Category: HackRF

BeagleBone Black Image File with RTL-SDR + GNU Radio + More

A ready to go Ubuntu 14.04 image file for the BeagleBone Black that contains various SDR related resources for the RTL-SDR and other SDRs like the HackRF has been released by KD0CQ. The BeagleBone Black is a small embedded PC that is powerful enough to run many SDR software programs. The image file is very useful as installing some software like GNU Radio on an embedded PC can be very tedious. Below is a list of software included in the image file.

  • GNURadio 3.7
  • keenerd’s rtlsdr bundle
  • gqrx
  • multimode (having issues compiling, will contact author. Prob compatibility issues with gnuradio 3.7)
  • LTE-Cell-Scanner
  • LTE-Tracker
  • multimon – Pogsac Pager Decoder
  • rtl_flex_noX – Flex Pager Decoder
  • SuperKuh’s Dongle Logger – pyrtlsdr – Fast version
  • rtl_433
  • SDR-J
  • rtl_sdr wide spectrum analyzer
  • DSD 1.7
  • RTLAMR
  • RTL_FM_Python
BeagleBone Black
BeagleBone Black

Micheal Ossmann’s Software Defined Radio Course

Micheal Ossmann, creator of the HackRF is starting an online video course on the topic of software defined radio (SDR). His course will cover GNU Radio and will help you to learn the fundamentals of digital signal processing. The first video has been released and in this video Micheal shows how to set up a broadcast FM receiver in GNU Radio.

To do the exercises in the course you will need a HackRF or other similar SDR radio. Most exercises involving reception only should be compatible with the RTL-SDR with some small modifications relating to things like the changing sample rate.

HackRF Initial Review

The HackRF One is a new software defined radio that has recently been shipped out to Kickstarter funders. It is a transmit and receive capable SDR with 8-Bit ADC, 10 MHz to 6 GHz operating range and up to 20 MHz of bandwidth. It can now be preordered for $299 USD. We just received ours from backing the Kickstarter and here’s a brief review of the product. We didn’t do any quantitative testing and this is just a first impressions review. So far we’ve only tested receive on Windows SDR#.

Unboxing

Inside the box is the HackRF unit in a quality protective plastic casing, a telescopic antenna and a USB cable. We show an RTL-SDR next to the HackRF for size comparison.

HackRF + Telescopic Antenna + USB Cable + Box (RTL-SDR Dongle Shown for Size Comparison)
HackRF + Telescopic Antenna + USB Cable + Box (RTL-SDR Dongle Shown for Size Comparison)
Back of the box
Back of the box

Continue reading

Videos from DEFCON 22 Wireless Village Talks

Another security and hacking conference that recently finished is Defcon 2014. During this conference there was a “Wireless Village” were there were talks discussing all things related to radio frequency. During this conference there were many talks related to Software Defined Radio.

A list of all talks at the Defcon Wireless Village 2014 can be found on this page. The most interesting talks that we found related to SDR are shown below.

Hacking the Wireless World with Software Defined Radio

Presented by Balint Seeber, SDR Evangelist as Ettus Research. Balint presented a similar talk at Black Hat and the slides to go along with that can be found here.

Ever wanted to spoof a restaurant’s pager system? How about use an airport’s Primary Surveillance RADAR to build your own bistatic RADAR system and track moving objects? What sorts of RF transactions take place in RFID systems, such as toll booths, building security and vehicular keyless entry? Then there’s ‘printing’ steganographic images onto the radio spectrum…

Wireless systems, and their radio signals, are everywhere: consumer, corporate, government, amateur – widely deployed and often vulnerable. If you have ever wondered what sort of information is buzzing around you, this talk will introduce how you can dominate the RF spectrum by ‘blindly’ analysing any signal, and then begin reverse engineering it from the physical layer up. I will demonstrate how these techniques can be applied to dissect and hack RF communications systems, such as those above, using open source software and cheap radio hardware. In addition, I’ll show how long-term radio data gathering can be used to crack poorly-implemented encryption schemes, such as the Radio Data Service’s Traffic Message Channel. If you have any SDR equipment, bring it along!

14 Hacking theWireless world with software defined radio 2 0

So ya wanna get into SDR?

