Las Vegas CyberSpectrum: Streaming Live August 4

Every month SDR evangelist Balint Seeber hosts the Cyberspectrum Meetup in San Francisco, where many SDR fans come together to listen to various presentations. This months meetup is a special event that will be held in Las Vegas during the week of the big DEFCON and Black Hat conferences which are also being held in Las Vegas.

The talks will be presented at the SYN Shop Hackerspace in Las Vegas, and will also be live streamed via YouTube as usual (probably on balints YouTube Channel). The meetup begins on Thursday, August 4, 2016 at 6:30 PM Las Vegas time.

This month the talks include:

• “SlackRadio: Turning your Slack channel into a radio station” with Nate Temple

Slack is a popular real-time messaging system designed for team use. I will demo a small application built with GNU Radio and the Slack API that turns your Slack channel into a real radio station for your office.

slack_radio

• “Pothosware” with Josh Blum

Pothosware: An open-source software stack for the SDR community including the Pothos framework for creating interconnected topologies of processing blocks, Pothos GUI for graphical designing, controlling, and visualizing topologies, and SoapySDR – a SDR abstraction layer. The talk will present and overview of the software, cover the inner workings of the framework, and demonstrations with the GUI.

pothosware

• FPGA-based ADS-B SDR Receiver with Brian Padalino

Brian will discuss the design and implementation of an ADS-B receiver in the FPGA over the BladeRF.

bladerf_adsp_fpga

BIOS

Nate Temple:

I am software engineer, SDR Enthusiast, Maker and Amateur Radio operator. I previous presented the “Etch-a-SDR” at Cybserspectrum #11.

Josh Blum:

Josh has been crafting open source tools for the SDR community for over 10 years, starting with the GNU Radio companion back in 2006. He has been heavily involved in USRP FPGA and driver development, and now operates as an independent contractor.

Brian Padalino:

Brian has 11 years of experience working on signal processing in FPGA’s and has implemented multiple modems for real time performance. He is also the co-founder of Nuand and helped create the bladeRF.

Tweet
Share
Reddit
Vote
Email

Radio-Sky Spectrograph now supports the SDRPlay

Radio-Sky Spectrograph is a radio astronomy software program that integrates data over long periods of time and displays it as a waterfall. It is described by the author:

Radio-Sky Spectrograph displays a waterfall spectrum. It is not so different from other programs that produce these displays except that it saves the spectra at a manageable data rate and provides channel widths that are consistent with many natural radio signal bandwidths. For terrestrial , solar flare, Jupiter decametric, or emission/absorption observations you might want to use RSS.

Radio Sky Spectograph is compatible with the RTL-SDR via an intermediary program called RTL Bridge, and now it is also compatible with the SDRplay via another intermediary program written by Nathan Towne called SDRplay2RSS

In previous posts we showed how some amateur radio astronomers were able to capture noise bursts from the sun and from Jupiter with an RTL-SDR. In the SDRplay software release post and documentation that comes with the software Nathan shows how he was able to capture solar emissions and Jupiter bursts with the SDRplay.

SDRPlay2RSS
SDRPlay2RSS
Solar emissions received with the SDRplay and Radio-Sky Spectograph.
Solar emissions received with the SDRplay and Radio-Sky Spectograph.
Jupiter Noise Bursts with the SDRPlay and Radio-Sky Spectrograph.
Jupiter Noise Bursts with the SDRPlay and Radio-Sky Spectrograph.

Tweet
Share
Reddit
Vote
Email

Motherboard: How Hackers Could Wirelessly Bug Your Office

Online magazine Motherboard have recently uploaded a video on YouTube where a reporter interviews white hat hacker Ang Cui. Cui is the inventor of the Funtenna which is software malware that can infect any embedded device, turning it into an improvised RF transmitter. 

As an example of the type of devices the Funtenna can infect, Cui shows how he infected a desktop telephone, as well as a desktop printer. The malware running on the phone causes the phone to transmit an RF signal of the voices heard by the microphone, and the malware running on the printer causes the printer to emit a binary coded transmission of the text being printed. The malware is able to do this by forcing a GPIO, PWM or UART interface on the printer to modulate in a similar way to what is done with the Raspberry Pi FM transmitter project, rpitx. To receive and decode the signal Cui uses a software defined radio and a GNU Radio program.

Ang Cui previously presented his work on Blackhat 2015 and his slides can be found here, and we also show the video of his presentation below in the second video.

How Hackers Could Wirelessly Bug Your Office

Emanate Like A Boss: Generalized Covert Data Exfiltration With Funtenna

Tweet19
Share
Reddit
Vote
Email
19 Shares

Building a DIY DC Block for Bias Tee’s

One handy thing about using our bias tee enabled RTL-SDR dongles is that you can easily power a remote LNA, such as Adam’s LNA4ALL. The bias tee sends DC power down the coax cable eliminating the need for a remote power supply. However, in our current iteration of the dongle the bias tee must be soldered on via a jumper, and once soldered it is permanently providing DC power down the coax cable. This is fine if you are always using a LNA, but if you want to one day remove the LNA and use a shorted antenna, you cannot. A shorted antenna is an antenna designed with the center and shield of the coax connected together creating a DC short (e.g. J-pole and QFH antennas). If you connected a dongle with the bias tee on to a DC shorted antenna you would short circuit the 5V bias tee. 

