Flipper Zero isn't an SDR, but it is an interesting RF capable pentesting tool that is currently being crowdfunded, and we think it deserves a post. Based on a TI CC1101 transceiver chip, the Flipper Zero has a sub 1-GHz radio capable of doing things like emulating a garage door remote, transmitting digital signals like OOK/ASK/FSK/GFSK/MSK at 315/433/866 MHz, analyzing and decoding popular remote control algorithms like Keeloq, and reading and emulating 125 kHz RFID tags. And as the crowd funding stretch goals have already been reached, the hardware will also include a Bluetooth and NFC module.
In addition to the RF features, it has a 1-wire iButton/TouchMemory/Dallas key reader, can function as a U2F security token, has an infrared transceiver with learning feature for emulating IR remotes and has 12 5V tolerant GPIO pins available for expansion with modules such as interfaces, sensors, wireless modules and cellular modems. It can also emulate a USB slave device like a keyboard allowing you to deploy a keyboard payload.
Flipper Zero currently costs US$119 however it will soon jump to US$129 once the early bird special runs out. At the time of this post they already have 13,000 backers and have raised in excess of 2.5 million dollars. There is still 25 days left in the campaign.
It has a 2-channel AT86RF215 transceiver chip which is capable of tuning to all major IoT frequencies as well as a 13-bit ADC with sample rate of up to 4 MSPS. In addition is a MAX2769B chip which is used for the GNSS reception of GPS, GLONASS, Galileo and Beidou positioning satellites. An onboard ZYNQ XC7Z010 / XC7Z020 FPGA can be used for any hardware computing required.
iotSDR currently costs US$399 for the Zync XC7Z010 FPGA version, and US$599 for the Zynq XC7Z020 FPGA version. At the time of this post there are 37 days left in the campaign.
Embedding SDR in IoT
iotSDR provides a platform that allows SDR developers and enthusiasts to design innovative algorithms and cutting-edge products. While wide-band SDRs are more versatile, narrow-band transceivers perform better for many IoT-related applications. Accordingly, iotSDR hosts two narrow-band Microchip AT86RF215 transceivers that provide their own base-band cores and have the ability to handle their own I/Q signal streaming. The result is an extremely powerful tool for anyone who is looking to simplify the task of developing, testing, and deploying high-complexity frameworks.
A Powerful FPGA and a GNSS Chip to Round It Out
iotSDR’s Microchip transceivers are backed by a Zynq SoC—which provides an FPGA and a processing system in a single package—as well as a MAX2769 GNSS chip capable of streaming live signal records. That GNSS chip can be used for custom GPS, Galileo, BieDou, and GLONASS receiver development, and is perfect for projects in the location-based services (LBS) domain such as those related to navigation and surveying.
Use Existing Software, Design a Protocol, or Build a Gateway
You can drive the hardware described above using a wide variety of popular open source software, including the Xilinx PYNQ Python framework, Jupyter Notebooks, and GNU Radio.
And if your work is further down the stack, don’t worry. iotSDR still has you covered. If you want to design and implement a physical layer IoT protocol, for example—a protocol like LoRa, SigFox, WightLess, Bluetooth, BLE, 802.15.4, ZigBee, or something of your own design—this board is for you. It’s also a great place to start if you want to build a custom IoT gateway along the lines of The Things Network, LPWAN, or Google’s Thread.
Radio has long been a pillar of modernization and technology, and this remains true in the era of software-defined radio. The Internet of Things, in particular, stands to benefit from the latest advancements in SDR technology. With iotSDR, you can be part of the community that makes that happen.
Thanks to Thomas' SWLing Blog for bringing to attention the Silphase R1 SDR receiver. This is an upcoming high performance HF SDR receiver being manufactured in the EU by a Polish company called Silphase. The R1 appears to be targeting premium SWLer customers with a price of US$1199. However, they note that by the end of 2020 they will have a 25W transceiver option, and later a 100W transceiver option. The SDR is currently available for preorder only and the sign up form can be found at the bottom of their website.
