April 29, 2020

Performing a Side Channel TEMPEST Attack on a PC

TEMPEST refers to a technique that is used to eavesdrop on electronic equipment via their unintentional radio emissions (as well as via sounds and vibrations). All electronics emit some sort of unintentional RF signals, and by capturing and processing those signals some data can be recovered. For example the unintentional signals from a computer screen could be captured, and converted back into a live image of what the screen is displaying. We have tutorials on how to do this with a program called TempestSDR available on a previous post of ours.

Recently Mikhail Davidov and Baron Oldenburg from duo.com have uploaded a write up about their TEMPEST experiments. The write up introduces the science behind TEMPEST eavesdropping first, then moves on to topics like software defined radios and antennas.

At the end of their post they perform some experiments like constantly writing data to memory on a PC, and putting the PCs GPU under varying load states. These experiments result in clear RFI bursts and pulsing carriers being visible in the spectrum, indicating that the PC is indeed unintentionally transmitting RF. They note that machine learning could be used to gather some information from these signals.

Their write up reminds us of previous TEMPEST related posts that we've uploaded in the past. One example is where an RTL-SDR was used to successfully attack AES encryption wirelessly via the unintentional RF emitted by an FPGA performing an encryption algorithm. Another interesting post was where we saw how a HackRF was used to obtain the PIN of a cyprocurrency hardware wallet via TEMPEST. Search TEMPEST on our blog for more posts like that.

TEMPEST PC Side Channel Setup: RF pulses from writing to memory and a GPU.

Vote

April 29, 2020

NanoVNA V2’s Now for Sale on eBay and Tindie

We've received a few notices that the NanoVNA V2 design that we've been following since last year is now available for sale on eBay and Tindie (or Taobao if you live in China). The original official sales appear to have been from Tindie, where it is priced at $58.25 + shipping, although it is now out of stock. On eBay resellers are selling it for up to $150. If you're interested in purchasing the V2 we recommend entering your email into the Tindie form as they will notify you when it's back in stock. Initial reviews posted on the Tindie store indicate that the unit has excellent performance for the price so we expect that it will be popular enough to manufacture many more in the future.

The original NanoVNA brought expensive Vector Network Analyzer (VNA) capabilities to the masses with it's low $40 pricing. A VNA is an extremely useful tool for radio hobbyists as it allows you to tune antennas, filters and measure cable loss among other applications. However, the original design was limited to only a frequency of 900 MHz maximum. The new design pushes this up to 3 GHz official, and unofficially up to 4.4 GHz whilst also improving dynamic range and maintaining the low price point.

The description and specs of the NanoVNA V2 are shown below:

3GHz second generation NanoVNA vector network analyzer, designed in collaboration with OwOComm.

Note: Micro USB cable not included. Fully assembled, without enclosure. Ships within 5 business days.

Recommended SMA cable: SS405, RG316, or RG405.

VNA-QT software download:https://github.com/nanovna/NanoVNA-QT/releases

User guide:https://github.com/nanovna/NanoVNA-QT/raw/master/ug1101.pdf

Specifications:

Frequency range: 50kHz - 3GHz

System dynamic range (calibrated): 70dB (up to 1.5GHz), 60dB (up to 3GHz)

S11 noise floor (calibrated): -50dB (up to 1.5GHz), -40dB (up to 3GHz)

Sweep rate: 100 points/s

Display: 2.8'', 320 x 240

USB interface: Micro USB

Power: USB, 300mA

Battery: not included. Includes charging circuitry. User can install a 1000mAh - 2000mAh lithium-ion battery with maximum dimensions 6 x 40 x 60 mm.

Battery connector: JST-XH 2.54mm

Maximum sweep points (on device): 201

Maximum sweep points (USB): 1024

VNA-QT software supported platforms: Linux, Windows (7+), Mac OS planned

Vote

April 28, 2020

YouTube Video Replicates our Galactic Hydrogen Line Detection Tutorial

Earlier in the year we posted a tutorial showing how to detect the Galactic Hydrogen Line at home with less than $200 in components. All that is really needed is a 2.4 GHz WiFi dish, an RTL-SDR and an LNA. With this setup it's possible to do home science like determining the size, shape and rotational speed of our own galaxy.

Over on YouTube user Nicks Tech Hobby has successfully replicated our tutorial with similar hardware, and has uploaded a time lapse video showing his results. His success confirms that this is a good way to get introduced into radio astronomy. What's also interesting is that it is possible to spot the Hydrogen line energy on the live waterfall even without averaging/integration.

My first successful attempt to detect galactic hydrogen (Hydrogen line)

Watch this video on YouTube

Vote

April 28, 2020

CygnusRFI: New RFI Analysis Tool for Ground Stations and Radio Telescopes

Thank you to Apostolos for submitting information about his new open source program called "CygnusRFI". CygnusRFI is a tool designed for analyzing radio frequency interference (RFI) with a focus on how it affects satellite ground stations and radio telescopes. We note that in the past we've posted several times about Apostolos' other project called PICTOR, which is an open source radio telescope platform that makes use of RTL-SDR dongles.

