DragonOS: KrakenSDR and DF Aggregator Connected via a 1km WiFi Link

DragonOS is a ready to use Ubuntu Linux image that comes preinstalled with multiple SDR software packages including a tool called DF Aggregator, which can be used for radio direction finding with a device like our KrakenSDR.

In his latest video, Aaron, creator of DragonOS tests out a long range one kilometer WiFi link between a KrakenSDR, and his base station running DF Aggregator. The WiFi link is achieved by using a ALFA Network 802.11ah (900 MHz US) adapter. The remote KrakenSDR is running on a 'DragonDeck', which is a SteamDeck gaming console with DragonOS installed on it.

In the video Aaron shows that when he transmits with his handheld radio, the remote KrakenSDR is able to provide an accurate bearing towards the transmitter. At the end Aaron also briefly tests out automatic speech transcribing via WhisperCPP.

Aarons tests were run together with @VibesGoon who shows a few great pictures of his KrakenSDR setup on his Twitter Feed.

DragonOS FocalX 1km Remote Connect to KrakenSDR/SDR4Space w/ 802.11ah (hackRF, Halow-U, SteamDeck)

Aaron also shows another picture on his Twitter feed, which also shows the SteamDeck.

Tweet
Share
Reddit
Vote
Email

Progress Updates on the GSG Universal Radio Test Instrument (URIT)

In May we posted about how Great Scott Gadgets (GSG), the team behind the HackRF SDR and several other popular products, are in the early stages of developing a new type of SDR product called the "Universal Radio Test Instrument" or URTI for short.

Thank you to a few blog readers for pointing out that earlier this month the URTI GitHub lab-notes were updated with a progress report, and some further information about the architecture. The URTI will be split into a mainboard PCB, and a user interface PCB. The former will contain the USB interface, FPGA computing, and radio, and the latter will run a display and tactile controls. 

For the radio components, the team appear to be using similar components to what is used in the HackRF. They have selected the MAX5865 as their analog to digital converter (ADC) chip which is a faster sampling version of the MAX5864 which is used in the HackRF. They've also chosen either the MAX2831 or MAX2830 as their quadrature transmitter, and the MAX2120 as their quadrature receiver. They are also using the RFFC5072 chip as their mixer. These are again similar or the same as parts used in the HackRF.

In the update they also make notes on their SMA connector selection, PCB trace width selection, and their selection of Unun, RF switch, clock generator and RF limiter parts. They also note progress on their software which will provide a DSP library for the FPGA, and their tests of a display via a hand held game console.

In the next stage of development the team will be designing and assembling the mainboard to try and quickly make a platform available for software developers to get started on.

Testing the MAX2830 Chips with a GreatFET
URTI Overall Architecture
URTI Mainboard Architecture
Tweet
Share
Reddit
Vote
Email

GNU Radio Conference 2023 to be held September 5 – 9: Call for Participation and Registration is Open

Thank you to Marcus Müller for letting us know that a call for participation and registration for GRCon'23 (GNU Radio Conference 2023) is currently open. GNU Radio conference talks are generally about cutting edge radio research topics and applications that involve the use of GNU Radio, a popular DSP framework for SDRs. If you are interested, previous years talks can be found on the GNU Radio YouTube channel.

The deadline for participation to present is still open, having been extended to June 23. If you wish to submit an abstract you can do so here. Registration for in person attendance is also open. Alternatively, the talks can be viewed via livestream online for free or via a small donation.

GRCon'23 is happening in early September this year – so our submission deadlines are a bit tighter than usual.

Submission for talks, papers, workshops, and other contributions are accepted through the GRCon'23 website:

https://events.gnuradio.org/event/21/abstracts/

This call for participation closes on 5 June 2022! [Now extended to June 23]

A tiny bit about the GNU Radio conference:

GRCon is GNU Radio's annual conference, being held in changing cities in the U.S., and also live-streamed and chat-interacted online. Watching the main track online and interacting with the audience and speakers via chat are free. Registration for the in-person event started in March.

GRCon'23 happens 5 – 9 September in Tempe, Arizona at ASU.

What GRCon offers is a main track of presentations with topics on GNU Radio, applications of SDR / high-rate signal processing, computational radio science, scientific and industry developments, policy and technological breakthroughs.

Next to that, there's tutorials on specific topics, a poster session, Special Interest Groups and the developer's summit, which is the get-together for the project developers.

