Tagged: hackrf

Tech Minds: Testing the Mayhem Firmware on the HackRF Portapack

In a video uploaded to YouTube last week, Tech Minds explored the HackRF Portapack, which is an add on for the HackRF SDR that allows the HackRF to be used portably without a PC. In that video he demonstrated it running the stock firmware.

In his latest video Tech Minds explores the Mayhem firmware, which is firmware developed by a third party in order to add significantly more features. The Mayhem firmware is a fork of the Havok firmware which is no longer maintained. If you're interested, back in 2018 we did our own review of the Havok firmware.

In the video Tech Minds first explains how to install the Mayhem firmware which also requires you to add an external SD card into your portapack. He goes on to demonstrate the various RX decoders available including ADS-B, ACARS, AIS, AFSK, BTLE, FM/AM/SSB audio, analog TV, ERT meters, POCSAG, Radiosonde and TPMS. Next he shows the various transmittable signals available including, ADS-B, APRS, BHT, GPS Sim, Jammer, Key Fob, LGE, Mic, Morse, Burger Pagers, OOK, POCSAG, RDS, Sounds, SSTV, TEDI/LCR and TouchTune.

MAYHEM Firmware for the HackRF Portapack Installation / Overview

Tech Minds: A First Look at the HackRF Portapack

The Portapack is an add on for the HackRF SDR that allows the HackRF to be used portably without a PC. If you're interested, in the past we reviewed the Portapack with the Havok firmware, which enables many TX features such as POCSAG transmissions as well as various other RX modes.

In a recent video Tech Minds reviews a Portapack clone, which is essentially exactly the same as the original Portapack. In the video he shows how to connect the Portapack to the HackRF, how download the Firmware and flash it to the HackRF. He then goes on to show some of the Portapack RX features in action. In this review he uses the official Portapack firmware, but notes that he will test the third party Havok and Mayhem firmware which have many more features in a future video.

Portapack H1 For HackRF - Ultimate RF Hacker Tool

A Self-Executable version of TempestSDR is now Available

TempestSDR is an open source tool made by Martin Marinov which allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signals radiated from a screen, and turn that signal back into a live image. This can let you view what is on a screen through a wall without using any physical cables.

We first posted a demonstration of TempestSDR back in 2017 when we were finally able to get it to compile. Compiling the software took a fair amount of work for those without experience, and even running it was a chore. However, getting it to work is worth it as you can do some really interesting demonstrations.

However these problems are over and recently Erwin Ried @eried has made a self-executable version of TempestSDR. This means that no compilation, java installs, mingw or extra dlls are required to get the program to work as now it's just an exe that you can run. You will still need the appropriate ExtIO dlls for your SDR. The video in his twitter post shows it working with a HackRF.

Derpcon 2020 Talk: Breaking into the World of Software Defined Radio

Derpcon is a COVID-19 inspired information security conference that was held virtually between April 30 - May 1 2020. Recently the talks have been uploaded to their YouTube channel. One interesting SDR talk we've seen was by Kelly Albrink and it is titled "Ham Hacks: Breaking into the World of Software Defined Radio". The talk starts by giving a very clear introduction to software defined radio, and then moves on to more a complex topic where Kelly shows how to analyze and reverse engineer digital signals using a HackRF and Universal Radio Hacker.

RF Signals are basically magic. They unlock our cars, power our phones, and transmit our memes. You’re probably familiar with Wifi and Bluetooth, but what happens when you encounter a more obscure radio protocol? If you’re a hacker who has always been too afraid of RF protocols to try getting into SDRs, or you have a HackRF collecting dust in your closet, this talk will show you the ropes. This content is for penetration testers and security researchers to introduce you to finding, capturing, and reverse engineering RF signals. I’ll cover the basics of RF so you’re familiar with the terminology and concepts needed to navigate the wireless world. We’ll compare SDR hardware from the $20 RTLSDR all the way up to the higher end radios, so you get the equipment that you need without wasting money. I’ll introduce some of the software you’ll need to interact with and analyze RF signals. And then we’ll tie it all together with a step by step demonstration of locating, capturing, and reverse engineering a car key fob signal.

