DEFCON 22: The HackRF PortaPack

What do you get when you combine one of the best (and certainly one of the best for the price) software defined radios with the user interface of a 10-year-old iPod? The HackRF PortaPack, developed by [Jared Boone], and demonstrated at DEFCON last weekend.

[Jared] is one of the original developers for the HackRF, a 10MHz to 6GHz software defined radio that can also transmit in half duplex. Since the development of the HackRF has (somewhat) wrapped up, [Jared] has been working on the PortaPack, an add-on for the HackRF that turns it into a portable, ARM Cortex M4-powered software defined radio. No, it’s not as powerful as a full computer running GNU Radio, but it does have the capability to listen in on a surprising amount of radio signals.

Because [Jared] is using a fairly low-power micro for the PortaPack, there’s a lot of tricks he’s using to get everything running smoothly. He gave a lightning talk at the Wireless Village at DEFCON going over the strengths and weaknesses of the chip he’s using, and surprisingly he’s using very little floating point arithmetic in his code. You can check out the video for that talk below.

Continue reading “DEFCON 22: The HackRF PortaPack”

Building the NSA’s Tools

Fake ANT Catalog Entry for HackRF

Back in 2013, the NSA ANT Catalog was leaked. This document contained a list of devices that are available to the NSA to carry out surveillance.

[Michael Ossmann] took a look at this, and realized that a lot of their tools were similar to devices the open source hardware community had built. Based on that, he gave a talk on The NSA Playset at Toorcamp 2014. This covered how one might implement these devices using open hardware.

The above image is a parody of an ANT Catalog page, which shows [Michael]’s HackRF, an open source software defined radio. In the talk, [Michael] and [Dean Pierce] go over the ANT Catalog devices one by one, discussing the hardware that would be needed to build your own.

Some of these tools already have open source counterparts. The NIGHTSTAND WiFi exploitation tools is essentially a WiFi Pineapple. SPARROW II is more or less a device running Kismet attached to a drone, which we’ve seen before.

A video of the Toorcamp talk is available on [Michael]’s blog. There will also be a variety of talks on this subject at DEFCON next week, which we’re looking forward to. For further reading, Wikipedia has a great summary of the ANT Catalog.

Hackaday Links: July 27, 2014

hackaday-links-chain

Taking apart printers to salvage their motors and rods is a common occurrence in hacker circles, but how about salvaging the electronics? A lot of printers come with WiFi modules, and these can be repurposed as USB WiFi dongles. Tools required? And old printer, 3.3 V regulator, and a USB cable. Couldn’t be simpler.

The Raspberry Pi has a connector for a webcam, and it’s a very good solution if you need a programmable IP webcam with GPIOs. How about four cameras?. This Indiegogo is for a four-port camera connector for the Raspi. Someone has a use for this, we’re sure.

The one flexible funding campaign that isn’t a scam. [Kyle] maintains most of the software defined radio stack for Arch Linux, and he’s looking for some funds to improve his work. Yes, it’s basically a ‘fund my life’ crowdfunding campaign, but you’re funding someone to work full-time on open source software.

Calibration tools for Delta 3D printers. It’s just a few tools that speed up calibration, made for MATLAB and Octave.

[Oona] is doing her usual, ‘lets look at everything radio’ thing again, and has a plan to map microwave relay links. If you’ve ever seen a dish or other highly directional antenna on top of a cell phone tower, you’ve seen this sort of thing before. [Oona] is planning on mapping them by flying a quadcopter around, extracting the video and GPS data, and figuring out where all the other microwave links are.

PowerPoint presentations for the Raspberry Pi and BeagleBone Black. Yes, PowerPoint presentations are the tool of the devil and the leading cause of death for astronauts*, but someone should find this useful.


* Yes, PowerPoint presentations are the leading cause of death for astronauts. The root cause of the Columbia disaster was organizational factors that neglected engineer’s requests to use DOD space assets to inspect the wing, after which they could have been rescued. These are organizational factors were, at least in part, caused by PowerPoint.

Challenger was the same story, and although PowerPoint didn’t exist in 1986, “bulletized thinking” in engineering reports was cited as a major factor in the disaster. If “bulletized thinking” doesn’t perfectly describe PowerPoint, I don’t know what does.

As far as PowerPoint being the leading cause of death for astronauts, 14 died on two shuttles, while a total of 30 astronauts died either in training or in flight.

Homebrew NSA Bugs

NSA

Thanks to [Edward Snowden] we have a huge, publicly available catalog of the very, very interesting electronic eavesdropping tools the NSA uses. Everything from incredibly complex ARM/FPGA/Flash modules smaller than a penny to machines that can install backdoors in Windows systems from a distance of eight miles are available to the nation’s spooks, and now, the sufficiently equipped electronic hobbyist can build their own.

[GBPPR2] has been going through the NSA’s ANT catalog in recent months, building some of the simpler radio-based bugs. The bug linked to above goes by the codename LOUDAUTO, and it’s a relatively simple (and cheap) radar retro-reflector that allows anyone with the hardware to illuminate a simple circuit to get audio back.

Also on [GBPPR2]’s build list is RAGEMASTER, a device that fits inside a VGA cable and allows a single VGA color channel to be viewed remotely.

The basic principle behind both of these bugs is retroreflection, described by the NSA as a PHOTOANGLO device. The basic principle behind these devices is a FET in the bug, with an antenna connected to the drain. The PHOTOANGLO illuminates this antenna and the PWM signal sent to the gate of the FET modulates the returned signal. A bit of software defined radio on the receiving end, and you have your very own personal security administration.