Over on his blog Adam shows that a solution is to create a simple DC block component. A DC block component is nothing more than a series capacitor. However Adam points out some important tips including the need to use a small 0603 sized SMD capacitor with 100pF of capacitance in order to ensure operation over the entire frequency range that the RTL-SDR covers.

A commercial DC block component (TOP) vs. Adams home made DC block component (BOTTOM)
A commercial DC block component (TOP) vs. Adams home made DC block component (BOTTOM)
Tweet
Share
Reddit
Vote
Email

NooElec RTL-SDR Giveaway on AmateurRadio.com

AmaateurRadio.com and NooElec are currently running a big competition to give away 50 of their new SMA RTL-SDR dongles (branded as NooElec SMArt). To enter simply go to the competition post on amateurradio.com and comment on their post (not ours!). The compeition closes on August 7 at 20:00 UTC.

They are giving away a total of 50 units: two bundles that come with their SMA RTL-SDR and Ham-It-Up Upconverter, one bundle with a Raspberry Pi and RTL-SDR dongle, three double pack RTL-SDR + antenna bundles, ten double packs of RTL-SDR dongles, ten RTL-SDR + antenna sets, and ten sets of just the RTL-SDR dongle itself.

The NooElec SMART is NooElec’s latest RTL-SDR variant which like ours comes with an SMA coax plug and metal enclosure.

NooElec SMArt giveaway on amateurradio.com
NooElec SMArt giveaway on amateurradio.com
Tweet
Share
Reddit
Vote
Email

GSM Sniffing: A Full YouTube Tutorial

Over on YouTube user Crazy Danish Hacker has been working on uploading an entire series on GSM Sniffing with an RTL-SDR. His series is explained in a slow and clear presenting style, and it starts at the very beginning from installing the RTL-SDR. The tutorial series is not yet complete, however he is uploading a new video almost daily. Presumably the series will end with showing you how to receive text messages and voice calls originating from your own cellphone.

So far he has shown how to install the RTL-SDR, identify GSM downlinks, install and use GQRX and kalibrate, locate nearby cell towers, install and use GR-GSM and how to extract the TMSI & KC keys from your cell phone. To obtain the TMSI & KC keys he shows us how to use an Android tool called usbswitcher which forces the phone to use its USB modem interface, from which the keys can be obtained.

The video below shows his teaser video on the series. Check out his GSM playlist to view the full series.

GSM Sniffing Teaser - Software Defined Radio Series!

Tweet40
Share
Reddit
Vote
Email
40 Shares

Building a Software Defined Radio from Scratch

Over on his blog Lukas Lao Beyer has uploaded a post that shows his journey with designing and building a software defined radio from scratch. Lukas’ finished SDR design is called the FreeSRP and is based on the Analog Deviced AD9364 transceiver and a Xlinx FPGA.

In his post Lukas describes how he designed the PCB with Altium Designer, routing the traces carefully to ensure the shortest path was used, and to ensure impedance matching was correct. Then after producing the PCB’s with OSH park he writes how he assembled the board by carefully placing the components down by hand and using his reflow oven. This was no easy task due to the manual nature of the operation and the high possibility for undetectable solder problems to arise. Despite the difficulties he found that the SDR powered up as expected.

His next steps were to start work on the FPGA controller design, however he discovered that he had failed to properly route some clock pins on the FPGA. On his third revision of the PCB he was able to fix this. Finally he was able to program the FPGA and get his SDR to work.

Designing an SDR from scratch is no easy task, especially if you have little design experience like Lukas did. However, in the end despite some mistakes he was able to build a working SDR that interfaces with GNU Radio. 

Lukas' FreeSRP SDR.
Lukas’ FreeSRP SDR.
Tweet19
Share
Reddit
Vote
Email
19 Shares

ADS-B Traffic Analytics with Valo and an RTL-SDR

Valo is a software service for real time big data streaming analytics of data from many sensors.  On their website they explain their service as follows.

Valo is a single platform for streaming (real time) and batch (historical) data analysis. Valo provides multi-paradigm big data storage for both semi-structured and numerical data. Valo contains a powerful analytics engine for processing all of this data. Finally Valo is super simple – a single tool that can be up and running in minutes.

Recently Rémi Selva wrote in to let us know about an interesting use-case for Valo which involves the RTL-SDR. In his post Rémi shows us how he uses an RTL-SDR, Raspberry Pi running dump1090, and Valo to create interesting data visualizations of the ADS-B aircraft data. He not only shows how to visualize the data in Valo, but also how to use queries to dig deeper into the data, looking for patterns.

Valo ADS-B Data Flow
Valo ADS-B Data Flow

Rémi writes that what he’s done is simply a proof of concept that shows the power of Valo. He writes that one such interesting future development could be using Valo to detect FBI/CIA surveillance aircraft. Previously we posted about how an RTL-SDR user discovered these surveillance aircraft by their odd circular flight paths. The analytics engine of Valo could be used to automatically detect odd flight patterns such as from these surveillance aircraft. 

Plotting the history of aircraft coming into land at HK airport
Plotting the history of aircraft coming into land at HK airport
Tweet21
Share
Reddit
Vote
Email
21 Shares