DEF CON: The Proxy for ProxyHam

Two weeks ago, news broke of an incredible abuse of power from the National Security Agency. A DEF CON talk was cancelled, and speculation raged that information was not free. This was the ProxyHam, a device that puts you miles away from any agency hunting down your IP address.

Of course, as with just about every DEF CON talk picked up by the press, ProxyHam is an ill-conceived, terrible idea. You can replicate it with parts bought from newegg, and despite using a highly directional antenna the FCC – or any other government agency – can still track you down.

In lieu of a talk on using off-the-shelf networking hardware in the way it was intended, [Dave Maynor] and [Robert Graham] of Errata Security gave a talk at DEF CON that is the proxy to the ProxyHam. They completely debunked the outrageous speculation surrounding the cancellation of the DEF CON talk and managed to introduce a new version of Internet over radio that is actually useful for the security-minded individual.

The ‘debunking’ part of the Errata Security talk was exactly what anyone would expect; the talk was probably cancelled because the creator of ProxyHam exceeded radiated power limits, the FCC caught him, or simply because of ‘advice from counsel’. No big deal; someone was doing something illegal – encryption over ISM bands – and the things you would expect to happen in fact happened.

In the last two weeks, the guys replicated the ProxyHam build, but found a few major shortcomings. Even with a highly directional antenna, interested parties could still track you down. This led the guys at Errata Security to make this system better. They managed to do it in two weeks.

The Errata Security relies on JT65A – a radio mode made for very weak signals – to hide signals underneath the noise floor. By multiplexing data across multiple channels, this system has about the same bandwidth as a 56kbps modem from 1999. It’s not much, but it is possible to use this proxy for ProxyHam over 20 miles away from where you’re stealing WiFi from. That’s far better than ProxyHam could ever manage, and all the transmissions stay below the noise floor. The FCC and similarly equipped agencies might be able to find you, but no one with a $20 SDR dongle will.

There are no releases yet, but Errata Security plan to make the software that allows this multiplex transmissions available soon, and hope to have a Raspberry Pi-based hardware solution for this technique coming shortly. It’s a radio proxy solution that’s actually somewhat secure, and won’t immediately draw the ire of the FCC.

$40 Antenna Analyzer with Arduino and AD9850

If you are a hacker, you might consider ham radio operators as innovative. Most people, however, just see them as cheap. So it is no surprise that hams like [jmharvey] will build an antenna analyzer from a DDS module and an Arduino instead of dropping a few hundred dollars on a commercial unit. As he points out, you probably only need an analyzer for a day or two while you set up an antenna. Unless you are a big time antenna builder, the unit will then sit idle on the shelf (or will wind up on loan to hams even cheaper than you are).

The design is rooted in another proven design, but changed to take advantage of parts he happened to have on hand. Although the build is on a universal circuit board, [jmharvey] used Eagle to lay out the circuit as though it were a PCB. Since placement can be important with an RF circuit, this isn’t a bad idea. It’s always easier to move stuff around on the screen than on the perf board.

Since this is a no frills, unit, you are expected to grab the output from the Arduino and manually put it in a spreadsheet to plot the results. There is another version of the Arduino code that drives an OLED screen, although you still need a PC to kick the process off. One interesting feature of the Arduino code is how it deals with the nonlinear nature of the diodes used in the circuit. After plotting the values with known loads, [jmharvey] broke the diode operation into three regions and used different equations for each region. Even so, he warns that readings higher than 1:1 VSWR are only accurate to 10% or 20% – still good enough for ham shack use.

If you want an antenna analyzer for $40 (or less, if you have a good stock of parts) this looks like a worthwhile project. If, however, you want to repurpose it to Rickroll your neighbor’s AM radio, you might want to go with the commercial unit.

Click past the break to see the analyzer in action.

Continue reading “$40 Antenna Analyzer with Arduino and AD9850”

Downloading Satellite Images via FM Radio

Did you know weather satellites transmit their weather images over an FM frequency? And now that you know… You can intercept them yourself with a $10 FM radio dongle!

American NOAA weather satellites are in a polar orbit around earth, and each one will pass the same point approximately every 12 hours. When it is overhead, the signal is strong enough to receive. After [Matt] found out this tidbit of knowledge, he had to learn how to intercept the images himself.

The satellites transmit the images over the 137MHz band, and using a radio tuner USB dongle, you can record the transmission and then decode it into a picture. He used CubicSDR to tune and record the signal, and then Soundflower to pull out interference, and finally WXtoIMG — which starts recording when the satellite is above, and decodes the image.

[Thanks for the tip Amirgon!]

Simple One-Chip Regenerative Receiver

Crystal radios may be the simplest kind to make, but regenerative receivers are more practical and only a little more complicated. A recent design by [Selenium] is super simple because it uses a single LM386 audio amplifier IC.

You might be surprised that you can convert an audio amplifier to a receiver using just a handful of components (a variable capacitor, a coil, a handful of capacitors, and a speaker). However, [Selenium] realized he could subvert the gain and bypass pins to cause regeneration and wound up with a very simple receiver.

If you haven’t looked at regenerative receivers before, the principle is simple (and dates back to 1912). An oscillator is an amplifier that gets (theoretically) an infinite amount of gain at one particular frequency. A regenerative receiver is just an amplifier that is almost (but not quite) at the point of oscillation. This gives it very high frequency-specific gain and a measure of selectivity. You can also nudge the receiver just into oscillation to receive CW or SSB signals.

