Over on YouTube user TheGazLab has uploaded a video that reviews the Airspy HF+, and also shows how to use the HF+ with SDR# and WSJT-X in order to create a FT8 monitor. The Airspy HF+ is high dynamic range HF/VHF receiver designed for DXing.
In the video TheGazLab demonstrates to us the decoding in real time, and explains the CAT control SDR# plugin that he's using. The CAT control plugin when combined with a virtual serial port driver allows the WSJT-X program to automatically tune SDR# to the FT8 frequency selected in WSJT-X.
Later in the video he also discusses the SpyServer network which allows SDR# users to connect to remote public Airspy and RTL-SDR units over the internet. He demonstrates connecting to a public server in the UK, and decoding FT8 via the remote server. The video also shows the new SpyServer interface by @zakhttp which nicely lays out the world SpyServer network on a map, making it easy to choose a desired location to listen to.
Airspy HFPlus, SDR# and WSJT-X with full CAT control decoding FT-8
Thank you to 'KeyLo99' for submitting news of the release of his new RTL-SDR based program called rtl_map. rtl_map is a currently a simple app that uses an RTL-SDR to display an FFT frequency graph. It is based on the gnuplot and fftw3 libraries.
Over on our forums KeyLo99 describes the motivation behind the project as mostly being a good reference program for people wanting to learn how to read and process IQ data from the RTL-SDR:
I'm a RTL-SDR researcher and DSP learner currently working on a project for properly figuring RTL2832 and I/Q fundamentals out. The project is about reading raw I/Q samples, processing samples and creating FFT graph from them. I tried to explain what I'm doing in detail with comment lines. I'm hoping that I will be helpful to RTL-SDR beginners with this rtl_map [C] project. Another purpose of the rtl_map project is making a frequency scanner application for signal security researches.
Thank you to M Khanfar for submitting news about his custom Linux kernel which allows an RTL-SDR and GQRX to run smoothly and with sound on an Intel Compute Stick. The Intel Compute Stick is a full dongle based computer the size of a pack of gum with pricing that starts from US$120. It has a Quad Core Atom Processor, 2GB RAM, 32 GB of built in storage and an HDMI out port. By default the stick comes with Windows 10 installed, but M Khanfar notes that it is very sluggish.
Instead of the sluggish Windows 10 OS, M Khanfar decided that he wanted to run Ubuntu Linux instead. However he found that the standard Ubuntu image did not have support for audio over HDMI or WiFi on the Compute stick. So he built his own custom kernel with some patches to fix this issue. With the issue fixed, GQRX with an RTL-SDR now runs smoothly with full audio support, and rtl_tcp can also be run over WiFi.
Over on YouTube user hubmartin has uploaded a video showing how to use an RTL-SDR and the Universal Radio Hacker (URH) software to reverse engineer and clone a 433 MHz remote control. URH is used to extract the signal timing and modulation characteristics as well as the binary/hex code.
Then in order to clone the signal hubmartin uses a cheap IoT microcontroller with button and 433 MHz transmitter attachments. Some C code is then used to program the microcontroller and 433 MHz transmitter with the extracted signal information and to transmit on a press of the button. In his example hubmartin uses his cloned dongle to control a wireless power plug and a motorized projector screen.
Universal Radio Hacker SDR Tutorial on 433 MHz radio plugs
Vasilli has recently released the SDR# TETRA plugin on his website RTL-SDR.RU (note that the site is in Russian, but can be translated with the Google Translate option in the top right of the page). Previously it was only available via ever changing forum links, so it's good to see that it has a permanent home now for the latest version. This plugin allows you to listen to TETRA digital voice via SDR#, without needing to set up any complicated GNU Radio based receivers which were necessary in the past.
