HackRF

30 Articles

2023 Cyberdeck Contest: Cyberdeck Red Is Ready For Action

August 17, 2023 by 8 Comments

What exactly constitutes a cyberdeck is up for debate, but for us, one thing is clear: A cyberdeck needs to look like it’s ready to go to battle. When the machines finally rise up and try to wipe us all out, someone toting around a machine like Cyberdeck Red is probably going to be a sight for sore eyes; clearly, such a person would be equipped to help us fight back the robotic scourge.

If this cyberdeck looks familiar, it’s for a good reason — it’s [Gabriel]’s second stab at this build. We thought the original was pretty keen, enough so that it won second prize in the 2022 contest. But like many cyberdeck builders, good enough isn’t good enough, and so rather than rest on his laurels, he set about improving a few things. The most visible of the changes are the spiffy new case, which is far less utilitarian than version one, and the new custom-made split keyboard. Things are a little different under the hood too; gone is the Raspberry Pi 4, which was replaced by Latte Panda 3 Delta running Windows. And like the original, version two is absolutely stuffed with sensors and diagnostic gear — a Hack RF SDR for radio work, plus an Analog Discovery 2 which provides everything from an oscilloscope and signal generator to a spectrum analyzer and an impedance tester.

But possibly the most useful feature of Cyberdeck Red is the onboard HDMI projector. The palm-sized, short-throw projector would be perfect for an impromptu combat briefing in an improvised command post, or just watching Netflix. If the machines will allow it, of course.

The 2023 Cyberdeck Contest wraps up August 15, so it looks like [Gabriel] just squeaked this one in on time. We wish him and all the other entrants the best of luck!

Using An Old Satellite To See The Earth In A New Light

July 8, 2023 by 6 Comments

Snooping in on satellites is getting to be quite popular, enough so that the number of people advancing the state of the art — not to mention the wealth of satellites transmitting signals in the clear — has almost made the hobby too easy. An SDR, a homebrew antenna, and some off-the-shelf software, and you too can see weather satellite images on your screen in real time.

But where’s the challenge? That seems to be the question [dereksgc] asked and answered by tapping into S-band telemetry from an obsolete satellite. Most satellite hunters focus on downlinks in the L-band or even the VHF portion of the spectrum, which are within easy reach of most RTL-SDR dongles. However, the Coriolis satellite, which was launched in 2003, has a downlink firmly in the S-band, which at 2.2-GHz puts it just outside the high end of an RTL-SDR. To work around this, [dereksgc] bought a knock-off HackRF SDR and couple it with a wideband low-noise amplifier (LNA) of his own design. The dish antenna is also homebrewed from a used 1.8-m dish and a custom helical antenna for the right-hand circular polarized downlink signal.

As the video below shows, receiving downlink signals from Coriolis with the rig wasn’t all that difficult. Even with manually steering the dish, [dereksgc] was able to record a couple of decent passes with SDR#. Making sense of the data from WINDSAT, a passive microwave polarimetric radiometer that’s the main instrument that’s still working on the satellite, was another matter. Decoded with SatDump and massaged with Gimp, the microwave images of Europe are at least recognizable, mostly due to Italy’s distinctive shape.

Despite the distortion, seeing the planet’s surface via the microwaves emitted by water vapor is still pretty cool. If more traditional weather satellite images are what you’re looking for, those are pretty cool too.

Continue reading “Using An Old Satellite To See The Earth In A New Light”

LoRa Goes To The Moon

May 3, 2023 by 12 Comments

LoRa is a communications method that allows for long range radio contacts to be made using typically low-powered devices. This shouldn’t be surprising given that LoRa is short for “long range” which typically involves distances on the order of a few kilometers. However, a group of students are taking the “long range” moniker to the extreme by attempting to send and receive a signal with a total path of around 768,000 kilometers by using some specialized equipment to bounce a LoRa signal off of the moon and receive it back on Earth.

