Getting Started with GNU Radio

Software Defined Radio (SDR)–the ability to process radio signals using software instead of electronics–is undeniably fascinating. However, there is a big gap from being able to use off-the-shelf SDR software and writing your own. After all, SDRs require lots of digital signal processing (DSP) at high speeds.

Not many people could build a modern PC from scratch, but nearly anyone can get a motherboard, some I/O cards, a power supply, and a case and put together a custom system. That’s the idea behind GNU Radio and SDR. GNU Radio provides a wealth of Python functions that you can use to create sophisticated SDR application (or, indeed, any DSP application).

If Python is still not up your alley (or even if it is), there’s an even easier way to use GNU Radio: The GNU Radio Companion (GRC). This is a mostly graphical approach, allowing you to thread together modules graphically and build simple GUIs to control you new radio.

Even though you usually think of GRC as being about radios, it is actually a good framework for building any kind of DSP application, and that’s what I’ll show you in the video below. GRC has a signal generator block and interfaces to your sound card. It even has the ability to read and write data to the file system, so you can use it to do many DSP applications or simulations with no additional hardware.

UPDATE: Don’t miss the follow-up post that uses SDRPlay to build a GNU Radio based receiver.

Continue reading “Getting Started with GNU Radio”

Mid-Priced Hardware Gets Serious About Software Defined Radio

Regular Hackaday readers are used to seeing the hacks that use a cheap USB TV dongle as a software defined radio (SDR). There’s plenty of software that will work with them including the excellent GNU Radio software. However, the hardware is pretty bare-bones. Without modifications, the USB dongle won’t get lower frequencies.

There’s been plenty of other SDR radios available but they’ve had a much heftier price tag. But we recently noticed the SDRPlay RSP, and they now have US distribution. The manufacturer says it will receive signals with 12-bits of resolution over the range of 100 kHz to 2 GHz with an 8MHz bandwidth. The USB cable supplies power and a connection to the PC. The best part? An open API that supports Windows, Linux, Mac, Android, and will even work on a Raspberry Pi (and has GNU Radio support, too).

Continue reading “Mid-Priced Hardware Gets Serious About Software Defined Radio”

[Balint]’s GNU Radio Tutorials

Waterfall

[Balint] has a bit of history in dealing with software defined radios and cheap USB TV tuners turned into what would have been very expensive hardware a few years ago. Now [Balint] is finally posting a few really great GNU Radio tutorials, aimed at getting software defined radio beginners up and running with some of the coolest hardware around today.

[Balint] is well-known around these parts for being the first person to create a GNU Radio source block for the implausibly inexpensive USB TV tuners, allowing anyone with $20 and enough patience to wait for a package from China to listen in on everything from 22 to 2200 MHz. There’s a lot of interesting stuff happening in that band, including the ACARS messages between airliners and traffic control, something that allowed [Balint] to play air traffic controller with a minimal amount of hardware.

Right now the tutorials are geared towards the absolute beginner, starting at the beginning with getting GNU Radio up and running. From there the tutorials continue to receiving FM radio, and with a small hardware investment, even transmitting over multiple frequencies.

It’s not much of an understatement to say software defined radio is one of the most versatile and fun projects out there. [Balint] even demonstrated triggering restaurant pagers with a simple SDR project, a fun project that is sure to annoy his coworkers.

Continue reading “[Balint]’s GNU Radio Tutorials”

Hacking Rolling Code Keyfobs

Most keyfobs out there that open cars, garage doors, and gates use a rolling code for security. This works by transmitting a different key every time you press the button. If the keys line up, the signal is considered legitimate and the door opens.

[Spencer] took a look into hacking rolling code keyfobs using low cost software-defined radio equipment. There’s two pars of this attack. The first involves jamming the frequency the keyfob transmits on while recording using a RTL-SDR dongle. The jamming signal prevents the receiver from acknowledging the request, but it can be filtered out using GNU Radio to recover the key.

