The theory behind the RNG is by taking advantage of atmospheric noise, which is caused by natural occurrences, such as weak galactic radiation from the center of our Milky Way Galaxy to the stronger local and remote lightning strikes. It’s estimated that roughly 40 lightning strikes are hitting the Earth every second, which equates to about 3.5 million strikes per 24 hour period. Interestingly enough, this provides a great deal of entropy for a random number generator.
In the post Aaron also shows how to put the rtl_entropy generated data through some standardized randomness tests, how to visualize the random output and also shows how to use rtl_entropy to generate 80-bit entropy passwords.
Visualizing the random noise output of rtl_entropy.
They write about the performance of their results:
Using GnuPG as our study case, we can, on some machines:
distinguish between the spectral signatures of different RSA secret keys (signing or decryption), and
fully extract decryption keys, by measuring the laptop’s electromagnetic emanations during decryption of a chosen ciphertext.
In their experiments they used a Funcube Dongle Pro+ to measure the unintentional RF emissions coming out of a laptop computer at around 1.6-1.75 MHz, but they also mention that a low cost RTL-SDR with upconverter could also work.
Every time the CPU on a target PC performs a new operation the unintentional frequency signature that is emitted changes. From these emissions they are able to use the unique RF signature to determine what operations are being performed by the CPU, and from that they can work out the operations GnuPG is performing when decrypting data. They write:
Different CPU operations have different power requirements. As different computations are performed during the decryption process, different electrical loads are placed on the voltage regulator that provides the processor with power. The regulator reacts to these varying loads, inadvertently producing electromagnetic radiation that propagates away from the laptop and can be picked up by a nearby observer. This radiation contains information regarding the CPU operations used in the decryption, which we use in our attack.
Recovering CPU assembly code operations from its unintentional RF emissions.
In addition to the above they were also able to create portable attack hardware by connecting the Funcube Dongle Pro+ with a small Android based embedded computer called the Rikomagic MK802 IV. They also show that they were even able to perform the portable attack with a standard AM radio with the output audio being recorded with a smart phone.
A portable version of their attack set up with the Funcube Dongle Pro+ and microcontroller.
The researchers write that they will present their work at the CHES 2015 conference in September 2015.
Simon (G0FCU) has been using his HackRF Blue to transmit DVB-S video captured from his video camcorder. In the ham radio hobby there is something called digital amateur television (DATV) in which amateurs transmit digital video over radio to repeaters. Simon writes that in the UK DATV is usually transmitted at above 1.2 GHz and in the DVB-S format, which is the same format used by some satellite TV services.
Although there are dedicated DATV radios, Simon decided that he wanted to use the HackRF Blue as the radio for transmitting his own DATV signals. To do this he uses the software dvgrab to grab the video stream from the camera, then passes it to ffmpeg to compress the raw video into MPEG-2 and then uses a GNU Radio program called gr-dvbs to use the HackRF to transmit the DVB-S stream at 1000 MHz.
To test that his signal was transmitting correctly, Simon then used a standard DVB-S satellite TV with the LNB bypassed.
DSD+ stands for Digital Speech Decoder Plus and is a software program that can allow you to decode digital voice signals such as P25 and MotoTRBO/DMR. DSD+ is under continual development, and in their last public update they began offering early access to the latest DSD+ features in development through their fast lane subscription. The fast lane subscription costs $10 USD for one year and $25 for unlimited early access. Information about joining the fast lane service can be found in the readme file of the latest DSD+ 1.074 public release.
Over on YouTube user John Miller has been testing the latest early access version DSD+ 1.08t. This new version adds trunking support which allows you to follow conversations. Previously other software like Unitrunker was required to follow the trunking signal. On YouTube John has uploaded a video first showing trunking in action, and a second video showing how to set up DSD+ 1.08t for trunking.
The Outernet project aims to be a “library in the sky” satellite based service that will provide free access to daily downloads of data such as books, news, videos and other information. It’s goal is to provide people who may not have easy physical or uncensored access to the internet an easy way to access daily information.
