Category: Other

IQEngine: A Web-Based Toolkit for Sharing and Analyzing RF IQ Recordings

Thank you to Marc for submitting news of his new project called IQEngine. IQEngine is a free open source web project that allows users to upload IQ recordings of various signals, and share them. The idea is to over time build up a huge database of signals based on IQ data which may be useful for identifying unknown signals, testing decoders and training machine learning databases.

IQ data is essentially the raw radio data from software defined radios before any demodulation or decoding is done. By recording IQ data any demodulation method can be applied to it later. However IQ data does not contain any metadata about the signal itself. To solve this, IQ Engine are using the Signal Metadata Format (SigMF) which allows for information about the IQ recording to be encapsulated along with the IQ recording itself. 

The IQEngine web interface includes an easy way to rapidly view and analyze huge IQ recordings, and allows users to annotate them too. At the moment the project is still in the early stages and looking for interested contributors to the FOSS project.

Marc writes:

We're hoping for it to become like a SigIDWiki on steroids, where people can share and learn about different signals using an interactive spectrogram (inspired by Inspectrum), all in the browser so that there's nothing to install. We are putting a lot of emphasis on education and ease-of-use.

There will also be plugins that allow for running signal detection/classification implementations on the signal recordings, to facilitate RFML research, although these plugins could also be used for demod/decoding/etc.

The tool builds off the SigMF standard for metadata, and it works with binary IQ files.

There's a canonical instance of the site hosted at www.iqengine.org, the source code can be found at https://github.com/iqengine/iqengine and we have a Discord (https://discord.com/invite/k7C8kp3b76).

Right now we're mainly looking for more folks to help out with early development, it's really fun working on a FOSS project in the early stages because there are so many design decisions to be made and anyone has potential to step in and make huge contributions and impact the direction the project goes. The code is mostly javascript and python. Anyone interested can join the discord or email [email protected]

IQEngine Display Cellular Downlinks with Annotations

Great Scott Gadgets to Develop a Universal Radio Test Instrument (URTI)

Great Scott Gadgets (GSG), creators of the HackRF, YARD Stick One and Great FET (among other products) have announced that they are developing a device called a "Universal Radio Test Instrument (URTI)". They note that:

URTI will offer radio amateurs, researchers, educators, and professionals an affordable, compact RF test tool that could be used in place of multiple expensive pieces of traditional radio test equipment.

Our goal for URTI is to design a single hardware platform capable of serving as many popular types of one-port or two-port RF test instruments. We plan to build a directional coupler into a wideband, full-duplex SDR platform to enable URTI to function as a:

  • spectrum analyzer
  • vector network analyzer
  • vector signal generator
  • vector signal analyzer
  • antenna analyzer
  • power meter
  • frequency counter
  • full-duplex SDR transceiver

The design and hardware of the URTI appear to still be in the very early stages, with nothing other than early component lab tests released yet. However, given the track record of GSG products, we expect that they will release a high quality and completely open source product in time. We look forward to tracking the progress of the URTI.

More information about the device is available at https://greatscottgadgets.com/2023/05-04-development-of-a-universal-radio-test-instrument

DeFli: A Decentralized Network of RTL-SDRs on the Blockchain for UAV and Satellite Operators

Recently we came across a new project called DeFli and DeSky, which appears to be plans for a decentralized network of RTL-SDRs. The goal of the project is to provide decentralized access to ADS-B and satellite data through the use of RTL-SDR ground stations. The RTL-SDR ground stations upload their data to the DeFli servers and in return ground station hosts receive compensation in DEFLI tokens via the DeFli blockchain.

From the website it appears they are focusing on selling the data to UAV and satellite operators, but there seems to be no reason why it couldn't be used for other purposes too.

The use of crowd sourced RTL-SDR data is nothing new, with successful ADS-B aggregators like FlightRadar24.com and adsbexchange.com already in operation. Projects like SatNOGs also exist which crowd source satellite data. Not to mention other RTL-SDR and radio data aggregators like marinetraffic.com for Marine AIS, amateur.sondehub.org for Amateur Radio Balloons, aprs.fi for APRS, and airframes.io for ACARS, VDL, HDFL and SATCOM data. However, this is probably the first radio data aggregator to incorporate blockchain concepts for host rewards.

