Category: Applications

Deep-Tempest: Eavesdropping on HDMI via SDR and Deep Learning

Over the years we've posted several times about the TEMPEST applications of software-defined radio. TEMPEST aka (Van Eck Phreaking) is when you listen to the unintentional RF emissions of electronics and are able to recover information from that. In the past, we posted about TempestSDR, an RTL-SDR compatible program that allows you to view images from a computer monitor or TV simply by picking up the unintentional RF emissions from it.

Usually, the images received are fuzzy and it can be difficult to recover any information from them. However recently there has been work on combining Tempest techniques with deep learning AI for improving image quality.

Deep-tempest has recently been released on GitHub and from their demonstrations, the ability to recover the true image with deep learning is very impressive. From a fuzzy grey screen, they show how they were able to recover clear text which looks almost exactly like the original monitor image.

Deep-tempest is based on gr-tempest, and requires GNU Radio, Python 3.10 and a Conda environment. Instructions for installing it are on the GitHub.

The whitepaper on the University research done to implement Deep-Tempest can be found freely on arxiv at https://arxiv.org/pdf/2407.09717.

How Deep-Tempest Works
How Deep-Tempest Works
Deep-Tempest Results
Deep-Tempest Results

Monitoring Aircraft Distance Measuring Equipment (DME) with LimeSDR

Daniel Estévez has recently posted on his blog about how he uses a LimeSDR to record and analyze the DME signal used by aircraft. DME or Distance Monitoring Equipment is a radio navigation technique sometimes used by aircraft.

The concept behind DME is simple: the aircraft broadcasts a signal pulse, and a ground station receives and repeats the pulse back at another frequency. The aircraft receives the return pulse, and from the time it has taken to receive that return pulse, the distance to the ground station can be determined. The frequencies used are between 960 MHz and 1215 MHz, and the aircraft and ground station pulses are always spaced apart by 63 MHz.

In his post, Daniel explains how he records the two signals spaced 63 MHz apart using his LimeSDR. Recording this large bandwidth has some challenges since typically the LimeSDR only supports a bandwidth of 61.44 MHz, which is too small for the 63 MHz spacing. However, Daniel explains in his post how he got around this limitation by using the two RX channels on the LimeSDR, sampling at a higher 80 MSPS sample rate, and then using the LimeSDR DSP to downconvert and decimate each DME channel to 2.5 MSPS, making the final sample rate small enough to be sent over USB.

The rest of the post details his experiments, analysis, and results when receiving the two DME channels through GNU Radio.

Daniel's LimeSDR DME Receiver Setup
Daniel's LimeSDR DME Receiver Setup

[Also seen on Hackaday]

SignalsEverywhere: Decoding the QO-100 Mid-Beacon with WebSDR and IZ8BLY’s Decoder

In one of her latest videos on YouTube, Sarah from the SignalsEverywhere channel shows how we can use a program called "IZ8BLY Phase 3D (AO-4) Satellite Decoder" to decode the 'Mid-Beacon' on the QO-100 satellite. QO-100 is a commercial geostationary communications satellite that also contains a popular transponder for amateur radio.

However, there is also an interesting beacon called the mid-beacon that can be decoded, which provides some information about the satellite. In the video, Sarah shows how this beacon can be decoded with the software from IZ8BLY. As QO-100 is only visible from Europe, the Middle East and Africa, Sarah uses a WebSDR to receive the signal from the USA, then pipes the audio into the IZ8BLY decoder via Virtual Audio Cable.

Decode QO-100's Mid-Beacon with Virtual Audio Cables and WebSDR

Reading Electric Meters with RTL-SDR and HomeAssistant

Over on his blog Jeff Sandberg has posted a writeup detailing how he combined RTL-SDR, rtl_amr, and HomeAssistant to decode wireless data from his Itron power meter, and create useful graphs showing his US home's power usage.

In the post, Jeff explains how he uses an RTL-SDR Blog V4, HomeAssistant, EMQX, and rtl_amr to receive and plot the data. The RTL-SDR and rtl_amr software receives and decodes the wireless Itron electricity meter data packets, and then EQTT passes the data to HomeAssistant for logging and plotting. Jeff also notes how he used NodeRed to correctly automate the summer and winter tariff price changes.

