sdr

312 Articles

TEMPEST Comes To GNU Radio

May 14, 2020 by 10 Comments

As we use our computers, to watch YouTube videos of trucks hitting bridges, to have a Zoom call with our mothers, or even for some of us to write Hackaday articles, we’re unknowingly sharing a lot of what we are doing with the world. The RF emissions from our monitors, keyboards, and other peripherals can be harvested and reconstructed to give a third party a view into your work, and potentially have access to all your darkest secrets.  It’s a technique with origins in Government agencies that would no doubt prefer to remain anonymous, but for a while now it has been available to all through the magic of software defined radio. Now it has reached the popular GNU Radio platform, with [Federico La Rocca]’s gr-tempest package.

He describes it as a re-implementation of [Martin Marinov]’s TempestSDR, which has a reputation as not being for the faint-hearted. The current version requires GNU Radio 3.7, but he promises a 3.8-compatible version in the works. A YouTube video that we’ve placed below the break has a range of examples running, though there seems to be little information on the type of antenna employed. Perhaps a log-periodic design would be most appropriate.

Continue reading “TEMPEST Comes To GNU Radio”

GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC

April 24, 2020 by 31 Comments

Another week, another exploit against an air-gapped computer. And this time, the attack is particularly clever and pernicious: turning a GPU into a radio transmitter.

The first part of [Mikhail Davidov] and [Baron Oldenburg]’s article is a review of some of the basics of exploring the RF emissions of computers using software-defined radio (SDR) dongles. Most readers can safely skip ahead a bit to section 9, which gets into the process they used to sniff for potentially compromising RF leaks from an air-gapped test computer. After finding a few weak signals in the gigahertz range and dismissing them as attack vectors due to their limited penetration potential, they settled in on the GPU card, a Radeon Pro WX3100, and specifically on the power management features of its ATI chipset.

With a GPU benchmarking program running, they switched the graphics card shader clock between its two lowest power settings, which produced a strong signal on the SDR waterfall at 428 MHz. They were able to receive this signal up to 50 feet (15 meters) away, perhaps to the annoyance of nearby hams as this is plunk in the middle of the 70-cm band. This is theoretically enough to exfiltrate data, but at a painfully low bitrate. So they improved the exploit by forcing the CPU driver to vary the shader clock frequency in one megahertz steps, allowing them to implement higher throughput encoding schemes. You can hear the change in signal caused by different graphics being displayed in the video below; one doesn’t need much imagination to see how malware could leverage this to exfiltrate pretty much anything on the computer.

It’s a fascinating hack, and hats off to [Davidov] and [Oldenburg] for revealing this weakness. We’ll have to throw this on the pile with all the other side-channel attacks [Samy Kamkar] covered in his 2019 Supercon talk.

Continue reading “GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC”

An FPGA And A Few Components Can Make A Radio

April 18, 2020 by 18 Comments

There was a time when making a radio receiver involved significant work, much winding of coils, and tricky alignment of circuitry. The advent of Software Defined Radio (SDR) has moved a lot of this into the domain of software, but there is of course another field in which a radio can be created via code. [Alberto Garlassi] has created a radio receiver for the AM and HF bands with a Lattice MachXO2 FPGA and minimal external components.

He describes it as an SDR, which given that it’s created from Verilog, is a term that could be applied to it. But instead of using an SDR topology of ADC and digital signal processing, it implements a surprisingly traditional direct conversion receiver.

It has a quadrature AM demodulator which has a passing similarity to an SDR with I and Q phased signals, but that’s where the similarity ends. Frequency selection is via an oscillator controlled from a serial port, and there is even a PWM amplifier on board that can drive a speaker. The result can be seen in the video below, and as you can hear the direct conversion with quadrature demodulator approach makes for a very effective AM receiver.

If this is a little much but you still fancy a radio with minimal components, you should have a look at the Silicon Labs range of receiver chips.

Continue reading “An FPGA And A Few Components Can Make A Radio”

Pluto Might Not Be A Planet, But It Is An SDR Transceiver

April 14, 2020 by 17 Comments

Many of the SDR projects we see use a cheap USB dongle. They are great, but sometimes you want more and — especially — sometimes you want to transmit. The Analog Devices ADALM-Pluto SDR is easily available for $200 and sometimes as low as $100 and it both transmits and receives using an Analog AD9363 and a Zynq FPGA. Although you normally use the device to pipe IQ signals to a host computer, you can run SDR applications on the device itself. That requires you to dig into the Zynq tools, which is fun but a topic for another time. In this post, I’m going to show you how you can use GNU Radio to make a simple Morse code beacon in the 2m ham band.

