Category: Other

Setting RF Based Atomic Clocks via Computer Speakers

Over on YouTube, Jeff Geerling has uploaded an interesting video showing how RF-based atomic clocks can be set via signals generated from a computer speaker. In the USA, RF-based atomic clocks typically receive their atomic time signal from the WWVB 60 kHz longwave radio station, operated near Fort Collins, Colorado. In other countries, different time signal transmitters operate on different frequencies. However, these time signals cannot be received everywhere due to interference or geographic limitations, making RF atomic clocks useless in these situations. 

As Jeff points out, a Time Station Emulator program can be used to locally emulate the WWVB or other time signals, which, while not providing atomic time accuracy, could still make these clocks useful again.

Most interestingly, the emulator program requires no special RF transmission hardware. Instead, it simply uses your computer speakers to broadcast the time signal.

By carefully crafting a waveform at a specific audio frequency (out of normal human hearing range), the digital-to-analog converter will generate higher frequency RF harmonics, and one harmonic will match the time signal frequency required by the RF-based atomic clock. The wires running to the speakers, and the speakers themselves, will act as antennas, leaking these harmonics into the surrounding environment. This means that cheaper unshielded speakers, such as those found in phones and tablets, tend to work better.  

In the video, Jeff uses a HydraSDR and an upconverter to receive the time signal generated by the speakers. While the time signal cannot be seen on the spectrum itself, in the demodulated audio, you can hear the signal's pulses.

Van Eck Phreaking time to atomic clocks

SLZB-Ultima: A Quad-Radio Smart Home Radio Controller Supporting Various Protocols

While not based on SDR technology, we think that some readers may be interested in this product.

We'd like to thank Serhii, who writes on behalf of SMLIGHT in Ukraine. SMLIGHT recently released its "SLZB-Ultima" device, a compact radio platform supporting multiple wireless technologies commonly used in smart homes. 

These technologies include Zigbee, Thread, Wi-Fi, and Bluetooth. The device also optionally supports Z-Wave, LTE, Power-over-Ethernet, UPS backup, infrared control, and USB-over-Ethernet. The cloud-independent software supports WireGuard VPN, Dynamic DNS, Internal Zigbee hub mode, local IF-THEN automations running directly on the device, and one-click OTA updates.

The full press release is available here in this PDF.

The device is priced affordably at only US$40 on Aliexpress.

The SLZB Ultima
The SLZB Ultima

 

Spectrum Slit: A Wall Art Display That Visualizes Wi-Fi Activity via a HackRF

Over on YouTube, RootKid, who specializes in creating engineering-based art projects, has developed an interesting wall-mounted art display panel that visualizes Wi-Fi activity by using a HackRF as the monitoring software-defined radio. The display uses a Raspberry Pi, a HackRF, and a custom-made LED light bar. The HackRF receives a 5 GHz Wi-Fi channel, and the Pi translates this into activity on the LED display, creating a visual piece that lets those around know when Wi-Fi activity is high.

The idea is to show that "we live surrounded by ghosts of our own making", which refers to the invisible storm of electromagnetic signals that we created to serve us in our modern lives.

If you are interested in other projects that combine SDR and art, you might enjoy our posts on HolyPager, Hystérésia, Signs of Life, Ghosts in the Airglow, and Open Weather.

I built a light that can see radio waves

Reviving Old 1G Analog Cellphones and Demonstrating Their Security Flaws

Over on the YouTube channel "Nostalgia For Simplicity," the creator has uploaded a video where he revisits the original 1G analog cellular system, AMPS, to finally understand a mysterious phenomenon he experienced over 20 years ago as a kid, where he was able to unintentionally intercept other people's calls with his 1G phone. Using vintage hardware like the Ericsson DH668, he recreates a small AMPS network and confirms that the system is fully analog, instant, and surprisingly good-sounding. 

AMPS worked by dividing the spectrum into numbered voice channels, with each call occupying one channel at a time. In busy cities, simply tuning to an active channel could let you hear someone else’s call. In this revival setup, there is only one active call, making the effect easy to demonstrate. This is essentially wideband analog FM voice on fixed channels, something easily observable and demodulated with modern SDR hardware.

Investigating this ancient 1G tech has highlighted why 1G systems were fundamentally insecure and why the world moved on to digital standards. If you're interested, the other videos on his channel continue to explore early cell phones and their quirks.

I Revived 1G and Recreated a Childhood Mystery

[Also seen on Hackaday]

ADSBee: ADS-B and UAT Reception and Decoding On an RP2040 Microcontroller

ADSBee is an open-source project that has implemented a 1090 MHz ADS-B decoder on a Raspberry Pi RP2040 microcontroller using a programmable I/O (PIO) pin. 

