Read Home Power Meters With RTL-SDR

[k-roy] hates electricity. Especially the kind that can be lethal if you’re not careful. Annoyed by the constant advertisements for the popular Sense Home Energy monitors (which must be installed in the main breaker box by an electrician), [k-roy] set out to find a cheaper and easier way. He wondered how the power company monitored his meter, and guessed correctly that it must be transmitting the information wirelessly. Maybe he could just listen in?

Using a cheap RTL-SDR, it didn’t take long for [k-roy] to tap into this transmission and stumbled across the power readings for his entire neighborhood using a simple command:

~/gocode/bin/rtlamr -msgtype=idm --format=json -msgtype=scm+

Ironically, the hardest part wasn’t snooping on everyone’s power and water usage patterns in the neighborhood, it was trying to figure out which meter was his. In the end, he was able to make some nice graphical layouts of the data with PHP.

We’ve seen some righteous power meter hacks in our time, but this one stands out for its simplicity and elegance. Be sure to check out [k-roy’s] blog for more details, and [rtlamr’s] github for the program used to read the meters.

Thanks to [Jasper J] for the tip!

Grabbing Weather And Traffic Overlays From IHeartRadio

When the older of us think of radio, we think of dialing in an FM or AM station.  Giant broadcast towers strewn throughout the countryside radiated electromagnetic waves modulated with music, talk and sports across our great land. Youngsters out there might be surprised that such primitive technology still exists. Though the static of an untuned AM receiver might be equivalent to the dial tone of a 56K modem, it’s still a major part of our society.

Like all technology, radio has transitioned to faster and better ways of sending information. Today we have digital radio stations – one of the most popular being iHeartRadio. And because it’s digital, it can also send along info other than audio, such as weather and traffic information.

The guys over at [KYDronePilot] have made use of this to display real-time weather and traffic maps with an SDR and a little Python. They’re new to Python, so be sure to check out their GitHub, grab a copy of the code, and let them know if you see room for improvement.

This hack is based on recent work decoding the digital data, which is worth checking out if you’re interested in SDR, DSP, or any other radio-related acronyms.

Neural Network Learns SDR Ham Radio

Identifying ham radio signals used to be easy. Beeps were Morse code, voice was AM unless it sounded like Donald Duck in which case it was sideband. But there are dozens of modes in common use now including TV, digital data, digital voice, FM, and more coming on line every day. [Randaller] used CUDA to build a neural network that could interface with an RTL-SDR dongle and can classify the signals it hears. Since it is a neural network, it isn’t so much programmed to do it as it is trained. The proof of concept has training to distinguish FM, SECAM, and tetra. However, you can train it to recognize other modulation schemes if you want to invest the time into it.

Continue reading “Neural Network Learns SDR Ham Radio”

Slinky Walks Down Stairs And Picks Up 80m Band

Originally intended as a way to stabilize sensitive instruments on ships during World War II, the Slinky is quite simply a helical spring with an unusually good sales pitch. But as millions of children have found out since the 1940’s, once you roll your Slinky down the stairs a few times, you’ve basically hit the wall in terms of entertainment value. So what if we told you there was yet another use for this classic toy that was also fun for a girl and a boy?

As it turns out, a cheap expandable metal coil just so happens to make for a pretty good antenna if you hook it up right. [Blake Hughes] recently took on this project and provided some detailed pictures and information for anyone else looking to hook a couple of Slinkies to their radio. [Blake] reports excellent results when paired to his RTL-SDR setup, but of course this will work with whatever kind of gear you might be using at these frequencies.

Before anyone gets out the pitchforks, admittedly this isn’t exactly a new idea. There are a few other write-ups online about people using a Slinky as a cheap antenna, such as this detailed analysis from a few years ago by [Frank Dörenberg]. There’s even rumors that soldiers used a Slinky from back home as a makeshift antenna during the Vietnam War. So this is something of an old school ham trick revived for the new generation of SDR enthusiasts.

Anyway, the setup is pretty simple. You simply solder the RF jack of your choice to two stretched out Slinkies: one to the center of the jack and one to outside. Then run a rope through them and stretch them out in opposite directions. The rope is required because the Slinky isn’t going to be strong enough when expanded to keep from laying on the ground.