Outernet Overview Poster
To achieve this goal the Outernet project needs a good low cost satellite receiver. The RTL-SDR is a good candidate, but it’s performance at about 1.5 GHz isn’t great, and this appears to be the frequency Outernet wants to use. To improve the performance for satellite reception at these frequencies they have redesigned the RTL-SDR by replacing the R820T2 tuner with a MAX2120 tuner chip which tunes from 925 MHz to 2175 MHz. They have also improved the components used and the PCB layout. The regular RTL2832U chip is used as the ADC and USB interface, so the maximum bandwidth and ADC bit depth remain the same.
The Lantern is currently being prototyped and there is a discussion about it on Reddit. They are aiming for a price point below $20, but note that it will take time to get to that low price as mass production will be required.
Back in 2013 we posted about Juha Vierinen’s project in which he created a passive radar system from two RTL-SDR dongles, two Yagi antennas, and some custom processing code. Passive radar can be used to detect flying aircraft by listening for signals bouncing off their fuselage and can also be used to detect meteors entering the atmosphere. The radar is passive because it does not use a transmitter, but instead relies on other already strong transmitters such as FM broadcast radio stations. Juha writes:
A passive radar is a special type of radar [that] doesn’t require you to have a transmitter. You rely on a radio transmitter of opportunity provided by somebody else to illuminate radar targets. This can be your local radio or television station broadcasting with up to several megawatts of power.
How passive radar works
His previous write up was brief, but now over on Hackaday Juha has made a detailed post about his RTL-SDR passive radar project. In the post he explains what passive radar is, shows some examples of his and others results, shows how it can be done with an RTL-SDR dongle, and finally briefly explains the signal processing required. In his next post Juha aims to go into further detail on how passive radar works in practice.
Below we show a video that shows an example of one of his passive radar tests that was performed with a USRP software defined radio and two Yagi antennas.
This video shows a lot of airplanes around the New England area detected using a simple passive radar setup, consisting of: one USRP and two yagi antennas, a quad core linux PC. Every now and then an occasional specular meteor echo is observed too.
Over on YouTube balint256 (Balint), a researcher at Ettus (creators of the USRP line of software defined radios) has uploaded a video showing how he is using his USRP to help with frequency management at FPV time trial racing events. FPV a.k.a First Person View is a term used to describe the act of flying a remote controlled aircraft such as a quadcopter with an onboard camera that transmits live video down to the pilot. FPV racing is a new sport where pilots race FPV controlled drones around a track.
One important technical challenge at these events is frequency management. FPV drones use many frequencies at around 2.4 GHz for control and 5.8/2.4/1.3 GHz for video. With many drones in the air it is important that frequencies are managed appropriately so as to not jam each others signals.
To try and solve this problem Balint has been using GNU Radio coupled with a USRP X310 software defined radio to get very wide band RF spectrum waterfall views of the 2.4 and 5.8 GHz bands. In the waterfalls he is able to see when control signals and video signals are transmitted and at what frequency, and is able to tell if any are overlapping and jamming each other.
SDR Wideband Spectrum Monitoring for Drone FPV Frequency Management
In addition to this, Balint has also been working on his custom software defined radio based digital video downlink. Back in March we posted about his earlier work on this concept. In the video Balint demonstrates his drone with an on board USRP E310 which is used to send a custom 4.2 Mbps video downlink.
SDR digital video downlink (custom drone FPV) with E310 + webcam
Over on Reddit and GitHub user cuppa-joe has released a Python based EAS SAME Alert message decoder called dsame which is compatible with the RTL-SDR. EAS is an acronym for Emergency Alert System and is a system that is most commonly used to alert the public to local weather emergencies such as tornadoes, flash floods and severe thunderstorms.
Local EAS weather alerts are encoded with the SAME (Specific Area Message Encoding) protocol. They are transmitted on the local weather radio frequency in the USA and Canada and some weather radio’s are capable of decoding the EAS SAME data. Cuppa-joe’s dsame EAS decoder outputs full EAS weather messages such as:
The National Weather Service in Pleasant Hill, Missouri has issued a Required Weekly Test valid until 12:30 PM for the following counties in Kansas: Leavenworth, Wyandotte, Johnson, Miami, and for the following counties in Missouri: Clay, Platte, Jackson, Cass. (KEAX/NWS)
To use the software you will still need to use a EAS demodulator such as multimon-ng which is available for Windows and Linux, and you will also need Python 2.7+ installed.
An example EAS SAME alert can be heard in the player below: