Virtual Software Defined Radio

Software defined radio or SDR has changed the radio landscape forever. But to use one you need to buy some kind of hardware right? Maybe not. As [Tech Minds] shows in a recent video there are plenty of SDRs publically available on the Internet. We know that isn’t news, but the video does cover several different methods of finding and using SDR receivers including many that run totally in the browser.

Of course, there are a lot of reasons you might want to borrow an alien radio receiver, even if you have your own hardware. Maybe you don’t have a great antenna or maybe you want to hear a signal — maybe even your own — from a different location.

Continue reading “Virtual Software Defined Radio”

Lightning Analysis With Your SDR

Perhaps it’s just one of those things adults dream up to entertain their children, but were you ever told to count slowly the time between seeing a lightning flash and hearing the rumble of thunder? The idea was that the count would tell you how far away the storm was, but from a grown-up perspective the calibration accuracy of a child saying “one… two…three…” in miles seems highly suspect. It’s a valid technique though, and it can be used to monitor thunderstorms by the radio emissions created through the electrical discharge. It’s an area the SAGE project has been working in, and they’ve posted some details including a fascinating run-down of the software techniques , on how lightning can be detected with an RTL-SDR.

A lightning strike produces a characteristic wideband burst that shows up in the time domain as a maximum point that can easily be detected but could also be confused with radio interference from another source. Thus after identifying maxima they zoom in and perform a Fourier transform to spot the wideband burst. It’s all done in Python, and the pleasant surprise is how straightforward to understand it all is.

SAGE are working on a distributed sensor network, so we hope this work might one day give us real-time open lightning data. The FFT approach should ensure that it won’t be fooled by false positives as a traditional detector might be.

Via RTL-SDR.com.

Hackaday Links: July 26, 2020

An Australian teen is in hot water after he allegedly exposed sensitive medical information concerning COVID-19 patients being treated in a local hospital. While the authorities in Western Australia were quick to paint the unidentified teen as a malicious, balaclava-wearing hacker spending his idle days cracking into secure systems, a narrative local media were all too willing to parrot, reading down past the breathless headlines reveals the truth: the teen set up an SDR to receive unencrypted POCSAG pager data from a hospital, and built a web page to display it all in real-time. We’ve covered the use of unsecured pager networks in the medical profession before; this is a well-known problem that should not exactly take any infosec pros by surprise. Apparently authorities just hoped that nobody would spend $20 on an SDR and an afternoon putting it all together rather than address the real problem, and when found out they shifted the blame onto the kid.

Speaking of RF hacking, even though the 2020 HOPE Conference is going virtual, they’ll still be holding the RF Hacking Village. It’s not clear from the schedule how exactly that will happen; perhaps like this year’s GNU Radio Conference CTF Challenge, they’ll be distributing audio files for participants to decode. If someone attends HOPE, which starts this weekend, we’d love to hear a report on how the RF Village — and the Lockpicking Village and all the other attractions — are organized. Here’s hoping it’s as cool as DEFCON Safe Mode’s cassette tape mystery.

It looks like the Raspberry Pi family is about to get a big performance boost, with Eben Upton’s announcement that the upcoming Pi Compute Module 4 will hopefully support NVMe storage. The non-volatile memory express spec will allow speedy access to storage and make the many hacks Pi users use to increase access speed unnecessary. While the Compute Modules are targeted at embedded system designers, Upton also hinted that NVMe support might make it into the mainstream Pi line with a future Pi 4A.

Campfires on the sun? It sounds strange, but that’s what solar scientists are calling the bright spots revealed on our star’s surface by the newly commissioned ESA/NASA Solar Orbiter satellite. The orbiter recently returned its first images of the sun, which are extreme closeups of the roiling surface. They didn’t expect the first images, which are normally used to calibrate instruments and make sure everything is working, to reveal something new, but the (relatively) tiny bright spots are thought to be smaller versions of the larger solar flares we observe from Earth. There are some fascinating images coming back from the orbiter, and they’re well worth checking out.

And finally, although it’s an old article and has nothing to do with hacking, we stumbled upon Tim Urban’s look at the mathematics of human relations and found it fascinating enough to share. The gist is that everyone on the planet is related, and most of us are a lot more inbred than we would like to think, thanks to the exponential growth of everyone’s tree of ancestors. For example, you have 128 great-great-great-great-great-grandparents, who were probably alive in the early 1800s. That pool doubles in size with every generation you go back, until we eventually — sometime in the 1600s — have a pool of ancestors that exceeds the population of the planet at the time. This means that somewhere along the way, someone in your family tree was hanging out with someone else from a very nearby branch of the same tree. That union, likely between first or second cousins, produced the line that led to you. This is called pedigree collapse and it results in the pool of ancestors being greatly trimmed thanks to sharing grandparents. So the next time someone tells you they’re descended from 16th-century royalty, you can just tell them, “Oh yeah? Me too!” Probably.

