Category: HackRF

A Review of the New HackRF PortaPack H4M

The PortaPack H4M by OpenSourceSDRLab is a new design of the HackRF PortaPack which comes with various improvements. The PortaPack H4M adds I2C capable GPIO ports, a USB-C connector, a built-in speaker and microphone, a better screen, a proper on/off button that won't easily activate in a bag, flat design for easier storage, and improved charging speed.

The PortaPack H4M is currently available as a bundle for US$152 from Chinese manufacturer OpenSourceSDRLab. The bundle includes the PortaPack H4M PCB, and a HackRF R10c clone.  This is exceptionally good value, considering that an original HackRF (just the HackRF without PortaPack) sells for US$319. However, just be aware that by purchasing clones you are not supporting GreatScottGadgets, the original developers of the HackRF.

If you were unaware, the HackRF PortaPack is an accessory for the HackRF SDR that enables portable use, with a display, controls, and onboard processing for direct signal demodulation, modulation, decoding, and encoding, all without needing a computer.

Over on YouTube RocketGod has uploaded a video showing some of the PortPack H4M's new features, how to install the Mayhem Firmware, and then showing it in action with it receiving a few signals.

HackRF Portapack H4M - Getting Started Guide

We've also seen another video by sn0ren that also introduces and shows the PortaPack H4M in action.

The new HackRF Portapack H4M

hackrf_sweeper: A Reimplementation of hackrf_sweep as a Library

Information security company Subreption recently wrote in and wanted to share their recently released 'hackrf_sweeper' library. This library is based on the official hackrf_sweep code, which enabled HackRF SDR devices to sweep across a wide frequency range and rapidly build up a wideband spectral plot. They write:

This is a refactoring or reimplementation of hackrf_sweep as a library, providing a carefully chosen API to leverage the HackRF sweeping capabilities in a reusable, low-frustration fashion. The library provides support for user-supplied callbacks to process raw transfer buffers or the already calculated FFT bins, including a bypass mode to allow for entirely off-loading the data processing to the caller. It also implements a rudimentary opaque mutex (locking) state for multi-thread applications.

A demo application is a re-implementation of the original hackrf_sweep tool as a CURVE-encrypted publisher sending msgpack frames to any receivers subscribed to it. A companion demo application is included in the form of a Python program that processes these frames and generates a real-time plot of the RF spectrum, the last peak detections and the absolute peaks -maximum observed-.

Past projects attempting to provide similar capabilities include hackrf-spectrum-analyzer (https://github.com/pavsa/hackrf-spectrum-analyzer). hackrf_sweeper provides continuous sweeping support instead of one-shot sweeps, besides the aforementioned improvements.

The team also notes that they are soon planning on releasing a GNU Radio block that leverages the library.

Example output from hackrf_sweeper
Example output from hackrf_sweeper

HackRF and Portapack Featured in Recent Linus Tech Tips Video

Over on YouTube the Linus Tech Tips channel has recently released a video about the HackRF titled "It’s TOO Easy to Accidentally Do Illegal Stuff with This". Linus Tech Tips is an extremely popular computer technology YouTube channel. The HackRF is a popular transmit capable software defined radio that was released about 10 years ago. The portapack is an add-on for the HackRF that allows the HackRF to be used as a handheld device, and when combined with the Mayhem firmware, it enables easy access to some controversial tools that could get a user into a lot of legal trouble very fast.

In the video Linus, whose team is based in Canada, mentions that they decided to purchase the HackRF and similar devices because of the Canadian government's plan to ban various RF tools, including the Flipper Zero and HackRF.

Linus then discusses and demonstrates "van eck phreaking" with TempestSDR, showing how he can use the HackRF to recover the video from a PC monitor wirelessly. He then goes on to demonstrate how the Portapack can be used to jam a wireless GoPro camera transmitting over WiFi. 

Finally, Linus discusses the legality and morality of such devices being available on the market.

It’s TOO Easy to Accidentally Do Illegal Stuff with This

SignalsEverywhere: Using HackTV to Transmit Analog Television with a HackRF

Over on her YouTube channel SignalsEverywhere, Sarah has uploaded a new video showing how to use a program called 'hacktv-gui' to transmit analog TV signals using a HackRF software defined radio. Analog TV standards such as PAL and NTSC have been phased out in most of the world in favor of digital TV standards instead. However, transmitting these yourself can be a fun experiment that may help breathe life into old television sets.

In the video Sarah explains how to use the hacktv-gui and hacktv software, and how to create a video transmission. She mentions how hacktv also supports the use of a FL2K device, which is a cheap VGA adapter that can be used to transmit signals.

HackTV | Analog Television Transmission with a HackRF SDR

Great Scott Gadgets URTI: Phase Two Progress Report

Over on their GitHub, Great Scott Gadgets, creators of the popular HackRF SDR, have created a phase two progress report for their upcoming URTI product. URTI (Universal Radio Test Instrument) is their next generation software defined radio which will work not only as a full-duplex SDR transceiver, but also as a vector network analyzer, spectrum analyzer and more.

In the phase two update they note that they have completed fabrication of an initial prototype board and have confirmed that all components on the board are functional. They note that much of phase four was already completed in parallel, which means the firmware and gateware development is also close to completion. So hopefully we will see more updates soon.

More information about URTI can be found at greatscottgadgets.com/urti.

