Category: HackRF

Guglielmo FM and DAB Receiver Software Updated to Version 0.7

Thank you to Marco for letting us know that his Guglielmo software has recently been updated to Version 0.7.

Guglielmo is an FM and DAB receiver for Linux, Windows and MacOS. It supports all major SDRs, including RTL-SDR, Airspy, SDRplay, HackRF, and LimeSDR. It is designed to be easy to use for media users rather than hobbyist technical users.

Version 0.7 adds the following features:

  • Raspberry PI appimage
  • UI improvements
  • Basic skins support
  • Logo handling

The new Raspberry Pi appimage, and binaries for other platforms can be found on the GitHub Releases page. Just expand the "assets" tab.

Guglielmo: Screenshot of the DAB Interface

Mykola: A New Fast Multichannel Scanner Application for RTL-SDR, Airspy and HackRF

A new multichannel SDR scanner application called 'Mykola' has recently been released by a Ukrainian programmer with the same name as the application. A scanner application allows users to scan a much wider bandwidth than the SDR's instantaneous bandwidth, while automatically searching for active signals.

Mykola advertises extreme scanning speed abilities, adaptive noise floor, and simultaneous demodulation of 3 channels (20 in the paid pro version). It currently supports RTL-SDR, Airspy R2, and HackRF SDR devices. Some of the other features include automatic normalization of the noise floor, audio panning, and support for Windows and macOS.

The application is free, but a pro version will be available in the future, which enables additional features such as stored channel scanning, recording, voice activation, CTCSS/DCS decoder, SDR migration, channel editor, and a base channel set. The pro version is not yet available, and pricing has not been announced. 

Features of the Mykola Scanning Software
Features of the Mykola Scanning Software
Mykola Scanner Interface
Mykola Scanner Interface

HackRF Pro Updates: Sensitivity and Noise Figure Measurements + Free Stuff Program

Over on the Great Scott Gadgets blog, Mike Walters, one of the team behind the HackRF Pro has uploaded a post detailing the HackRF Pro's sensitivity and noise figure measurements.

If you are unaware, the HackRF One has long been a core staple in the SDR community. While it is not classed as a high-performance SDR for optimized reception, it is one of the most versatile hacker/experimenter SDR's on the market with a wide frequency range, wide bandwidth and RX and TX capability. The soon-to-be-released HackRF Pro is an upgrade from the original HackRF One.

The measurements by Mike show that the HackRF Pro has significantly lower noise figure across all frequencies compared to the HackRF One. A lower noise figure equates to improved receiver sensitivity. However, although improved, the noise figure is still high enough that you'll probably want to use a low-noise amplifier (LNA) for optimizing reception of weaker signals. 

HackRF Pro vs HackRF One Noise Figure Measurements
HackRF Pro vs HackRF One Noise Figure Measurements

Mike also confirms the noise figure improvements equate to improved real world performance by receiving ADS-B signals from aircraft, with the HackRF Pro showing increased range and doubling the number of messages received.

HackRF Pro (Blue) vs HackRF One (Red) ADS-B Range Comparison
HackRF Pro (Blue) vs HackRF One (Red) ADS-B Range Comparison

Also, in related news from a post a few days earlier, Maggie Way wrote about the Great Scott Gadgets free stuff program. This program allows people in the open source hardware community to submit a request for free hardware from Great Scott Gadgets if they have intentions to use the hardware to spread education, support community projects, or contribute to open source projects or research

Demonstrating a Rollback Attack on a Honda via HackRF Portapack and an Aftermarket Security Solution

Over on YouTube "Obsessive Vehicle Security" has uploaded a video demonstrating a rollback attack against a Honda vehicle using a HackRF Portapack and the "Remote" function on the Mayhem firmware. His recent blog post also succinctly explains the various types of keyless vehicle theft used by modern thieves, including Roll-Jam, Relay Amplification and Rollback attacks. Regarding rollback attacks he explains:

A Rollback Attack works by capturing remote signals and replaying them. In theory this should not be possible with a rolling code remote system, however, a large number of vehicles are vulnerable to it. Including my 2015 Honda Vezel!

For it to work on the Honda I need to capture 5 consecutive remote signals. It does not matter if the car has seen these or not, when I replay them it re-syncs and unlocks the car. I have tested this and can replay the sequence as many times as I like. It always works.

He also mentions in the video how an aftermarket security system can partially mitigate these attacks.

