sdr

310 Articles

Exposing Computer Monitor Side-Channel Vulnerabilities With TempestSDR

July 15, 2020 by 12 Comments

Having been endlessly regaled with tales of side-channel attacks and remote exploits, most of us by now realize that almost every piece of gear leaks data like a sieve. Everything from routers to TVs to the power supplies and cooling fans of computers can be made to give up their secrets. It’s scary stuff, but it also sounds like a heck of a lot of fun, and with an SDR and a little software, you too can get in on the side-channel action.

Coming to us via software-defined radio buff [Tech Minds], the video below gives a quick tour of how to snoop in on what’s being displayed on a monitor for almost no effort or expense. The software that makes it possible is TempestSDR, which was designed specifically for the job. With nothing but an AirSpy Mini and a rubber duck antenna, [Tech Minds] was able to reconstruct a readable black and white image of his screen at a range of a few inches; a better antenna and some fiddling might improve that range to several meters. He also shares a trick for getting TempestSDR set up for all the popular SDRs, including SPRplay, HackRF, and RTL-SDR.

Learning what’s possible with side-channel attacks is the key to avoiding them, so hats off to [Tech Minds] for putting together this simple, easy-to-replicate demo. To learn even more, listen to what [Samy Kamkar] has to say about the subject, or check out where power supplies, cryptocurrency wallets, and mixed-signal microcontrollers are all vulnerable.

Continue reading “Exposing Computer Monitor Side-Channel Vulnerabilities With TempestSDR”

Software Defined Radio Academy Goes Virtual

July 8, 2020 by 4 Comments

They say every cloud has a silver lining. It’s hard to find a positive among all the bad news about the current global pandemic, but it has pushed more conferences and events to allow online participation either live or after the fact. A case in point: The Software Defined Radio Academy’s annual event is all on a YouTube channel so you can attend virtually.

Not all the videos are there yet, but the keynote along with some very technical talks about techniques ranging from FPGAs to spectrum monitoring and spectral correlation density — you can see that video, below. We presume you’ll eventually be able to watch all the presentations listed in the program.

Continue reading “Software Defined Radio Academy Goes Virtual”

Number Crunching GPS For The DIYer

July 2, 2020 by 10 Comments

Many of us have had cause to add GPS to a project, whether it’s because we need an accurate timebase or just want to know where the bloody thing is. Normally, this consists of plugging in a cheap module and making sure the antenna has a good view of the sky. [Mike] wanted to dig deeper, however, and figure out just what goes into decoding a GPS signal and calculating a location fix.

[Mike]’s investigation combined several avenues of investigation. In terms of decoding live radio signals, he selected a KiwiSDR software defined radio. Combined with a Digilent Nexys 2 FPGA, it was now possible to get live data off the air and into the PC quickly for decoding. In concert with this, [Mike] used a sample of raw GPS data captured in Nottingham, UK in order to test his code. After much experimentation, [Mike] was able to get the data decoded with 700 lines of C code. Decoding three minutes worth of data took all night, but further development allowed things to be sped up over 200 times. For the curious, the code is up on Github to convert raw ADC samples into actual location fixes.

Armed with the wealth of resources online and the right hardware, [Mike] was sucessfully able to achieve his goal, and figure out just precisely where his house is, to boot. As a bonus, the whole project was inspired by a similar project posted in these very pages back in 2013! If you’re working on your own satellite-based projects, be sure to drop us a line.

Receive Analog Video Radio Signals From Scratch

May 31, 2020 by 6 Comments

If you’ve been on the RTL-SDR forums lately you may have seen that a lot of work has been going into the DragonOS software. This is a software-defined radio group that has seen a lot of effort put into a purpose-built Debian-based Linux distribution that can do a lot of SDR out of the box. The latest and most exciting project coming from them involves a method for using the software to receive and demodulate analog video.

[Aaron]’s video (linked below) demonstrates using a particular piece of software called SigDigger to analyze an incoming analog video stream from a drone using a HackRF. (Of course any incoming analog signal could be used, it doesn’t need to be a drone.) The software shows the various active frequency ranges, allows a user to narrow in on one and then start demodulating it. While it has to be dialed in just right to get anything that doesn’t look like snow, [Aaron] is able to get recognizable results in just a few minutes.

