Tagged: rtl-sdr

Upcoming Book “Inside Radio: An Attack and Defense Guide”

Unicorn team are information security researchers who often also dabble with wireless security research. Recently they have been promoting their upcoming text book titled "Inside Radio: An Attack and Defense Guide".

Judging from the blurb and released contents the book will be an excellent introduction to anyone interested in today's wireless security issues. They cover topics such as RFID, Bluetooh, ZigBee, GSM, LTE and GPS. In regards to SDRs, the book specifically covers SDRs like the RTL-SDR, HackRF, bladeRF and LimeSDR and their role in wireless security research. They also probably reference and show how to use those SDRs in the  chapters about replay attacks, ADS-B security risks, and GSM security.

The book is yet to be released and is currently available for pre-order on Amazon or Springer for US$59.99. The expected release date is May 9, 2018, and copies will also be for sale at the HITB SECCONF 2018 conference during 9 - 13 April in Amsterdam.

The blurb and released contents are pasted below. See their promo page for the full contents list:

This book discusses the security issues in a wide range of wireless devices and systems, such as RFID, Bluetooth, ZigBee, GSM, LTE, and GPS. It collects the findings of recent research by the UnicornTeam at 360 Technology, and reviews the state-of-the-art literature on wireless security. The book also offers detailed case studies and theoretical treatments – specifically it lists numerous laboratory procedures, results, plots, commands and screenshots from real-world experiments. It is a valuable reference guide for practitioners and researchers who want to learn more about the advanced research findings and use the off-the-shelf tools to explore the wireless world.

Authors:
Qing YANG is the founder of UnicornTeam & the head of the Radio Security Research Department at 360 Technology. He has vast experience in information security area. He has presented at Black Hat, DEFCON, CanSecWest, HITB, Ruxcon, POC, XCon, China ISC etc.

Lin HUANG is a senior wireless security researcher and SDR technology expert at 360 Technology. Her interests include security issues in wireless communication, especially cellular network security. She was a speaker at Black Hat, DEFCON, and HITB security conferences. She is 360 Technology’s 3GPP SA3 delegate.

This book is a joint effort by the entire UnicornTeam, including Qiren GU, Jun LI, Haoqi SHAN, Yingtao ZENG, and Wanqiao ZHANG etc.

 
 

A Homemade Magnetic Loop Antenna used with RTL-SDR Direct Sampling

Over on our forums user "SandB"  has submitted his designs for a homemade magnetic loop antenna with preamp that he uses together with his RTL-SDR in direct sampling mode. The antenna looks like an interesting build so we are resharing it here. He writes:

So, antenna itself represents as handmade on-PCB winding made of two-side-foiled fiberglass size of 30x40 cm. Both 'windings' connected in the middle and thus winded to 'continue' each other.

Preamp located in metal box attached to antenna and connected via 1.5m S/FTP cable to another box with RTL stick. Note that some transistors soldered on PCB in upside-down - dot on layout means base.

Electrically preamp made as 3-stages balanced signal amplifier with low-input impedance and low-pass filter before input with cut-off at 15MHz. Such complications were required to reduce interferences and intermodulations. Antenna itself is more effective on long-medium waves, so preamp has higher gain on short waves (gain varies from 45db at 200KHz to 68 db at 10MHz - see attached freq responce pic). Getting more flat responce at lower frequencies is possible by increasing C10/C11/C12 to 22nF.

My implementation has some additional elements to make possible to adjust preamp's gain in few db's. But seems its quite useless so that details not included in this post. Anyway, its possible to reduce gain by increasing R6 to 500K.

Box with RTL SDR: I put both signal wires as 3 windings via ferrite ring with high permeability just before RTL chip. This noticeable reduced stray interference, that induced in that cable but doesn't affect differential signal.

Tweet11
Share126
Reddit
Vote
Email
137 Shares

Upcoming Book “Inside Radio: An Attack and Defense Guide”

Unicorn team are information security researchers who often also dabble with wireless security research. Recently they have been promoting their upcoming text book titled "Inside Radio: An Attack and Defense Guide".

