Video Cable Becomes Transmitter With TEMPEST-LoRa

EFI from cables is something every ham loves to hate. What if you modulated, that, though, using an ordinary cable as an antenna? If you used something ubiquitous like a video cable, you might have a very interesting exploit– which is exactly what [Xieyang Sun] and their colleagues have done with TEMPEST-LoRa, a technique to encode LoRa packets into video files.

The concept is pretty simple: a specially-constructed video file contains information to be broadcast via LoRa– the graphics card and the video cable serve as the Tx, and the Rx is any LoRa module. Either VGA or HDMI cables can be used, though the images to create the LoRa signal are obviously going to differ in each case. The only restriction is that the display resolution must be 1080×1920@60Hz, and the video has to play fullscreen. Fullscreen video might make this technique easy to spot if used in an exploit, but on the other hand, the display does not have to be turned on at the time of transmission. If employed by blackhats, one imagines syncing this to power management so the video plays whenever the screen blanks. 

This image sends LoRa. Credit: TEMPEST-LoRa

According to the pre-print, a maximum transmission distance of 81.7m was achieved, and at 21.6 kbps. That’s not blazing fast, sure, but transmission out of a totally air-gapped machine even at dialup speeds is impressive. Code is on the GitHub under an MIT license, though [Xieyang Sun] and the team are white hats, so they point out that it’s provided for academic use. There is a demo video, but as it is on bilbili we don’t have an easy way to embed it. The work has been accepted to the ACM Conference on Computer and Communications Security (2025), so if you’re at the event in Taiwan be sure to check it out. 

We’ve seen similar hacks before, like this one that uses an ethernet cable as an antenna. Getting away from RF, others have used fan noise, or even the once-ubiquitous HDD light. (And here we thought casemakers were just cheaping out when they left those off– no, it’s security!)

Thanks to [Xieyang Sun] for the tip! We’ll be checking the tips line for word from you, just as soon as we finish wrapping ferrites around all our cables.

Crowdsourcing SIGINT: Ham Radio At War

I often ask people: What’s the most important thing you need to have a successful fishing trip? I get a lot of different answers about bait, equipment, and boats. Some people tell me beer. But the best answer, in my opinion, is fish. Without fish, you are sure to come home empty-handed.

On a recent visit to Bletchley Park, I thought about this and how it relates to World War II codebreaking. All the computers and smart people in the world won’t help you decode messages if you don’t already have the messages. So while Alan Turing and the codebreakers at Bletchley are well-known, at least in our circles, fewer people know about Arkley View.

The problem was apparent to the British. The Axis powers were sending lots of radio traffic. It would take a literal army of radio operators to record it all. Colonel Adrian Simpson sent a report to the director of MI5 in 1938 explaining that the three listening stations were not enough. The proposal was to build a network of volunteers to handle radio traffic interception.

That was the start of the Radio Security Service (RSS), which started operating out of some unused cells at a prison in London. The volunteers? Experienced ham radio operators who used their own equipment, at first, with the particular goal of intercepting transmissions from enemy agents on home soil.

At the start of the war, ham operators had their transmitters impounded. However, they still had their receivers and, of course, could all read Morse code. Further, they were probably accustomed to pulling out Morse code messages under challenging radio conditions.

Over time, this volunteer army of hams would swell to about 1,500 members. The RSS also supplied some radio gear to help in the task. MI5 checked each potential member, and the local police would visit to ensure the applicant was trustworthy. Keep in mind that radio intercepts were also done by servicemen and women (especially women) although many of them were engaged in reporting on voice communication or military communications.

Continue reading “Crowdsourcing SIGINT: Ham Radio At War”

SkyRoof, A New Satellite Tracker For Hams

Communicating with space-based ham radio satellites might sound like it’s something that takes a lot of money, but in reality it’s one of the more accessible aspects of the hobby. Generally all that’s needed is a five-watt handheld transceiver and a directional antenna. Like most things in the ham radio world, though, it takes a certain amount of skill which can’t be easily purchased. Most hams using satellites like these will rely on some software to help track them, which is where this new program from [Alex Shovkoplyas] comes in.

The open source application is called SkyRoof and provides a number of layers of information about satellites aggregated into a single information feed. A waterfall diagram is central to the display, with not only the satellite communications shown on the plot but information about the satellites themselves. From there the user can choose between a number of other layers of information about the satellites including their current paths, future path prediction, and a few different ways of displaying all of this information. The software also interfaces with radios via CAT control, and can even automatically correct for the Doppler shift that is so often found in satellite radio communications.

