Tagged: hackrf

Michael Ossmann & Kate Temkin Present Software Defined Everything with GreatFET One

At the Hackaday Supercon Michael Ossmann & Kate Temkin presented a talk called "Software-Defined Everything" where they demonstrated some applications of the "GreatFET One" interface board. Michael Ossmann is best known for creating the HackRF software defined radio which is a highly versatile and low cost open hardware/software SDR transceiver. His company Great Scott Gadgets also employs Kate Temkin who is the lead software developer who worked on their latest product called the GreatFET One.

The GreatFET One is a multi-purpose digital interface board that plugs into a PC via USB. It contains multiple digital IO pins, supports SPI, I2C, UART and JTAG serial protocols, can do logic analysis, and also has a built in ADC and DAC.

In the talk Michael and Kate show how a simple light sensor can be plugged into the GreatFET's ADC, allowing the sensor's data to be digitized and processed in GNU Radio. This results in a software defined light sensor. By analyzing the light data in the frequency domain via an FFT graph they're able to determine the refresh rate of the ceiling lights.

Later they also show how GreatFET can be combined with i2C sensors and GNU Radio to do creative things like use an accelerometer as a microphone for a guitar pickup, with audio effects like guitar clipping controlled by GNU Radio blocks.

Michael Ossmann & Kate Temkin - Software-Defined Everything

SignalsEverywhere: Exploring Cable Modem Signals with Software Defined Radio

Over on YouTube SignalsEverywhere has just uploaded his latest video about using a HackRF and Airspy R2/Mini to explore the signals coming out of an internet cable modem's coax cable. In the video he performs a wideband scan with his Airspy R2 and the SpectrumSpy software which shows not only his, but the downstream signals from other users in his neighborhood on the cable network too.

Next using his HackRF with Spectrum Analyzer and the hackrf_sweep fast sweeping software, he was able to determine the uplink portion of his cable modem. By running an internet speed test in the background he was also able to visualize the increased cable data activity on the spectrum waterfall display.

The Secret Signals Hiding In Your Cable Modem | SDR Used to Sniff Cable Internet Modem Coax

Creating a Low Cost Ground Penetrating Radar with Two HackRFs

A ground penetrating radar (GPR) is a system that uses RF pulses between 10 to 2.6 GHz to image up to a few meters below the ground. A typical GPR system consists of a transmitting radio and antenna that generates the radar pulse aimed towards the ground, and a receiving radio that receives the reflected pulse.

GPR is typically used for detecting buried objects, determining transitions in ground material and detecting voids and cracks. For example, in construction it can be used to determine rebar locations in concrete, and in the military it can be used to detect non-metallic landmines and hidden underground areas. 

These GPR devices are usually very expensive, however researchers Jacek JENDO & Mateusz PASTERNAK from the Faculty of Electronics, Military University of Technology, Poland have released a paper detailing how two low cost HackRF software defined radios can be used to create a simple GPR.

Their system uses a step-frequency continuous waveform (SFCW) signal which scans over multiple frequencies over time, and  the software was written in GNU Radio. In their tests they were able to detect a dry block of sand buried 6 cm below the ground, and a wet block 20 cm below. 

Ground Penetrating Radar with two HackRF software defined radios.
Ground Penetrating Radar with two HackRF software defined radios.

Using HackRFs to Locate a UAV Transmitter via Signal Strength Analysis

During the 2019 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting conference, authors Xuemei Huang, Kun Yan, Hsiao-Chun Wu and Yiyan Wu presented a research paper titled "Unmanned Aerial Vehicle Hub Detection Using Software-Defined Radio". In their work they describe how they were able to use three HackRFs to determine the location of a UAV drone transmitter. The method they use is fairly simple as it makes use of path loss propagation models to determine an estimated distance from each HackRF, so prior knowledge of the transmitter properties is still required.

The applications of unmanned aerial vehicles (UAVs) have increased dramatically in the past decade. Meanwhile, close-range UAV detection has been intriguing by many researchers for its great importance in privacy, security, and safety control. Positioning of the UAV controller (hub) is quite challenging but still difficult. In order to combat this emerging problem for public interest, we propose to utilize a software-defined radio (SDR) platform, namely HackRF One, to enable the UAV hub detection and localization. The SDR receiver can acquire the UAV source signals. The theoretical path-loss propagation model is adopted to predict the signal strength attenuation. Thus, the UAV hub location can be estimated using the modified multilateration approach by only three or more SDR receivers.