The Silphase R1 comes with a 5" touch screen that shows a spectrum display, has dual VFO's, four speakers and a metal alloy enclosure. It also comes with a built in telescopic antenna, but external antennas can be connected with the F connector. The tuning range is just the HF bands from 0.1 - 30 MHz and the ADC resolution is 16 bits.
SignalsEverywhere is back this week and in her latest video Sarah talks about using a combination of Audacity, Minimodem and Multimon-ng to decode digital data that could be obtained from an SDR or other signal source.
Sarah was interested in the 2020 Hackasat space security challenge and specifically in completing the 56k Flex Magic challenge which consists of an emulated signal from an old 56k modem. Within the 56k modem signal is secret information required to complete the challenge.
Sarah first shows how to use Multimon-ng to decode the DTMF tone section of the signal. These are the tones heard when dialling on a landline phone. She then goes on to show how to use Audacity in spectrogram mode to take a closer look and analyze the next chunk of the signal. Then by using the information gained about the signal from the spectrogram analysis she is able to decode the data via minimodem.
Audacity Decoding Data?! Using Audacity Multimon-ng and Minimodem to Decode Digital Audio Data!
The talks are typically very technical in nature, but if you're interested in cutting edge SDR research and applications then these are good talks to get caught up on. Currently there are seven videos that have been uploaded, but we are expecting that there are more to come since there are more talks listed in their programme. They appear to be uploading one video per day at the moment so get subscribed to their YouTube channel for the upcoming videos.
The currently uploaded talks include:
A Keynote interview with N1UL Dr. Ulrich Rohde
Laurence Barker G8NJJ: Using Xilinx Vivado for SDR Development
Edwin Richter DC9OE, Crt Valentincic S56GYK: Usage of higher order Nyquist Zones with Direct Sampling Devices
Prof. Dr. Michael Hartje DK5HH: Signalprocessing in the man made noise measurement system ENAMS
Bart Somers PE1RIK: Long term spectrum monitoring using GNUradio and Python
We are looking forward to the upcoming talks like the one by Dr. Bastian Bloessl DF1BBL that discusses the GNU Radio on Android implementation.
SDRA2020 - 03/04 - Laurence Barker: Using Xilinx Vivado for SDR Development
TempestSDR is an open source tool made by Martin Marinov which allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signals radiated from a screen, and turn that signal back into a live image. This can let you view what is on a screen through a wall without using any physical cables.
We first posted a demonstration of TempestSDR back in 2017 when we were finally able to get it to compile. Compiling the software took a fair amount of work for those without experience, and even running it was a chore. However, getting it to work is worth it as you can do some really interesting demonstrations.
However these problems are over and recently Erwin Ried @eried has made a self-executable version of TempestSDR. This means that no compilation, java installs, mingw or extra dlls are required to get the program to work as now it's just an exe that you can run. You will still need the appropriate ExtIO dlls for your SDR. The video in his twitter post shows it working with a HackRF.
Twitter user @d0tslash was watching news helicopter footage of the BLM protests on the 28th of May when he heard something that sounded like an RF telemetry feed in the background audio on the helicopter's video feed. Having seen this previous success at decoding similar helicopter telemetry, he contacted his friend proto17 who proceeded to reverse engineer and figure out how to decode the telemetry, in the end discovering that it was providing location data for the helicopter.
Finally he used some clever terminal tricks and a Python script to discover the bit pattern and convert the bits into ASCII characters which reveals the helicopter coordinates. The coordinates decoded indicate that the helicopter was indeed circling the protest area.
We looked into the news helicopters in use during the protests and found that Denver news stations all share one helicopter with registration N6UX. Plugging that into adsbexchange.com and looking at the helicopter ADS-B history on the 28th gives a good match to proto17's decoded data.
Thank you to YouTuber M Khanfar for submitting news about his various Windows GNU Radio tutorials that he has been uploading to YouTube. So far he's uploaded tutorials on creating an FM Receiver, Air Band Receiver, AM/NFM Receiver, NFM Receiver with Squelch and Recorder and Spectrum Analyzer with GNU Radio on Windows 10. The tutorials are straight to the point and designed to be followed along with the video. The full list of videos can be found on his YouTube channel, and we have embedded one below.
Build NFM Reciver with Squelch and Recorder Activity GNU RADIO Win10