Oh, and of course, there's social events, happening at local highlight locations.

If you have *any* question (and I mean that – we're trying to make GRCon as accommodating as possible) about GRCon, be it about attendance, online participation, content submission or other problems related to the conference, we want you to reach out: Here on the mailing list, on the chat (https://chat.gnuradio.org), or in a private email to the GRCon organizers ([email protected]).

 
Tweet
Share
Reddit
Vote
Email

An RTL-SDR telemetry decoder for the soon to be launched MRC-100 PocketQube Satellite

Thank you to Zoltan Doczi (HA7DCD) for submitting news about the MRC-100 Hungarian PocketQube Satellite that is scheduled to launch on a Falcon 9 on June 12. A PocketQube is smaller than a standard CubeSat as it is sized at only 5x5x15cm. Zoltan notes that the MRC-100 is the successor to the SMOG-1 satellite which we posted about back in March 2021. The satellite is named to honoring the 100th year anniversary of the HA5MRC Ham Radio Club at the Budapest University of Technology.

To help with decoding the Telemetry on the satellite an RTL-SDR based telemetry receiver was created by Peter and Miklos, and Levente HA7WEN has created an installation script for Raspberry Pi's and Linux PC's which installs OpenWebRX along with the satellite receiver software.

The satellite should be receivable with a simple satellite antenna, such as a handheld Yagi, Turnstile, Dipole or quadrifilar-helix antenna. It will be transmitting telemetry at 436.720 MHz. If you have a dish and tracking equipment for it, there is also a high speed downlink at 2267.5 MHz. Like SMOG-1 the satellite carries a sensor that is designed to measure human caused electromagnetic pollution. It also carries a camera and an AIS receiver for tracking marine vessels.

The MRC-100 CubeSat
Tweet
Share
Reddit
Vote
Email

Flipper Zero Self Destructs an Electricity Smart Meter

Flipper Zero is an affordable handheld RF device for pentesters and hackers. It is not based on SDR technology, however it uses a CC1101 chip, a digitally controlled RX/TX radio that is capable of demodulating and modulating many common digital modulations such as OOK/ASK/FSK/GFSK/MSK at frequencies below 1 GHz. 

We've posted about the Flipper Zero a few times before on this blog, especially given that it is now a famously known device, having found popularity on TikTok and having been reviewed by famous Tech YouTubers like Linus Tech Tips

Recently a video on YouTube by Peter Fairlie has shown the destructive power of the Flipper Zero. In the video it appears that Peter was using the Flipper Zero to wirelessly turn the power meter on and off, which also controlled the power to a large AC unit. Eventually switching the meter on and off while under a heavy load resulted in the meter self destructing and releasing the magic smoke.

Tweet
Share
Reddit
Vote
Email

Reverse Engineering a Wirelessly Controlled Adjustable Bed with a HackRF and Logic Analyzer

Over on his blog Chris Laplante has written up a post showing how he was able to reverse engineer his wirelessly controlled adjustable "TEMPUR-Contour Elite Breeze" bed. Originally the bed did have an Android App for smartphone control, however it was never updated since 2014 and so it no longer works on his modern Google Pixel device. So in order to have it controllable by his home automation system Chris decided to reverse engineer the wireless signal used by the bed's remote control. 

He first searched the FCC filing, finding that it transmitted in the ISM band at 433.050 to 434.790 MHz. Then using his HackRF he was able to capture the signal and determine that it used Gaussian frequency shift keying (GFSK) modulation.

The GFSK signal from the Tempur Pedic wireless remote control.

While the HackRF got him this far, he decided to follow a new line of investigation next, instead now using a logic analyzer to probe the SPI bus which talks to an Si4431 RF transceiver on the remote control. From this he was able to determine the important properties of the signal such as the frequency, data rate, frequency deviation, channel mapping and packet structure.

With all this information Chris was in the end able to create a product called "Tempur Bridge" that he is now selling on Tindie. It consists of an ESP32 WiFi connected microcontroller and a Si4463 RF transceiver chip. With his product Chris is now able to control his bed through a WiFi connection in Home Assistant.

Chris's TemperBridge product for WiFi control of a Tempur Pedic adjustable bed.

[This story was also seen on Hackaday]

Tweet
Share
Reddit
Vote
Email

Passive Radar Sensing via Ambient Radio Noise from the Sun and Jupiter

Recently Dr. Sean Peters from the Naval Postgraduate School, in Monterey, CA presented an interesting webinar titled "Leveraging Ambient Radio Noise for Passive Radar Sensing of the Terrestrial and Space Environment".

