Tackling Trunked Radio With Software

June 16, 2020 by 12 Comments

For those starting to wade into radio as a hobby, one of the first real technical challenges is understanding trunked radio systems. On the surface, it seems straightforward: A control channel allows users to share a section of bandwidth rather than take up one complete channel, allowing for greater usage of the frequency range. In practice though it can be difficult to follow along, but now it’s slightly easier thanks to software defined radio.

This guide comes to us from [AndrewNohawk], who is located in San Francisco and is using his system to monitor police, fire, and EMS activity. These groups typically used trunked radio systems due to the large number of users. For listening in, nothing more than an RTL-SDR setup is needed, and the guide walks us through using this setup to find the control channels, the center frequency, and then identifying the “talk groups” for whichever organization you want to listen in on.

The guide goes into great detail, including lists of software needed to get a system like this started up, and since [AndrewNohawk] is a self-identified “radio noob” the guide is perfectly accessible to people who are new to radio and specifically new to trunked systems like these. Once you get the hang of it, it’s not too hard to scale up, either.

Receive Analog Video Radio Signals From Scratch

May 31, 2020 by 6 Comments

If you’ve been on the RTL-SDR forums lately you may have seen that a lot of work has been going into the DragonOS software. This is a software-defined radio group that has seen a lot of effort put into a purpose-built Debian-based Linux distribution that can do a lot of SDR out of the box. The latest and most exciting project coming from them involves a method for using the software to receive and demodulate analog video.

[Aaron]’s video (linked below) demonstrates using a particular piece of software called SigDigger to analyze an incoming analog video stream from a drone using a HackRF. (Of course any incoming analog signal could be used, it doesn’t need to be a drone.) The software shows the various active frequency ranges, allows a user to narrow in on one and then start demodulating it. While it has to be dialed in just right to get anything that doesn’t look like snow, [Aaron] is able to get recognizable results in just a few minutes.

Getting something like this to work completely in software is an impressive feat, especially considering that all of the software used here is free. Granted, this wouldn’t be as easy for a digital signal like most TV stations broadcast, but there’s still a lot of fun to be had. In case you missed the release of DragonOS, we covered it a few weeks ago and it’s only gotten better since then, with this project just as one example.

Continue reading “Receive Analog Video Radio Signals From Scratch”

ATMega328 SSB SDR For Ham Radio

May 27, 2020 by 23 Comments

The humble ATmega328 microcontroller, usually packaged as an Arduino Uno, is the gateway drug for millions of people into the world of electronics and embedded programming. Some people just can’t pass up the challenge of seeing how far they can push the old workhorse, and it looks like [Guido PE1NNZ] is one of those. He has managed to implement a software-defined SSB ham radio transceiver for the HF bands on the ATMega328, and it looks like the project is going places.

The radio started life as a QRP Labs QCX, a $49 single-band CW (morse code) HF transceiver kit that is already one of the cheapest ways to get on the HF bands. [Guido] reduced the part count of the radio by about 50%, implementing much of the signal processing digitally on the ATmega328. On the transmitter side, the SSB signal is generated by making slight frequency changes to a Si5351 clock generator using 800kbit/s I2C, and controlling a very efficient class-E RF power amplifier with PWM for about 5W of output power. The increased efficiency means that there is no need for the bulky heat sink usually seen on SSB radios. The radio is continuously tunable from 80m to 10m (3.5 Mhz – 30 Mhz), but it does require plugging in a different low pass filters for each band. Continue reading “ATMega328 SSB SDR For Ham Radio”

TEMPEST Comes To GNU Radio

May 14, 2020 by 10 Comments

As we use our computers, to watch YouTube videos of trucks hitting bridges, to have a Zoom call with our mothers, or even for some of us to write Hackaday articles, we’re unknowingly sharing a lot of what we are doing with the world. The RF emissions from our monitors, keyboards, and other peripherals can be harvested and reconstructed to give a third party a view into your work, and potentially have access to all your darkest secrets.  It’s a technique with origins in Government agencies that would no doubt prefer to remain anonymous, but for a while now it has been available to all through the magic of software defined radio. Now it has reached the popular GNU Radio platform, with [Federico La Rocca]’s gr-tempest package.

He describes it as a re-implementation of [Martin Marinov]’s TempestSDR, which has a reputation as not being for the faint-hearted. The current version requires GNU Radio 3.7, but he promises a 3.8-compatible version in the works. A YouTube video that we’ve placed below the break has a range of examples running, though there seems to be little information on the type of antenna employed. Perhaps a log-periodic design would be most appropriate.