Finally, in an update to the post Jeff mentions that he was also able to receive and log data from his gas meter.

HomeAssistant energy dashboard with data received from an RTL-SDR and rtl_amr decoder.

Transmitting and Receiving Meshtastic with SDR

Last month we posted about Aaron's video on Meshtastic, and how it's possible to decode the Meshtastic protocol using an RTL-SDR and GNU Radio project called Meshtastic_SDR

If you weren't aware, Meshtastic is software that enables off-grid mesh network based communications and can run on cheap LoRa hardware. The mesh based nature of the system means that communications can be received over long distances, without any infrastructure, as long as there are sufficient Meshtastic nodes in an area that can route the message to the destination node. One example application of Meshtastic is to use it as a mesh-based text messaging system. This might be useful for teams of hikers, pilots, or skiers who operate in remote areas without cell phone coverage.

In his latest video, Aaron shows how Meshtatsic_SDR can also be used to transmit the Meshtastic Protocol using a transmit capable SDR like the HackRF. Aaron writes in the video description:

In this video, we take a deeper dive into the setup and usage of the meshtastic_SDR repository, which now enables the transmission and reception of Meshtastic using Software Defined Radios (SDRs). Recent updates have made this possible by partially leveraging GNU Radio flow graphs for both RX (receive) and TX (transmit), and integrating Python scripts that connect to ZMQ sources for message input and ZMQ outputs for message decoding.

I demonstrate the setup using a HackRF for the transmit side and an Airspy R2 for receiving. We also verify the results of TX and RX using a standard Meshtastic receiver to ensure accurate performance.

DragonOS FocalX Transmit and Receive Meshtastic w/ SDR (hackRF, Airspy R2, R36)

SignalsEverywhere: Monitoring Itron ERT Smart Meters on Android

Over on her YouTube channel SignalsEverywhere, Sarah has uploaded her latest video showing how it is possible to monitor Itron ERT smart meters on an Android device.  Smart meters are used to wirelessly monitor the usage of residential utilities such as water, gas, and electricity. With an RTL-SDR and some decoding software, it is possible to monitor the data coming from your own and your neighbours meters (at least for certain brands of meter).

In her video, Sarah shows how she compiled the rtl_amr decoder software for Android, and created her own Android app called "AndAMR" for displaying the data decoded by rtl_amr. The rest of the video shows how to set up and use the app.

Monitoring Itron ERT Smart Meters on Android?!

Tech Minds: Testing an Inmarsat L-Band Helix for Offset Satellite Dishes

In his latest video, Matt from the TechMinds YouTube channel tests out an LHCP L-band helix feed designed for receiving Inmarsat satellites. Matt pairs the feed with an 85cm satellite dish, an L-band LNA, and an Airspy Mini.

The L-band helix feed comes from a small German engineering company called nolle.engineering. The feed is priced at 94.70 Euros (incl. VAT) (~$102 USD), plus shipping costs. It is a passive antenna so it needs to be combined with an LNA to be usable with a typical SDR.

In the video Matt shows that the reception with the LHCP helix + dish setup is better than expected. He also compares it to a previous test he did with a longer RHCP helix antenna also produced by nolle.engineering. The RHCP antenna is used to be used without a dish, however, as expected the SNR is less than the dish + small LHCP feed setup. Matt then shows some Inmarsat signals being decoded including STD-C and Aero voice.

This L Band Helix Antenna Gives Amazing Performance

SDR# Big Guide Book: 2024 Edition Released

Paolo Romani (IZ1MLL) has recently released the 2024 version of his SDR# Big Book. The book is available for download on the Airspy downloads page, just scroll down to the title "SDR# Big Book" and choose your language. (At the time of this post only English and Italian are available in the 2024 edition, but multiple languages are available for the older guides).

Paolo writes that the book has been updated for the latest SDR# v1920 version, and now the editions will be labelled by date, instead of version number. He also writes that page 25 of the big book now includes information about the differences between RTL-SDR Blog V3 and V4 dongles. 

The Big Book of SDR# Studio 2024 Edition