URTI (Universal Radio Test Instrument) First Prototype Board

Tech Minds: Taking a look at the new HackRF PortaPack Mayhem Version 2 Firmware

A few days ago the programmers of the popular Mayhem firmware for the HackRF Portapack released version V2.0.0. The new version includes multiple improvements specified in the release text below.

We are super excited to share the what's new with v2.0.0

  • Apps are now stored on the MicroSD Card so we can fit more apps on the device.
  • New file format that contains both the firmware and SD card apps to make updating super easy. (mayhem_v2.0.0_OCI.ppfw.tar)
  • Working USB serial communication when in Portapack mode
  • USB serial web interface (see details a few lines later)
  • One click update using https://hackrf.app
  • New USB serial commands
  • A bunch of bug fixes (see the changelog for the various bugs)
  • Updated 'Settings' (app settings editor, encoder options, date ,config mode, brightness...)
  • BLE apps
  • Raw auto record and replay (see Recon in wiki)

A brand new website to manage your device, https://hackrf.app

  • Can work offline once loaded first (Offline PWA)
  • Remote screen support
  • Remote file system access
  • One click firmware updates
  • Requires a chromium based browser to work

A new organization, Mayhem: https://github.com/portapack-mayhem where you can fin the sources of all our projects! Pull Requests are welcome :-)

Over on the Tech Minds YouTube channel Matt has uploaded a video showing off the new features of the Mayhem V2.0.0 firmware, and also showing how to install it. In the video Matt shows the new SD card browsing features, the new easy firmware one click update procedure, and the new web UI.

The Portapack is an accessory designed to enhance the HackRF software-defined radio (SDR), enabling portable operation. It integrates a display, user interface controls, and onboard processing capabilities. This setup allows for the direct demodulation/modulation and decoding/encoding of a wide variety of signal types without the need for an external computer.

The Best HackRF Portapack Firmware Yet - Mayhem Version 2

Canada Moves to Ban Flipper Zero and Possibly Software Defined Radios

Dominic LeBlanc, Canada's Minister of Public safety has recently declared that they plan to ban devices "used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero". The text specifically calls out the Flipper Zero, however the wording appears to imply that any device that can copy a signal will be banned. This means the ban could extend to RX/TX SDRs like the HackRF and possibly even RX only SDRs like RTL-SDRs.

The Flipper Zero is an affordable handheld RF device for pentesters and hackers. It is not based on SDR technology, however it uses a CC1101 chip, a digitally controlled RX/TX radio that is capable of demodulating and modulating many common digital modulations such as OOK/ASK/FSK/GFSK/MSK at frequencies below 1 GHz. There are many CC1101 devices on the market, but the Flipper Zero has gained huge popularity on social media because of it's excellent software support, as well as its cute marketing tactic. In the past it was even featured on the popular Linus Tech Tips YouTube channel.

Flipper Zero has had a long line of setbacks including PayPal freezing 1.3M of its cash, and US customs temporarily seizing its shipments, then passing a $70,000 bill on to them for storage fees and Amazon banning the product on their marketplace.

In our opinion, we believe that the ban appears to be misguided. The Flipper Zero is a basic device that can only perform a simple replay attack, which is to record a signal, and replay it at a later time. These sorts of attacks do not work on vehicles built after the 90's which now use rolling codes or more sophisticated security measures. To defeat rolling code security, a more sophisticated attack called Rolljam can be used. A Rolljam device can be built for $30 out of an Arduino and two cheap transceiver modules.

However, according to arstechnica the biggest cause for concern in terms of car theft is a different sort of attack called "signal amplification relay".

The most prevalent form of electronics-assisted car theft these days, for instance, uses what are known as signal amplification relay devices against keyless ignition and entry systems. This form of hack works by holding one device near a key fob and a second device near the vehicle the fob works with. In the most typical scenario, the fob is located on a shelf near a locked front door, and the car is several dozen feet away in a driveway. By placing one device near the front door and another one next to the car, the hack beams the radio signals necessary to unlock and start the device.

This sort of attack is a lot less sophisticated in many ways as all you are doing is amplifying a signal, and no clever hardware like the Flipper Zero or a software defined radio is even required. The X video below demonstrates such a hack where a criminal holds up a loop antenna to a house. The loop antenna is connected to a signal amplifier which amplifies the keyfob signal, tricking the car into thinking the keyfob is nearby, and allowing the door to be unlocked by touching the handle, and then turned on with the push to start button.

Flipper zero note that they have not been consulted about the ban, and replied on X stating that they are not aware of the Flipper Zero being used for car theft.

Tech Minds: A Beginners Guide to the HackRF and Portapack with Mayhem Firmware

In one of his latest videos Matt from the Tech Minds YouTube channel has created a beginners guide to the HackRF and Portapack with the Mayhem Firmware. The HackRF is a popular affordable software defined radio with wide frequency range and transmit capabilities. An addon called the Portapack allows the HackRF to go portable, and custom firmware called 'Mayhem' significantly expands it's capabilities.

Matt uses a Chinese HackRF and Portapack clone set from Banggood which can be found very cheaply for around $200 shipped. The original Portpack can be found from the Sharebrained store for $200, and then original HackRF can be found form various resellers listed on the greatscottgadgets website.

In the video Matt unboxes the Portapack, shows an overview of the hardware and then goes on to show how to update the stock firmware to the Mayhem firmware. He then demonstrates a few of the capabilities of the Mayhem firmware.

Beginner's Guide To The HackRF & Portapak With Mayhem