In a Reddit Post (now removed but cached on Google), the creators wrote:

There is clearly an appetite from a large number of Helium Hotspot owners to utilize their hotspots for other projects with a view to getting a better ROI on their investment. That being said, I believe it is absolutely just and fair for Nova & the Foundation to take steps to prohibit the LoRa specific hardware from being used by competing projects both from a commercial perspective and also regulatory. Our personal belief is that Nova/Foundation should operate Helium Network as a NaaS and allow these newer "players" to piggyback on the equipment without compromising the regulatory side of things.

From an industry perspective there is of course a frustration at an awful lot of under-used/under-utilized hardware, specifically the CPU modules that remain in short supply, thus limiting the expansion capabilities of a hardware based network.

Likewise whilst Helium IoT paved the way for decentralized networks to become a "thing" there is also the counter-argument now that actually it is incredibly difficult to build a hardware based network because of the growing disdain. Now obviously part of that is linked to failed projects like MXC, Planetwatch and WeatherXM as well as dubious projects like RevoFi.

That brings me on to our project- DeFli (defli.org). I am not going to extol the virtues of the project, all I am going to give is a very brief "blurb". We are building a decentralized network of ground stations for unmanned aircraft to communicate with (to satisfy new legislation) and which will form the basis of an advanced traffic management system.

A "ground station" can be built from any Helium Hotspot without affecting the performance, nor do we utilize the LoRa Concentrator (ADS-B is broadcast over the 1090MHz frequency). To achieve dual "mining" it is simply a case of running DeFli in a Docker Container (can be viewed on our Github) and adding a USB RTL-SDR receiver.

WARNING: As with anything cryptocurrency related, do your own research first before putting any of your own money in. This project could very well be a scam, or it could just be a project in the early stages of getting started.

DeFli Network Homepage

Tech Minds: Building A Low Cost RF Power Sensor

Over on the Tech Minds YouTube channel Matt has recently showed us his build of DL5NEG's super simple diode based RF power sensor. The device is designed to detect and measure RF power, using a DC voltage meter and a calibration curve which converts the voltage detected by the diode into dBm. The simple diode based design is remarkably accurate, and could be a useful tool for testing or calibrating SDRs.

Matt's first build uses a simple copper PCB board, and although it is low precision the results he achieved match up pretty nicely with the calibration curves. In Matt's second implementation he created a proper PCB design using KiCad and PCBWay. After soldering the components with hot air, he found that the results were just as good when he tested the power output of his AntSDR E200.

Matt intends to use this sensor along with a simple ADC connected to a Raspberry Pi to measure the power going into his QO-100 setup via a -40 dBm coupler.

This story was also shown Hackaday

A Low Cost High Performance RF Power Sensor

The RFNM: A Next Generation SDR with 10 MHz to 7200 MHz tuning range, 12-Bit ADCs and up to 612 MHz Bandwidth

The RFNM is an upcoming software defined radio that has some impressive high end specifications only seen in SDRs costing thousands, and at the same time the creator claims that it will be priced at a steal. While no pricing has been set, the creator noted in a Reddit post that pricing will be "closer to $500", bringing it's price similar to SDRs like the HackRF, bladeRF, LimeSDR, PlutoSDR.

The RFNM will have eight 12-bit ADCs on board, and provide up to 612 MHz of real time bandwidth for receiving. For transmitting it has two DACs, with up to 153 MHz of TX bandwidth. The tuning range will be from 10 MHz up to 7200 MHz. They note that their front end also has 13 preselection filters and six different LNAs and programmable attenuators.

Pushing 12-bit 612 MHz bandwidth of the device would be difficult, so to help with processing all that data, there will be an onboard VSPA DSP processor, as well as built in ARM CPU cores, and a 16 GFLOPS GPU. Connectivity will be either through USB 3.0, or Ethernet.

The main baseband chip on the SDR is the Layerscape® Access LA9310 chip sold by NXP which provides I/Q ADCs and DACs. Those signals are sent to the RFNM Daughterboard Interface, where they are upconverted to the frequency range of interest. This lets the end user choose a different daughterboard for different applications.

The Granita daughterboard has tuning capability from 600 MHz to 7200 MHz. To get frequencies down to 10 MHz the RFNM is making use of the RFFC2071A mixer. There will also be a cheaper 'lite' version that does not use a mixer, and hence only provides tuning from 600 MHz to 7200 MHz.

In addition, the website states that they are pursing a version of their board that will make use of the LimeSDR LMS7002 chip that will cover 10 MHz to 3500 MHz. They are also looking into boards that may break out more ADC lanes, an oscilloscope add-on, and breakout board.

