HackRF and Portapack Featured in Recent Linus Tech Tips Video

Over on YouTube the Linus Tech Tips channel has recently released a video about the HackRF titled "It’s TOO Easy to Accidentally Do Illegal Stuff with This". Linus Tech Tips is an extremely popular computer technology YouTube channel. The HackRF is a popular transmit capable software defined radio that was released about 10 years ago. The portapack is an add-on for the HackRF that allows the HackRF to be used as a handheld device, and when combined with the Mayhem firmware, it enables easy access to some controversial tools that could get a user into a lot of legal trouble very fast.

In the video Linus, whose team is based in Canada, mentions that they decided to purchase the HackRF and similar devices because of the Canadian government's plan to ban various RF tools, including the Flipper Zero and HackRF.

Linus then discusses and demonstrates "van eck phreaking" with TempestSDR, showing how he can use the HackRF to recover the video from a PC monitor wirelessly. He then goes on to demonstrate how the Portapack can be used to jam a wireless GoPro camera transmitting over WiFi. 

Finally, Linus discusses the legality and morality of such devices being available on the market.

It’s TOO Easy to Accidentally Do Illegal Stuff with This

Moving on from WXtoIMG for NOAA APT Weather Satellite Decoding

Thank you to Jacopo (@lego11/IU1QPT) and Robin (@OK2AWO) for writing in and sharing with us his thoughts about how the SDR community as a whole should move on from the use of WXtoIMG, and instead switch to SatDump, which now has full feature parity with WXtoIMG and additional features too. SatDump is available on Windows, MacOS, Linux, and even on Android. An up-to-date guide for receiving APT with SatDump written by @lego11 can be found on his website here.

Historically, WXtoIMG has been the software of choice for the popular hobby of decoding NOAA APT weather satellite images with RTL-SDR and other SDRs. However, the software has unfortunately been abandoned by its authors for several years, and can now only be found on third-party websites which increases the possibility of downloading a virus. Also, a hack involving a proxy, or directly updating via a powershell script is now required to allow WXtoIMG to update its TLE/ Kepler files due to the celestrak.com to celestrak.org domain name change.

Lego11 also notes a whole host of other issues regarding vulnerabilities and bugs with WXtoIMG:

  • The software is ancient and uses obsolete libraries, such as Visual C++ 2002 with .NET. These libraries are the main concern when it comes to WXtoIMG, as I don't find it particularly likely for someone to find an entry point through the software itself. However, a much more likely scenario is a virus abusing the loaded library in memory when WXtoIMG is running and using it to gain an entry point. There are at least 20 vulnerabilities affecting MSVCR70.dll, and all are well known (such as CVE-2007-0025) which makes it even more concerning. CVE-2008-4255 in particular allows for remote code execution on the user's computer, which is very serious. There are certainly many more vulnerabilities that have been exploited regarding MSVCR70, but due to the obsolescence of this software component they are usually not tracked in a CVE.

    In either case, just as nobody would use Windows XP as a daily driver in 2024, nobody should use WXtoIMG as a matter of caution, even if the above mentioned vulnerabilities were not present.

    As for the bugs, there are many. Here's a list of the most important ones:
     
  • Cannot update TLE without external software, complicating the experience for newcomers and adding extra failure points
     
  • Map overlay doesn't work properly most of the times, especially if the user starts to receive the satellite before it is at least at 1° elevation
     
  • WXtoIMG will crash if Microsoft Defender starts a memory scan during a pass. This will lose the recording
     
  • WXtoIMG uses an outdated Win32 API to access audio. This doesn't always work on Windows 11 and Microsoft has stated that it will be removed soon.
     
  • WXtoIMG uses ALSA on Linux. The vast majority of Linux distributions don't support ALSA directly anymore, and WXtoIMG cannot work through an audio server (e.g. Pulseaudio) like all Linux applications are supposed to. Therefore, live recording doesn't work on Linux at all.
     
  • WXtoIMG doesn't run on MacOS anymore, as the system will refuse execution due to security problems and missing libraries.
     
  • WXtoIMG cannot support wav files from e.g. SDR# or SDR++ without using a third party tool such as NOAA-APT.
     
  • If a user moves or copies a recorded WAV file (see above), the map overlay will no longer work.
     
  • WXtoIMG is especially sensitive to concurrent CPU usage, which will result in "tears" on the image (as is evident on the images in the guy's tutorial). It cannot handle multitasking well on systems more modern than Windows XP due to changes in how the CPU scheduler works in more modern kernels.
     
  • WXtoIMG will lock up and then crash if the user starts it without first having updated TLEs due to missing NOAA-17. This is very serious, as it happens to newcomers all the time. It is one of the top support request emails/messages I receive. It is not possible to fix this crash easily.
     
  • WXtoIMG doesn't have updated coefficients for calibration, therefore NOAA-15 will look excessively cold compared to other satellites.
SatDump Receiving APT Weather Satellite Images
SatDump Receiving APT Weather Satellite Images (from @lego11's tutorial)

Exploring Russian and International Analog TV From Leaky Cable TV Networks via the Airspy Server Network

Thank you to RTL-SDR.COM reader Micha for submitting a story about how he has been able to use SDR# and the Airspy Server Network to explore cable TV stations across the globe via cable TV signal interference.

If you were unaware, the SDR# software from Airspy.com has access to the Airspy Server Network, which is a collection of public Airspy SDRs available all over the world that can be accessed freely over the internet. To access these SDRs simply select "Airspy Server Network" as the source in SDR#, and click on the "..." button next to the server address entry. A map will pop up where you can select from SDRs all over the world.