For any ham actively engaged in satellite tracking or space-based repeater communications, this tool is certainly worth trying out. Unfortunately, it’s only available for Windows currently. For those not looking to operate under Microsoft’s thumb, projects such as DragonOS do a good job of collecting up the must-have Linux programs for hams and other radio enthusiasts.

The one-tube radio setup, in front of a PC monitor

Single Tube SDR Is A Delightful Mix Of Old And New

Software Defined Radio (SDR) is the big thing these days, and why not? A single computer can get rid of a room full of boat anchors, and give you better signal discrimination than all but the best kit. Any SDR project needs an RF receiver, and in this project [mircemk] used a single 6J1 vaccum tube to produce an SSB SDR that combines the best of old and new. 

Single-tube radios are a classic hack, and where a lot of hams got started back in the day, but there is a reason more complicated circuits tend to be used. On the other hand, if you can throw a PC worth of signal processing at the output, it looks like you can get a very sensitive and selective single-sideband (SSB) receiver. 

The 6J1 tube is convenient, since it can run on only 6 V (or down to 3.7 as [mircemk] demonstrates). Here it is used as a mixer, with the oscillator signal injected via the screen grid. Aside from that, the simple circuit consists of a receiving coil, a few resistors and a variable capacitor. How well does it work? Quite well, when paired with a PC; you can judge for yourself in the video embedded below.

We’ve featured a lot of [mircemk]’s projects over the years, like this handsome OLED VU meter, or this frequency analyzer with a VFD  and even a virtual pinball cabinet made from scraps, among many others.

Continue reading “Single Tube SDR Is A Delightful Mix Of Old And New”

The Pluto software-defined radio is placed on a desk, connected by three RF cables to an RF bridge circuit board. The RF bridge has a prominent ballon taking up most of its area.

Turning The Pluto SDR Into A Network Analyzer

Usually when we see a project using a software-defined radio (SDR), the SDR’s inputs and outputs are connected to antennae, but [FromConceptToCircuit]’s project connected an ADALM-Pluto SDR to an RF bridge and a few passive components to make a surprisingly effective network analyzer (part two of the video).

The network analyzer measures two properties of the circuit to which it is connected: return loss (S11) and insertion gain or loss (S21). To measure S21, the SDR feeds a series of tones to the device under test, and reads the device’s output from one of the SDR’s inputs. By comparing the amplitude of the input to the device’s output, a Python program can calculate S21 over the range of tested frequencies. To find S11, [FromConceptToCircuit] put an RF bridge in line with the device being tested and connected the bridge’s output to the SDR’s second input. This allowed the program to calculate the device’s impedance, and from that S11. Continue reading “Turning The Pluto SDR Into A Network Analyzer”

Intercepting And Decoding Bluetooth Low Energy Data For Victron Devices

[ChrisJ7903] has created two Ardiuno programs for reading Victron solar controller telemetry data advertised via BLE. If you’re interested in what it takes to use an ESP32 to sniff Bluetooth Low Energy (BLE) transmissions, this is a master class.

The code is split into two main programs. One program is for the Victron battery monitor and the other is for any Victron solar controller. The software will receive, dissect, decrypt, decode, and report the data periodically broadcast from the devices over BLE.

The BLE data is transmitted in Link-Layer Protocol Data Units (PDUs) which are colloquially called “packets”. In this particular case the BLE functionality for advertising, also known as broadcasting, is used which means the overhead of establishing connections can be avoided thereby saving power.

Continue reading “Intercepting And Decoding Bluetooth Low Energy Data For Victron Devices”

Field Testing An Antenna, Using A Field

The ARRL used to have a requirement that any antenna advertised in their publications had to have real-world measurements accompanying it, to back up any claims of extravagant performance. I’m told that nowadays they will accept computer simulations instead, but it remains true that knowing what your antenna does rather than just thinking you know what it does gives you an advantage. I was reminded of this by a recent write-up in which the performance of a mylar sheet as a ground plane was tested at full power with a field strength meter, because about a decade ago I set out to characterise an antenna using real-world measurements and readily available equipment. I was in a sense field testing it, so of course the first step of the process was to find a field. A real one, with cows. Continue reading “Field Testing An Antenna, Using A Field”