Hak5: Turning a Key Croc into an RTL-SDR Server

The Hak5 Key Croc is a pentesting tool designed for emulating USB devices such as keyboards. It is commonly used by pentesters for keylogging and keystroke injection. It has some advanced features like keyword detection which can be used to detect when a certain word is typed. Under the hood it runs Linux on a quad-core ARM processor.

Over on the Hak5 YouTube channel Glytch shows us that he's been using the Key Croc as a remote RTL-SDR server. The server is setup through a payload script, which is then activated by typing "setup" into notepad on a PC. The keystroke logging and keyword detection feature detects the setup keyword, and runs the payload script which installs the RTL-SDR drivers and rtl_tcp server all while using the keystroke injection feature to output the install progress. Then it is a simple matter of plugging in an RTL-SDR, and connecting to the rtl_tcp server on a program like SDR#. 

Glytch notes that this is useful because you can run the entire Key Croc server and RTL-SDR on a portable battery pack, and now you have a remote SDR that you can place anywhere within your WiFi network.

Turning a KeyCroc into an RTL SDR Server w/ Glytch

Tweet
Share
Reddit
Vote
Email

DragonOS: Decoding Iridium Satellites with the Iridium Toolkit and an RTL-SDR

DragonOS is a ready to use Linux OS image that includes various SDR programs preinstalled and ready to use. The creator Aaron also runs a YouTube channel that has multiple tutorial videos demonstrating software built into DragonOS.

In his latest video Aaron explores Iridium reception with an RTL-SDR Blog V3, RTL-SDR Blog Active L-Band Patch Antenna and Iridium Toolkit/gr-iridium. Iridium is a satellite constellation that provides services such as global paging, satellite phones, tracking and fleet management services, as well as services for emergency, aircraft, maritime and covert operations too.

In the video he shows how to edit the config file to turn the bias tee on, how to record Iridium data, how to install the AMBE voice decoder, and finally how to decode the Iridum data with Iridium toolkit and play voice recordings.

DragonOS LTS Decoding Iridium satellites with the Iridium toolkit (gr-iridium, RTL-SDR)

Tweet
Share
Reddit
Vote
Email

Tech Minds: Testing the Mayhem Firmware on the HackRF Portapack

In a video uploaded to YouTube last week, Tech Minds explored the HackRF Portapack, which is an add on for the HackRF SDR that allows the HackRF to be used portably without a PC. In that video he demonstrated it running the stock firmware.

In his latest video Tech Minds explores the Mayhem firmware, which is firmware developed by a third party in order to add significantly more features. The Mayhem firmware is a fork of the Havok firmware which is no longer maintained. If you're interested, back in 2018 we did our own review of the Havok firmware.

In the video Tech Minds first explains how to install the Mayhem firmware which also requires you to add an external SD card into your portapack. He goes on to demonstrate the various RX decoders available including ADS-B, ACARS, AIS, AFSK, BTLE, FM/AM/SSB audio, analog TV, ERT meters, POCSAG, Radiosonde and TPMS. Next he shows the various transmittable signals available including, ADS-B, APRS, BHT, GPS Sim, Jammer, Key Fob, LGE, Mic, Morse, Burger Pagers, OOK, POCSAG, RDS, Sounds, SSTV, TEDI/LCR and TouchTune.

MAYHEM Firmware for the HackRF Portapack Installation / Overview

Tweet
Share
Reddit
Vote
Email

DSD (Open Source) with dPMR Decoding and Windows Binaries Released

Digital Speech Decoder (DSD) is an open source program for decoding signals containing digital speech, such as DMR and P25. The open source version has been mostly surpassed in use over the last few years by the closed source DSD+ version. However, work is still ongoing on the open source version, and a recent fork by Louis-Erig HERVE @LouisErigHerve has added support for Digital Private Mobile Radio (dPMR) decoding.

dPMR is an open, non-proprietary trunked radio standard that supports both data and digital voice transmission. A licence free variation for short range communications called dPMR466 uses the 446.1–446.2 MHz band. Other modes allow for efficient peer to peer to peer operation (mode 1), operation with a base station repeater (mode 2), or with a trunking signal (mode 3).  All dPMR signals operate in FDMA mode with an efficient bandwidth of only 6.25 kHz. dPMR is also known as Icom IDAS and Kenwood NEXEDGE.