Getting something like this to work completely in software is an impressive feat, especially considering that all of the software used here is free. Granted, this wouldn’t be as easy for a digital signal like most TV stations broadcast, but there’s still a lot of fun to be had. In case you missed the release of DragonOS, we covered it a few weeks ago and it’s only gotten better since then, with this project just as one example.

Continue reading “Receive Analog Video Radio Signals From Scratch”

ATMega328 SSB SDR For Ham Radio

May 27, 2020 by 23 Comments

The humble ATmega328 microcontroller, usually packaged as an Arduino Uno, is the gateway drug for millions of people into the world of electronics and embedded programming. Some people just can’t pass up the challenge of seeing how far they can push the old workhorse, and it looks like [Guido PE1NNZ] is one of those. He has managed to implement a software-defined SSB ham radio transceiver for the HF bands on the ATMega328, and it looks like the project is going places.

The radio started life as a QRP Labs QCX, a $49 single-band CW (morse code) HF transceiver kit that is already one of the cheapest ways to get on the HF bands. [Guido] reduced the part count of the radio by about 50%, implementing much of the signal processing digitally on the ATmega328. On the transmitter side, the SSB signal is generated by making slight frequency changes to a Si5351 clock generator using 800kbit/s I2C, and controlling a very efficient class-E RF power amplifier with PWM for about 5W of output power. The increased efficiency means that there is no need for the bulky heat sink usually seen on SSB radios. The radio is continuously tunable from 80m to 10m (3.5 Mhz – 30 Mhz), but it does require plugging in a different low pass filters for each band. Continue reading “ATMega328 SSB SDR For Ham Radio”

TEMPEST Comes To GNU Radio

May 14, 2020 by 10 Comments

As we use our computers, to watch YouTube videos of trucks hitting bridges, to have a Zoom call with our mothers, or even for some of us to write Hackaday articles, we’re unknowingly sharing a lot of what we are doing with the world. The RF emissions from our monitors, keyboards, and other peripherals can be harvested and reconstructed to give a third party a view into your work, and potentially have access to all your darkest secrets.  It’s a technique with origins in Government agencies that would no doubt prefer to remain anonymous, but for a while now it has been available to all through the magic of software defined radio. Now it has reached the popular GNU Radio platform, with [Federico La Rocca]’s gr-tempest package.

He describes it as a re-implementation of [Martin Marinov]’s TempestSDR, which has a reputation as not being for the faint-hearted. The current version requires GNU Radio 3.7, but he promises a 3.8-compatible version in the works. A YouTube video that we’ve placed below the break has a range of examples running, though there seems to be little information on the type of antenna employed. Perhaps a log-periodic design would be most appropriate.

Continue reading “TEMPEST Comes To GNU Radio”

GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC

April 24, 2020 by 31 Comments

Another week, another exploit against an air-gapped computer. And this time, the attack is particularly clever and pernicious: turning a GPU into a radio transmitter.

The first part of [Mikhail Davidov] and [Baron Oldenburg]’s article is a review of some of the basics of exploring the RF emissions of computers using software-defined radio (SDR) dongles. Most readers can safely skip ahead a bit to section 9, which gets into the process they used to sniff for potentially compromising RF leaks from an air-gapped test computer. After finding a few weak signals in the gigahertz range and dismissing them as attack vectors due to their limited penetration potential, they settled in on the GPU card, a Radeon Pro WX3100, and specifically on the power management features of its ATI chipset.

With a GPU benchmarking program running, they switched the graphics card shader clock between its two lowest power settings, which produced a strong signal on the SDR waterfall at 428 MHz. They were able to receive this signal up to 50 feet (15 meters) away, perhaps to the annoyance of nearby hams as this is plunk in the middle of the 70-cm band. This is theoretically enough to exfiltrate data, but at a painfully low bitrate. So they improved the exploit by forcing the CPU driver to vary the shader clock frequency in one megahertz steps, allowing them to implement higher throughput encoding schemes. You can hear the change in signal caused by different graphics being displayed in the video below; one doesn’t need much imagination to see how malware could leverage this to exfiltrate pretty much anything on the computer.

It’s a fascinating hack, and hats off to [Davidov] and [Oldenburg] for revealing this weakness. We’ll have to throw this on the pile with all the other side-channel attacks [Samy Kamkar] covered in his 2019 Supercon talk.

Continue reading “GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC”