Art Eavesdrops on Life and Pagers

Before cell phones, pagers were the way to communicate on the go. At first, they were almost a status symbol. Eventually, they became the mark of someone who couldn’t or wouldn’t carry a cell phone. However, apparently, there are still some users that clutch their pagers with a death grip, including medical professionals. In an art project called HolyPager, [Brannon Dorsey] intercepted all the pager messages in a city and printed them on a few old-style roll printers. The results were a little surprising. You can check out the video below.

Almost all the pages were medical and many of them had sensitive information. From a technical standpoint, [Brannon’s] page doesn’t shed much light, but an article about the project says that it and other art projects that show the hidden world or radio waves are using our old friend the RTL-SDR dongle.

Pagers use a protocol — POCSAG — that predates our modern (and well-founded) obsession with privacy and security. That isn’t surprising although the idea that private medical data is flying through the air like this is. Decoding POCSAG isn’t hard. GNU Radio, for example, can easily handle the task.

We’ve looked at pager hacking in the past. You can even run your own pager network, but don’t blame us if you get fined.

Continue reading “Art Eavesdrops on Life and Pagers”

Tiny Transmitter Tracks Targets

It is a staple of spy movies. The hero — or sometimes the bad guy — sticks a device never any bigger than an Alka Seltzer to a vehicle or a person and then tracks it anywhere it goes in the world. Real world physics makes it hard to imagine a device like that for a lot of reasons. Tiny power supplies mean tiny lifetime and low power. Tiny antennas and low power probably add up to short range. However, [Tom’s] project maybe as close as you can get to a James Bond-style tracker. You can see a video of the device, below.

The little transmitter is smaller than a thumbnail — not counting the antenna and the battery — and draws very little current (180 uA). As you might expect, the range is not great, but [Tom] says with a Yagi and an RTL-SDR he can track the transmitter on 915 MHz for about 400 meters.

Continue reading “Tiny Transmitter Tracks Targets”

Read Home Power Meters With RTL-SDR

[k-roy] hates electricity. Especially the kind that can be lethal if you’re not careful. Annoyed by the constant advertisements for the popular Sense Home Energy monitors (which must be installed in the main breaker box by an electrician), [k-roy] set out to find a cheaper and easier way. He wondered how the power company monitored his meter, and guessed correctly that it must be transmitting the information wirelessly. Maybe he could just listen in?

Using a cheap RTL-SDR, it didn’t take long for [k-roy] to tap into this transmission and stumbled across the power readings for his entire neighborhood using a simple command:

~/gocode/bin/rtlamr -msgtype=idm --format=json -msgtype=scm+

Ironically, the hardest part wasn’t snooping on everyone’s power and water usage patterns in the neighborhood, it was trying to figure out which meter was his. In the end, he was able to make some nice graphical layouts of the data with PHP.

We’ve seen some righteous power meter hacks in our time, but this one stands out for its simplicity and elegance. Be sure to check out [k-roy’s] blog for more details, and [rtlamr’s] github for the program used to read the meters.

Thanks to [Jasper J] for the tip!

Grabbing Weather and Traffic Overlays from iHeartRadio

When the older of us think of radio, we think of dialing in an FM or AM station.  Giant broadcast towers strewn throughout the countryside radiated electromagnetic waves modulated with music, talk and sports across our great land. Youngsters out there might be surprised that such primitive technology still exists. Though the static of an untuned AM receiver might be equivalent to the dial tone of a 56K modem, it’s still a major part of our society.

Like all technology, radio has transitioned to faster and better ways of sending information. Today we have digital radio stations – one of the most popular being iHeartRadio. And because it’s digital, it can also send along info other than audio, such as weather and traffic information.

The guys over at [KYDronePilot] have made use of this to display real-time weather and traffic maps with an SDR and a little Python. They’re new to Python, so be sure to check out their GitHub, grab a copy of the code, and let them know if you see room for improvement.

This hack is based on recent work decoding the digital data, which is worth checking out if you’re interested in SDR, DSP, or any other radio-related acronyms.

