Category: HackRF

TechMinds: Testing out the SDRBerry Software on a Pi 4 with Touchscreen

Over on the TechMinds YouTube channel, Matt has posted a video demonstrating the SDRBerry software, which can be used with many SDR devices, including the RTL-SDR, on a Raspberry Pi with a touchscreen.

The SDRberry software is designed to be used on a touchscreen. As Matt points out, it has an aesthetically pleasing user interface and is compatible with almost any SDR software via the Soapy interface. Combining an SDR with a Pi 4 touchscreen and SDRberry results in an excellent hand-held SDR system.

In the video, Matt demonstrates the features of SDRberry, showing its RX features as well as some of its TX features, such as speech transmission and FT8, via a built-in WSjtx tab. He then shows the optional web interface, which is still in the early stages of development. Finally, he shows how to install the software and dependencies onto a fresh Raspbian image. 

SDRBERRY - This User Interface Is Just GORGEOUS! AND IT USES SOAPY TOO!

Saveitforparts: Snooping on the SatGus Selfie Satellite

SatGus is a recently launched cubesat owned by CrunchLabs/Mark Rober, an extremely popular science and engineering YouTuber. The satellite is designed to take selfies of CrunchLabs customers' own photos in space, using a screen and a selfie camera mounted on the satellite. It then broadcasts the selfie image back down to a CrunchLabs ground station, where it is eventually emailed to the customer. Customers then claim that they've had their selfie taken in space.

Over on the saveitforparts YouTube channel, Gabe has been attempting to listen in on the SatGus downlink using a HackRF and a motorized satellite dish setup. SatGus transmits telemetry at 400.2 MHz and the payload dump at 2,262.5 MHz. While he is able to receive the signal, Gabe notes that it is encrypted, so not much can be done with it.

Snooping On SatGus Again

Saveitforparts: Receiving Military DMSP Satellite Data with a Hacked TV Dish

Over on the saveitforparts YouTube channel, Gabe has uploaded a video showing how he uses a hacked TV satellite dish to receive satellite weather data from Defense Meteoroloogical Satellite Program (DMSP) satellites.

These satellites were initially developed during the Cold War and featured an encrypted downlink of meteorological data. However, recently, the DMSP downlink has encryption turned off when passing over the northern half of the USA (40°-41° latitude and up to 60° North), allowing hobbyists in some parts of the USA to decode images. 

In his video, Gabe uses a HackRF SDR with an old DirectTV dish with a modified S-band helical feed mounted on a hacked Wineguard motorized platform that was originally intended for automatically pointing TV dishes on RVs. Despite some initial problems with the SatDump software crashing, he is eventually able to receive some nice, clean images.

Interestingly, Gabe also shows what the signal looks like while encrypted and how it transitions to the unencrypted signal after the satellite passes over the threshold. 

We note that it is not documented by the military why encryption is being turned off only over the northern half of the USA. Still, it is speculated that the military doesn't consider images over this part of the USA to be sensitive, and disabling encryption could help save power and help other organizations with scientific research. However, as Gabe mentions in the video, being a Cold War-era satellite, the image quality from DMSP isn't great, and more modern satellites like the NOAA series give much better images over the entire earth unencrypted. 

Grabbing Military Satellite Data With Hacked TV Dish

Video on the Basics of SDR for Hackers

On YouTube, An0n Ali posted a video providing a good overview of the basics of using a software-defined radio for hacking. The video introduces RTL-SDR and how it can be used to listen to unencrypted communications, the HackRF and how it can be used for replay and jamming attacks, and the Flipper Zero, noting how it is a more beginner-friendly entry into the world of RF security.

HACK RADIO FREQUENCIES! (SDR Basics)

Building a ‘WiFi Camera’ with a HackRF and Helical Antenna on a Motorized Pan-Tilt Mount

Recently, "The Thought Emporium" YouTube channel uploaded a video showing how they have created a 'WiFi Camera' using a HackRF and helical antenna mounted on a motorized Pan-Tilt mount.

The Thought Emporium has actually already done this experiment back in 2018, as seen in a previous post; however, in the latest video, they iterate on the design, releasing a new open-source 3D printable version.

The idea behind the 'WiFI camera' is to point the directional helical antenna in different directions using the motorized mount and measure the WiFi signal power using the HackRF at each spot it points towards. Each measurement results in a heatmap pixel, and once enough pixels have been collected, an image is formed.

This Camera Can SEE WiFi

DragonOS: Setting up AISMon with WINE and Virtual Audio Sink for HackRF and RTL-SDR

Over on his YouTube channel Aaron, creator of the DragonOS image (a Linux image with many built-in SDR compatible programs) has uploaded a new video showing how it is possible to run the Windows only AISMon software on Linux, using WINE. WINE is a Windows emulator for Linux which allows users to run some Windows software on Linux.

In the video Aaron shows how to set up WINE on the DragonOS Linux image, how to run AISMon with it, and how to set up the Virtual Audio Cable sink which is required to pass the audio from SDR++ to AISMon. He also shows how he tests his setup using the AIS-Simulator software with a HackRF, and an RTL-SDR for receiving.

DragonOS FocalX Setup AISMon with WINE + Virtual Audio Sink (HackRF, RTLSDR, SDR++, AIS-Simulator)

Using a HackRF and JavaScript Browser App to Perform Rolljam Replay Attacks on a Car

Over on her website, Charlie Gerard has uploaded a page showing how she was able to perform a replay attack on a car's wireless entry system using a HackRF and a JavaScript browser app she wrote.

Previously, Charlie had already written a JavaScript browser app for ADS-B tracking with an RTL-SDR. To achieve this she used the WebUSB API, which allows USB devices to connect to JavaScript apps in a web browser.

Having recently purchased a HackRF she wanted to see if something similar was possible with the HackRF. In her post, Charlie shows and explains the JavaScript code required to connect to the HackRF from a Chrome browser, and how settings like gain, frequency and sample rate can be adjusted. She then shows how to use the Canvas API to visualize the received data. Finally, she shows how to use the File System Web API to record data, and ultimately retransmit the recorded data with the HackRF.

The replay attack itself is based on the rolljam idea. She uses two HackRF's, with one sitting closer to the car's receiver and jamming it, and another recording the car's keyfob. This prevents the car from incrementing the keyfob's rolling code, allowing it to be recorded and used again at a later time.

Charlie has also posted a video of her tests, which we embedded below.

Hacking my friend's car using JavaScript

Guglielmo FM and DAB Receiver Software Updated to Version 0.6

Thank you to Marco, Guglielmo's programmer, for letting us know that his software has recently been updated to Version 0.6.

Guglielmo is Linux, Windows (and, in this recent update, x86 MacOS) based RTL-SDR FM and DAB tuner software that supports SDRs, including the RTL-SDR, Airspy, SDRplay, HackRF, and LimeSDR. It is designed to be easy to use for media users rather than hobbyist technical users.

Version 0.6 fixes bugs and adds the following features:

  • Software automatic gain control
  • Support for multiple devices for RTL-SDR and SDRplay
  • Support for RTL-SDR V4
  • New RTL-SDR and SDRPlay device drivers
  • New Portaudio sound driver
Guglielmo: Screenshot of the DAB Interface