New SDR# Plugin: File Player

A new plugin for SDR# has been released by Vasilli over on rtl-sdr.ru. The new plugin is called File Player and replaces the default SDR# IQ file source player (page is in Russian, use Google translate if necessary). The new features include:

  • The ability to play 32-bit WAV files up to 4GB.
  • The ability to play very large 64-bit WAV files.
  • Adds a new display that shows a compressed image of the entire waterfall and shows where in time the playback is up to.
  • Allows you to modify the waterfall play time position with the mouse.
  • Adds a stop and pause button.

Note that to install this plugin you do not add the magicline to the plugins.xml file. Instead you need to add it to the <frontendPlugins> section of the SDRSharp.exe.Config text file.

File Player plugin for SDR#.
File Player plugin for SDR#.

Stealing Encryption Keys from PCs using Software Defined Radio and Unintentional Electromagnetic Emissions

Tel Alviv University researchers D. Genkin, L. Pachmanox, I. Pipman and E. Tromer have released a paper this year detailing their research on extracting encryption keys from PCs via their unintentional radio emissions. They say that they have been able to demonstrate their work by extracting encryption keys from GnuPG on laptops within seconds by using their non-intrusive wireless methods. GnuPG is software which allows you to encrypt and sign your data.

They write about the performance of their results:

Using GnuPG as our study case, we can, on some machines:

  • distinguish between the spectral signatures of different RSA secret keys (signing or decryption), and
  • fully extract decryption keys, by measuring the laptop’s electromagnetic emanations during decryption of a chosen ciphertext.

In their experiments they used a Funcube Dongle Pro+ to measure the unintentional RF emissions coming out of a laptop computer at around 1.6-1.75 MHz, but they also mention that a low cost RTL-SDR with upconverter could also work.

Every time the CPU on a target PC performs a new operation the unintentional frequency signature that is emitted changes. From these emissions they are able to use the unique RF signature to determine what operations are being performed by the CPU, and from that they can work out the operations GnuPG is performing when decrypting data. They write:

Different CPU operations have different power requirements. As different computations are performed during the decryption process, different electrical loads are placed on the voltage regulator that provides the processor with power. The regulator reacts to these varying loads, inadvertently producing electromagnetic radiation that propagates away from the laptop and can be picked up by a nearby observer. This radiation contains information regarding the CPU operations used in the decryption, which we use in our attack.

Recovering CPU assembly operations from its RF emissions.
Recovering CPU assembly code operations from its unintentional RF emissions.

In addition to the above they were also able to create portable attack hardware by connecting the Funcube Dongle Pro+ with a small Android based embedded computer called the Rikomagic MK802 IV. They also show that they were even able to perform the portable attack with a standard AM radio with the output audio being recorded with a smart phone.

A portable version of their attack set up with the Funcube Dongle Pro+ and microcontroller.
A portable version of their attack set up with the Funcube Dongle Pro+ and microcontroller.

The researchers write that they will present their work at the CHES 2015 conference in September 2015.

Previously we also posted about Melissa Elliots talk on unintentional RF emissions, Milos Prvulovic’s work on spying on keyboard presses from unintentional RF emissions and also a security flaw discovered with some HP laptops which caused them to unintentionally convert audio picked up from the microphone into RF signals.

Transmitting DATV DVB-S Video with the HackRF Blue

Simon (G0FCU) has been using his HackRF Blue to transmit DVB-S video captured from his video camcorder. In the ham radio hobby there is something called digital amateur television (DATV) in which amateurs transmit digital video over radio to repeaters. Simon writes that in the UK DATV is usually transmitted at above 1.2 GHz and in the DVB-S format, which is the same format used by some satellite TV services.

Although there are dedicated DATV radios, Simon decided that he wanted to use the HackRF Blue as the radio for transmitting his own DATV signals. To do this he uses the software dvgrab to grab the video stream from the camera, then passes it to ffmpeg to compress the raw video into MPEG-2 and then uses a GNU Radio program called gr-dvbs to use the HackRF to transmit the DVB-S stream at 1000 MHz.

To test that his signal was transmitting correctly, Simon then used a standard DVB-S satellite TV with the LNB bypassed. 

Previously we also posted about using a BladeRF for transmitting DATV DVB-T signals.

What the DVB-S output signal looks like on another HackRF.
What the DATV DVB-S output signal looks like on another HackRF.

Modifying an RTL-SDR by adding a Diplexer to receive HF and VHF/UHF

The lowest frequency that a standard RTL-SDR dongle can receive is about 24 MHz. However, by applying a hardware hack called the direct sampling mod, it is possible to use the RTL-SDR to listen to the HF frequencies.