Using Airspy SDRs in Russia, and in other countries (Guatemala, Brazil, Chile, Uruguay, Mexico, Dominican Republic, Argentina, Indonesia, Vietnam, Micha found that there were several analog TV signals found at frequencies that should not have terrestrial TV signals there. Upon further investigation, he realized that these are actually cable TV signals that are leaking and causing interference across the RF bands. Micha notes that he's also observed how the leaking signals often change in frequency and intensity too, making it difficult to keep track of them.

Combined with the TVSharp SDR# plugin, Micha was able to recover some (very rough) images from these interfering signals. Micha has provided several images shown below that demonstrate Russian cable leakage, as well as for Mexico and Argentina.

Receiving Weather Images from NOAA Weather Satellites with an RTL-SDR Blog V4 and Multipurpose Dipole Antenna Kit

Over on YouTube Baltic Lab has uploaded a video showing how he was able to successfully use an RTL-SDR Blog V4 and the included multipurpose dipole antenna kit to receive images from polar-orbiting NOAA weather satellites.

In the video, Baltic Lab shows how to orient the dipole antenna in a "V-Dipole" shape which optimizes it for receiving from satellites. He also shows how to use a VNA to confirm that the telescopic elements on the dipole are extended to the correct length, noting that he was able to achieve a VSWR of less than 1.2 between the target frequencies of 135 to 138.1 MHz, with a near perfect match at 136.5 MHz.

He then demonstrates receiving the NOAA APT signals with his laptop, and successfully recovering the weather satellite image.

Images From Space: Receiving Weather Images Directly from NOAA Weather Satellites

BSidesPGH 2024 Talk: Introduction to Software Defined Radio For Offensive and Defensive Operations

Over on the YouTube channel "SecPGH" a talk by Grey Fox titled "Introduction to Software Defined Radio For Offensive and Defensive Operations" has been uploaded from the BSidesPGH 2024 conference. BSidesPGH 2024 was a security conference held in Pittsburgh, PA, USA on July 25.

The talks are generally about network security, however, Fox's talk is all about RF security topics and software defined radio. In the talk, he introduces SDR, and devices like the Flipper Zero and demonstrates various basic examples such as receiving FM from a handheld radio and ADS-B.

Next, he goes on to demonstrate security topics such as showing how to capture and analyze signals from a 433 MHz security alarm using an RTL-SDR and Flipper Zero, and how to jam frequencies and replay captured signals. Finally, he demonstrates WiFi cracking with the help of Kali Linux and Flipper Zero with WiFi dev board attached.

BSidesPGH 2024 Track 2 Grey Fox Introduction to Software Defined Radio For Offensive and Def

Easvesdropping on HDMI with TEMPESTSDR and SDRplay

Over on YouTube "Sam's eXperiments logs" have uploaded a video showing how he was able to succeed when using TEMPESTSDR to eavesdrop on HDMI cables with his SDRplay. TEMPESTSDR software combined with a software defined radio allows a user to eavesdrop on TVs, monitors, and more by wirelessly receiving their unintentional RF emissions and recovering information from those emissions. In many cases it is possible to recover live images of the display, clear enough to read text.  

Sam's video explains the challenges he faced with signal strength due to the highly effective shielding of his HDMI cables. To get around this Sam shows how he unshielded his HDMI cables for the test. This is good news for privacy, as it shows how effective shielding can be at stopping these kinds of attacks. He then goes on to show the results he obtained which show text being read from his screen.

I Finally Succeeded: HDMI Signal Eavesdropping with TEMPESTSDR

Tech Minds: Reviewing the Raspberry Pi 5 For Radio Amateurs Book by Elektor

Over on the Tech Minds YouTube channel, Matt has uploaded a video where he reviews a new book by Elektor titled "Raspberry Pi 5 For Radio Amateurs" (€5 off coupon code "Techminds"). The book is all about projects for the Raspberry Pi 5 that can be done with RTL-SDR Blog V3 and V4 software defined radios.

In the video Matt explores the books contents, showing off the various possible projects. Matt also shows how to get started with the book by installing Raspbian, and the RTL-SDR drivers, and then goes on to show how examples of the various software programs mentioned in the book such as SDR++, flrig, chirp, dump1090, predict, HamClock, rtl_tcp, rtl_433, qsstv, fldigi, Xdx and more.

Raspberry Pi 5 For Radio Amateurs With The RTL-SDR V4

A Video Review of FobosSDR

Back in April of this year, we posted about the FobosSDR, an upcoming software defined radio product from the Ukrainian company RigExpert. FobosSDR is an RX-only USB 3.0 device, with a 100 kHz to 6 GHz tuning range, 50 MHz of bandwidth, and 14-bit ADC resolution. At the time of the previous post, FobosSDR was not yet for sale, but now we see that it is available from some European distributors with a price of 495,00 € (~US$544).

Recently 'Radio Bunker' has uploaded a video review of the FobosSDR on his YouTube channel. Note that the video is in Spanish, however, you can use the YouTube auto-translate function.

In the video, Radio Bunker unboxes the FobosSDR and explains its specs and features, then goes on to show how to install the drivers and get it up and running with SDR#. He then shows the SDR receiving some signals like broadcast AM, FM, shortwave, DAB, and WiFi in SDR# with 50 MHz bandwidth.

▶️ REVIEW: FOBOS SDR ◀️ UN RECEPTOR SDR DE GAMA ALTA