that you could do the same thing with a Raspberry Pi and SDR, but we love the old-school approach of buying a pager and tapping into its signals. And it makes a better stand-alone device with a lot lower power budget. If you find yourself in possession of some old POCSAG pagers, you should check out [Corn]’s previous work: an OpenWRT router that sends pages.

Filed under: radio hacks, wireless hacks