Category: Applications

Easvesdropping on HDMI with TEMPESTSDR and SDRplay

Over on YouTube "Sam's eXperiments logs" have uploaded a video showing how he was able to succeed when using TEMPESTSDR to eavesdrop on HDMI cables with his SDRplay. TEMPESTSDR software combined with a software defined radio allows a user to eavesdrop on TVs, monitors, and more by wirelessly receiving their unintentional RF emissions and recovering information from those emissions. In many cases it is possible to recover live images of the display, clear enough to read text.  

Sam's video explains the challenges he faced with signal strength due to the highly effective shielding of his HDMI cables. To get around this Sam shows how he unshielded his HDMI cables for the test. This is good news for privacy, as it shows how effective shielding can be at stopping these kinds of attacks. He then goes on to show the results he obtained which show text being read from his screen.

I Finally Succeeded: HDMI Signal Eavesdropping with TEMPESTSDR

Tech Minds: Reviewing the Raspberry Pi 5 For Radio Amateurs Book by Elektor

Over on the Tech Minds YouTube channel, Matt has uploaded a video where he reviews a new book by Elektor titled "Raspberry Pi 5 For Radio Amateurs" (€5 off coupon code "Techminds"). The book is all about projects for the Raspberry Pi 5 that can be done with RTL-SDR Blog V3 and V4 software defined radios.

In the video Matt explores the books contents, showing off the various possible projects. Matt also shows how to get started with the book by installing Raspbian, and the RTL-SDR drivers, and then goes on to show how examples of the various software programs mentioned in the book such as SDR++, flrig, chirp, dump1090, predict, HamClock, rtl_tcp, rtl_433, qsstv, fldigi, Xdx and more.

Raspberry Pi 5 For Radio Amateurs With The RTL-SDR V4

SignalsEverywhere: Using HackTV to Transmit Analog Television with a HackRF

Over on her YouTube channel SignalsEverywhere, Sarah has uploaded a new video showing how to use a program called 'hacktv-gui' to transmit analog TV signals using a HackRF software defined radio. Analog TV standards such as PAL and NTSC have been phased out in most of the world in favor of digital TV standards instead. However, transmitting these yourself can be a fun experiment that may help breathe life into old television sets.

In the video Sarah explains how to use the hacktv-gui and hacktv software, and how to create a video transmission. She mentions how hacktv also supports the use of a FL2K device, which is a cheap VGA adapter that can be used to transmit signals.

HackTV | Analog Television Transmission with a HackRF SDR

Using the RTL-SDR Blog V3 as a DVB-T Receiver in OpenPli Enigma2

The RTL-SDR hardware began its life as a DVB-T TV receiver USB stick, but these days it is rarely used for this purpose. However, in countries where DVB-T hasn't been upgraded to DVB-T2 it is still possible to use the RTL-SDR for TV reception.

Recently, RADIOTO bg from DXing.org wrote in and wanted to share with us his video showing how to use the RTL-SDR V3 for DVB-T reception in OpenPli Enigma2. OpenPli is an open-source Linux distribution for TV set-top boxes and Enigma2 is the TV application it runs.

RADIOTO's video shows a step-by-step guide to setting up the RTL-SDR in OpenPli. The procedure is relatively simple, just requiring the user to select the correct driver for the RTL-SDR via the set-top menu.

How to make rtl-sdr v.3 as a additional DVB-T tuner in enigma2 receiver (OpenPli) Manual

Exploring HD Radio and Other Signals While on Holiday

Over on his YouTube channel, Simon has uploaded a video showing how while on holiday he was able to explore the various HD Radio stations available around the USA. 

If you are in the USA, you might recognize HD Radio (aka NRSC-5) signals as the rectangular looking bars on the frequency spectrum that surround common broadcast FM radio signals. These signals only exist in the USA and they carry digital audio data which can be received by special HD Radio receivers. Earlier in 2017 a breakthrough in HD Radio decoding for SDRs like the RTL-SDR was achieved by Theori when he was able to piece together a full HD Radio software audio decoder that works in real-time. Nowadays you can use software like HDFM - HD Radio GUI to easily receive HD Radio with an RTL-SDR.