In the past we also posted about Flipper Zero based rollback attacks.

Rollback Attack on Honda - HackRF One Bypasses Rolling Code Security

Two YouTube Reviews of the new PortaRF – A New HackRF Portapack Combo

Recently, OpenSourceSDRLab, a Chinese store and lab that sells existing SDR products, and some unique products of their own design, has started taking pre-orders for their new "PortaRF" product

The PortaRF melds the HackRF and Portapack into a single PCB. They advertise it as an evolution of the PortaPack H4M, which is their popular clone of the original PortaPack, upgraded from the original. The PortaPack H4M has become one the most recommended HackRF PortaPack options on the market, even surpassing the original HackRF PortaPack, due to its high quality, excellent features, and significantly lower cost compared to the original.

The PortaRF features several improvements, including a larger 4" IPS screen compared to the 3.2" non-IPS screen on the H4M, increased flash storage from 1MB to 2MB, a higher internal battery capacity of 3000 mAh, and the addition of a new joystick control. Interestingly, OpenSourceSDRLab has also indicated that the production version may come with an AI module, which will allow the PortaRF to respond to voice commands.

The PortaRF is expected to ship around November 20, and it costs US$220, shipped from China. In comparison, the PortaPack H4M sells for US$165, shipped from China.

Recently, two reviews of the PortaRF were uploaded to YouTube. The first is by TechMinds, which provides an overview of the features and opens it up, showing the internals.

PortaRF - A NEW HackRF PortaPack Combo In One Single Board

The second review is from sn0ren who also reviews the features, and shows the internals. Sn0ren also makes some notes about his likes and dislikes with the new design.

HackRF Portapack Evolved? This is PortaRF

Tech Minds: Testing out Discovery Dish for Inmarsat and Hydrogen Line Radio Astronomy

Over on YouTube Matt from the Tech Minds YouTube channel has recently uploaded a new video where he tests out our Discovery Dish antenna. Discovery Dish is designed to be a low-cost, portable solution for receiving L-band and S-band weather satellites, Inmarsat satellites, conducting amateur hydrogen line radio astronomy, and more.

In the video, Matt unboxes the Discovery Dish and provides an overview of the build process before demonstrating its use in decoding AERO and STD-C messages on Inmarsat. He then shows the dish and Inmarsat feed being used to receive Iridium satellites, and how they can be decoded using iridium-extractor with a HackRF or Airspy R2.

Finally, Matt swaps out the Inmarsat feed for the Hydrogen Line feed. Using SDR#, the IF AVG plugin, and Stellarium, he was able to obtain a clear hydrogen line peak.

This Discovery Dish Is The ONLY Satellite Dish You Will Need!

TEMPEST-LoRa: Emitting LoRa Packets from VGA or HDMI Cables

University researchers from China have recently shown in a research paper that it is possible to maliciously cause a VGA or HDMI cable to emit LoRa compatible packets by simply displaying a full-screen image or video. This has potential security implications as a malicious program could be used to leak sensitive information over the air, completely bypassing any internet or air-gap security systems.

In the past, we have demonstrated that TEMPEST techniques can be used to spy on monitors and security cameras by analyzing the unintentional signals they emit. This research takes the idea a step further by determining what particular images need to be displayed to create a LoRa packet with data. 

In the paper, the researchers mention using either off-the-shelf LoRa devices or low-cost SDRs such as the HackRF to receive the packets. The advantage of the SDR method is that it allows for customization of the frequency and the use of LoRa-like packets, which can achieve even longer ranges and higher data rates. The team show that they were able to achieve a receive range of up to 132 meters and up to 180 kbps of data rate.

TEMPEST-LoRa Test Setup
TEMPEST-LoRa Test Setup
(Demo video) TEMPEST-LoRa: Cross-Technology Covert Communication

Michael Ossmann Gives A First Look at the HackRF Pro in YouTube Video

Recently, Great Scott Gadgets announced the upcoming September release of their HackRF Pro, an upgrade to their popular HackRF software-defined radio. 

On YouTube, Michael Ossmann, the founder of Great Scott Gadgets, has just uploaded a video explaining the improvements that the HackRF Pro will bring. Apart from the change from microUSB to USB-C, Michael demonstrates how the HackRF Pro has achieved improved performance by eliminating the DC spike and reducing the number of strong signal mirror images.

First Look at HackRF Pro