You can join the RFNM email waiting list, and find more details about it at rfnm.io. At the time of this post they state that the waiting list is "53% full". As of right now the project appears to have nothing concrete to show off, but the lead creator Davide Cavion was behind the FPV Blue HD Video system, so he appears to have the experience to take this project forward.

A render of the RFNM software defined radio board.

Amazon Bans the Flipper Zero

Just yesterday we posted about Linus Tech Tips review of the Flipper Zero. In related recent news, Flipper Zero was also banned from Amazon for being a "card skimming device". While the Flipper Zero reading the public NFC data from credit cards, it doesn't seem like it could do much more than what an Android phone could do with an NFC credit card reader app. Anyone skimming credit cards would still require the CVV code and other address details in order to put through a transaction.

This comes along from a bad string of events that has hit the Flipper Zero team. A while back PayPal froze 1.3M of its cash, requiring them to retain lawyers to force PayPal to partially release the funds. US customs then proceeded to seize its US bound shipment for inspection, then to throw salt in the wound, after releasing the goods they were billed $70,000 in storage fees for the pleasure of requiring inspection.

There are also reports of eBay banning the sale of Flipper Zero devices citing 'hacking' devices not being allowed on their platform.

The Brazilian National Telecommunications Agency has also begun seizing imports of Flipper Zero devices.

Flipper Zero is an affordable handheld RF device for pentesters and hackers. It is not based on SDR technology, however it uses a CC1101 chip, a digitally controlled RX/TX radio that is capable of demodulating and modulating many common digital modulations such as OOK/ASK/FSK/GFSK/MSK at frequencies below 1 GHz. 

The CC1101 chip has been around since 2007, and there are many similar devices making use of the chip. However, the Flipper Zero is specifically marketed as a pentesting and hacking device, and provides built in software for doing things like replay attacks. 

Part of the problem with the bans may also be the huge popularity that the device has received. The device has become exceedingly popular on social media sites like TikTok where users often show it being used mischievously.

Flipper Zero remains available for sale on its website flipperzero.one, for US$169.

Inside the Flipper Zero

Linus Tech Tips Reviews the Flipper Zero

The Flipper Zero is an affordable handheld RF device for pentesters and hackers. It is not based on SDR technology, however it uses a CC1101 chip, a digitally controlled RX/TX radio that is capable of demodulating and modulating many common digital modulations such as OOK/ASK/FSK/GFSK/MSK at frequencies below 1 GHz. 

What sets it apart from most of the other CC1101 devices is the high level of software support built into it, the enthusiastic community and of course the branding. 

Back in August 2020 we initially posted about the Flipper Zero starting its crowdfunding campaign on Kickstarter. Since then, despite major business problems like PayPal freezing 1.3M of its cash, and US customs temporarily seizing its shipments, then passing a $70,000 bill on to them for storage fees, Flipper has gained huge popularity through social media video sites like TikTok, where people show off its capabilities, often in ways that could be considered mischievous.

Recently over on YouTube, Linus from the most popular technology YouTube channel Linus Tech Tips reviewed the Flipper Zero. In the video Linus discusses the legally and morality of the Flipper Zero, and discusses some use cases around RFID and NFC.

This Makes Hacking TOO Easy - Flipper Zero

Building a 315 MHz Jammer with an Arduino

Over on YouTube CiferTech has uploaded a video showing how to create a low cost 315 MHz jammer using an Arduino and a cheap 315 MHz transmitter circuit. The 315 MHz band is used in some countries by short range wireless devices such as garage door openers, tire pressure sensors, hone security systems and car keyfobs. Some wireless home security systems have been shown to be vulnerable to jamming, as jamming can stop an alarm activation signal being received by the base unit. 

We want to note that building a jammer in most countries is completely illegal and the use of a jammer can result in severe penalties such as jail time.

315MHz JAMMER with Arduino

On a related note, we also wanted to point out this recent tweet by Naomi Wu (@realsexycyborg), a popular Technology YouTuber who is based in China. Her tweet pointed out that some local market scammers in China use rigged weighing scales which can force the scale to display an artificially high value by using a wireless handheld remote. To combat this handheld jammers are sold so that shoppers can prevent the scammer's remote control from communicating with the scale. Although jamming is still most likely illegal in China, this could be considered an ethical use of a jammer.