In his video Simon shows the various HD Radio signals he found while on holiday, and also shows some of their secondary features, including traffic data, and weather radar maps. Interestingly he also spots HD Radio in the AM bands, but finds his signal is not strong enough to decode.

The rest of the video explores other signals he finds such as a studio link, and TV audio signals.

I Found Some CRAZY Radio Technology while Traveling!

Deep-Tempest: Eavesdropping on HDMI via SDR and Deep Learning

Over the years we've posted several times about the TEMPEST applications of software-defined radio. TEMPEST aka (Van Eck Phreaking) is when you listen to the unintentional RF emissions of electronics and are able to recover information from that. In the past, we posted about TempestSDR, an RTL-SDR compatible program that allows you to view images from a computer monitor or TV simply by picking up the unintentional RF emissions from it.

Usually, the images received are fuzzy and it can be difficult to recover any information from them. However recently there has been work on combining Tempest techniques with deep learning AI for improving image quality.

Deep-tempest has recently been released on GitHub and from their demonstrations, the ability to recover the true image with deep learning is very impressive. From a fuzzy grey screen, they show how they were able to recover clear text which looks almost exactly like the original monitor image.

Deep-tempest is based on gr-tempest, and requires GNU Radio, Python 3.10 and a Conda environment. Instructions for installing it are on the GitHub.

The whitepaper on the University research done to implement Deep-Tempest can be found freely on arxiv at https://arxiv.org/pdf/2407.09717.

How Deep-Tempest Works
How Deep-Tempest Works
Deep-Tempest Results
Deep-Tempest Results

Monitoring Aircraft Distance Measuring Equipment (DME) with LimeSDR

Daniel Estévez has recently posted on his blog about how he uses a LimeSDR to record and analyze the DME signal used by aircraft. DME or Distance Monitoring Equipment is a radio navigation technique sometimes used by aircraft.

The concept behind DME is simple: the aircraft broadcasts a signal pulse, and a ground station receives and repeats the pulse back at another frequency. The aircraft receives the return pulse, and from the time it has taken to receive that return pulse, the distance to the ground station can be determined. The frequencies used are between 960 MHz and 1215 MHz, and the aircraft and ground station pulses are always spaced apart by 63 MHz.

In his post, Daniel explains how he records the two signals spaced 63 MHz apart using his LimeSDR. Recording this large bandwidth has some challenges since typically the LimeSDR only supports a bandwidth of 61.44 MHz, which is too small for the 63 MHz spacing. However, Daniel explains in his post how he got around this limitation by using the two RX channels on the LimeSDR, sampling at a higher 80 MSPS sample rate, and then using the LimeSDR DSP to downconvert and decimate each DME channel to 2.5 MSPS, making the final sample rate small enough to be sent over USB.

The rest of the post details his experiments, analysis, and results when receiving the two DME channels through GNU Radio.

Daniel's LimeSDR DME Receiver Setup
Daniel's LimeSDR DME Receiver Setup

[Also seen on Hackaday]

SignalsEverywhere: Decoding the QO-100 Mid-Beacon with WebSDR and IZ8BLY’s Decoder

In one of her latest videos on YouTube, Sarah from the SignalsEverywhere channel shows how we can use a program called "IZ8BLY Phase 3D (AO-4) Satellite Decoder" to decode the 'Mid-Beacon' on the QO-100 satellite. QO-100 is a commercial geostationary communications satellite that also contains a popular transponder for amateur radio.

However, there is also an interesting beacon called the mid-beacon that can be decoded, which provides some information about the satellite. In the video, Sarah shows how this beacon can be decoded with the software from IZ8BLY. As QO-100 is only visible from Europe, the Middle East and Africa, Sarah uses a WebSDR to receive the signal from the USA, then pipes the audio into the IZ8BLY decoder via Virtual Audio Cable.

Decode QO-100's Mid-Beacon with Virtual Audio Cables and WebSDR