Reverse Engineering NSA Spy ‘Retro Reflector’ Gadgets with the HackRF

In 2013 whistleblower Edward Snowden leaked (along with other documents) some information about the American National Security Agencies (NSA) spy tools. One such group of tools named ‘retro reflectors’ has recently been investigated and reverse engineered by Micheal Ossmann, the security researcher behind the recently available for preorder HackRF software defined radio. The HackRF is a SDR similar to the RTL-SDR, but with better performance and transmit capabilities.

Newscientist Magazine has written an article about Ossmann’s work here. From their article a retro reflectors are described in the following quote.

One reflector, which the NSA called Ragemaster, can be fixed to a computer’s monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the keyboard cable and harvests keystrokes. After a lot of trial and error, Ossmann found these bugs can be remarkably simple devices – little more than a tiny transistor and a 2-centimetre-long wire acting as an antenna.

The HackRF comes in to play in the following quote

Ossmann found that using the radio [HackRF] to emit a high-power radar signal causes a reflector to wirelessly transmit the data from keystrokes, say, to an attacker. The set-up is akin to a large-scale RFID- chip system. Since the signals returned from the reflectors are noisy and often scattered across different bands, SDR’s versatility is handy, says Robin Heydon at Cambridge Silicon Radio in the UK.

Ossmann will present his work at this years Defcon conference in August.

retro-reflector-surlyspawn     retro-relector    retro-reflector-ragemaster


Notify of

Inline Feedbacks
View all comments
Marko Cebokli

It is a very old trick, CCCP were the first to use it:


The first time I became aware of capturing a signal from a video cable and recreating it was in the 90’s and I suspect the name Ragemaster comes from the then popular (with OEMs anyway) line of ATI videocards branded Rage which were used in a lot of x86 as well as Macintosh computers. That should also give you an idea of how old (and outdated) these documents are although looking at the surface mount devices is also a clue this is 90’s era tech and the current versions are likely smaller and more complex.

Everyone knew we were spying on them as well as we know they are all spying on us too and I doubt there were any real revelations exposed by Snowden that weren’t already known …. Except by the Public who is kept in the dark about everything which makes their claims of Democracy a bad joke on us all.

I don’t care which country you live in your government is spying on you … But that pales in comparison to Corporate Spying and I wouldn’t be surprised one bit to find out all these incidents of Credit Card and personal information being stolen from a corporate computers is really a rival corporation …. It should be clear that these guys don’t even trust and like each other which should give you some idea of what they really think about the rest of us