Neural Network Learns SDR Ham Radio

Identifying ham radio signals used to be easy. Beeps were Morse code, voice was AM unless it sounded like Donald Duck in which case it was sideband. But there are dozens of modes in common use now including TV, digital data, digital voice, FM, and more coming on line every day. [Randaller] used CUDA to build a neural network that could interface with an RTL-SDR dongle and can classify the signals it hears. Since it is a neural network, it isn’t so much programmed to do it as it is trained. The proof of concept has training to distinguish FM, SECAM, and tetra. However, you can train it to recognize other modulation schemes if you want to invest the time into it.

Continue reading “Neural Network Learns SDR Ham Radio”

Slinky Walks Down Stairs and Picks up 80m Band

Originally intended as a way to stabilize sensitive instruments on ships during World War II, the Slinky is quite simply a helical spring with an unusually good sales pitch. But as millions of children have found out since the 1940’s, once you roll your Slinky down the stairs a few times, you’ve basically hit the wall in terms of entertainment value. So what if we told you there was yet another use for this classic toy that was also fun for a girl and a boy?

As it turns out, a cheap expandable metal coil just so happens to make for a pretty good antenna if you hook it up right. [Blake Hughes] recently took on this project and provided some detailed pictures and information for anyone else looking to hook a couple of Slinkies to their radio. [Blake] reports excellent results when paired to his RTL-SDR setup, but of course this will work with whatever kind of gear you might be using at these frequencies.

Before anyone gets out the pitchforks, admittedly this isn’t exactly a new idea. There are a few other write-ups online about people using a Slinky as a cheap antenna, such as this detailed analysis from a few years ago by [Frank Dörenberg]. There’s even rumors that soldiers used a Slinky from back home as a makeshift antenna during the Vietnam War. So this is something of an old school ham trick revived for the new generation of SDR enthusiasts.

Anyway, the setup is pretty simple. You simply solder the RF jack of your choice to two stretched out Slinkies: one to the center of the jack and one to outside. Then run a rope through them and stretch them out in opposite directions. The rope is required because the Slinky isn’t going to be strong enough when expanded to keep from laying on the ground.

One thing to keep in mind with a Slinky antenna is that these things are not exactly rated for outside use. Without some kind of treatment (like a spray on acrylic lacquer) , they’ll quickly corrode and fail. Though a better idea might simply to be to think of this as a temporary antenna that you put away when you’re done with. Thanks to the fact that the Slinky doesn’t get deformed even when stretching it out to maximum length, that’s relatively easy to accomplish.

If you’re looking for a good RTL-SDR to go along with your new Slinky antenna, check out this roundup of some of the options that are on the market as of 2017. You’ll probably need an upconverter to get down to the 80m band, so you might as well build that while you’re at it.

A TEMPEST in a Dongle

If a couple of generations of spy movies have taught us anything, it’s that secret agents get the best toys. And although it may not be as cool as a radar-equipped Aston Martin or a wire-flying rig for impossible vault heists, this DIY TEMPEST system lets you snoop on computers using secondary RF emissions.

If the term TEMPEST sounds familiar, it’s because we’ve covered it before. [Elliot Williams] gave an introduction to the many modalities that fall under the TEMPEST umbrella, the US National Security Agency’s catch-all codename for bridging air gaps by monitoring the unintended RF, light, or even audio emissions of computers. And more recently, [Brian Benchoff] discussed a TEMPEST hack that avoided the need for thousands of dollars of RF gear, reducing the rig down to an SDR dongle and a simple antenna. There’s even an app for that now: TempestSDR, a multiplatform Java app that lets you screen scrape a monitor based on its RF signature. Trouble is, getting the app running on Windows machines has been a challenge, but reader [flatfishfly] solved some of the major problems and kindly shared the magic. The video below shows TempestSDR results; it’s clear that high-contrast images at easiest to snoop on, but it shows that a $20 dongle and some open-source software can bridge an air gap. Makes you wonder what’s possible with deeper pockets.

RF sniffing is only one of many ways to exfiltrate data from an air-gapped system. From power cords to security cameras, there seems to be no end to the ways to breach systems.

Continue reading “A TEMPEST in a Dongle”