The features include (note Translated from Russian):
Receiving a signal from the BS band 25kHz and modulation Pi / 4-DQPSK;
Automatic adjustment of the reception frequency;
Displays information about the BS;
Displays ISSI, GSSI subscribers in the channels (for open channels only);
Displays a service exchange network (for open channels only);
It allows you to listen to the channels in manual or automatic mode selection (only open channels);
It allows to filter and distribute the listening priority specified for groups (GSSI);
It displays a message with the location (just a short message format)
The current features not yet implemented are:
And listen to correctly display any encoded information in a network;
Display SDS type 4 (short messages);
Record audio from the channels (menu added, but does not work);
We also note that as discussed in a previous post there is a companion program for this plugin called TETRA Trunk Tracker.
Recently, the RF research team at Trend Micro released a very nice illustrated report, technical paper and several videos demonstrating how they were able to take control of building cranes, excavators, scrapers and other large industrial machines with a simple bladeRF software defined radio. Trend Micro is a well known security company mostly known for their computer antivirus products.
Trend write that the main problem stems from the fact that these large industrial machines tend to rely on proprietary RF protocols, instead of utilizing modern standard secure protocols. It turns out that many of the proprietary RF commands used to control these machines have little to no security in place.
Five different kinds of attack were tested. They included: a replay attack, command injection, e-stop abuse, malicious re-pairing and malicious reprogramming. The replay attack sees the attackers simply record commands and send them again when they want. Command injection sees the hacker intercept and modify a command. E-stop abuse brings about an emergency stop, while malicious re-pairing sees a cloned controller take over the functions of the legitimate one. And malicious reprogramming places a permanent vulnerability at the heart of the controller so it can always be manipulated.
So straightforward were the first four types of attack, they could be carried out within minutes on a construction site and with minimal cost. The hackers only required PCs, the (free) code and RF equipment costing anywhere between $100 and $500. To deal with some of the idiosyncracies of the building site tech, they developed their own bespoke hardware and software to streamline the attacks, called RFQuack.
Being a responsible security firm, Trend Micro has already notified manufacturers of these vulnerabilities, and government level advisories (1, 2) and patches have already been rolled out over the last year. However the Forbes article states that some vulnerabilities still remain unpatched to this day. Of interest, the Forbes articles writes that for some of these vendors the simple idea of patching their system was completely new to them, with the firmware version for some controllers still reading 0.00A.
The videos showing the team taking control of a model crane, real crane and excavator are shown below. The video shows them using bladeRF 2.0 SDRs which are relatively low cost TX/RX capable software defined radios. We also recommend taking a look at Trends web article as it very nicely illustrates several different RF attack vectors which could apply to a number of different RF devices.
Last week we posted about some videos of talks from the 2018 GNU Radio Conference which had been release on YouTube. This week a few more videos have been released and we display a small selection below. The full collection of videos can be found on their YouTube channel.
RF Ranging with LoRa Leveraging RTL-SDRs and GNU Radio
Wil Myrick discusses the use of RTL-SDRs and GNU Radio to create a low cost LoRa RF ranging prototype, to aid in the localization of IoT transmitters.
GRCon18 - RF Ranging with LoRa Leveraging RTL SDRs and GNU Radio
Using GNU Radio and Red Pitaya for Citizen Science
Robert W McGwier discusses the use of Red Pitaya SDRs and GNU Radio for use in citizen science ionosphere measurement experiments.
GRCon18 - Using GNU Radio and Red Pitaya for Citizen Science
SETI Breakthrough Listen
Steve Croft discusses the Search for Extraterrestrial Intelligence (SETI) project and how software defined radio is being used in the search.
Over on YouTube Corrosive from channel SignalsEverywhere has uploaded a new video in his series on Digital Amateur Television (DATV). The new video shows us how to use a transmit capable SDR like a LimeSDR or PlutoSDR to transmit DATV with a free Windows program called DATV Express.
In the video he explains the various transmit and video encoding settings, and then demonstrates the signal being received on SDRAngel with an RTL-SDR (which he explained in his previous video)
DATV DVB-S Transmitter With a LimeSDR or Pluto SDR and DATV Express