Continue reading “TEMPEST Comes To GNU Radio”

GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC

April 24, 2020 by 31 Comments

Another week, another exploit against an air-gapped computer. And this time, the attack is particularly clever and pernicious: turning a GPU into a radio transmitter.

The first part of [Mikhail Davidov] and [Baron Oldenburg]’s article is a review of some of the basics of exploring the RF emissions of computers using software-defined radio (SDR) dongles. Most readers can safely skip ahead a bit to section 9, which gets into the process they used to sniff for potentially compromising RF leaks from an air-gapped test computer. After finding a few weak signals in the gigahertz range and dismissing them as attack vectors due to their limited penetration potential, they settled in on the GPU card, a Radeon Pro WX3100, and specifically on the power management features of its ATI chipset.

With a GPU benchmarking program running, they switched the graphics card shader clock between its two lowest power settings, which produced a strong signal on the SDR waterfall at 428 MHz. They were able to receive this signal up to 50 feet (15 meters) away, perhaps to the annoyance of nearby hams as this is plunk in the middle of the 70-cm band. This is theoretically enough to exfiltrate data, but at a painfully low bitrate. So they improved the exploit by forcing the CPU driver to vary the shader clock frequency in one megahertz steps, allowing them to implement higher throughput encoding schemes. You can hear the change in signal caused by different graphics being displayed in the video below; one doesn’t need much imagination to see how malware could leverage this to exfiltrate pretty much anything on the computer.

It’s a fascinating hack, and hats off to [Davidov] and [Oldenburg] for revealing this weakness. We’ll have to throw this on the pile with all the other side-channel attacks [Samy Kamkar] covered in his 2019 Supercon talk.

Continue reading “GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC”

An FPGA And A Few Components Can Make A Radio

April 18, 2020 by 18 Comments

There was a time when making a radio receiver involved significant work, much winding of coils, and tricky alignment of circuitry. The advent of Software Defined Radio (SDR) has moved a lot of this into the domain of software, but there is of course another field in which a radio can be created via code. [Alberto Garlassi] has created a radio receiver for the AM and HF bands with a Lattice MachXO2 FPGA and minimal external components.

He describes it as an SDR, which given that it’s created from Verilog, is a term that could be applied to it. But instead of using an SDR topology of ADC and digital signal processing, it implements a surprisingly traditional direct conversion receiver.

It has a quadrature AM demodulator which has a passing similarity to an SDR with I and Q phased signals, but that’s where the similarity ends. Frequency selection is via an oscillator controlled from a serial port, and there is even a PWM amplifier on board that can drive a speaker. The result can be seen in the video below, and as you can hear the direct conversion with quadrature demodulator approach makes for a very effective AM receiver.

If this is a little much but you still fancy a radio with minimal components, you should have a look at the Silicon Labs range of receiver chips.

Continue reading “An FPGA And A Few Components Can Make A Radio”

Software Defined Everything With Mike Ossmann And Kate Temkin

February 21, 2020 by 7 Comments

Software defined radio has become a staple of the RF tinkerer, but it’s likely that very few of us have ever taken their software defined toolchain outside the bounds of radio. It’s an area explored by Mike Ossmann and Kate Temkin in their newly published Supercon talk as they use GNU Radio to do some things that you might find unexpected.

For most people, a software defined radio is a device. An RTL-SDR dongle perhaps, or the HackRF that a popular multi-tool for working in the radio frequency realm. But as they explain, the SDR hardware can be considered merely as the analogue front end, being just the minimal analogue circuitry coupled with a digitiser. The real software-defined part comes — as you might expect — in the software

Kate and Mike introduce GNU Radio Companion — the graphical UI for GNU Radio — as their tool of choice and praise it’s use as a general purpose digital signal processing system whether or not that includes radio. Taking their own Great Scott Gadgets GreatFET One USB hackers toolkit peripheral as an input device they demonstrate this by analysing the output from a light sensor. Instantly they can analyse the mains frequency in a frequency-domain plot, and the pulse frequency of the LEDs. But their bag of tricks goes much deeper, exploring multiple “atypical use cases” that unlock a whole new world through creative digital signal processing (DSP).

Continue reading “Software Defined Everything With Mike Ossmann And Kate Temkin”