Stop Bad Laws Before They Start

With everything else going on this summer, you might be forgiven for not keeping abreast of new proposed regulatory frameworks, but if you’re interested in software-defined radio (SDR) or even reflashing your WiFi router, you should. Right now, there’s a proposal to essentially prevent you from flashing your own firmware/software to any product with a radio in it before the European Commission. This obviously matters to Europeans, but because manufacturers often build hardware to the strictest global requirements, it may impact everyone. What counts as radio equipment? Everything from WiFi routers to wearables, SDR dongles to shortwave radios.

The idea is to prevent rogue reconfigurable radios from talking over each other, and prevent consumers from bricking their routers and radios. Before SDR was the norm, and firmware was king, it was easy for regulators to test some hardware and make sure that it’s compliant, but now that anyone can re-flash firmware, how can they be sure that a radio is conformant? Prevent the user from running their own firmware, naturally. It’s pretty hard for Hackaday to get behind that approach.

The impact assessment sounds more like advertising copy for the proposed ruling than an honest assessment, but you should give it a read because it lets you know where the commission is coming from. Reassuring is that they mention open-source software development explicitly as a good to be preserved, but their “likely social impacts” include “increased security and safety” and they conclude that there are no negative environmental impacts. What do you do when the manufacturer no longer wants to support the device? I have plenty of gear that’s no longer supported by firmware updates that is both more secure and simply not in the landfill because of open-source firmware.

Similarly, “the increased capacity of the EU to autonomously secure its products is also likely to help the citizens to better protect their information-related rights” is from a bizarro world where you can trust Xiaomi’s home-automation firmware to not phone home, but can’t trust an open-source replacement.

Public comment is still open, and isn’t limited to European citizens. As mentioned above, it might affect you even if you’re not in the EU, so feel free to make your voice heard. You have until September, and you’ll be in some great company if you register your complaints. Indeed, reading through the public comments is quite heartening: Universities, researchers, and hackers alike have brought up reasons to steer clear of the proposed approach. We hope that the commission hears us.

Exposing Computer Monitor Side-Channel Vulnerabilities With TempestSDR

Having been endlessly regaled with tales of side-channel attacks and remote exploits, most of us by now realize that almost every piece of gear leaks data like a sieve. Everything from routers to TVs to the power supplies and cooling fans of computers can be made to give up their secrets. It’s scary stuff, but it also sounds like a heck of a lot of fun, and with an SDR and a little software, you too can get in on the side-channel action.

Coming to us via software-defined radio buff [Tech Minds], the video below gives a quick tour of how to snoop in on what’s being displayed on a monitor for almost no effort or expense. The software that makes it possible is TempestSDR, which was designed specifically for the job. With nothing but an AirSpy Mini and a rubber duck antenna, [Tech Minds] was able to reconstruct a readable black and white image of his screen at a range of a few inches; a better antenna and some fiddling might improve that range to several meters. He also shares a trick for getting TempestSDR set up for all the popular SDRs, including SPRplay, HackRF, and RTL-SDR.

Learning what’s possible with side-channel attacks is the key to avoiding them, so hats off to [Tech Minds] for putting together this simple, easy-to-replicate demo. To learn even more, listen to what [Samy Kamkar] has to say about the subject, or check out where power supplies, cryptocurrency wallets, and mixed-signal microcontrollers are all vulnerable.

Continue reading “Exposing Computer Monitor Side-Channel Vulnerabilities With TempestSDR”

Software Defined Radio Academy Goes Virtual

They say every cloud has a silver lining. It’s hard to find a positive among all the bad news about the current global pandemic, but it has pushed more conferences and events to allow online participation either live or after the fact. A case in point: The Software Defined Radio Academy’s annual event is all on a YouTube channel so you can attend virtually.

Not all the videos are there yet, but the keynote along with some very technical talks about techniques ranging from FPGAs to spectrum monitoring and spectral correlation density — you can see that video, below. We presume you’ll eventually be able to watch all the presentations listed in the program.

Continue reading “Software Defined Radio Academy Goes Virtual”

Number Crunching GPS For The DIYer

Many of us have had cause to add GPS to a project, whether it’s because we need an accurate timebase or just want to know where the bloody thing is. Normally, this consists of plugging in a cheap module and making sure the antenna has a good view of the sky. [Mike] wanted to dig deeper, however, and figure out just what goes into decoding a GPS signal and calculating a location fix.

[Mike]’s investigation combined several avenues of investigation. In terms of decoding live radio signals, he selected a KiwiSDR software defined radio. Combined with a Digilent Nexys 2 FPGA, it was now possible to get live data off the air and into the PC quickly for decoding. In concert with this, [Mike] used a sample of raw GPS data captured in Nottingham, UK in order to test his code. After much experimentation, [Mike] was able to get the data decoded with 700 lines of C code. Decoding three minutes worth of data took all night, but further development allowed things to be sped up over 200 times. For the curious, the code is up on Github to convert raw ADC samples into actual location fixes.

Armed with the wealth of resources online and the right hardware, [Mike] was sucessfully able to achieve his goal, and figure out just precisely where his house is, to boot. As a bonus, the whole project was inspired by a similar project posted in these very pages back in 2013! If you’re working on your own satellite-based projects, be sure to drop us a line.