Since the receiver hasn’t seen this key yet, it will still be valid. By replaying the key, the receiver can be tricked. To pull off the replay, GNU Radio was used to demodulate the amplitude shift keying (ASK) signal used by the transmitter. This was played out of a computer sound card into a ASK transmitter module, which sent out a valid key.

Audio Networking With GNU Radio

fsk

Thought GNU Radio was just for radio? Think again. [Chris] has been hard at work turning the signal generation and analysis of the best tool for software defined radio into a networking device for speakers and a microphone.

The setup uses GNU Radio to generate a carrier signal whose frequency is modulated with a data stream. With this modulated signal piped over a laptop’s speakers, [Chris] is able to send UDP packets across his desk using nothing but sound.

[Chris] had recently used a similar technique to transmit data via audio with GNU Radio, but this latest build is a vast improvement; this is now a duplex networking, meaning two computers can transmit and receive at the same time.

In the end, [Chris] created a strange, obsolete device called a “modem”. It’s not exactly fast; sending ‘Hello World’ takes quite a bit of time, as you can see in the video below.

Continue reading “Audio Networking With GNU Radio”

Ultrasonic Data Transmission With GNU Radio

When we hear GNU Radio was used in a build, the first thing we think of is, obviously, radio. Whether it’s a using extremely expensive gear or just a USB TV tuner dongle, GNU Radio is the perfect tool for just about everything in the tail end of the electromagnetic spectrum.

There’s no reason GNU Radio can’t be used with other mediums, though, as [Chris] shows us with his ultrasound data transmission between two laptops. He’s transmitting audio from the speakers of one laptop at 23 kHz. It’s outside the range of human hearing, but surprisingly able to be picked up by a cheap desktop mic connected to another laptop. His GNU Radio setup first converts a string of text to a 5-bit packet, modulates it with FSK, and bumps up the signal to 23 kHz. On the other end, the data is decoded by doing the same thing in reverse.

The setup is easily able to reject all audio that isn’t in the specified frequency range; in the video after the break, [Chris] successfully transmits a ‘hello world’ while narrating what he’s doing.

Continue reading “Ultrasonic Data Transmission With GNU Radio”

Cracking GSM with RTL-SDR for Thirty Dollars

Theoretically, GSM has been broken since 2003, but the limitations of hardware at the time meant cell phone calls and texts were secure from the prying ears of digital eavesdroppers and all but the most secret government agencies. Since then, the costs of hardware have gone down, two terabytes of rainbow tables have been published, and all the techniques and knowledge required to listen in on cell phone calls have been available. The only thing missing was the hardware. Now, with a super low-cost USB TV tuner come software defined radio, [domi] has put together a tutorial for cracking GSM with thirty dollars in hardware.

Previous endeavours to listen in and decrypt GSM signals used fairly expensive software defined radios – USRP systems that cost a few thousand dollars a piece. Since the advent of RTL-SDR, the price of software defined radios has come down to about $30 on eBay, giving anyone with a Paypal account the ability to listen in on GSM calls and sniff text messages.

The process of cracking GSM first involves getting the TMSI – Temporary Mobile Subscriber Identifier – a unique ID for each phone in a certain cell. This is done by sending a silent SMS that will send back and acknowledgement an SMS has been received on the victim’s phone, but won’t give the victim any indication of   receiving a message.

From there, the attacker listens to the GSM signals in the cell, receiving bursts attached to a TMSI, and cracking the encrypted stream using 1.6 TB of rainbow tables.

[domi] put up a four-part tutorial series (part 1 above; part 2, part 3, and part 4) that goes over the theory and the actual procedure of cracking text messages and voice calls with a simple USB TV tuner. There are a few limitations; the attacker must be in the same cell as the victim, and it looks like real-time voice decoding isn’t yet possible. Cracking GSM for $30, though, that’s good enough for us.