We are used to seeing shots from TV news helicopters every day, they are part of the backdrop to life in the 21st century. But so often we hear them overlaid with studio commentary, so it’s interesting to hear that their raw audio contains telemetry. It caught the attention of [proto17], who took some audio pulled from a news helicopter video and subjected it to a thorough investigation to retrieve the data.
The write-up is at a very in-depth level, and while there’s an admission that some of the steps could have been performed more easily with ready-made tools, its point is to go through all steps at a low level. So the action largely takes place in GNU Radio, in which we see the process of identifying the signal and shifting it downwards in frequency before deducing its baud rate to retrieve its contents. The story’s not over though, because we then delve into some ASCII tricks to identify the packet frames, before finally retrieving the data itself. It still doesn’t tell you what the data contains, but it’s a fascinating process getting there nonetheless.
As we use our computers, to watch YouTube videos of trucks hitting bridges, to have a Zoom call with our mothers, or even for some of us to write Hackaday articles, we’re unknowingly sharing a lot of what we are doing with the world. The RF emissions from our monitors, keyboards, and other peripherals can be harvested and reconstructed to give a third party a view into your work, and potentially have access to all your darkest secrets. It’s a technique with origins in Government agencies that would no doubt prefer to remain anonymous, but for a while now it has been available to all through the magic of software defined radio. Now it has reached the popular GNU Radio platform, with [Federico La Rocca]’s gr-tempest package.
He describes it as a re-implementation of [Martin Marinov]’s TempestSDR, which has a reputation as not being for the faint-hearted. The current version requires GNU Radio 3.7, but he promises a 3.8-compatible version in the works. A YouTube video that we’ve placed below the break has a range of examples running, though there seems to be little information on the type of antenna employed. Perhaps a log-periodic design would be most appropriate.
Many of the SDR projects we see use a cheap USB dongle. They are great, but sometimes you want more and — especially — sometimes you want to transmit. The Analog Devices ADALM-Pluto SDR is easily available for $200 and sometimes as low as $100 and it both transmits and receives using an Analog AD9363 and a Zynq FPGA. Although you normally use the device to pipe IQ signals to a host computer, you can run SDR applications on the device itself. That requires you to dig into the Zynq tools, which is fun but a topic for another time. In this post, I’m going to show you how you can use GNU Radio to make a simple Morse code beacon in the 2m ham band.
I’ve had one on my bench for quite a while and I’ve played with it a bit. There are several ways to use it with GNU Radio and it seems to work very well. You have to hack it to get the frequency range down a bit. Sure, it might not be “to spec” once you broaden the frequency range, but it seems to work fine. Instead of working from 325 MHz to 3,800 MHz with a 20 MHz bandwidth, the hacked device transceives 70 MHz to 6,000 MHz with 56 MHz bandwidth. It is a simple hack you only have to do once. It tells the device that it has a slightly better chip onboard and our guess is the chips are the same but sorted by performance. So while the specs might be a little off, you probably won’t notice.
As a writer, I have long harboured a dream that one day an editor will buy me a top-of-the-range audio analyser, and I can set up an audio test lab and write pieces debunking the spurious claims made by audiophiles, HiFi journalists, and the high-end audio industry about the quality of their products. Does that amp really lend an incisive sibilance to the broader soundstage, and can we back that up with some measurable figures rather than purple prose?
An Audio Playground You Didn’t Know You Had
Sadly Hackaday is not an audio magazine, and if Mike bought me an Audio Precision he’d have to satisfy all the other writers’ test equipment desires too, and who knows where that would end! So there will be no Hackaday audio lab — for now. But that doesn’t mean I can’t play around with audio analysis.
Last month we carried a write-up of a Supercon talk from Kate Temkin and Michael Ossmann, in which they reminded us that we have a cracking general purpose DSP playground right under our noses; GNU Radio isn’t just for radio. Once I’d seen the talk my audio analysis horizons were opened up considerably. Maybe that audio analyser wouldn’t be mine, but I could do some of the same job with GNU Radio.
It’s important to stress at this point that anything I can do on my bench will not remotely approach the quality of a professional audio analyser. But even if I can’t measure infinitesimal differences between very high-end audio circuitry, I can still measure enough to tell a good audio product from a bad one.
For most people, a software defined radio is a device. An RTL-SDR dongle perhaps, or the HackRF that a popular multi-tool for working in the radio frequency realm. But as they explain, the SDR hardware can be considered merely as the analogue front end, being just the minimal analogue circuitry coupled with a digitiser. The real software-defined part comes — as you might expect — in the software
Kate and Mike introduce GNU Radio Companion — the graphical UI for GNU Radio — as their tool of choice and praise it’s use as a general purpose digital signal processing system whether or not that includes radio. Taking their own Great Scott Gadgets GreatFET One USB hackers toolkit peripheral as an input device they demonstrate this by analysing the output from a light sensor. Instantly they can analyse the mains frequency in a frequency-domain plot, and the pulse frequency of the LEDs. But their bag of tricks goes much deeper, exploring multiple “atypical use cases” that unlock a whole new world through creative digital signal processing (DSP).
Have you ever found yourself in a crowded restaurant on a Saturday night, holding onto one of those little gadgets that blinks and vibrates when it’s your turn to be seated? Next time, bust out the HackRF and follow along with [Tony Tiger] as he shows how it can be used to easily fire them off. Of course, there won’t actually be a table ready when you triumphantly show your blinking pager to the staff; but there’s only so much an SDR can do.
Even if you aren’t looking to jump the line at your favorite dining establishment, the video that [Tony] has put together serves as an excellent practical example of using software defined radio (SDR) to examine and ultimately replicate a wireless communications protocol. The same techniques demonstrated here could be applied to any number of devices out in the wild with little to no modification. Granted these “restaurant pagers” aren’t exactly high security devices to begin with, but you’d be horrified surprised how many other devices out there take a similarly cavalier attitude towards security.
[Tony] starts by using inspectrum to examine the Frequency-shift keying (FSK) modulation used by the 467.750 Mhz devices, and from there, uses Universal Radio Hacker to capture the actual binary data being sent over the air. Between studying the transmissions and the information he found online, he was eventually able to piece together the packet structure used by the restaurant’s base station.
Finally, he wrote a Python script which generates packets based on which pager he wants to set off. If he’s feeling particularly mischievous, he can even set them all off at once. The script outputs a binary file which is then loaded into GNU Radio for transmission via the HackRF. [Tony] says he’s not quite ready to release his script yet, but he gives enough information in the video that the intrepid hacker could probably get their own version up and running by the time he gets it posted up to GitHub anyway.
There were plenty of great talks at this year’s Supercon, but we really liked the title of Dominic Spill’s talk: Ridiculous Radios. Let’s face it, it is one thing to make a radio or a computer or a drone the way you are supposed to. It is another thing altogether to make one out of things you shouldn’t be using. That’s [Dominic’s] approach. In a quick 30 minutes, he shows you two receivers and two transmitters. What makes them ridiculous? Consider one of the receivers. It is a software defined radio (SDR). How many bits should an SDR have? How about one bit? Ridiculous? Then you are getting the idea.
Dominic is pretty adept at taking a normal microcontroller and bending it to do strange RF things and the results are really entertaining. The breadboard SDR, for example, is a microcontroller with three components: an antenna, a diode, and a resistor. That’s it. If you missed the talk at Supercon, you can see the newly published video below, along with more highlights from Dominic’s talk.