[Selenium] built his prototype on an old receiver chassis because it had the IC and the variable capacitor already in place. However, others have built successful copies on breadboards ([Austin Heller] created several good looking breadboard versions) and on PCB material. [Selenium] also released some other unique LM386-based designs that use more parts (and, probably, have better performance). Looks like a simple way to build a practical receiver.

Tracking Nearly Every Aircraft With A Raspberry Pi

FlightAware is the premier site for live, real-time tracking of aircraft around the world, and for the last year or so, Raspberry Pi owners have been contributing to the FlightAware network by detecting aircraft flying overhead and sending that data to the FlightAware servers.

Until now, these volunteers have used Raspis and software defined radio modules to listen in on ADS-B messages transmitted from aircraft. With FlightAware’s new update to PiAware, their Raspberry Pi flight tracking software, Mode S transponders can also be detected and added to the FlightAware network.

Last year, FlightAware announced anyone with a Raspberry Pi, a software defined radio module, and an Internet connection would earn a free FlightAware enterprise account for listening to ADS-B transmitters flying overhead and sending that information to the FlightAware servers. ADS-B is a relatively new requirement for aviators that transmits the plane’s identification, GPS coordinates, altitude, and speed to controllers and anyone else who would like to know who’s flying overhead.

Mode S transponders, on the other hand, are older technology that simply transmits the call sign of an aircraft. There’s no GPS information or altitude information transmitted, but through some clever multilateration in the new PiAware release these transponders and planes can now be tracked.

To get the location of these transponders, at least three other PiAware boxes must receive a signal from a Mode S transponder. These signals, along with a timestamp of when they were received are then sent to the FlightAware servers where the location of a transponder can be determined.

The end result of this update is that FlightAware can now track twice as many aircraft around the world, all with a simple software update. It’s one of the most successful applications of crowdsourced software defined radio modules, and if you’d like to get in on the action, the FlightAware team put together a bulk order of ADS-B antennas.

HamShield Puts Your Arduino On The Radio

Anybody can grab a USB TV tuner card and start monitoring the airwaves, but to get into the real meat of radio you’ll need your amateur radio license. Once you have that, the bandwidth really opens up… if you can afford the equipment. However, [spaceneedle] and friends have dramatically lowered the costs while increasing the possibilities of owning a radio by creating this ham radio shield for the Arduino.

The HamShield, is a versatile shield for any standard Arduino that allows it to function like an off-the-shelf radio would, but with a virtually unlimited number of functions. Anything that could be imagined can be programmed into the Arduino for use over the air, including voice and packet applications. The project’s sandbox already includes things like setting up mesh networks, communicating over APRS, setting up repeaters or beacons, monitoring weather stations, and a whole host of other ham radio applications.

HamShield operates on a wide range of frequencies and only uses a 250 mW amplifier. The power draw is small enough that the HamShield team operated it from a small solar panel, making it ideal for people in remote areas. The project is currently gathering funding and has surpassed their goal on Kickstarter, branding itself appropriately as the swiss army of amateur radio. The transceiver seems to be very robust, meaning that the only thing standing in the way of using this tool is simply writing the Arduino code for whatever project you want to do, whether that’s as a police scanner or even just a frequency counter. And if you want to follow along on, the project can be found here.

Continue reading “HamShield Puts Your Arduino On The Radio”

CCCamp 2015 rad1o Badge

Conference badges are getting more complex each year. DEFCON, LayerONE, Shmoocon, The Next Hope, Open Hardware Summit, The EMF, SAINTCON, SXSW Create, The Last Hope, TROOPERS11, ZaCon V and of course the CCC, have all featured amazing badges over the years. This years CCCamp 2015 rad1o badge is taking things several notches higher. The event will run from 13th through 17th August, 2015.

The rad1o Badge contains a full-featured SDR (software defined radio) transceiver, operating in a frequency range of about 50 MHz – 4000 MHz, and is software compatible to the HackRF One open source SDR platform. The badge uses a Wimax transceiver which sends I/Q (in-phase/quardrature-phase) samples in the range of 2.3 to 2.7 GHz to an ARM Cortex M4 CPU. The CPU can process the data standalone for various applications such as FM radio, spectrogram display, RF controlled power outlets, etc., or pass the samples to a computer using USB 2.0 where further signal processing can take part, e.g. using GnuRadio. The frequency range can be extended by inserting a mixer in the RF path. Its got an on-board antenna tuned for 2.5GHz, or an SMA connector can be soldered to attach an external antenna. There’s a Nokia 6100 130×130 pixel LCD and a joystick, which also featured in the earlier CCCamp 2011 badge known as the r0ket.

A 3.5mm TRRS audio connector allows hooking up a headphone and speaker easily. The LiPo battery can be charged via one of the USB ports, while the other USB port can be used for software updates and data I/O to SDR Software like GnuRadio. Check out the project details from their Github repository and more from the detailed wiki which has information on software and hardware. There’s also a Twitter account if you’d like to follow the projects progress.

This years Open Hardware Summit also promises an awesome hackable badge. We’ll probably feature it before the OHS2015 conference in September.

Thanks to [Andz] for tipping us off about this awesome Badge.