Earth-Moon-Earth (EME) communications are typically done by amateur radio operators as a hobby, since the development of communications satellites largely rendered other uses of this communication pathway obsolete. A directional antenna and a signal typically on the order of 1 kW are often used to compensate for the extremely high path losses. Using LoRa, which makes use of chirp spread spectrum modulation, they hope to reduce this power requirement significantly. The signals are being generated and received on a set of HackRF One devices fed into a series of amplifiers, and the team is also employing a set of large dish antennas, one in New Jersey and another in Alaska, to send and receive the messages.

The software used is the open-source SDRAngel which is useful for controlling the HackRF and moving the LoRa signal up to 1296 MHz. Normally LoRa is operated on an unlicensed band, but this method allows for finer control of not only frequency but also bandwidth, which helps reduce the impacts of path loss. Right now they have not yet completed their contacts with the Alaska station (partially due to that antenna being covered in snow) but we hope to hear more news in the future. In the meantime, take a look at some more traditional long-range communications using this protocol with more manageable-sized antennas.

Image courtesy of NASA, Public domain, via Wikimedia Commons

The cluster of HackRFs described in the article, boards on top of each other, plugged into two 1x4 RF power splitters that are in turn plugged into a 1x2 RF power splitter. An LNA is connected to the input of the final splitter, and a cable goes off the frame from there.

A Gang Of HackRFs Makes For A Wideband SDR

April 1, 2022 by 13 Comments

[Oleg Kutkov] decided to build a wideband SDR – for satellite communication research and monitoring, you know, the usual. He decided on a battery of HackRF boards – entire eight of them, in fact. Two 1×4 and one 1×2 RF splitters and an LNA on their combined RF input made for a good start to the project, and from there, it only got more complex.

HackRF boards can be synchronized with a separate clock source, but you can’t just pull a single clock line to all of them in a star configuration. Thus, he’s built a clock distribution and amplifier board, with 4 ns propagation delay at 1 PPS, and only 10 ns delay at 10 MHz. Then, he integrated that board with the HackRF setup, adding a case, wiring up a purpose-built cable and dealing with the reflections that occurred.

HackRF boards are USB 2.0 and able to generate a stream of data up to 320 MB/s, and there’d be no viable way to aggregate eight 2.0 links into one. To solve that, he’s used eight separate PCI-E to USB 3.0 cards, each of them with one HackRF plugged in, all connected to an AMD Ryzen 9-powered PC through PCI-E risers we typically see used for mining purposes. To tie it all together, he created a gnuradio flowgraph and patched the osmocom source block to enable the external clock synchronization mechanisms he decided to use.

Each HackRF is connected to its own PCIe USB card.

In the end, [Oleg] shows us some promising results – two DVB-S transceivers visible on the waterfall display of the spectrum capture. The work is not over here, to be clear – he’s ran into a few roadblocks. The gnuradio flowgraph doesn’t lend itself well to multi-threading, even on a Ryzen 9 machine, and [Oleg] pledged to rewrite the capture mechanisms in C++ which can be nicely allocated to separate physical CPU cores, something gnuradio is apparently not quite good at.

More importantly, the spectrum captured is not continuous, and [Oleg] questions whether it can be demodulated properly. He had to resort to frequency overlaps due to upsampling, and he’s not quite sure how to compensate for that. Overall frequency stability is also in question. However, from here, seems like most of the work towards building a wideband receiver is done!

[Oleg] is typically seen on Twitter, lately doing some heavy tinkering with Starlink – as Kyiv, the city he’s currently in, is under bombardment of Russian Armed Forces. We can only respect and appreciate the dedication. In January, we’ve covered his work on an USA-imported Tesla LTE modem replacement to fix LTE band incompatibilities in Ukraine, and his blog is a treasure trove of experiments that we are yet to properly comb through, from astrophysics and satellite work to RS485 networks and Linux driver writing.

Ethernet Cable Turned Into Antenna To Exploit Air-Gapped Computers

October 27, 2021 by 30 Comments

Good news, everyone! Security researcher [Mordechai Guri] has given us yet another reason to look askance at our computers and wonder who might be sniffing in our private doings.

This time, your suspicious gaze will settle on the lowly Ethernet cable, which he has used to exfiltrate data across an air gap. The exploit requires almost nothing in the way of fancy hardware — he used both an RTL-SDR dongle and a HackRF to receive the exfiltrated data, and didn’t exactly splurge on the receiving antenna, which was just a random chunk of wire. The attack, dubbed “LANtenna”, does require some software running on the target machine, which modulates the desired data and transmits it over the Ethernet cable using one of two methods: by toggling the speed of the network connection, or by sending raw UDP packets. Either way, an RF signal is radiated by the Ethernet cable, which was easily received and decoded over a distance of at least two meters. The bit rate is low — only a few bits per second — but that may be all a malicious actor needs to achieve their goal.

To be sure, this exploit is quite contrived, and fairly optimized for demonstration purposes. But it’s a pretty effective demonstration, but along with the previously demonstrated hard drive activity lights, power supply fans, and even networked security cameras, it adds another seemingly innocuous element to the list of potential vectors for side-channel attacks.

[via The Register]

Monitor SpaceX Rocket Launches With Software-Defined Radio

March 11, 2021 by 15 Comments

The amateur radio community has exploded with activity lately especially in the software-defined radio (SDR) area since it was found that a small inexpensive TV tuner could be wrangled to do what only expensive equipment was able to do before. One common build with these cards is monitoring air traffic, which send data about their flights out in packets over the radio and can easily be received and decoded now. It turns out another type of vehicle, SpaceX’s Falcon 9 spacecraft, reports data via radio as well and with some slightly upgraded hardware it’s possible to “listen in” to these flights in a similar way.

Reddit users [derekcz] and [Xerbot] used a HackRF module to listen in to the Falcon 9’s data transmissions during its latest launch. While the HackRF is a much more expensive piece of equipment compared to the RTL-SDR dongles used to listen in on aircraft, it is much more capable as well, with a range from 1 MHz to 6 GHz. Using this SDR peripheral as well as a 1.2 m repurposed satellite dish, the duo were able to intercept the radio transmissions from the in-flight rocket. From there, they were recorded with GNU Radio, converted into binary data, and then translated into text.

It seems as though the data feed included a number of different elements including time, location information, and other real-time data about the rocket’s flight. It’s a great build that demonstrates the wide appeal of software-defined radio, and if you want to get started it’s pretty easy to grab a much cheaper dongle and use it for all kinds of applications like this. Go check out [Tom Nardi]’s piece on the last seven years of RTL-SDR to get caught up to speed.

Thanks to [Adrian] for the tip!

HackRF PortaPack Firmware Spoofs All The Things

November 28, 2020 by 43 Comments

The HackRF is an exceptionally capable software defined radio (SDR) transceiver, but naturally you need to connect it to a computer to actually do anything with it. So the PortaPack was developed to turn it into a stand-alone device with the addition of a touchscreen LCD, a few buttons, and a headphone jack. With all the hardware in place, it’s just a matter of installing a firmware capable enough to do some proper RF hacking on the go.

Enter MAYHEM, an evolved fork of the original PortaPack firmware that the developers claim is the most up-to-date and feature packed version available. Without ever plugging into a computer, this firmware allows you to receive, decode, and re-transmit a dizzying number of wireless protocols. From firing off the seating pagers at a local restaurant to creating a fleet of phantom aircraft with spoofed ADS-B transponders, MAYHEM certainly seems like it lives up to the name.

[A. Petazzoni] recently put together a detailed blog post about installing and using MAYHEM on the HackRF/PortaPack, complete with a number of real-world examples that show off just a handful of possible applications for the project. Jamming cell phones, sending fake pager messages, and cloning RF remotes is just scratching the surface of what’s possible.

It’s not hard to see why some have already expressed concern about the project, but in reality, none of these capabilities are actually new. This firmware simply brings them all together in one easy-to-use package, and while there might be an argument to be made about proliferation, we all know that the responsibility to behave ethically rests on the user and not the tools.