Ham Hacks: Breaking into the World of Software Defined Radio - Kelly Albrink

Decoding 5GHz NTSC Video from Drones with a HackRF, DragonOS and SigDigger

Over on his YouTube channel Aaron has uploaded a video showing how we can SigDigger to decode analog NTSC video from a drone camera which is transmitted at 5.7 GHz. SigDigger is a rapidly evolving SDR program for Linux and MacOS that has a lot of built in functionality for inspecting signals in more depth. Although not specifically designed for it, the Symbol Stream viewer in SigDigger can be used to display NTSC Analog Video. Aaron writes:

For the most part, the older an analog modulation is, the easier it is to get basic results when decoding. TV receivers were rather dumb back in the day, basically fast fax machines glued to an off-band FM radio receiver. Receiver circuits were also slow, and the signal had lots of invisible blank spaces in the borders so that the cheapest TVs could switch to the next line in time. The invention of Teletext leveraged those blanks in order to carry digital information and color information was embedded as an additional narrowband signal in the gaps in the spectrum.With this in mind I wanted to take a look at decoding analog video transmissions from drones. While some drones have moved to more effective digital compression and channel transmission technologies allowing for high definition video, there’s still drones using RC-like communications and the FPV video link is pure FM-modulated NTSC.

Searching the internet provided few results on how I could go about using low cost equipment, such as the HackRF One, to decode drone feeds. After an extensive search I decided to start looking at Linux based software defined radio applications I was already familiar with. By chance I happened to be working with SigDigger, a free digital signal analyzer. It has been discussed on RTL-SDR.com and more recently on Signal Lounge (https://signal-lounge.com/2020/05/05/sigdigger-for-signal-analysis/). It is also included in my own creation, DragonOS (https://sourceforge.net/projects/dragonos-lts/)

After a brief email exchange with the developer it was brought to my attention that visualizing analog video transmission is possible in SigDigger (although with no color information, of course). Since SigDigger supports the HackRF and the HackRF provides coverage in the 5ghz band, it was now possible for me to try to decode a 5ghz drone video feed. I’ve documented the process and my results on my YouTube channel. I should point out that this is currently a side feature of SigDigger and currently lacks synchronization. The symbol view area I used in the video is not made for this. It is meant to display symbols and symbols patterns which, due to its behavior, can incidentally show the contents of analog TV and weather faxes with lots of manual adjustments.

While the SigDigger developer makes mention of plans to include an embedded generic analog TV viewer and possibly add the ability to automatically sync video, there’s currently no timeframe on when that might become available.

SigDigger Decoding NTSC Video from a Drone Camera
SigDigger Decoding NTSC Video from a Drone Camera
DragonOS LTS SigDigger demodulating a 5 GHz analog video/FPV drone link (HackRF One, SigDigger)

We note that if you're interested in PAL/NTSC decoding, there is also the excellent TVSharp plugin for SDR# available.

TechMinds: Demonstrating the QT-DAB Digital Audio Broadcast Decoder

Over on YouTube TechMinds has uploaded a video where he explores the QT-DAB software (formerly known as SDR-J), which is a program capable of decoding Digital Audio Broadcast (DAB) signals. QT-DAB is compatible with several SDRs including the RTL-SDR, HackRF, Airspy and SDRplay units. 

DAB stands for Digital Audio Broadcast and is a digital broadcast radio signal that is available in many countries outside of the USA. The digital signal encodes several radio stations, and it is considered a modern alternative or future replacement for standard analog broadcast FM.

In the video TechMinds explains how to download, install and use the software on a Windows machine. He goes on to demonstrate some DAB decoding in action with various SDRs and then shows how to connect QT-DAB to a remote RTL-SDR via rtl_tcp.

DAB Radio Decoder For SDR (RTL_SDR - HACKRF - AIRSPY)

DragonOS: Debian Linux with Preinstalled Open Source SDR Software

Thank you to Aaron for submitting news about his latest project called "DragonOS" which he's been working on while in COVID-19 lock down. DragonOS is a Debian Linux based operating system which comes with many open source software defined radio programs pre-installed. It supports SDRs like the RTL-SDR, HackRF and LimeSDR.

Aaron's video below shows how to set up DragonOS in a VirtualBox, and he has two other videos on his channel showing how to set up ADS-B reception with Kismet, and how to run GR-RDS in GNURadio. He aims to continue with more tutorial videos that make use of the software installed on DragonOS in the near future.

DragonOS 10 Installer (download in description)

Screenshot of the GR-RDS Tutorial

Opening a Parking Barrier with a HackRF Portapack and a Replay Attack

Over on YouTube user kwon lee has uploaded a video demonstrating a replay attack against a parking barrier arm. The tools he uses are a HackRF and Portapack running the Havok firmware. A replay attack involves recording a control signal with the HackRF+Portapack, and then replaying it later with the transmit function of the HackRF. If no wireless security mechanism like rolling-codes are used, simply replaying the signal will result in the transmission being accepted by the controller receiver.

As he has access to the remote control he records the transmission that is sent when the open button is pressed on the remote. Later once outside he shows how transmitting with the HackRF+Portapack results in the barrier arm opening.

This reminds us of a previous post where we noted how a HackRF was used to jam a garage door keyfob to prevent people from leaving in the TV show "Mr. Robot".

RF Replay Attack _ Parking-Breaker via HackRFone+Portapack+havoc