Usually the direct sampling mod requires that you add a separate antenna port to the dongle, but Martin G8JNJ decided to take another route and instead use a diplexer to be able to use the same antenna port for both HF and VHF/UHF. A diplexer allows both HF and VHF/UHF signals to coexist on the same input port without causing interference to one another.

Along with the diplexer Martin added an impedance transformer, added additional coupling capacitors to the power rails and removed the IR LED components to make space for the transformer. Martin writes that the final modded RTL-SDR allows for tuning between 15 kHz to 1.8 GHz.

The finished diplexer RTL-SDR mod.
The finished diplexer RTL-SDR mod.

Trunking with the Latest DSD+ 1.08t Fast Lane Version

DSD+ stands for Digital Speech Decoder Plus and is a software program that can allow you to decode digital voice signals such as P25 and MotoTRBO/DMR. DSD+ is under continual development, and in their last public update they began offering early access to the latest DSD+ features in development through their fast lane subscription. The fast lane subscription costs $10 USD for one year and $25 for unlimited early access. Information about joining the fast lane service can be found in the readme file of the latest DSD+ 1.074 public release.

Over on YouTube user John Miller has been testing the latest early access version DSD+ 1.08t. This new version adds trunking support which allows you to follow conversations. Previously other software like Unitrunker was required to follow the trunking signal. On YouTube John has uploaded a video first showing trunking in action, and a second video showing how to set up DSD+ 1.08t for trunking.

Some new RF filters from Adam 9A4QV

Adam 9A4QAV is mostly known as the manufacturer of the popular LNA4ALL, a low cost low noise amplifier which is often used together with the RTL-SDR to improve reception of weak signals. He also sells an ADS-B bandpass filter and an ADS-B antenna, the latter of which we reviewed in a previous post.

Now Adam has come out with two new RF bandpass filters which are for sale. RF filters are used to block unwanted interference from other strong signals which can cause trouble, especially with low cost receivers such as the RTL-SDR. 

The first new filter that he has developed is for FLARM (FLight Alarm System). FLARM broadcasts at 868 MHz and is a protocol similar to ADS-B. It is used by Gliders and some Helicopters for collision avoidance. It is possible to decode FLARM with an RTL-SDR which allows you to track gliders on a map, as discussed in one of our previous posts.

Characteristics of Adam's FLARM Filter.
Characteristics of Adam’s FLARM Filter.

The second filter is for amateur radio astronomers who wish to detect the Hydrogen Line at 1420 MHz. Hydrogen molecules in space occasionally emit a photon at 1420 MHz. A single emission can’t be easily detected, but space and the galaxy is full of Hydrogen and the net result is an observable RF power spike at 1420 MHz. This can be detected with a high gain antenna, LNA, RF filter and radio like the RTL-SDR. The Hydrogen line can be used to measure things like the rotation and number of arms in our galaxy. Filters are very important for radio astronomy work as man made interference can easily drown out the relatively weak cosmic signals.

Characteristics of Adam's Hydrogen Line Filter.
Characteristics of Adam’s Hydrogen Line Filter.

Adam sells all his fully assembled filters for 20 euros, plus 5 euros worldwide shipping.

One of the ADS-B/FLARM/HLine Filters by Adam 9A4QAV.
One of the ADS-B/FLARM/HLine Filters by Adam 9A4QAV.

Sniffing “Crazyradio” NRF24 Signals with a HackRF Blue

Thanks to DangerousPrototypes.com we’ve heard about this project in which experimenter Arnuad has been using his new HackRF Blue to sniff and debug the communications protocol from the Crazyradio which is used on the Crazyflie quadcopter. The Crazyradio is a 2.4 GHz radio transceiver dongle that uses the nRF24 chip. It is designed to be used with the Crazyflie quadcopter.

By using a Python script to make the Crazyradio constantly transmit, and then by using GNU Radio, Arnuad was able to sniff and demodulate the GFSK signal from the nRF24 based Crazyradio and pipe the demodulated signal into a nRF24 decoder

Decoded NRF24 Packets from the Crazyradio.
Decoded NRF24 Packets from the Crazyradio.

Tutorial on using an RTL-SDR for ADS-B on a BeagleBone Black from Make Magazine

Make magazine has recently released a tutorial and uploaded a video showing a nice overview on how to get an RTL-SDR set up for ADS-B decoding on a BeagleBone Black embedded Linux computer. In the tutorial and video they show you the parts you will need and show you how to compile and install the RTL-SDR drivers and dump1090 ADS-B decoder on the BeagleBone.

ADS-B decoding allows you to receive GPS and other information from aircraft in your vicinity. We also have a tutorial about ADS-B decoding available here.

The BeagleBone Black is a small embedded Linux computer, similar to the Raspberry Pi. It has enough computational power to run the RTL-SDR and ADS-B decoder.