Mobile SIGINT Hacking On A Civilian’s Budget

Signals Intelligence (SIGINT) refers to performing electronic reconnaissance by eavesdropping on communications, and used to be the kind of thing that was only within the purview of the military or various three letter government agencies. But today, for better or for worse, the individual hacker is able to pull an incredible amount of information out of thin air with low-cost hardware and open source software. Now, thanks to [Josh Conway], all that capability can be harnessed with a slick all-in-one device: the RadioInstigator.

In his talk at the recent 2019 CircleCityCon, [Josh] (who also goes by the handle [CrankyLinuxUser]) presented the RadioInstigator as an affordable way to get into the world of wireless security research beyond the traditional WiFi and Bluetooth. None of the hardware inside the device is new exactly, it’s all stuff the hacking community has had access to for a while now, but this project brings them all together under one 3D printed “roof” as it were. The end result is a surprisingly practical looking device that can be used on the go to explore huge swaths of the RF spectrum at a cost of only around $150 USD.

So what has [Josh] packed into this wireless toybox? It will probably come as little surprise to find out that the star of the show is a Raspberry Pi 3 B+, combined with a touch screen display and portable keyboard so the user can interface with the various security tools installed.

To help the RadioInstigator surf the airwaves there’s an RTL-SDR and a 2.4 Ghz nRF24LU1+ “Crazyradio”, both broken out to external antenna connectors on the outside of the device. There’s even an external SMA connector hooked up to the Pi’s GPIO pin, which can be used for low-power transmissions from 5 KHz up to 1500 MHz with rpitx. Everything is powered by a beefy 10,000 mAh battery pack which should give you plenty of loiter time to perform your investigations.

[Josh] has also written several Bash scripts which will get a trove of radio hacking tools installed on the Pi automatically, either by pulling them in through the official repositories or downloading the source and compiling them. Getting the software environment into a known-good state can be a huge time sink, so even if you don’t build your own version of the RadioInstigator, his scripts are still worth checking out.

You can do some pretty incredible things with nothing more than a Pi and an RTL-SDR, but we can’t help but notice there’s still plenty of room inside the RadioInstigator for more gear. It could be the perfect home for a Mult-RTL setup, or maybe even a VGA adapter for spoofing cell networks.

19 thoughts on “Mobile SIGINT Hacking On A Civilian’s Budget

    1. Lol!

      It’s GPIO4, or the GPU clock pin. Its the pin used by RPITX to get a free Tx for pretty much every RPi platform.

      I’m also the creator of this tablet, so if you or anyone else has any questions, I’ll be here!

  1. Surprised the creator didn’t want/need to screen all that noisy electronics?
    The presentation makes reference to remote viewing of monitors – but it’s not very clear if the hardware he has built is demonstrably capable of that? Be very cool if it was.

    1. Yes it is. It works better on larger monitors (more rfi). However because of an inherent limitation of bandwidth of an RTL-SDR, the quality of tempest reception is limited. You can only get about 2.4MHz of bandwidth@8bit IQ.

      But yes, you can see some noisier monitors.

    1. That would be true if that was the part I was using :)

      https://gitlab.com/crankylinuxuser/siginttablet/blob/master/Bill%20of%20Materials.txt

      8. (OPTIONAL) CrazyRadio , allows easy keyboard mouse sniffing/injection for wide variety of hardware $8
      https://www.ebay.com/itm/Crazyradio-2-4Ghz-nRF24LU1-USB-radio-dongle-with-antenna-for-Crzayflie-10DOF/231423427319

      They have them, and they’re $8.55/ea . And these have an LNA that you can turn on with a command.

  2. Would you care to share your bash scripts for the radio tools? I built a similar setup a month ago, running Kali, and radio hacking is something I want to explore more.

    1. Not for this platform, no.

      The RPi 3B+ is already being maxxed out on quite a few operations, and that’s just on the 2.4MHz the rtlsdr can throw at it.

      I’d be a significant power deficit if I tried a hackrf, and limited to simplex at that. I’d need 2 of those to compare to my current platform.

      The LimeSDR/mini is a potential contender, but it requires USB3. Of course, we all know how well the shared SPI crap works on the RasPi..

      A possible contender would be more like the new nVidia SBC for $100, and 2 hackrf clones for $300, and $100 for other incidentals for a total of ~$500 . But The higher the $$$, the harder it is for people to build one. That’s another allure why I like $150. It’s attainable, and many people already have some parts.

  3. Is there an operational video. Thought I’d try it out since I already have all the needed components on hand. I ran all the scripts on a rpi3b+ but not sure where to go from here. Just messing with gnu radio. As soon as I tie a source to the sink it closes. Not sure what’s going on with that. I’m just not sure what I should be seeing. A desktop gui or if you manually have to put the blocks together in gnu. I watched the talk but Murphy showed up so I never really got to see it operational.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.