Thank you to Aaron for submitting news about his latest project called "DragonOS" which he's been working on while in COVID-19 lock down. DragonOS is a Debian Linux based operating system which comes with many open source software defined radio programs pre-installed. It supports SDRs like the RTL-SDR, HackRF and LimeSDR.
Aaron's video below shows how to set up DragonOS in a VirtualBox, and he has two other videos on his channel showing how to set up ADS-B reception with Kismet, and how to run GR-RDS in GNURadio. He aims to continue with more tutorial videos that make use of the software installed on DragonOS in the near future.
Over on YouTube user kwon lee has uploaded a video demonstrating a replay attack against a parking barrier arm. The tools he uses are a HackRF and Portapack running the Havok firmware. A replay attack involves recording a control signal with the HackRF+Portapack, and then replaying it later with the transmit function of the HackRF. If no wireless security mechanism like rolling-codes are used, simply replaying the signal will result in the transmission being accepted by the controller receiver.
As he has access to the remote control he records the transmission that is sent when the open button is pressed on the remote. Later once outside he shows how transmitting with the HackRF+Portapack results in the barrier arm opening.
This reminds us of a previous post where we noted how a HackRF was used to jam a garage door keyfob to prevent people from leaving in the TV show "Mr. Robot".
RF Replay Attack _ Parking-Breaker with HackRFone+Portapack+havoc
Over on YouTube SignalsEverywhere has just uploaded his latest video about using a HackRF and Airspy R2/Mini to explore the signals coming out of an internet cable modem's coax cable. In the video he performs a wideband scan with his Airspy R2 and the SpectrumSpy software which shows not only his, but the downstream signals from other users in his neighborhood on the cable network too.
Next using his HackRF with Spectrum Analyzer and the hackrf_sweep fast sweeping software, he was able to determine the uplink portion of his cable modem. By running an internet speed test in the background he was also able to visualize the increased cable data activity on the spectrum waterfall display.
The Secret Signals Hiding In Your Cable Modem | SDR Used to Sniff Cable Internet Modem Coax
A ground penetrating radar (GPR) is a system that uses RF pulses between 10 to 2.6 GHz to image up to a few meters below the ground. A typical GPR system consists of a transmitting radio and antenna that generates the radar pulse aimed towards the ground, and a receiving radio that receives the reflected pulse.
GPR is typically used for detecting buried objects, determining transitions in ground material and detecting voids and cracks. For example, in construction it can be used to determine rebar locations in concrete, and in the military it can be used to detect non-metallic landmines and hidden underground areas.
Their system uses a step-frequency continuous waveform (SFCW) signal which scans over multiple frequencies over time, and the software was written in GNU Radio. In their tests they were able to detect a dry block of sand buried 6 cm below the ground, and a wet block 20 cm below.
During the 2019 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting conference, authors Xuemei Huang, Kun Yan, Hsiao-Chun Wu and Yiyan Wu presented a research paper titled "Unmanned Aerial Vehicle Hub Detection Using Software-Defined Radio". In their work they describe how they were able to use three HackRFs to determine the location of a UAV drone transmitter. The method they use is fairly simple as it makes use of path loss propagation models to determine an estimated distance from each HackRF, so prior knowledge of the transmitter properties is still required.
The applications of unmanned aerial vehicles (UAVs) have increased dramatically in the past decade. Meanwhile, close-range UAV detection has been intriguing by many researchers for its great importance in privacy, security, and safety control. Positioning of the UAV controller (hub) is quite challenging but still difficult. In order to combat this emerging problem for public interest, we propose to utilize a software-defined radio (SDR) platform, namely HackRF One, to enable the UAV hub detection and localization. The SDR receiver can acquire the UAV source signals. The theoretical path-loss propagation model is adopted to predict the signal strength attenuation. Thus, the UAV hub location can be estimated using the modified multilateration approach by only three or more SDR receivers.
Unmanned Aerial Vehicle Hub Detection Using Software-Defined Radio
Over on the TechMinds YouTube channel a new video titled "GPS Spoofing With The HackRF On Windows" has been uploaded. In the video TechMinds uses the GPS-SDR-SIM software with his HackRF to create a fake GPS signal in order to trick his Android phone into believing that it is in Kansas city.
In the past we've seen GPS Spoofing used in various experiments by security researchers. For example, it has been used to make a Tesla 3 running on autopilot run off the road and to cheat at Pokemon Go. GPS spoofing has also been used widely by Russia in order to protect VIPs and facilities from drones.
A few readers have written in to let us know the role SDRs played in the last season of "Mr. Robot". The show which is available on Amazon Prime is about "Mr. Robot", a young cyber-security engineer by day and a vigilante hacker by night. The show has actual cyber security experts on the team, so whilst still embellished for drama, the hacks performed in the show are fairly accurate, at least when compared to other TV shows.
Spoilers of the technical SDR hacks performed in the show are described below, but no story is revealed.
In the recently aired season 4 episode 9, a character uses a smartphone running an SSH connection to connect to a HackRF running on a Raspberry Pi. The HackRF is then used to jam a garage door keyfob operating at 315 MHz, thus preventing people from leaving a parking lot.
Shortly after she can be seen using the HackRF again with Simple IMSI Catcher. Presumably they were running a fake cellphone basestation as they use the IMSI information to try and determine someones phone number which leads to being able to hack their text messages. The SDR used in the fake basestation appears to have been a bladeRF.
In season 4 episode 4 GQRX and Audacity can be seen on screen being used to monitor a wiretap via rtl_tcp and an E4000 RTL-SDR dongle.
Did we miss any other instances of SDRs being used in the show? Or have you seen SDRs in use on other TV shows? Let us know in the comments.
Suspecting interference generated by the HDMI clock, Mike Walters (@assortedhackery) used a HackRF and a near field probe antenna to investigate. By placing the near field probe on the Raspberry Pi 4's PCB and running a screen at 1440p resolution he discovered a large power spike showing up at 2.415 GHz. This interferes directly with 2.4 GHz WiFi Channel 1.
There's an interesting story doing the rounds about the Raspberry Pi 4 WiFi not working at higher HDMI resolutions. I had a quick look with a HackRF & near-field probe and there's definitely a big spike that stamps right on channel 1 pic.twitter.com/FXRebYYJxw
There’s a giant spike that could easily interfere with Channel 1 of a Wi-Fi adapter. So why is this happening? Because a 2560×[email protected] has a pixel clock of 241.5MHz and has a TMDS (transition-minimized differential signaling) clock of 2.415GHz, according to Hector Martin (@Marcan42). And what frequency does the RBP4 use for Wi-Fi? 2.4GHz. Which means… outputting on HDMI over 1440p can cause interference in a Wi-Fi channel.
The ExtremeTech article also notes that this problem is not unique to the Raspberry Pi 4 only. It turns out that USB 3.0 hardware is to blame, and this problem has occurred before with USB3.0 hard driver and on some MacBooks.
While the interference appears to be localized to the near field around the Pi4 PCB, we suspect that you could use TempestSDR to remotely eavesdrop on the Pi 4's video output if the interfering signal was boosted.