The idea behind the attack is that ethernet cables can act as an antenna, leaking signals at frequencies which can easily be sniffed by a SDR. The specific technique in the paper does not decode normal network traffic, instead it requires that malicious code which modulates a custom signal over the ethernet cable be installed on the PC first. The technique used appears to be similar to what the Etherify software by SQ5BPF uses, which modulates data in morse code by turning the network card on and off.
Remote SDR V2 is software that allows you to easily remotely access either a PlutoSDR, HackRF or RTL-SDR software defined radio. It was originally designed to be used with the amateur radio QO-100 satellite, but version 2.0 includes multiple demodulation modes, NBFM/SSB transmission capability, CTCSS and DTMF encoders, modulation compression and a programmable frequency shift for relays.
MMDVM is firmware that normally runs on an ARM microcontroller board such as the Arduino Due, and is designed to be interfaced with hardware radios via the microcontrollers built in ADC and DAC hardware.
In order to use an SDR instead of physical hardware radios, Adrian's article describes how a fork of MMDVM called MMDVM-SDR is used in his system as this allows the code to run on a normal Linux computer with an SDR. GNU Radio running on Adrian's own QRadioLink software is then used to create software ADC/DAC interfaces for the SDR and MMDVM-SDR to interface with, as well as providing a user interface.
Over on YouTube the BSides Halifax channel has uploaded a recent talk given by Security Engineer Grant Colgan titled "Hacking RF Breaking what we can't see". In the talk Grant first shows the various bits of wireless devices that he tests, as well as the receiver equipment that he uses which includes a HackRF and RTL-SDR dongles. He goes on to show various live demos.
An often overlooked aspect of security is what happens when information is moving magically from one device to another with no wires. We know this as (usually) Wifi or Bluetooth and any attacks are usually based on these technologies. However when you widen the scope to RF wireless communication, A lot more tools become available. In this talk I will be talking about the attack and doing live demos.
Hacking RF Breaking what we can't see - Grant Colgan (BSides Halifax 2021)
Thank you to Egor for writing in a sharing his work on modifying dump1090 in order to support the HackRF on Windows. dump1090 is software that is often used with RTL-SDR dongles for decoding ADS-B data for aircraft tracking. He writes:
Some time ago I was looking for dump1090 version with HackRF support that could work on Windows. But I have not found such version.
So I forked Malcolm Robb's version of dump1090 that could be built on Windows around 7 years ago. :) I've updated it and have added HackRF support from Ilker Temir's fork.
In his latest YouTube video Tech Minds explains and demonstrates Remote SDR V2, which is software that allows you to easily remotely access either a PlutoSDR, HackRF or RTL-SDR software defined radio. It is designed to be used with the amateur radio QO-100 satellite, but version 2.0 now include multiple demodulation modes, NBFM/SSB transmission capability, CTCSS and DTMF encoders, modulation compression and a programmable frequency shift for relays.
In his video Tech Minds shows how to install Remote SDR V2 onto an Orange Pi via the SD card image, how to access the web interface, and how to access and use the connected SDR.
Remote SDR V2 with Orange Pi and Transmit Capable
We note that the code is designed to be run on Orange Pi boards, which are low cost single board computers similar to Raspberry Pi's. However over on Twitter @devnulling has indicated that his own fork of the code should run on x86 systems. Aaron @cemaxecuter is also working on including it into a DragonOS release.
The image below demonstrates a typical Remote SDR V2 transceiver setup with two HackRFs.
Thanks to Rado for submitting his news about the release of his project called "ggwave-fm" which allows transmitting of ggwave encoded messages with an SDR. The idea behind the original ggwave is to allow data transfer between devices using audio tones. This is useful for things like serverless one to many data broadcasts, device pairing, IoT devices and audio QR codes. Many products such as wireless security cameras already uses a similar audio data transfer system for automatically sending WiFi login data from a smartphone to the camera. Rado writes:
Ggwave is an open-source library that allows you to communicate small amounts of data between air-gapped devices using sound. You can find some technical details and a lot of examples on the project page: https://github.com/ggerganov/ggwave.
I thought it'd be cool to somehow extend the range of transmission for ggwave and this is how ggwave-fm was born. It modulates ggwave encoded messages with NBFM, interpolates the signal and produces a complex sampled IQ file which is ready for transmission with an SDR.
In the video shown below Rado demonstrates ggwave-fm working with a HackRF and uses a Baofeng FM radio as the receiver, with the "Waver" mobile app for decoding. He notes that the demo script (demo.sh) used in the video is availalbe in the Git repository.
Thank you to "LikWidChz" for submitting his tutorial on receiving and decoding multiple NRSC5 (HD Radio) channels with the help of GNU Radio, a HackRF and the NRSC5 decoder. He writes:
I wanted a way to utilize GnuRadio for working with HD radio. There are no decoder blocks from within GnuRadio to perform this decoding without an external application. This write up is how I was able to split up some signal and supply NRSC5 what it requires to perform the decode.
My goal was to capture some slice of spectrum and "channelize it" so I can perform multiple HD radio decodes at once.
In this linked zip file we have uploaded his GRC file, and his tutorial PDF, which fully explains each GNU Radio block used, and how to use the NRCS5 decoder along with the flowgraph. He also notes that if anyone wants to get in touch with him he is idling on IRC in #gnuradio and ##rtlsdr on freenode under the nickname "LikWidChz".