Judging from the blurb and released contents the book will be an excellent introduction to anyone interested in today's wireless security issues. They cover topics such as RFID, Bluetooh, ZigBee, GSM, LTE and GPS. In regards to SDRs, the book specifically covers SDRs like the RTL-SDR, HackRF, bladeRF and LimeSDR and their role in wireless security research. They also probably reference and show how to use those SDRs in the  chapters about replay attacks, ADS-B security risks, and GSM security.

The book is yet to be released and is currently available for pre-order on Amazon or Springer for US$59.99. The expected release date is May 9, 2018, and copies will also be for sale at the HITB SECCONF 2018 conference during 9 - 13 April in Amsterdam.

The blurb and released contents are pasted below. See their promo page for the full contents list:

This book discusses the security issues in a wide range of wireless devices and systems, such as RFID, Bluetooth, ZigBee, GSM, LTE, and GPS. It collects the findings of recent research by the UnicornTeam at 360 Technology, and reviews the state-of-the-art literature on wireless security. The book also offers detailed case studies and theoretical treatments – specifically it lists numerous laboratory procedures, results, plots, commands and screenshots from real-world experiments. It is a valuable reference guide for practitioners and researchers who want to learn more about the advanced research findings and use the off-the-shelf tools to explore the wireless world.

Authors:
Qing YANG is the founder of UnicornTeam & the head of the Radio Security Research Department at 360 Technology. He has vast experience in information security area. He has presented at Black Hat, DEFCON, CanSecWest, HITB, Ruxcon, POC, XCon, China ISC etc.

Lin HUANG is a senior wireless security researcher and SDR technology expert at 360 Technology. Her interests include security issues in wireless communication, especially cellular network security. She was a speaker at Black Hat, DEFCON, and HITB security conferences. She is 360 Technology’s 3GPP SA3 delegate.

This book is a joint effort by the entire UnicornTeam, including Qiren GU, Jun LI, Haoqi SHAN, Yingtao ZENG, and Wanqiao ZHANG etc.

 
 
Tweet11
Share126
Reddit
Vote
Email
137 Shares

A Homemade Magnetic Loop Antenna used with RTL-SDR Direct Sampling

Over on our forums user "SandB"  has submitted his designs for a homemade magnetic loop antenna with preamp that he uses together with his RTL-SDR in direct sampling mode. The antenna looks like an interesting build so we are resharing it here. He writes:

So, antenna itself represents as handmade on-PCB winding made of two-side-foiled fiberglass size of 30x40 cm. Both 'windings' connected in the middle and thus winded to 'continue' each other.

Preamp located in metal box attached to antenna and connected via 1.5m S/FTP cable to another box with RTL stick. Note that some transistors soldered on PCB in upside-down - dot on layout means base.

Electrically preamp made as 3-stages balanced signal amplifier with low-input impedance and low-pass filter before input with cut-off at 15MHz. Such complications were required to reduce interferences and intermodulations. Antenna itself is more effective on long-medium waves, so preamp has higher gain on short waves (gain varies from 45db at 200KHz to 68 db at 10MHz - see attached freq responce pic). Getting more flat responce at lower frequencies is possible by increasing C10/C11/C12 to 22nF.

My implementation has some additional elements to make possible to adjust preamp's gain in few db's. But seems its quite useless so that details not included in this post. Anyway, its possible to reduce gain by increasing R6 to 500K.

Box with RTL SDR: I put both signal wires as 3 windings via ferrite ring with high permeability just before RTL chip. This noticeable reduced stray interference, that induced in that cable but doesn't affect differential signal.

Tweet2
Share24
Reddit
Vote
Email
26 Shares

Wirelessly Activated Facial Recognition with a Raspberry Pi, Camera and RTL-SDR Dongle

Over on his blog and YouTube channel Trevor Phillips has shown us how he's created a wirelessly activated facial recognition system using a Raspberry Pi Zero, Raspberry Pi camera, wireless button and RTL-SDR dongle.