Apostolos explains CygnusRFI in the following:

CygnusRFI is an easy-to-use open-source Radio Frequency Interference (RFI) analysis tool, based on Python and GNU Radio Companion (GRC) that is conveniently applicable to any ground station/radio telescope working with a GRC-supported software-defined radio (SDR). In addition to data acquisition, CygnusRFI also carries out automated analysis of the recorded data, producing a series of averaged spectra covering a wide range of frequencies of interest. CygnusRFI is built for ground station operators, radio astronomers, amateur radio operators and anyone who wishes to get an idea of how "radio-quiet" their environment is, using inexpensive instruments like SDRs.

Vote

April 28, 2020

TechMinds: Detecting HF Interference from a VDSL Internet Connection

Over on YouTube user Tech Minds has uploaded a video showing how you can determine if you are getting HF interference from a VDSL internet connection going to your house or neighbors. VDSL or Very High Speed Digital Subscriber Line is an internet connection technology that runs over old copper phone wires allowing for a fast broadband connection. The frequencies used by VDSL are between 25 kHz to 12 MHz, and for VDSL2 up to 30 MHz. Unfortunately the frequencies used can result in high amounts of radio interference from RFI radiating from the copper phone lines which is a major problem for HF amateurs and short wave listeners.

In his video Tech Minds uses an SDRplay RSPdx to record a short IQ file of the VDSL interference that he experiences in his home in the UK. He then opens the IQ file in a piece of software called Lelantos, which was developed by a member of the UK amateur radio organization RSGB. If a VDSL signal is present, this tool will determine various bits of information about the interference, and will give you enough information to make a complaint to OFCOM, the UK's radio communications regulator.

VDSL RFI Detection and how to report it to OFCOM

Watch this video on YouTube

Vote

April 27, 2020

DragonOS KerberosSDR Tutorials: Setting up Networked Direction Finding, Monitoring Multiple Signals Simultaneously

DragonOS is a ready to use Linux OS that includes various SDR programs preinstalled. The creator Aaron also runs a YouTube channel that contains multiple tutorial videos for DragonOS. One of the latest videos he's released is a tutorial that shows how to use one of our KerberosSDR (4x Coherent RTL-SDR) units to set up networked direction finding. To do this he uses our core KerberosSDR DSP software, along with RDFMapper, a third party bearing visualization tool with the ability to display bearing from multiple networked direction finding units.

The tutorial goes through the KerberosSDR software install procedure, shows how to set up the various parameters in the software, and then demonstrates it providing data to the RDFMapper software via our open source pyRDFMapper-KSDR-Adapter program. With this setup, you could run multiple KerberosSDR units around a city and use them to locate a signal source rapidly.

KerberosSDR Uploading Bearing data to RDFMapper

DragonOS LTS/10 Direction Finding Bearing Server (KerberosSDR, RDFMapper)

Watch this video on YouTube

In addition to the direction finding video he's got another video that shows how to use a KerberosSDR and HackRF to simultaneously monitor various signals like home gas meters, ADS-B data, and 433 MHz ISM band devices using programs like rtlamr, rtladsb and rtl_433. What's particularly interesting is how he uses a program called Kismet to manage each radio on the device.

DragonOS LTS/10 KerberosSDR + HackRF One (qspectrumanalyzer, kismet, rtl_433, rtlamr, rtladsb)

Watch this video on YouTube

Vote

April 27, 2020

A Few GOES Reception Tips and Info on Receiving EMWIN Data

Thank you to Carl Reinemann for writing in and sharing his website that contains a few tips that he's learned when setting up an RTL-SDR based receiver for GOES 16/17 weather satellite image reception. As well as the tips, he's uploaded a nice set of images that show his setup, and several of the images he has received.

In addition, he's also noted how the default config files provided by goestools do not download EMWIN (Emergency Managers Weather Information Network) images. EMWIN images are not photos, but rather weather forecast and data visualizations that may be useful for people needing to predict or respond to weather. Over on his Github he's uploaded a modified version of goestools which has config files for EMWIN and other image products that might be of interest to some.

If you're interested, Carl Reinemann also has various bits of information about building APT/Meteor satellite RTL-SDR receivers on his main site too. Of interest in particular is his notes on creating wide area composites of NOAA APT images with WXtoIMG which we have posted about in the past.

Some EMWIN Images Received by Carl Reinmann's GOES receiver. — Examples of some EMWIN Images Received by Carl Reinemann's GOES receiver.

Vote

April 27, 2020

YouTube Guide: Installing GQRX on Windows 10

GQRX is a general purpose GUI based SDR program that is typically used most often on Linux and Mac computers, however it is still possible to install and use it on Windows. Over on YouTube M Khanfar has uploaded a tutorial video that shows a step by step guide on how to get GQRX running on Windows 10.

The process is a little long as it involves an install of Windows GNU Radio, Python, pip and various Python dependencies required by GQRX, as well as setting up the Windows PATH. If you prefer a text guide, the full tutorial is also typed out in the YouTube video description.

GNU Radio , GQRX in Win10 installation Guide

Watch this video on YouTube

Vote