One thing to keep in mind with a Slinky antenna is that these things are not exactly rated for outside use. Without some kind of treatment (like a spray on acrylic lacquer) , they’ll quickly corrode and fail. Though a better idea might simply to be to think of this as a temporary antenna that you put away when you’re done with. Thanks to the fact that the Slinky doesn’t get deformed even when stretching it out to maximum length, that’s relatively easy to accomplish.

If you’re looking for a good RTL-SDR to go along with your new Slinky antenna, check out this roundup of some of the options that are on the market as of 2017. You’ll probably need an upconverter to get down to the 80m band, so you might as well build that while you’re at it.

A TEMPEST In A Dongle

If a couple of generations of spy movies have taught us anything, it’s that secret agents get the best toys. And although it may not be as cool as a radar-equipped Aston Martin or a wire-flying rig for impossible vault heists, this DIY TEMPEST system lets you snoop on computers using secondary RF emissions.

If the term TEMPEST sounds familiar, it’s because we’ve covered it before. [Elliot Williams] gave an introduction to the many modalities that fall under the TEMPEST umbrella, the US National Security Agency’s catch-all codename for bridging air gaps by monitoring the unintended RF, light, or even audio emissions of computers. And more recently, [Brian Benchoff] discussed a TEMPEST hack that avoided the need for thousands of dollars of RF gear, reducing the rig down to an SDR dongle and a simple antenna. There’s even an app for that now: TempestSDR, a multiplatform Java app that lets you screen scrape a monitor based on its RF signature. Trouble is, getting the app running on Windows machines has been a challenge, but RTL-SDR.com reader [flatfishfly] solved some of the major problems and kindly shared the magic. The video below shows TempestSDR results; it’s clear that high-contrast images at easiest to snoop on, but it shows that a $20 dongle and some open-source software can bridge an air gap. Makes you wonder what’s possible with deeper pockets.

RF sniffing is only one of many ways to exfiltrate data from an air-gapped system. From power cords to security cameras, there seems to be no end to the ways to breach systems.

Continue reading “A TEMPEST In A Dongle”

3D Printed Helical Satcom Feed

With the advent of cheap software defined radios made popular by the RTL-SDR project a few years back, satellite communications are now within the budget of even the most modest hacker. For $20 USD you can get a USB SDR module that is more than capable of receiving signals from any number of geosynchronous satellites, but you’ll need something a little more robust than rabbit ears to pick up a signal broadcast from over 22,000 miles away.

Building a satellite-capable antenna isn’t necessarily difficult, but does involve a fair bit of arcane black magic and mathematics to do properly; something that can scare away those new to the hobby. But by using a 3D printed mandrel, [Tysonpower] has come up with a feed you can build and mount on a standard dish without having to take a crash course in antenna theory. [Tysonpower] reports the feed has a center frequency 1550 MHz, and works well for reception of Inmarsat, AERO and HRPT signals.

The channel in the 3D printed core of the feed ensures that the inserted wire is of the correct length and in the perfect position for optimal reception. All you need to do is print the core, wrap it with wire, and then solder the end to a connector on a ground-plane that’s nothing more than a sheet of aluminum. [Tysonpower] was even kind enough to model up a mount that will allow you to bolt this feed to a standard satellite dish.

We’ve previously covered using RTL-SDR to receive Inmarsat transmissions, and hardware for the Outernet project, both of which would be great applications for an antenna like this.

Continue reading “3D Printed Helical Satcom Feed”

Exploiting Weak Crypto On Car Key Fobs

[tomwimmenhove] has found a vulnerability in the cryptographic algorithm that is used by certain Subaru key fobs and he has open-sourced the software that drives this exploit. All you need to open your Subaru is a RasPi and a DVB-T dongle, so you could complain that sharing this software equates to giving out master keys to potential car thieves. On the other hand, this only works for a limited number of older models from a single manufacturer — it’s lacking in compatibility and affordability when compared to the proverbial brick.

This hack is much more useful as a case study than a brick is, however, and [tomwimmenhove]’s work points out some bad design on the manufacturer’s side and as such can help you to avoid these kind of mistakes. The problem of predictable keys got great treatment in the comments of our post about an encryption scheme for devices low in power and memory, for instance.

Those of you interested in digital signal processing may also want to take a look at his code, where he implements filtering, demodulation and decoding of the key fob’s signal. The transmission side is handled by rpitx and attacks against unencrypted communications with this kind of setup have been shown here before. There’s a lot going on here that’s much more interesting than stealing cars.

[Via Bleeping Computer]

Continue reading “Exploiting Weak Crypto On Car Key Fobs”