Several Performance Upgrades Made to the Latest Versions of SDR#

Recently the popular SDR# (SDRSharp) software has had several improvements made to it (changelog). One of the most noticeable improvements is a decent reduction in the amount of CPU usage required by the software. We tested the new version on an i7 CPU and compared it against an older version using an Airspy. We saw 12% CPU usage on the older version and 7% on the newer version. With the RTL-SDR the older version showed 5% CPU usage which reduced to 3% on the newer version. Using an older i5 PC resulted in even larger improvements, going from about 35% CPU on the older version down to 25% or lower usage on the new version with the Airspy. The improvements are especially noticeable when decimation is used with the Airspy. These performance updates may help users on older PC’s and tablets run the software, or help users who run many programs at one time. The SDR# author is also testing out a 64 bit version of SDR#, which may be released in the future.

Recent versions over the past few months have also made improvements to the included noise blanker plugins and they have also added a default band plan plugin which shows the various frequency bands visually on the FFT spectrum.

Showing the very low CPU usage obtainable with the latest SDR# versions.
Showing the very low CPU usage obtainable with the latest SDR# versions.
Tweet12
Share
Reddit
Vote
Email
12 Shares

Talk: Decoding Data from Iridium Satellites

At this year’s hacker themed Eleventh Hope conference, Stefan “Sec” Zehl and Schneider gave a talk which discusses their latest work on decoding data from Iridium satellites using SDR’s. Iridium is a truly global satellite service which provides various services such as global paging, satellite phones, tracking and fleet management services, as well as services for emergency, aircraft, maritime and covert operations too. There are currently 72 operational satellites operating.

In their talk they discuss how Iridium security is moderate to relaxed, pointing out that Iridium claims that the majority of ‘security’ comes from the complexity of the system, rather than actual security implementations. They then go on to discuss how the Iridium system works, how to receive it with an RTL-SDR or HackRF/Rad1o, how the gr-iridium decoder implementation works, and how to use it to actually decode the data. Later in the presentation they show some interesting examples such as an intercepted Iridium satellite phone call to a C-37 aircraft.

Iridium Satellite Hacking - HOPE XI 2016

Tweet128
Share
Reddit
Vote1
Email
129 Shares

USBee: Leaking Data from Air-Gapped Computers and Receiving it with an RTL-SDR

This Monday researchers from Ben-Gurion University of Negev released an academic paper detailing their research in showing how attackers could cause your PC to wirelessly leak data. They write that usually covertly modified USB devices are required to leak data, as is the case with the NSA’s COTTONMOUTH device which is detailed in their ANT catalog. However, the innovation from these researchers is that their own implementation can be used to turn any unmodified USB device into a make shift transmitter.

The attack works by first infecting a computer with their malware software. The malware then utilizes the USB data bus to create electromagnetic emissions on a connected USB device. In these tests they use a USB flash drive and write a file to the device in such a way that the emissions produced are transmitting decodable data. They write that any binary data can be modulated and transmitted to a nearby receiver, such as an RTL-SDR dongle. Data rates can reach up to 80 bytes/s.  The data is modulated with binary frequency shift keying, and their receiver code is implemented in GNU Radio.

This story has also been featured on arstechnica and threatpost. The video below demonstrates the attack.

USBee: Jumping the air-gap with USB

Tweet10
Share
Reddit
Vote
Email
10 Shares

Three New Reviews of our V3 RTL-SDR using the HF Direct Sampling Mode

Recently this week three new reviews of our RTL-SDR V3 came out, all reviewing its operation on HF frequencies.

In the first review Mike (KD2KOG) reviews the dongle and provides a video of it in action in SDR# receiving AM and SSB signals. (Update: Sorry the video has been removed)

In the second review Gary (W4EEY) posts a review to swling.com and provides various screenshots of the dongle in action in HDSDR.

