Over on his YouTube channel SignalsEverywhere, Corrosive has just released a new video titled "Software Defined Radio Introduction | What SDR To Buy? | Choose the Right one For You". The video is an introduction to low cost software defined radios and could be useful if you're wondering which SDR you should purchase.
The video includes a brief overview of the Airspy, KerberosSDR, PlutoSDR, LimeSDR Mini, HackRF, SDRplay RSPduo and various RTL-SDR dongles. In addition to the hardware itself Corrosive also discusses the compatible software available for each SDR.
Software Defined Radio Introduction | What SDR To Buy? | Choose the Right one For You
Several years ago back in 2013 and 2014 we uploaded two posts showing how it was possible to use an SDR to listen in to restaurant pagers and collect data from them, and also to spoof their signal and activate them on demand. If you were unaware, restaurant pagers (aka burger pagers), are small RF controlled discs that some restaurants hand out to customers who are waiting for food. When the food is ready, the pager is remotely activated by the staff, and then flashes and buzzes, letting the customer know that their order can be picked up.
Over on YouTube user Tony Tiger has uploaded a video that shows an overview on how to reverse engineer the signal coming from a particular brand of restaurant pagers. The tools he uses include a HackRF SDR and the Inspectrum and Universal Radio Hacker software packages. If you're interested in reverse engineering signals, this is a good overview. Later in the video he shows a GNU Radio and Python program that he's created to control the pagers.
Recently we've heard of a new Linux distribution called SigintOS becoming available for download. SigintOS is an Ubuntu based distribution with a number of built in signal intelligence applications for software defined radios such as RTL-SDRs and other TX capable SDRs like the HackRF, bladeRF and USRP radios.
The distro appears to be very well executed, with a built in GUI that grants easy access to the some common sigint tools like an FM and GPS transmitter, a jammer, a GSM base station search tool and an IMSI catcher. SigintOS also has various other preinstalled programs such as GNU Radio, gr-gsm, YatesBTS, wireshark and GQRX.
The OS also teases an LTE search and LTE decoder which to access requires that you get in contact with the creators, presumably for a licencing fee. Regarding an LTE IMSI catcher they write:
LTE IMSI Catcher is not myth!
Due to the nature of LTE base stations, the capture of IMSI numbers seems impossible. LTE stations use GUTI to communicate with users instead of IMSI. The GUTI contains the temporary IMSI number called T-IMSI. This allows the operator to find out who is at the corresponding LTE station who is authorized to query T-IMSI information.
Can the GUTI number be found? Answer Yes!
How to find GUTI and T-IMSI numbers? Can be found with the help of SigintOS …
Back in December of last year Corrosive from his YouTube channel SignalsEverywhere showed us a demo video of him receiving unecrypted DECT digital cordless phones with his HackRF.
DECT is an acronym for 'Digital Enhanced Cordless Telecommunications', and is the wireless standard used by modern digital cordless phones as well as some digital baby monitors. In most countries DECT communications take place at 1880 - 1900 MHz, and in the USA at 1920 - 1930 MHz. Some modern cordless phones now use encryption on their DECT signal, but many older models do not, and most baby monitors do not either. However, DECT encryption is known to be weak, and can be broken with some effort.
In his latest video Corrosive shows us how to install GR-DECT2 on Linux, which is the GNU Radio based decoding software required to decode the DECT signal. He then goes on to show how the software can be used and finally provides some optimizations tips.
DECT 6.0 Cordless Phone Eavesdropping {Install GR-DECT2 and Decode with HackRF SDR} or E4000 RTL SDR
Over on YouTube SignalsEverywhere (aka Corrosive) has uploaded a new video where he shows a demonstration of him listening in to a DECT digital cordless phone with his HackRF.