It’s all very cool stuff, but there are some entries in the NSA catalog that don’t deal with radio at all. One device, IRATEMONK, installs a backdoor in hard drive controller chips. Interestingly, Hackaday favorite and current Hackaday Prize judge [Sprite_TM] did something extremely similar, only without, you know, being really sketchy about it.

While we don’t like the idea of anyone actually using these devices, the NSA ANT catalog is still fertile ground for project ideas.

Continue reading “Homebrew NSA Bugs”

A GSM Base Station With Software Defined Radio

gsmIf you’re wondering how to get a better signal on your cellphone, or just want to set up your own private cell network, this one is for you. It’s a GSM base station made with a BeagleBone Black and a not too expensive software defined radio board.

The key component of this build is obviously the software defined radio. [Julian] is using a USRP B200 radio for this project. It’s not cheap, but it is a very nice piece of hardware capable of doing just about anything with GNU Radio. This board is controlled by a BeagleBone Black, a pretty cheap solution that puts the total cost of the hardware somewhere around $750.

The software side of the build is mostly handled by OpenBTS, the open source project for the software part of a cell station. This controls the transceiver, makes calls and SMS, and all the backend stuff every other cell station does. OpenBTS also includes support for Asterisk, the software of choice for PBX and VoIP setups. Running this allows you to make calls and send texts with your SDR-equipped, Internet-enabled BeagleBone Black anywhere on the planet.

THP Entry: SatNOGS

NOGS Here’s an interesting thought: it’s possible to build a cubesat for perhaps ten thousand dollars, and hitch a ride on a launch for free thanks to a NASA outreach program. Tracking that satellite along its entire orbit would require dozens of ground stations, all equipped with antennas, USB TV tuners, and a connection to the Internet. It’s actually more expensive to build and launch a cubesat than it costs to build a network of ground stations to get reasonably real-time telemetry from a cubesat. The future is awesome and weird, it seems.

This is the observation the guys behind SatNOGS have made. They’re developing a platform for a completely open source ground station network, with the idea being people an institutions along every longitude and latitude would build a simple satellite tracking antenna mount, connect it to the Internet, and become part of an open source Near Space Network, capable of receiving telemetry from any one of the small cubesats whizzing around in low earth orbit.

Despite being what is probably one of the most ambitious and far-reaching projects in open source hardware, the design of the system is relatively simple: the hardware is a 3D printed alt-az mount, capable of pointing a pair of antennas anywhere in the sky. The stepper motor driver board is based on the Arduino, and the computer running each antenna node is powered by a BeagleBone Black or a WR703N router. The antenna receiver is, of course, an RTL-SDR dongle, capable of listening to all the common cubesat bands. Even the software is derived from open source projects. Tracking a satellite across the sky can be calculated with GPredict, and the team is working on an observation scheduling and management system that combines multiple ground stations for coverage across the globe.

It’s a great idea, crowdsourcing satellite tracking from people around the globe, and something that could be used by hundreds of institutions lucky enough to launch a small cube of electronics into orbit.


SpaceWrencherThe project featured in this post is an entry in The Hackaday Prize. Build something awesome and win a trip to space or hundreds of other prizes.

ISEE-3: On Track To Come Home

map
Intended trajectory from ICE team in 1986 (blue), 2001 ephemeris of ISEE-3 (white) and current ephemeris (red/green). Click to embiggen.

When last we heard of the progress of commanding the derelict ISEE-3 satellite into stable orbit between the Earth and the sun, the team had just made contact with the probe using the giant dish in Arecibo, sent a few commands, and started gathering data to plot where the spacecraft is and where it will be. A lot has happened in a week, and the team is now happy to report the spacecraft is alive and well, and much, much closer to the intended trajectory than initially believed.

Before last week, the best data on where ISEE-3 was heading was from a 13-year-old data set, leaving the project coordinators to believe a maneuver of about 50-60  m/s was necessary to put the spacecraft into the correct orbit between the Earth and the sun. With new data from Arecibo, that figure has been reduced to about 5.8 m/s, putting it extremely close to where the original ICE navigation team intended it to go, all the way back in 1986. This also gives the team a bit of breathing room; the original planned maneuver to capture the spacecraft required nearly a third of the available fuel on board. The new plan only requires the spacecraft expend about 5% of its fuel stores. This, of course, brings up the idea of continuing the planned mission of the rebooted ISEE-3 beyond the Earth-Sun L1 point, but that is very much putting the cart before the horse.

Of course, getting ranging data of the spacecraft is only a small part of what has happened with the ISEE-3 part this week. Thanks to the ‘away team’ sent to Arecibo to install hardware and attempt to make contact with the satellite, both transceivers are working, telemetry is being downloaded from the probe, and work has begun on refining the exact position of ISEE-3 to compute where and when the spacecraft needs to make its maneuver.

Regular Hackaday feature and software defined radio god [Balint] was on hand with the away team at Arecibo to install his company’s SDR unit on the largest dish on the planet. His happy dance of the first data from ISEE-3 made the blog rounds, but the presentation (PDF) and photo gallery tell the story of working on the largest dish on the planet much better.

There’s still a lot of work to be done by the ISEE-3 team as they figure out how best to capture the spacecraft and prepare for the burn in the following week. They should have the exact orbit of ISEE-3 nailed down early this week, and after that, ISEE-3 could on a path back home in less than two weeks.