Finally over on YouTube user Johnny shows the dongle running in CubicSDR and listening to various SSB signals. (Video Removed)

 

Tweet
Share
Reddit
Vote
Email

The LimeSDR can now tune to HF Frequencies

Back in June the LimeSDR completed its $500,000 crowd funding goal. The units are still in production and have not yet shipped, but the software is currently being worked on heavily. In a recent update they have enabled HF reception on the LimeSDR hardware. LimeSDR beta tester Marty Wittrock wrote in to let us know his review of the new update:

Another major step forward for the LimeSDR yesterday…

As a part of the continuing development of the PPAs for Ubuntu and other distros, the LimeSDR is now supported for native HF tuning – – no transverter required. Receive has been functionally tested from 7.0 MHz to 56 MHz and even with the matching networks as they are in the LimeSDR I have (which is not what will be delivered in November – the LimeSDRs the backers will receive in November will have modified matching networks to be more broadband and perform better than what I have right now) the receive quality was very good with my applied HF station antenna (ground mounted vertical for 80m – 6m). I shot two videos yesterday of the LimeSDR operating on the 20m band – one with USB voice and one with CW/RTTY on the contest weekend for RTTY (REAL active). I ran this completely from a USB 3.0 Flash Drive plugged into a Dell 3020 and booted from that Flash Drive to operate the LimeSDR. The Flash Drive is loaded with Ubuntu Xenial (16.04), all the applied support files (SoapySDR, GNURadio, OsmoSDR. etc) and the application GQRX to tune and demodulate the LimeSDR. The setup worked VERY well and the results can be viewed with the two videos provided here:

20m Phone Using the LimeSDR in Native HF Tuning Mode Receive

20m CW and RTTY Using the LimeSDR in Native HF Tuning Mode Receive

Again, I was impressed with the quality of the direct, native, HF tuning of the recent updates to LimeSuite. Having this functionality in LimeSuite finalizes for receive, but I still need to check out the transmit. It’s my hope that Simon Brown’s SDR Console V3.0 will update with the new HF tuning improvements such that I can use his app on Windows to do a full checkout in receive/transmit with the LimeSDR and hopefully apply it to the WSPR app to have the LimeSDR operate HF digital modes on the HF band and Amateur Radio frequencies to have the first true LimeSDR operation benchmark.

I fully intend to have Flash Drive images available for download once I put the final touches on the Flash Drive I have. This will allow all Hams that want an instant solution for booting Ubuntu and running GQRX for receive to use their LimeSDRs right out of the chute without having to install ANYTHING provided that they have a PC that is decently fast (3.0 GHz, 8GB RAM) and has USB 3.0 ports on the PC. I’m looking for a reliable means to read/write the Flash Image and then take the image and ‘burn’ other USB 3.0 Flash Drives with the image. Once I have that reliably working, I’ll post the image and the Flash Drive app so ANYONE can make their own from a blank 32GB to 128GB Flash Drive.

More to follow on the HF transmit as I have those apps and check that out – – Stay tuned..!

The LimeSDR is a RX/TX capable SDR with a 100 kHz – 3.8 GHz frequency range, 12-bit ADC and 61.44 MHz bandwidth. It costs $299 USD.

Tweet
Share
Reddit
Vote
Email

Using an RTL-SDR to Listen to Superhet Radio’s Unintentional Emissions

Recently two students (Léo Poughon and his friend Thomas Daniel) wrote in to let us know about their work with SDR’s for their school project. Their project was to try and repeat the work of “Operation RAFTER” which was a technique use by MI5 in the 60’s to find hidden soviet spy radio equipment. Essentially, all superhet radios (almost any consumer radio is of the superhet design) will emit unintentional emissions from its local oscillator. By tuning to these unintentional emissions, and then emitting your own signal, it is then possible to know what frequency a radio is listening to.

They write the following:

As a french student (sorry for my bad english) in Higher School Preparatory Classes, I (and a friend) had to work with a rtl-sdr dongle for a school project. We tried to do, with the help of amateur radio near Toulouse (F6GUS, his club F5KUG) the same thing as the “RAFTER Operation” (https://en.wikipedia.org/wiki/Operation_RAFTER ) did during the 60′ : hearing at unintentional electromagnetic emissions coming from a widely-used consumer superhet receiver.

So because of its structure, a superheterodyne receiver (i.e. listening at FM broadcast) spreads some unintentional radiations due to the local oscillator upstream the mixer. Anybody with a suitable receiver (for example any rtl-sdr based dongle) can receive these emissions. Because of standards, in most FM radio the local oscillator (that is what the user actually tune) is tuned at the frequency he wants to listen plus 10.7 MHz. So if somebody in the close neighborhood is listening at a broadcast at 100 MHz, you will be able to “receive” its local oscillator at 110.7 MHz. (Please note it may be illegal in some countries to listen at these bands)

What is interesting is to know if a signal you receive at these frequency is actually coming from a radio receiver. During the RAFTER Operation, MI5 broadcast on the band they thought to be heard by soviet spies, and then listened for “the change in the superhet tone” to identify them.