DECT is an acronym for 'Digital Enhanced Cordless Telecommunications', and is the wireless standard used by modern digital cordless phones as well as some digital baby monitors. In most countries DECT communications take place at 1880 - 1900 MHz, and in the USA at 1920 - 1930 MHz. Some modern cordless phones now use encryption on their DECT signal, but many older models do not, and most baby monitors do not either. However, DECT encryption is known to be weak, and can be broken with some effort.
In his video Corrosive uses gr-dect2, a GNU Radio based program that can decode unencrypted DECT signals. In the video he shows it decoding a DECT call from his cordless phone in real time.
DECT 6.0 Phone Decoded With HackRF SDR | Demonstration
Airspy is currently running a 15% Black Friday sale over on the manufacturers website iead.cc, and on their US distributor airspy.us. The coupon code is BF2018.
This results in an Airspy Mini costing only $84.15, an Airspy HF+ costing $169.15, an Airspy R2 costing $143.65 and a SpyVerter costing $41.65. This is the cheapest we've seen these products to date.
Over on Ham Radio Outlet, the RSP2 is currently reduced by $20, taking it down to a price of only $149.95. The RSP2 Pro is also reduced down to $192.95. Other SDRplay products, and products on their website appear to be not discounted.
HackRF
Over on SparkFun the original HackRF is 20% off, resulting in a price of only $239.96. It's still double the price of an Aliexpress clone, but it is an original unit. In the UK ML&S are also selling it for 15% off at £219.95. This is the cheapest price we've seen an original HackRF sold for.
Elad FDM S2
At the higher end of the SDR spectrum, we see that the Elad FDM-S2 is currently reduced by $51, resulting in a sale price of $529.
Most of these sales are expected to run until Monday, or until stocks run out.
Have you found any other great SDR deals? Let us know in the comments.
Netxing's idea was to use an FM transmitter connected to a computer to transmit known magnetic stripe card data via FM to the Portapack. The Portapack then receives and outputs this as FM audio to an electromagnet connected to the audio out jack, allowing it to activate the magnetic card reader.
Using this method it could be possible to make a payment by transmitting card data remotely over an FM signal. We're not sure on why you'd want to do this, but it is an interesting experiment regardless.
Thanks to Tony C who wrote in and wanted to share a method that he's found to listen to multiple DMR digital voice channels in Linux. DSD+ is a Windows program that can be used to decode DMR. Although for Windows it is possible to use in Linux via the emulator known as Wine, and pipe the digital audio to it from GQRX. In the quote below, DSD+ "FL" is short for "Fast Lane" which is DSD+'s paid beta service that you can join to get newer code with more features. Tony writes:
I believe that can bridge the gap between using Linux with the ease of use programs of windows. As I am sure we both can attest that setting up trunk tracking / anything SDR is not as easy on Linux as it is on windows. For example, DSDplus FL makes it extremely easy to identify/decode DMR networks. There are similar things that can be done on Linux, but as I stated, it isn’t as easy to setup.
So the method that I setup and have been using successfully, using Ubuntu and a HackRF, setting up DSDplus 2.98 on wine, that gets audio piped from GQRX using a virtual sink as outlined in https://www.hagensieker.com/wordpress/2018/04/29/dsd-in-ubuntu-18-04/. It was a great blog, but I felt that it was incomplete when trying to get all the voice traffic passed on a network, as it only works on 1 channel at a time.
So I found the control channel for the network and created 5 bookmarks in GQRX and gave them the tag “DMR”. From there I downloaded gqrx scanner https://github.com/neural75/gqrx-scanner followed the install and setup instructions. From there I activated the scanner and GQRX will cycle through the frequencies and when voice traffic is passed, it will stop, and DSDPLUS via wine will decode and record the audio.
[The screenshot] example was for P25, but it has worked in connect+ as well, the only thing is that you cannot bookmark the control channel. I know other options exist out there such as SDRtrunk / op25 which I have used, but I believe this provides a good alternative to those who have used windows and are comfortable with the ease of use of dsdplus FL but want to be on the Linux OS.