He uses a handicap door button with wireless transmitter that transmits at 300 - 390 MHz, and uses the RTL-SDR on the Raspberry Pi Zero to detect whenever the button is pressed. The button detection algorithm simply looks for an increase in RF energy via an FFT transform. Once a button press is detected by the RTL-SDR and Raspberry Pi the camera and facial recognition software on the Pi activate, and a text to speech algorithm asks the button presser to face the camera for identification. If the face is recognized in the database the speech to text welcomes the user.

Facial recognition for less than $80

Tweet4
Share31
Reddit
Vote
Email
35 Shares

TETRA Decoder Plugin for SDR# Now Available

Back in 2016 cURLy bOi released a Windows port of the Linux based "Telive" TETRA decoder. Now the latest development in TETRA decoders is that a TETRA decoder plugin for the SDR# software has been released. This makes setting up a TETRA decoder significantly simpler than before.

The plugin doesn't seem to be officially released anywhere, but we did find it thanks to @aborgnino's tweets on Twitter, and he found it on a Russian language radio scanner forum. The plugin is available as a direct download zip from here, but we suggest browsing to the last few posts in the forum thread to find the latest version.

Installing the plugin is a little more difficult that usual, as you first need to install MSYS2 which is a compatibility layer for Linux programs. The full installation instructions are included in the README.TXT in the zip file. One clarification from us: you need to copy the files in the msys_root/usr/bin folder from the zip file into the /usr/bin folder that is in your MSYS2 installation directory. 

We tested the plugin and found it to work well without any problems. With the plugin turned on you just need to simply tune to a TETRA signal in WFM mode, and you will instantly be decoding the audio.

TETRA is a type of digital voice and trunked radio communications system that stands for “Terrestrial Trunked Radio”. It is used heavily in many parts of the world, except for the USA. If you have unencrypted TETRA signals available in your area then you  can listen in on them with an appropriate SDR like an RTL-SDR and decoder software like the aforementioned plugin.

SDR# TETRA Plugin Running
SDR# TETRA Plugin Running
Tweet78
Share694
Reddit25
Vote
Email
797 Shares

Reverse Engineering Weather Station RF Signals with an RTL-SDR

Johannes Smit wanted to be able to view the live data from his SWR WH2303 weather station and send it to a database. Whilst the weather data acquisition software that he paid for worked well, he thought that there must be a cheaper and more fun way to grab the data. But unfortunately the manufacturers would not respond to his request for the RF protocol specifications. So Johannes decided to reverse engineer the protocol using his RTL-SDR instead.

Johannes has submitted to us a document that very nicely details his every step taken when reverse engineering the weather station (Google docs document). He starts by confirming the signal frequency in GQRX, and then attempting to see is the rtl_433 could already recognise the signal. Whilst rtl_433 saw something, it was unable to decode the packet properly.

Next he fired up Universal Radio Hacker (URH) and captured a sample of the weather station signal. Using URH he was able to determine the modulation type (FSK) and the bit length parameter (150us). Johannes' next step was to open the weather station, find the RF chip, look up the RF chip information on the web and find the spec sheet. From the spec sheet and internet forum searches he was able to determine the properties of the packet including the sync word and preamble. With this data he was able to determine the packet structure.

Finally he captured a packet and recorded the exact data shown on the weather station at the time of the packet. With this he was able to search the binary data string for the data shown on the weather station, indicating the location of a particular piece of data within the string.

Johannes' tutorial shows just how powerful tools like Universal Radio Hacker can be, and his tutorial is an excellent start for those looking at reverse engineering any of their own local RF protocols.

The binary packet data in Universal Radio Hacker.
The binary packet data in Universal Radio Hacker.
Tweet31
Share60
Reddit
Vote
Email
91 Shares

Echoes: An RTL-SDR Tool for Meteor Scatter Detection

Echoes Running
Echoes Running

Thanks to "gmbertani" for letting us know about his recently released RTL-SDR compatible software called "Echoes". Echoes is a Windows, Linux and Raspberry Pi/Arch compatible tool that can be used together with an RTL-SDR and appropriate antenna to monitor for meteor scatter detections.