In passive radar, the radio source is typically an existing powerful terrestrial broadcast station, such as FM, DAB, TV or cellular. However, Dr. Peters makes use of more ambient radio noise sources, such as sun noise, and even noise from Jupiter.

By using Sun noise as the source and an Ettus USRP SDR as the receiver, he's been able to measure the ice sheet thickness at the Store glacier in Greenland. Furthermore he's also been able to utilize sun radio noise and radio noise from Jupiter for passive synthetic aperture radar, with the application being planetary remote sensing.

Traditional active radars transmit a powerful electromagnetic pulse and record the echo’s delay time and power to measure target properties of interest, such as range, velocity, and reflectivity. Such observations are critical for investigating current and evolving conditions in extreme environments (i.e., polar regions and planetary missions); however, existing radar systems are resource-intensive in terms of cost, power, mass, and spectrum usage when continuously monitoring large areas of interest. I address this challenge by presenting a novel implementation of passive radar that leverages ambient radio noise sources (instead of transmitting a powerful radio signal) as a low-resource approach for echo detection, ranging, and imaging. Starting from theory, simulation, and lab-bench testing, I first present the results of our passive radar sounding demonstration using the Sun to measure ice sheet thickness at Store Glacier, Greenland. I then project the passive radar’s performance and ability to provide valuable glaciological observations (such as melt rates, bed reflectivity changes, and englacial water storage) across Greenland and Antarctica.

In the second part of my presentation, I then extend this technique to enable passive synthetic aperture radar (SAR) imaging using radio-astronomical noise sources (e.g., the Sun and Jupiter’s radio emissions). I conclude by highlighting applications of this technique to planetary remote sensing, such as (1) using Jupiter’s HF radio emissions alongside an active VHF radar to characterize and correct for Europa’s ionospheric dispersion during a flyby mission and (2) using the Mars Reconnaissance Orbiter (MRO) Shallow Radar (SHARAD) to analyze solar radio burst candidates for Martian passive sounding.

Leveraging Ambient Radio Noise for Passive Radar Sensing of the Terrestrial and Space Environment

Tweet
Share
Reddit
Vote
Email

A Video Demonstration on Cracking a GSM Capture File

Over on YouTube Rob VK8FOES has been uploading some fairly comprehensive demonstrations and tutorials showing how to crack a GSM capture file which can be recorded with any SDR.

It's well known now that GSM aka 2G communications are insecure, with the encryption having been breakable on a standard PC for a long time now. It is for this reason that GSM is now mostly phased out, however in many regions the GSM system is still operational in reduced capacity due to some legacy users who are mostly industrial.

In his video Rob makes use of the opensource Airpobe GSM decoder tool, as well as the opensource Kraken tool (not to be confused with KrakenSDR) which is a brute force password cracking tool.

We want to note that doing this is only legal if it is your own communication that has been recorded, or you have permission from the communicating parties.

My GSM cracking content has been getting quite a lot of attention lately. Previous videos of mine relating to this topic were only boring screen recordings with no real explanation on what steps are required to crack the A5/1 stream cipher and decrypt GSM traffic by obtaining the Kc value.

I was bored one day and decided to present a live-style workflow of how hackers and security researchers 'crack' 2G cellular communications in real-time. Be warned that if you don't have an interest in cryptography or cellular network security, you might find this video rather boring.

The GSM capture file used in this video, to my knowledge, has never been publicly cracked before. 'capture_941.8M_112.cfile' was recorded and uploaded with permission by the owner of the data themselves as a decoding example for testing Airprobe.

I make a few mistakes in the video that I can't be bothered editing out. But they are not critical, just myself misreading a number at the 10 minute mark somewhere, and saying the wrong name of a software tool at 17 minutes.

Additionally, l am not a GSM technology engineer, nor a cryptography expert. I do my best to explain these concepts in a simple and easy to understand way. But due to my limited knowledge of these subjects, it's possible that some of this information may be incorrect or lacking context.

However, this video will still allow you to crack a real GSM capture file if you are able to follow along with my flip-flopping style of presentation. Haha. But please, only replicate this tutorial on GSM data that originated from YOUR OWN mobile phone. Do not attempt to decrypt private telecommunications from any other cellular subscriber, EVER.

Tweet
Share
Reddit
Vote
Email