We was able to receive with RTL-SDR the Local Oscillator of a superhet receiver we own.

rafter_1

We can see that the frequency isn’t stable on most of the time (the receiver was tuned to “France Info”, a french public station), but becomes stable sometime (when there is a “blank” between two news) : the frequency of the local oscillator “follows” what the superhet receiver demodulates.

Among other factors, a variation of the supply voltage of the local oscillator can make its frequency slightly shift. So we established experimentally a link between the supply voltage of our radio receiver and what is broadcast via the speaker (because when a speaker is using electrical current, the supply voltage slightly varies).

rafter_2

On the top, the HP voltage, and behind there is the supply voltage. Then, we saw that voltage variations could make the frequency to vary

capture du 2016-04-05

Here we supply the receiver (with a low frequency generator) making the supply voltage slightly varying and plot the frequency of local oscillator with a Python script we made.

Then, listening at the radio receiver local oscillator with GQRX and our RTL-SDR dongle, demodulating it with “narrow FM” demodulation and adapted parameters, we could hear with the PC (and obviously with poorer quality) what the radio receiver was listening at.

With the stock antenna we could hear at our radio only a dozen meters away, but with a homemade very low quality discone antenna we could receive it on another building, 60 meters away of our antenna. The ability to listen more or less the local oscillator broadcast depends also of the shielding of the radio receiver, its price (because a cheap radio will have a bad power supply and so its local oscillator frequency can “follow” what the speaker is telling, allowing us to “listen” at the local oscillator spike) and how you supply it (with the power grid or with batteries).

To conclude, we could (more or less depending on the previously cited parameters) know what a radio receiver in the neighbourhood was listening to using a RTL-SDR.

Tweet8
Share
Reddit18
Vote
Email
26 Shares

Modifying the Outernet LNA for Iridium Reception

A few days ago we posted a review on the Outernet LNA which can can be used to help receive their new L-band service signal. Their LNA uses a filter which restricts the frequency range from 1525 – 1559 MHz as this is the range in which the Outernet signals are located.

By default this LNA cannot be used to receive Iridium because the pass band on the default SAW filter does not cover the Irdidium frequency band of 1616 – 1626.5 MHz. Over on Reddit, devnulling decided to experiment with one of these LNA’s and see if he could replace the default SAW filter to enable Iridium reception. In his post he shows how he removes the default SAW filter, and replaces it with a Murata SF2250E SAW filter, which is the same size, but has a center frequency of 1615 MHz and a bandwidth of 20 MHz. Iridium is used for data services like satellite pagers, and with the right tools can be decoded.

We are also curious to see if this LNA could be modified to be used with GOES reception, which occurs at 1692 MHz.

Note: For those who had trouble with obtaining international shipping on these LNA’s the Outernet store now supports USPS international shipping, and NooElec appear to now be selling them on their site directly. Their products can also still be obtained on Amazon for US customers.

Additional Note Regarding the Downconverter: Also, it appears that the Outernet downconverter prototype that we posted about back in May has unfortunately been discontinued indefinitely and will not enter mass production. For now the LNA is the best option for receiving their signal.

Outernet LNA Modified for Iridium Reception
Outernet LNA Modified for Iridium Reception
Tweet20
Share
Reddit
Vote
Email
20 Shares

More videos showing HF reception on the RTL-SDR V3 Dongle

In this video icholakov from our last post continues his testing, and does some more tests on daytime HF reception.

RTL SDR V3 Dongle vs. SDR Play HF and MW part 2

In his third video he tests night time reception against the SDRplay.

RTL SDR Dongle V3 nighttime vs SDRPlay Part 3

In this video YouTube user Michael Jackson tests his RTL-SDR V3 at 8 MHz, with a dipole antenna.

RTL-SDR v3 Dongle on HF

Finally, in this video YouTube user jonny290 tests the V3 dongle on HF reception using CubicSDR.

Tweet
Share
Reddit
Vote
Email