Category: HackRF

Snooping Network Traffic from LAN Cables with an RTL-SDR or HackRF

Mordechai Guri is a cyber-security security researcher at Israel's Ben Gurion University of the Negev. Recently Guri has described a method for sniffing network data from LAN Ethernet cables over an air gap through the use of RTL-SDR or HackRF software defined radios. Guri's paper is available directly here.

The idea behind the attack is that ethernet cables can act as an antenna, leaking signals at frequencies which can easily be sniffed by a SDR. The specific technique in the paper does not decode normal network traffic, instead it requires that malicious code which modulates a custom signal over the ethernet cable be installed on the PC first. The technique used appears to be similar to what the Etherify software by SQ5BPF uses, which modulates data in morse code by turning the network card on and off.

Receiving a signal modulated by the LanTenna malware

Installing Remote SDR V2 on a Raspberry Pi 4B

Remote SDR V2 is software that allows you to easily remotely access either a PlutoSDR, HackRF or RTL-SDR software defined radio. It was originally designed to be used with the amateur radio QO-100 satellite, but version 2.0 includes multiple demodulation modes, NBFM/SSB transmission capability, CTCSS and DTMF encoders, modulation compression and a programmable frequency shift for relays.

Over on the programmers blog, F1ATB has put out a new post showing how to install Remote SDR V2 on a Raspberry Pi 4B. The installation has been made simple thanks for a ready to use SD card image.

If you're interested in an overview of Remote SDR V2, we have posted previously about a Tech Minds review of the software.

Remote SDR V2 with a PlutoSDR

A SDR Digital Voice Hotspot with GNU Radio, MMDVM and QRadioLink

Thank you to Adrian (YO8RZZ) for writing in and sharing with us his article explaining how to use an SDR to set up a digital voice hotspot for digital voice modes supported by MMDVM such as D-Star, DMR, System Fusion, P25 and NXDN. Adrian notes that this is possible with any full duplex SDR such as the LimeSDR or PlutoSDR, or with a combination of simplex devices, such as a HackRF for transmitting combined with an RTL-SDR for receiving.

MMDVM is firmware that normally runs on an ARM microcontroller board such as the Arduino Due, and is designed to be interfaced with hardware radios via the microcontrollers built in ADC and DAC hardware.

In order to use an SDR instead of physical hardware radios, Adrian's article describes how a fork of MMDVM called MMDVM-SDR is used in his system as this allows the code to run on a normal Linux computer with an SDR. GNU Radio running on Adrian's own QRadioLink software is then used to create software ADC/DAC interfaces for the SDR and MMDVM-SDR to interface with, as well as providing a user interface.

QRadioLink used as the UI for MMDVM-SDR and GNU Radio

BSides Talk: Hacking RF Breaking what we can’t see

Over on YouTube the BSides Halifax channel has uploaded a recent talk given by Security Engineer Grant Colgan titled "Hacking RF Breaking what we can't see". In the talk Grant first shows the various bits of wireless devices that he tests, as well as the receiver equipment that he uses which includes a HackRF and RTL-SDR dongles. He goes on to show various live demos.

An often overlooked aspect of security is what happens when information is moving magically from one device to another with no wires. We know this as (usually) Wifi or Bluetooth and any attacks are usually based on these technologies. However when you widen the scope to RF wireless communication, A lot more tools become available. In this talk I will be talking about the attack and doing live demos.

Hacking RF Breaking what we can't see - Grant Colgan (BSides Halifax 2021)

uSDR: A Lightweight Multimode SDR Receiver Program for Windows

Thank you to Viol Tailor for submitting news about the release of his general purpose multimode software defined radio receiver program for Windows called "uSDR" or "microSDR". Viol writes that uSDR is designed as a lightweight binary with a simple and compact user interface and highly optimized DSP to minimize CPU, hence the "micro" part of the name.

The software is compatible with RTL-SDR, Airspy, BladeRF, HackRF and LimeSDR radios. It has features including demodulation, base band and pass band recording, playback, and spectrum and waterfall visualizations.

uSDR aka microSDR. A lightweight SDR receiver program from Windows.

Dump1090 with HackRF Windows Support

Thank you to Egor for writing in a sharing his work on modifying dump1090 in order to support the HackRF on Windows. dump1090 is software that is often used with RTL-SDR dongles for decoding ADS-B data for aircraft tracking. He writes:

Some time ago I was looking for dump1090 version with HackRF support that could work on Windows. But I have not found such version.
 
So I forked Malcolm Robb's version of dump1090 that could be built on Windows around 7 years ago. :) I've updated it and have added HackRF support from Ilker Temir's fork.
Now my version is available here https://github.com/esuldin/dump1090. The main difference from the others that it supports HackRF One device on Windows.

Tech Minds: Remote SDR V2 with Orange Pi and Transmit Capable

In his latest YouTube video Tech Minds explains and demonstrates Remote SDR V2, which is software that allows you to easily remotely access either a PlutoSDR, HackRF or RTL-SDR software defined radio. It is designed to be used with the amateur radio QO-100 satellite, but version 2.0 now include multiple demodulation modes, NBFM/SSB transmission capability, CTCSS and DTMF encoders, modulation compression and a programmable frequency shift for relays.

In his video Tech Minds shows how to install Remote SDR V2 onto an Orange Pi via the SD card image, how to access the web interface, and how to access and use the connected SDR.

Remote SDR V2 with Orange Pi and Transmit Capable

We note that the code is designed to be run on Orange Pi boards, which are low cost single board computers similar to Raspberry Pi's. However over on Twitter @devnulling has indicated that his own fork of the code should run on x86 systems. Aaron @cemaxecuter is also working on including it into a DragonOS release.

The image below demonstrates a typical Remote SDR V2 transceiver setup with two HackRFs.

A full QO-100 Transceiver Setup with Remote SDR V2 and two HackRF's.

Transmitting ggwave Sound Encoded Messages with a HackRF SDR

Thanks to Rado for submitting his news about the release of his project called "ggwave-fm" which allows transmitting of ggwave encoded messages with an SDR. The idea behind the original ggwave is to allow data transfer between devices using audio tones. This is useful for things like serverless one to many data broadcasts, device pairing, IoT devices and audio QR codes. Many products such as wireless security cameras already uses a similar audio data transfer system for automatically sending WiFi login data from a smartphone to the camera. Rado writes:

Ggwave is an open-source library that allows you to communicate small amounts of data between air-gapped devices using sound. You can find some technical details and a lot of examples on the project page: https://github.com/ggerganov/ggwave.

I thought it'd be cool to somehow extend the range of transmission for ggwave and this is how ggwave-fm was born. It modulates ggwave encoded messages with NBFM, interpolates the signal and produces a complex sampled IQ file which is ready for transmission with an SDR. 

In the video shown below Rado demonstrates ggwave-fm working with a HackRF and uses a Baofeng FM radio as the receiver, with the "Waver" mobile app for decoding. He notes that the demo script (demo.sh) used in the video is availalbe in the Git repository.

Transmit ggwave messages with HackRF