RF

187 Articles

Modern Radio Receiver Architecture: From Regenerative To Direct Conversion

July 17, 2020 by 5 Comments

Modern radio receivers have a distinct advantage over the common early designs which I covered in my previous article. Most of the receivers you will have worked with over the past couple decades are designs by Edwin Armstrong; regenerative, superregenerative, or most commonly superheterodyne. These are distinguished by a few fascinating key traits that bring both benefits and drawbacks.

Today let’s dive into Mr. Armstrong’s receivers. I’ll also talk about DC receivers which, despite the name, are not made to listen to batteries. These are receivers you are much more likely to encounter in modern equipment.

Regenerative and Superregenerative

The regenerative receiver is all about doing more with less. You still see some of these in simple applications like RF remote controls. The idea derives from how an oscillator works. In a simple way of thinking, an oscillator is an amplifier with enough positive feedback that any tiny signal at the right frequency will amplify and then, through feedback, continue to output over and over. If everything were perfect, then, an oscillator would have infinite gain at a given frequency.

Continue reading “Modern Radio Receiver Architecture: From Regenerative To Direct Conversion”

Exposing Computer Monitor Side-Channel Vulnerabilities With TempestSDR

July 15, 2020 by 12 Comments

Having been endlessly regaled with tales of side-channel attacks and remote exploits, most of us by now realize that almost every piece of gear leaks data like a sieve. Everything from routers to TVs to the power supplies and cooling fans of computers can be made to give up their secrets. It’s scary stuff, but it also sounds like a heck of a lot of fun, and with an SDR and a little software, you too can get in on the side-channel action.

Coming to us via software-defined radio buff [Tech Minds], the video below gives a quick tour of how to snoop in on what’s being displayed on a monitor for almost no effort or expense. The software that makes it possible is TempestSDR, which was designed specifically for the job. With nothing but an AirSpy Mini and a rubber duck antenna, [Tech Minds] was able to reconstruct a readable black and white image of his screen at a range of a few inches; a better antenna and some fiddling might improve that range to several meters. He also shares a trick for getting TempestSDR set up for all the popular SDRs, including SPRplay, HackRF, and RTL-SDR.

Learning what’s possible with side-channel attacks is the key to avoiding them, so hats off to [Tech Minds] for putting together this simple, easy-to-replicate demo. To learn even more, listen to what [Samy Kamkar] has to say about the subject, or check out where power supplies, cryptocurrency wallets, and mixed-signal microcontrollers are all vulnerable.

Continue reading “Exposing Computer Monitor Side-Channel Vulnerabilities With TempestSDR”

How Early Radio Receivers Worked

July 10, 2020 by 43 Comments

If you’ve ever built a crystal radio, there’s something magical about being able to pull voices and music from far away out of thin air. If you haven’t built one, maybe you should while there’s still something on the AM band. Of course, nowadays the equivalent might be an SDR. But barring a computer solution, there are not many ways to convert radio waves into intelligence. From a pocket radio to advanced RADAR to a satellite in orbit, receiving a radio wave is accomplished in pretty much the same way.

There are, however, many ways to modulate and demodulate that radio wave. Of course, an AM radio works differently than an FM radio. A satellite data downlink works differently, too. But the process of capturing the radio wave from the air and getting them into a form ready for further processing hasn’t changed much over the years.

In this article, I’ll talk about the most common radio receiver architectures you may have seen in years past, and next week I’ll talk about modern architectures. Either way, understanding receiver architectures will help you design new radios or troubleshoot them.

Continue reading “How Early Radio Receivers Worked”

Learning About VNAs

June 11, 2020 by 5 Comments

We live in a good time to be an electronics geek. It used to be only the richest or shrewdest among us had a really good oscilloscope, while these days it is entirely feasible to have a scope that would have cost a fortune a few decades ago, a logic analyzer, arbitrary waveform generator, and what would have once been a supercomputer and still not be in debt. One of the cooler pieces of gear for people working on RF electronics is a vector network analyzer (VNA) which used to be exotic, but now can be bought for very little. But what do you do with it? [W2AEW] has the answer.

We always look forward to a video from [W2AEW]. Even if we know about the subject he covers, we usually pick up something new or interesting. Like all of his videos, this one is intensely practical. Not a lot of drawing but plenty of scope shots and experimenting.

Continue reading “Learning About VNAs”

Portable MRI Machine Comes To The Patient

May 8, 2020 by 40 Comments

To say that the process of installing a magnetic resonance imager in a hospital is a complex task is a serious understatement. Once the approval of regulators is obtained, a process that could take years, architects and engineers have to figure out where the massive machine can be installed. An MRI suite requires a sizable electrical service to be installed, reinforced floors to handle the massive weight of the magnet, and special shielding in the walls and ceiling. And once the millions have been spent and the whole thing is up and running, there are ongoing safety concerns when working around a gigantic magnet that can suck ferromagnetic objects into it at any time.

MRI studies can reveal details of diseases and injuries that no other imaging modality can match, which justifies the massive capital investments hospitals make to obtain them. But what if MRI scanners could be miniaturized? Is there something inherent in the technology that makes them so massive and so expensive that many institutions are priced out of the market? Or has technology advanced far enough that a truly portable MRI?

It turns out that yes, an inexpensive MRI scanner is not only possible, but can be made portable enough to wheel into a patient care room. It’s not without compromise, but such a device could make a huge impact on diagnostic medicine and extend MRI technologies into places far beyond the traditional hospital setting.

Continue reading “Portable MRI Machine Comes To The Patient”

GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC

April 24, 2020 by 31 Comments

Another week, another exploit against an air-gapped computer. And this time, the attack is particularly clever and pernicious: turning a GPU into a radio transmitter.

The first part of [Mikhail Davidov] and [Baron Oldenburg]’s article is a review of some of the basics of exploring the RF emissions of computers using software-defined radio (SDR) dongles. Most readers can safely skip ahead a bit to section 9, which gets into the process they used to sniff for potentially compromising RF leaks from an air-gapped test computer. After finding a few weak signals in the gigahertz range and dismissing them as attack vectors due to their limited penetration potential, they settled in on the GPU card, a Radeon Pro WX3100, and specifically on the power management features of its ATI chipset.

With a GPU benchmarking program running, they switched the graphics card shader clock between its two lowest power settings, which produced a strong signal on the SDR waterfall at 428 MHz. They were able to receive this signal up to 50 feet (15 meters) away, perhaps to the annoyance of nearby hams as this is plunk in the middle of the 70-cm band. This is theoretically enough to exfiltrate data, but at a painfully low bitrate. So they improved the exploit by forcing the CPU driver to vary the shader clock frequency in one megahertz steps, allowing them to implement higher throughput encoding schemes. You can hear the change in signal caused by different graphics being displayed in the video below; one doesn’t need much imagination to see how malware could leverage this to exfiltrate pretty much anything on the computer.

It’s a fascinating hack, and hats off to [Davidov] and [Oldenburg] for revealing this weakness. We’ll have to throw this on the pile with all the other side-channel attacks [Samy Kamkar] covered in his 2019 Supercon talk.

Continue reading “GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC”

So. You Bought A VNA. Now What?

April 23, 2020 by 33 Comments

It’s never too late in life for new experiences, but there’s a new experience I had a few weeks ago that I wasn’t expecting. I probably received my first piece of test equipment – a multimeter –  in the early 1980s, and since then every time I’ve received a new one, whether an oscilloscope, logic analyser, spectrum analyser or signal generator, I’ve been able to figure out how to use it. I have a good idea what it does, and I can figure out whatever its interface may be to make it do what I want it to. My new experience came when I bought a piece of test equipment, and for the first time in my life didn’t have a clue how to use it.

That instrument is a Vector Network Analyser, or VNA, and it’s worth spending a while going through the basics in case anyone else is in the same position. My VNA is not a superlative piece of high-end instrumentation that cost the GDP of a small country, it’s the popular $50 NanoVNA that has a fairly modest frequency range and performance, but is still a functional VNA that can take useful measurements. But I’m a VNA newbie, what does a VNA do? Continue reading “So. You Bought A VNA. Now What?”