PIO pins cannot handle RF signals, so the ADSBee front end is a critical analog circuit that enables this to work. It consists of a 1090 MHz SAW filter to remove other signals, a low-noise amplifier, and, critically, a log-power detector, which essentially converts the pulse-position-modulated 1090 MHz ADS-B signal to baseband, which the PIO can handle.

However, this same trick does not work for 978 MHz UAT, as UAT signals are not pulse position modulation like ADS-B. Instead, for UAT support, the ADSBee design takes a more traditional approach, using a CC1312 sub-GHz transceiver chip connected to the RP2040.

Finally, an ESP32 S3 is added to the stack to enable networking via WiFi, allowing for received and decoded data to be used.

The project is entirely open source on their GitHub, apart from some of their commercial PCB designs. They also have a store, where they sell pre-made kits. A kit consisting of the ADSBee, 1090 MHz Antenna, and 978 MHz costs US$152in total. They are also selling an industrial model for $995, which includes PoE power.

ADS-Bee 1090 MHz and Sub-GHz Boards
ADS-Bee 1090 MHz and Sub-GHz Boards

GhostHunter (Anti-LIF): Using Spiking Neural Networks to Rescue Satellite Signals Drowned in Noise

Thank you to Edwin Temporal for writing in and showing how his proprietary neuromorphic engine, GhostHunter (Anti-LIF), is being used to recover satellite data buried in the noise floor, which typical DSP methods would fail to do.

To recover the signals, Edwin uses trained Spiking Neural Networks (SNN). SNNs are artificial neural networks that draw further inspiration from nature by incorporating the 'spiking' on/off behavior of real neurons. Edwin writes:

My engine has successfully extracted and decoded structured data from high-complexity targets by mimicking biological signal processing:

Technosat: Successful decoding of GFSK modulations under extreme frequency drift and low SNR conditions.

MIT RF-Challenge: Advanced recovery of QPSK signals where traditional digital signal processing (DSP) often fails to maintain synchronization.

These missions are fully documented in the https://temporaledwin58-creator.github.io/ghosthunter-database/, which serves as a public ledger for my signal recovery operations. Furthermore, the underlying Anti-LIF architecture is academically backed by my publication on TechRxiv, proving its efficiency in processing signals buried deep within the noise floor.

Although the engine remains proprietary, I provide comprehensive statistical reports and validation metrics for each mission. I believe your audience would be thrilled to see how Neuromorphic AI (SNN) is solving real-world SIGINT challenges.

In the database, Edwin shows how his Anti-LIF system has recovered CW Morse code telemetry and QPSK data from noisy satellite signals. 

While Edwin's Anti-LIF is proprietary, he is offering proof of concept decoding. If you have a 250MB or less IQ/SigMF/Wav recording of a signal that is buried in the noise floor, you can submit it to him via his website, and he will run Anti-LIF on it for analysis.

Advanced readers interested in AI/neural network techniques for signal recovery can also check out his white paper on TechRxiv, where he shows signal recovery from signals buried in WiFi noise, as well as results from use in ECG and Healthcare applications.

An Example Signal Recovery with the Anti-LIF Spiking Neural Network
An Example Signal Recovery with the Anti-LIF Spiking Neural Network

Touchstone Networks in Terminals (TNT): Visualize Touchstone S-Parameter Files in Terminal ASCII

Thank you to Alexander Arsenovic, the original author of the OpenSource RF engineering Python library www.scikit-rf.org, for writing in and sharing with us a new program he has created called "tnt: [t]ouchstone [n]etworks in [t]erminals".

The program is written in Python, and allows a user to visualize Touchstone S-parameter graphs in a terminal, using simple ASCII character-based plotting techniques. Touchstone files are created by Vector Network Analyzers (VNAs), which are used to measure and tune antennas and RF components, or by RF simulation software.

TNT Demo
TNT Demo

NSA GENESIS: How NSA Spies Snooped on Local RF Bands using Modified Cell Phones with a Built-in SDR

Over on YouTube, the "Spy Collection" channel has recently uploaded a video detailing the US National Security Agency's (NSA) GENESIS spy gadget. GENSIS was a modified Motorola cell phone that contained a full software-defined radio system within. This system allowed NSA agents to discreetly record the local RF spectrum for later analysis. For example, an agent may have been able to record the frequencies and RF protocols used at particular facilities of interest for use in later operations. 

Details about the NSA GENESIS were revealed when the NSA's Advanced Network Technologies (ANT) catalogue was publicly leaked back in 2013. Originally, project GENESIS was due to be declassified in 2032.

Spy Collection also notes that the leaked documents indicate it is possible the phone was also used, or intended to be used, as a "finishing tool". In other words, a remotely detonated explosive phone, that could be given to persons on the US terrorist list. 

NSA's Leaked Secret GENESIS Cell Phone