Not explained through erotic interpretive dance, though could be, this presentation will cover the essentials for getting into the software defined radio hobby. Hardware requirements, distributed nodes, architecture designs, tips/tricks, random projects and common mistakes will be explained. This will be a technical talk that will be open for harassment, jokes, interaction and presented in a way that everyone will be able to take something away from it; wait, this is Vegas… but we’re hackers…

01 so you want to sdr

SDR Tricks with HackRF

HackRF and some other Software Defined Radio platforms can be used in creative ways. I’ll show methods, including a dirty trick or two, for using HackRF outside the advertised frequency range. I’ll also show how the HackRF design lends itself to use as an oscilloscope or function generator suitable for many hardware hacking tasks.

18 SDR Tricks with the hackrf

PortaPack: Is that a HackRF in your Pocket?

The PortaPack H1 transforms the HackRF One software-defined radio into a hand-held radio exploration tool. Spectrum analysis, monitoring and logging, and demodulation and injection of simpler digital modes will be demonstrated by Jared Boone, a HackRF project contributor.

16 Porta pack is that a hackrf in your pocket

PHYs, MACs, and SDRs

The talk will touch on a variety of topics and projects that have been under development including YateBTS, PHYs, MACs, and GNURadio modules. The talk will deal with GSM/LTE/WiFi protocol stacks.

17 PHYs MACs and SDRs

SDR Unicorns

A panel with SDR Gurus Michael Ossmann, Balint Seeber and Robert Ghilduta.

Simulating Estimote’s iBeacon using a HackRF

Over on YouTube user Jiao Xianjun has uploaded a video showing a HackRF simulating an Estimote iBeacon which is being received by an iPhone. An Estimote iBeacon is a wireless beacon that uses Bluetooth Low Energy (BLE) and can be use to notify nearby mobile devices of the beacons presence. This can be used for many things like indoor positioning or by retail shops to for example alert owners of special coupons.

Jiao used this tutorial to help clone an iBeacon on his HackRF.

hackrf tx to simulate Estimote' iBeacon, and detected by iPhone successfully

Hak5: The NSA Playset and SDRSharp Plugins

Hak5 a popular YouTube hacking and electronics enthusiast channel has uploaded a new video interviewing Micheal Ossman, the creator of the HackRF about the NSA’s ‘Playset’. The NSA playset describes the set of tools the NSA has access to for spying which was leaked by the documents released by Edward Snowden. Previously we posted how the HackRF was used to help reverse engineer some NSA spy tools called retro reflectors.

In the second part of the episode presenter Shannon also shows off the SDRSharp frequency manager and scanner plugin that can be used with the RTL-SDR.

The NSA Playset and SDRSharp Plugins, Hak5 1622

Reverse Engineering NSA Spy ‘Retro Reflector’ Gadgets with the HackRF

In 2013 whistleblower Edward Snowden leaked (along with other documents) some information about the American National Security Agencies (NSA) spy tools. One such group of tools named ‘retro reflectors’ has recently been investigated and reverse engineered by Micheal Ossmann, the security researcher behind the recently available for preorder HackRF software defined radio. The HackRF is a SDR similar to the RTL-SDR, but with better performance and transmit capabilities.

Newscientist Magazine has written an article about Ossmann’s work here. From their article a retro reflectors are described in the following quote.

One reflector, which the NSA called Ragemaster, can be fixed to a computer’s monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the keyboard cable and harvests keystrokes. After a lot of trial and error, Ossmann found these bugs can be remarkably simple devices – little more than a tiny transistor and a 2-centimetre-long wire acting as an antenna.

The HackRF comes in to play in the following quote

Ossmann found that using the radio [HackRF] to emit a high-power radar signal causes a reflector to wirelessly transmit the data from keystrokes, say, to an attacker. The set-up is akin to a large-scale RFID- chip system. Since the signals returned from the reflectors are noisy and often scattered across different bands, SDR’s versatility is handy, says Robin Heydon at Cambridge Silicon Radio in the UK.

Ossmann will present his work at this years Defcon conference in August.

retro-reflector-surlyspawn     retro-relector    retro-reflector-ragemaster

 

Transmitting ADS-B with a HackRF and Receiving it with an RTL-SDR

Over on YouTube user Jiao Xianjun has uploaded a video showing how he was able to transmit an ADS-B signal from his HackRF One and receive it using an RTL-SDR with dump1090. He transmits a low power signal which shows a fake plane flying over the Senkaku islands.

Important Note: While this warning is also on the video we feel that we should re-emphasize that you should never transmit anything at 1090 MHz unless you are authorized to do so and are in a controlled RF environment.

ADS-B out by HACKRF and received by rtl-sdr + dump1090