Code for Louis-Erig's DSD fork can be found on his GitHub, and he has also released binaries for Windows on his website. Over on his Twitter he has also been mentioning that he has been able to get around the basic privacy modes on DMR.

dPMR radios, data stations and repeater hardware.
dPMR radios, data stations and repeater hardware.
Tweet
Share
Reddit
Vote
Email

DragonOS: DSP and Signal Analysis with Composable-SDR, Inspectrum and an RTL-SDR

DragonOS is a ready to use Linux OS image that includes various SDR programs preinstalled. The creator Aaron also runs a YouTube channel that contains multiple tutorial videos for DragonOS

One of the latest videos shows us how to use composable-sdr and Inspectrum to capture and analyze signals. Both programs are pre-built into the latest version of DragonOS. Composable-sdr is a set of DSP processing blocks for SDRs embedded in Haskell. One thing it does well is allowing users to easily capture and record demodulated signals for later use via the terminal. Inspectrum is a tool for analysing and reverse engineering signals that have been recorded.

In the video Aaron explores many of the composable-sdr examples discussed on it's GitHub readme page. Including analyzing a wav file recorded with Composable-sdr with Inspectrum and demodulating and recording a wideband FM signal. He also mentions how it's possible to create a PMR446 scanner that records up to 16 channels at once, and how decode helicopter FSK data from audio heard on YouTube (which we mentioned in a previous post).

DragonOS LTS DSP and signal analysis with Composable-SDR + Inspectrum (RTL-SDR)

Tweet1
Share
Reddit60
Vote
Email
61 Shares

Testing the YouLoop on VLF & LF Reception with an Airspy HF+ Discovery

Over on his YouTube channel Frugal Radio has been testing his YouLoop passive magnetic loop antenna on VLF and LF reception with his Airspy HF+ Discovery. In the video Frugal Radio browses the VLF & LF spectrum, making note of some interesting signals, and showing how well the combo receives.

The YouLoop is a low cost passive loop antenna for HF and VHF. It is based on the Möbius loop design which results in a high degree of noise cancelling. However the main drawback is that it is a non-resonant design, which means that it needs to be used with ultra low MDS receivers like the Airspy HF+ Discovery. We have YouLoop stock available in our shop for $34.95 with free worldwide shipping.

Airpsy YouLoop passive antenna review on VLF & LF with an HF+ Discovery and SDR# during storms!

Tweet
Share
Reddit
Vote
Email

Tech Minds: Testing the OpenEar DMR TETRA ADSB POCSAG Decoder for RTL-SDR

Back in March we posted about the release of OpenEar, a standalone TETRA decoder for the RTL-SDR. Since then OpenEar has undergone massive developments, not only improving upon the TETRA decoder, but adding DMR, ADS-B and POCSAG decoders as well as a waterfall display.

Recently Tech Minds reviewed this software on his YouTube channel. In the video he shows how to download the software, install the rtlsdr.dll file, and run and use the software. He then demonstrates reception of an amateur radio DMR repeater, reception of POCSAG pager messages and finally reception of ADS-B aircraft messages.

OpenEar Digital Decoder - DMR TETRA P25 ADSB POCSAG RTL-SDR

Tweet
Share
Reddit
Vote
Email

Tech Minds: Decoding GMDSS Maritime Distress Messages

In a recent YouTube video Tech Minds shows how to decode GMDSS (Global Maritime Distress and Safety System) messages which are broadcast on MW and HF. In the video he explains the DSC (Digital Selective Calling) which allows calls to be made to individual ships, a group or all stations. He goes on to demonstrate the YADD GMDSS DSC decoder running via the HF audio piped in from SDRUno and received with an SDRPlay RSPdx.

How To Decode Maritime Distress Messages GMDSS DSC

Tweet
Share
Reddit
Vote
Email