Tagged: rtl-sdr

GNU Radio TEMPEST Implementation Now Available

TEMPEST refers to a technique that is used to eavesdrop on electronic equipment via their unintentional radio emissions (as well as via sounds and vibrations). All electronics emit some sort of unintentional RF signals, and by capturing and processing those signals some data can be recovered. For example the unintentional signals from a computer screen can be captured, and converted back into a live image of what the screen is displaying.

Until recently we have relied on an open source program by Martin Marinov called TempestSDR which has allowed RTL-SDR and other SDR owners perform interesting TEMPEST experiments with computer and TV monitors. We have a tutorial and demo on  TempestSDR available on a previous post of ours. However, TempestSDR has always been a little difficult to set up and use.

More recently a GNU Radio re-implementation of TempestSDR called gr-tempest has been released. Currently the implementation requires the older GNU Radio 3.7, but they note that a 3.8 compatible version is on the way.

The GNU Radio implementation is a good starting point for further experimentation, and we hope to see more developments in the future. They request that the GitHub repo be starred as it will help them get funding for future work on the project.

The creators have also released a video shown below that demonstrates the code with some recorded data. They have also released the recorded data, with links available on the GitHub. It's not clear which SDR they used, but we assume they used a wide bandwidth SDR as the recovered image is quite clear.

Examples using gr-tempest

GR-TEMPEST: GNU Radio TEMPEST Implementation
GR-TEMPEST: GNU Radio TEMPEST Implementation

RTL-SDR Blog V3 Units and Antennas Back in Stock at Amazon (Local US Stock)

Just a note that our RTL-SDR Blog V3 units and antennas are now back in stock at Amazon.com with local US stock. There were a few manufacturing and shipping delays related to COVID-19 so they had been out of stock for a couple of months. Currently they are being fulfilled via our partners based in Chicago, and all orders will ship out within 2-business days via USPS First Class. We will look at replenishing the the Amazon Prime warehouses in a few weeks and at the moment we are only shipping to US customers from Amazon. US customers can also order directly from our store at www.rtl-sdr.com/store and this will result in the shipping fee being waived.

If you are based elsewhere in the world, please order directly from our store at www.rtl-sdr.com/store which ships non-US orders direct from our warehouse in China. Alternatively some countries might benefit from our Aliexpress store, which can now utilize the reliable Aliexpress Standard Shipping line.

Our RTL-SDR Blog V3 is an improved RTL-SDR dongle. It includes features like a TCXO, SMA port, software switchable bias tee, built in HF direct sampling mod, aluminum enclosure, improved ESD protection, improved cooling via thermal pad and many other design improvements. The kit comes with a multipurpose dipole antenna which is extremely versatile. It can be used as a standard vertical dipole for terrestrial signals, or can be mounted horizontally in a V-Dipole configuration for NOAA/Meteor LEO weather satellites. It's also easy to mount outdoors through a window for best reception with two mounting solutions included. 

Amazon Links

RTL-SDR Blog V3 Dongle + Multi Purpose Dipole Antenna Set

RTL-SDR Blog V3 Dongle Only

Multi Purpose Dipole Antenna Set Only

RTL-SDR Blog Store

We are also shipping any US orders made from our Worldwide store via our local stock. If you order directly from us you can save $1.99 on shipping.

RTL-SDR Blog Store

Features of the RTL-SDR Blog V3.
Features of the RTL-SDR Blog V3.
The RTL-SDR Blog V3 Set. Includes RTL-SDR V3 dongle, and multipurpose dipole antenna kit.
The RTL-SDR Blog V3 Set. Includes RTL-SDR V3 dongle, and multipurpose dipole antenna kit.

Running rtl_tcp over the TOR Network

Over on his DragonOS YouTube tutorial channel Aaron has uploaded a video showing how it is possible to run rtl_tcp over the TOR network. TOR is an "anonymity network" which routes your internet traffic through thousands of volunteer nodes in order to make tracing your internet activity more difficult.

Aaron's tutorial shows how to route rtl_tcp traffic through a TOR connection on his Linux distribution DragonOS (although it should work on any Linux distro), and connect to it with GQRX.

However, a major caveat is that the data streaming result is rather poor with there being lots of data drops, probably due to the slowness of the TOR network. Perhaps running a smaller sample rate, or using a more efficient server like Spyserver might work better.  

DragonOS LTS Remote access RTL-SDR over TOR network (Gqrx, rtl_tcp, OpenWRT)

GNU Radio Code for Android Now Released

Back in November 2019 we posted how Bastian Bloessl (@bastibl) had teased us with his ability to get GNU Radio running on an Android phone. Now he has officially released his code to the public on GitHub. This is quite a remarkable development as you can now carry a full DSP processing suite in your pocket. In addition to the code, he's put up a short blog post explaining a bit about the port. He notes some highlights of the release:

  • Supports the most recent version of GNU Radio (v3.8).
  • Supports 32-bit and 64-bit ARM architectures (i.e., armeabi-v7a and arm64-v8a).
  • Supports popular hardware frontends (RTL-SDR, HackRF, and Ettus B2XX). Others can be added if there is interest.
  • Supports interfacing Android hardware (mic, speaker, accelerometer, …) through gr-grand.
  • Does not require to root the device.
  • All signal processing happens in C++ domain.
  • Provides various means to interact with a flowgraph from Java-domain (e.g., Control Port, PMTs, ZeroMQ, TCP/UDP).
  • Comes with a custom GNU Radio double-mapped circular buffer implementation, using Android shared memory.
  • Benefits from SIMD extensions through VOLK and comes with a profiling app for Android.
  • Benefits from OpenCL through gr-clenabled.
  • Includes an Android app to benchmark GNU Radio runtime, VOLK, and OpenCL.
  • Includes example applications for WLAN and FM.