Meteor scatter works by receiving a distant but powerful transmitter via signal reflections off the trails of ionized air that meteors leave behind when they enter the atmosphere. Normally the transmitter would be too far away to receive, but if its able to bounce off the ionized trail in the sky it can reach far over the horizon to your receiver. Typically powerful broadcast FM radio stations, analog TV, and radar signals at around 140 MHz are used. By listening to these signal blips it can be possible to estimate the number of meteors falling.

Below we paste the official description and feature list of Echoes, and at the end is a video demonstrating Echoes in action:

Echoes it's a radio spectral analysis software for RTL-SDR devices, designed for meteor scattering purposes.

Echoes doesn't demodulate neither decode any human-made signal. Its main goal is to analyze and record the total power of natural signals and generate screenshots and tabular data (CSV, GNUplot) output in presence of particular peaks in a selected narrow range of frequencies. Since there is no demodulation, there is no provision for audio listening, except for a notify sound when an event has been recorded.

Features

  • Captures waterfall spectra as PNG screenshots and statistics data files.
  • Optionally generates GNUplot data files
  • Multiple instances can manage separate dongles plugged in the same computer
  • Three operating modes: continuos (records data only), periodic (captures data and screenshot every X seconds) and automatic (record data and screeshot each time a customizable (S-N) treshold is exceeded)
  • HTML report production
  • Installers ready for Windows7++ and RPMs / SRPMs for Linux
  • xz binary package for Raspberry PI / Arch distro
  • It can run headless, recording GNUplot and statistic data only

Tweet16
Share166
Reddit
Vote
Email
182 Shares

Tom’s Radio Room Tests and Reviews the RTL-SDR Blog Multipurpose Dipole Kit

Over on his YouTube channel Tom Stiles (hamrad88) has been experimenting with and reviewing our multipurpose dipole kit. Tom is a ham radio YouTuber who runs a show that produces content often, so we encourage you to subcribe to his channel if you're interested. Tom reviewed our dipole kit over a series of 5 videos which we link here [1: Discussing the product], [2: Unboxing], [3: First ADS-B Tests], [4: Second ADS-B Tests], [5: Third ADS-B Tests]. We post have embedded video 2 and 5 below.

In his testing Tom finds that using the antenna in the vertical orientation improves ADS-B performance. This is expected as ADS-B signals are vertically polarized, and so the antenna should be too. By using the included suction cup mount Tom is able to get the antenna attached to his window which improves reception by getting the antenna as close to the outdoors as possible. This is an expected use case for the antenna, and it's good to see that good results are being had!

If you're interested in the set please see our store at www.rtl-sdr.com/store, or use the links provided in Tom's videos. We also have a tutorial and use case demonstrations for our dipole kit available at www.rtl-sdr.com/DIPOLE.

TRRS #1384 - RTL-SDR.COM Portable Antenna - Parts

TRRS #1388 - RTL-SDR.COM Antenna Testing Pt 3

Tweet5
Share30
Reddit
Vote
Email
35 Shares

Using a Raspberry Pi 3 and RTL-SDR as a 40m FT8/JT65/JT9 Monitor

Over on YouTube user radio innovation has uploaded a brief screen capture showing his Raspberry Pi 3 and RTL-SDR dongle being used as an always-on monitor for low transmit power based signals such as FT8, JT65 and JT9. These signals are transmitted by ham radio enthusiasts for the purpose of making contacts, and determining propagation conditions. This is a good application for an RTL-SDR and Raspberry Pi 3 as it enables cheap monitoring of these signals without the need to tie up a full sized ham radio.

To do this "radio innovation" runs Linrad on the Raspberry Pi, which is a program like GQRX that interfaces with the RTL-SDR dongle. Then the WSJTx software is used to decode the signals. He writes:

Remote Desktop screencapture of my Raspberry Pi3 monitor receiver on 40m amateurradio band with WSJTx and decoding FT8,JT65 and JT9. Receiver hardware is RTL-SDR(tcxo) + simple converter and homemade bandpass filter.

SDR software is LINRAD by SM5BSZ.

RasperryPi3 OS is Ubuntu Mate 16.04.

Update: We now have a tutorial on creating a similar set up available on a new post.

Tweet18
Share37
Reddit
Vote
Email
55 Shares