Unmanned Aerial Vehicle Hub Detection Using Software-Defined Radio

Using a HackRF for GPS Spoofing on Windows

Over on the TechMinds YouTube channel a new video titled "GPS Spoofing With The HackRF On Windows" has been uploaded. In the video TechMinds uses the GPS-SDR-SIM software with his HackRF to create a fake GPS signal in order to trick his Android phone into believing that it is in Kansas city.

In the past we've seen GPS Spoofing used in various experiments by security researchers. For example, it has been used to make a Tesla 3 running on autopilot run off the road and to cheat at Pokemon Go. GPS spoofing has also been used widely by Russia in order to protect VIPs and facilities from drones.

GPS Spoofing With The HackRF On Windows

RTL-SDR and HackRF Used in Mr. Robot – A TV Drama About Hacking

A few readers have written in to let us know the role SDRs played in the last season of "Mr. Robot". The show which is available on Amazon Prime is about "Mr. Robot", a young cyber-security engineer by day and a vigilante hacker by night. The show has actual cyber security experts on the team, so whilst still embellished for drama, the hacks performed in the show are fairly accurate, at least when compared to other TV shows.

Spoilers of the technical SDR hacks performed in the show are described below, but no story is revealed.

In the recently aired season 4 episode 9, a character uses a smartphone running an SSH connection to connect to a HackRF running on a Raspberry Pi. The HackRF is then used to jam a garage door keyfob operating at 315 MHz, thus preventing people from leaving a parking lot. 

Shortly after she can be seen using the HackRF again with Simple IMSI Catcher. Presumably they were running a fake cellphone basestation as they use the IMSI information to try and determine someones phone number which leads to being able to hack their text messages. The SDR used in the fake basestation appears to have been a bladeRF.

HackRF Used on Mr Robot
HackRF Used on Mr Robot

In season 4 episode 4 GQRX and Audacity can be seen on screen being used to monitor a wiretap via rtl_tcp and an E4000 RTL-SDR dongle.

E4000 RTL-SDR Being used for Wiretap Monitoring
E4000 RTL-SDR Being used for Wiretap Monitoring

Did we miss any other instances of SDRs being used in the show? Or have you seen SDRs in use on other TV shows? Let us know in the comments.

Using a HackRF to Investigate Why WiFi on the Raspberry Pi 4 Doesn’t work when Running HDMI at 1440p

The Raspberry Pi 4 launched with it's fair share of problems, but a new problem seems to have been recently discovered and documented. It turns out that the Pi 4's WiFi stops working when running at a screen resolution of specifically 1440p.

Suspecting interference generated by the HDMI clock, Mike Walters (@assortedhackery) used a HackRF and a near field probe antenna to investigate. By placing the near field probe on the Raspberry Pi 4's PCB and running a screen at 1440p resolution he discovered a large power spike showing up at 2.415 GHz. This interferes directly with 2.4 GHz WiFi Channel 1.

An article by ExtremeTech article notes:

There’s a giant spike that could easily interfere with Channel 1 of a Wi-Fi adapter. So why is this happening? Because a 2560×1440@60Hz has a pixel clock of 241.5MHz and has a TMDS (transition-minimized differential signaling) clock of 2.415GHz, according to Hector Martin (@Marcan42). And what frequency does the RBP4 use for Wi-Fi? 2.4GHz. Which means… outputting on HDMI over 1440p can cause interference in a Wi-Fi channel.

The ExtremeTech article also notes that this problem is not unique to the Raspberry Pi 4 only. It turns out that USB 3.0 hardware is to blame, and this problem has occurred before with USB3.0 hard driver and on some MacBooks.

While the interference appears to be localized to the near field around the Pi4 PCB, we suspect that you could use TempestSDR to remotely eavesdrop on the Pi 4's video output if the interfering signal was boosted.

Investigating Problems with the Tesla HomeLink RF Signal with a HackRF and GNU Radio

Tesla vehicles have a feature where they can copy and mimic a garage door remote via a built in transmitter on the car itself. This frees you from having to carry around a garage door key fob, and you can simply open your garage door by pressing a button on the car's LCD screen.

However, some people have reportedly been having a little trouble with this feature as in some cases the garage door would begin opening, and then suddenly stop opening as if the keyfob button had been pressed twice.

Over on YouTube CWNE88 decided to investigate this problem using his HackRF and GNU Radio. From a simple waterfall he was able to determine that the Tesla actually transmits the mimic'd garage door signal for a full two seconds.

As a keypress from the original keyfob would typically result in a much shorter transmission, CWNE88 believes that the long two second transmission could in some cases be seen as two transmissions by the garage door, resulting in an open, and then close command being detected. 

Tesla HomeLink RF Signal