He's even included demonstration code that turns a USRP B200 SDR connected to an Android phone into a WLAN transceiver which can run in real time on faster devices.

Installing it may not be easy for most, but Bastian has included full build instructions on the GitHub page, and makes use of a Docker file which should simplify the installation a bit.

GNU Radio running on an Android phone, usinga USRP B200 SDR as a WLAN transceiver.
GNU Radio running on an Android phone, usinga USRP B200 SDR as a WLAN transceiver.
GNU Radio 3.8 on un-rooted Android receiving FM w/ HackRF (take 2)

Performing a Side Channel TEMPEST Attack on a PC

TEMPEST refers to a technique that is used to eavesdrop on electronic equipment via their unintentional radio emissions (as well as via sounds and vibrations). All electronics emit some sort of unintentional RF signals, and by capturing and processing those signals some data can be recovered. For example the unintentional signals from a computer screen could be captured, and converted back into a live image of what the screen is displaying. We have tutorials on how to do this with a program called TempestSDR available on a previous post of ours.

Recently Mikhail Davidov and Baron Oldenburg from duo.com have uploaded a write up about their TEMPEST experiments. The write up introduces the science behind TEMPEST eavesdropping first, then moves on to topics like software defined radios and antennas.

At the end of their post they perform some experiments like constantly writing data to memory on a PC, and putting the PCs GPU under varying load states. These experiments result in clear RFI bursts and pulsing carriers being visible in the spectrum, indicating that the PC is indeed unintentionally transmitting RF. They note that machine learning could be used to gather some information from these signals.

Their write up reminds us of previous TEMPEST related posts that we've uploaded in the past. One example is where an RTL-SDR was used to successfully attack AES encryption wirelessly via the unintentional RF emitted by an FPGA performing an encryption algorithm. Another interesting post was where we saw how a HackRF was used to obtain the PIN of a cyprocurrency hardware wallet via TEMPEST. Search TEMPEST on our blog for more posts like that.

TEMPEST PC Side Channel Setup: RF pulses from writing to memory and a GPU.
TEMPEST PC Side Channel Setup: RF pulses from writing to memory and a GPU.

YouTube Video Replicates our Galactic Hydrogen Line Detection Tutorial

Earlier in the year we posted a tutorial showing how to detect the Galactic Hydrogen Line at home with less than $200 in components. All that is really needed is a 2.4 GHz WiFi dish, an RTL-SDR and an LNA. With this setup it's possible to do home science like determining the size, shape and rotational speed of our own galaxy. 

Over on YouTube user Nicks Tech Hobby has successfully replicated our tutorial with similar hardware, and has uploaded a time lapse video showing his results. His success confirms that this is a good way to get introduced into radio astronomy. What's also interesting is that it is possible to spot the Hydrogen line energy on the live waterfall even without averaging/integration. 

My first successful attempt to detect galactic hydrogen (Hydrogen line)

CygnusRFI: New RFI Analysis Tool for Ground Stations and Radio Telescopes

Thank you to Apostolos for submitting information about his new open source program called "CygnusRFI". CygnusRFI is a tool designed for analyzing radio frequency interference (RFI) with a focus on how it affects satellite ground stations and radio telescopes. We note that in the past we've posted several times about Apostolos' other project called PICTOR, which is an open source radio telescope platform that makes use of RTL-SDR dongles. 

Apostolos explains CygnusRFI in the following: 

CygnusRFI is an easy-to-use open-source Radio Frequency Interference (RFI) analysis tool, based on Python and GNU Radio Companion (GRC) that is conveniently applicable to any ground station/radio telescope working with a GRC-supported software-defined radio (SDR). In addition to data acquisition, CygnusRFI also carries out automated analysis of the recorded data, producing a series of averaged spectra covering a wide range of frequencies of interest. CygnusRFI is built for ground station operators, radio astronomers, amateur radio operators and anyone who wishes to get an idea of how "radio-quiet" their environment is, using inexpensive instruments like SDRs.

CygnusRFI Screenshots
CygnusRFI Screenshots

DragonOS KerberosSDR Tutorials: Setting up Networked Direction Finding, Monitoring Multiple Signals Simultaneously

DragonOS is a ready to use Linux OS that includes various SDR programs preinstalled. The creator Aaron also runs a YouTube channel that contains multiple tutorial videos for DragonOS. One of the latest videos he's released is a tutorial that shows how to use one of our KerberosSDR (4x Coherent RTL-SDR) units to set up networked direction finding. To do this he uses our core KerberosSDR DSP software, along with RDFMapper, a third party bearing visualization tool with the ability to display bearing from multiple networked direction finding units.

The tutorial goes through the KerberosSDR software install procedure, shows how to set up the various parameters in the software, and then demonstrates it providing data to the RDFMapper software via our open source pyRDFMapper-KSDR-Adapter program. With this setup, you could run multiple KerberosSDR units around a city and use them to locate a signal source rapidly.

KerberosSDR Uploading Bearing data to RDFMapper
KerberosSDR Uploading Bearing data to RDFMapper
DragonOS LTS/10 Direction Finding Bearing Server (KerberosSDR, RDFMapper)

In addition to the direction finding video he's got another video that shows how to use a KerberosSDR and HackRF to simultaneously monitor various signals like home gas meters, ADS-B data, and 433 MHz ISM band devices using programs like rtlamr, rtladsb and rtl_433. What's particularly interesting is how he uses a program called Kismet to manage each radio on the device.

DragonOS LTS/10 KerberosSDR + HackRF One (qspectrumanalyzer, kismet, rtl_433, rtlamr, rtladsb)