I’ve had one on my bench for quite a while and I’ve played with it a bit. There are several ways to use it with GNU Radio and it seems to work very well. You have to hack it to get the frequency range down a bit. Sure, it might not be “to spec” once you broaden the frequency range, but it seems to work fine. Instead of working from 325 MHz to 3,800 MHz with a 20 MHz bandwidth, the hacked device transceives 70 MHz to 6,000 MHz with 56 MHz bandwidth. It is a simple hack you only have to do once. It tells the device that it has a slightly better chip onboard and our guess is the chips are the same but sorted by performance. So while the specs might be a little off, you probably won’t notice.

Continue reading “Pluto Might Not Be A Planet, But It Is An SDR Transceiver”

Homebrew Loop Antenna Brings The Shortwave World To You

April 12, 2020 by 36 Comments

Radio may be dead in terms of delivering entertainment, but it’s times like these when the original social network comes into its own. Being able to tune in stations from across the planet to get fresh perspectives on a global event can even be a life saver. You’ll need a good antenna to do that, which is where this homebrew loop antenna for the shortwave radio bands shines.

To be honest, pretty much any chunk of wire will do as an antenna for most shortwave receivers. But not everyone lives somewhere where it’s possible to string up a hundred meters of wire and get a good ground connection, which could make a passive loop antenna like this a good choice. Plus, loops tend to cancel the electrical noise that’s so part of life today, which can make it easier to pull in weak, distant stations.

[Thomas]’s design is based on a length of coaxial cable, which should be stiff enough to give the loop some stability, like a low-loss RG-8 or RG-213. The coax braid and dielectric are exposed at the midpoint of the cable to create a feed point, while the shield and center conductor at the other ends are cross-connected. A 1:1 transformer is wound on a toroid core to connect to the feedpoint; [Thomas] calls it a balun but we tend to think it’s more of an unun, since both the antenna and feedline are unbalanced. He reports good results from the loop across the shortwave band.

The shortwave and ham bands are a treasure trove of information and entertainment just waiting to be explored. Check them out — you might learn something, and you might even stumble across spies doing their thing.

[via RTL-SDR.com]

Software-Defined Radio Made Easy

April 11, 2020 by 25 Comments

Just a few decades ago, getting into hobby radio meant lots of specialty hardware, and making changes to your setup to work on various frequencies wasn’t particularly easy. Since software-defined radio (SDR) came onto the scene in an accessible way for most of us, this barrier to entry was reduced significantly and made the process of getting on the air a lot easier. It goes without saying that it does require some software, but [Aaron]’s latest project makes even getting that software extremely simple.

What he has done is created a custom Linux distribution based on Debian, called DragonOS, with the entire suite of SDR programs needed to get up and running. Out of the box, it supports RTL-SDR, HackRF and LimeSDR packages and even includes other fun tools you’ll need like Kismet. There are several video demonstrations of his distribution, including using RTL-SDR for ADS-B reception, and also shows off several custom implementations of the OS in various scenarios on his YouTube channel. The video linked below also shows how to set up the distribution in a virtual machine, so you can run this even if you don’t have a computer to dedicate to SDR.

Getting into SDR has never been easier, and the odds of having something floating around in the junk drawer that you can use to get started are pretty high. The process is exceptionally streamlined with [Aaron]’s software suite. If you’re a little short on hardware, though, there’s no better place to get started than with the classic TV-tuner-to-SDR hack from a few years back.

Continue reading “Software-Defined Radio Made Easy”

The Libre Space Foundation Reviews Software Defined Radios

April 8, 2020 by 7 Comments

If you want to go to the next level with software defined radio (SDR), there are a lot of choices. The RTL-SDR dongles are fine, but if you get serious you’ll probably want something else. How do you choose? Well, your friends at the European Space Agency Libre Space Foundation have published a paper comparing many common options. True, they are mostly looking at how the receivers work with CubeSats, but it is still a good comparison.

The devices they examine are:

  • RTS-SDR v3
  • Airspy Mini
  • SDRPlay RSPduo
  • LimeSDR Mini
  • BladeRF 2.0 Micro
  • Ettus USRP B210
  • Pluto SDR

They looked at several bands of interest, but not the HF bands — not surprising considering that some of the devices can’t even operate on HF. They did examine VHF, UHF, L band, S band, and C band performance. Some of the SDRs have transmit capabilities, and for those devices, they tested the transmit function as well as receive.

Continue reading “The Libre Space Foundation Reviews Software Defined Radios”