Thank you to Aaron for submitting news about his latest project called "DragonOS" which he's been working on while in COVID-19 lock down. DragonOS is a Debian Linux based operating system which comes with many open source software defined radio programs pre-installed. It supports SDRs like the RTL-SDR, HackRF and LimeSDR.
Aaron's video below shows how to set up DragonOS in a VirtualBox, and he has two other videos on his channel showing how to set up ADS-B reception with Kismet, and how to run GR-RDS in GNURadio. He aims to continue with more tutorial videos that make use of the software installed on DragonOS in the near future.
Over on YouTube user kwon lee has uploaded a video demonstrating a replay attack against a parking barrier arm. The tools he uses are a HackRF and Portapack running the Havok firmware. A replay attack involves recording a control signal with the HackRF+Portapack, and then replaying it later with the transmit function of the HackRF. If no wireless security mechanism like rolling-codes are used, simply replaying the signal will result in the transmission being accepted by the controller receiver.
As he has access to the remote control he records the transmission that is sent when the open button is pressed on the remote. Later once outside he shows how transmitting with the HackRF+Portapack results in the barrier arm opening.
This reminds us of a previous post where we noted how a HackRF was used to jam a garage door keyfob to prevent people from leaving in the TV show "Mr. Robot".
RF Replay Attack _ Parking-Breaker via HackRFone+Portapack+havoc
At the Hackaday Supercon Michael Ossmann & Kate Temkin presented a talk called "Software-Defined Everything" where they demonstrated some applications of the "GreatFET One" interface board. Michael Ossmann is best known for creating the HackRF software defined radio which is a highly versatile and low cost open hardware/software SDR transceiver. His company Great Scott Gadgets also employs Kate Temkin who is the lead software developer who worked on their latest product called the GreatFET One.
The GreatFET One is a multi-purpose digital interface board that plugs into a PC via USB. It contains multiple digital IO pins, supports SPI, I2C, UART and JTAG serial protocols, can do logic analysis, and also has a built in ADC and DAC.
In the talk Michael and Kate show how a simple light sensor can be plugged into the GreatFET's ADC, allowing the sensor's data to be digitized and processed in GNU Radio. This results in a software defined light sensor. By analyzing the light data in the frequency domain via an FFT graph they're able to determine the refresh rate of the ceiling lights.
Later they also show how GreatFET can be combined with i2C sensors and GNU Radio to do creative things like use an accelerometer as a microphone for a guitar pickup, with audio effects like guitar clipping controlled by GNU Radio blocks.
Michael Ossmann & Kate Temkin - Software-Defined Everything
Over on YouTube SignalsEverywhere has just uploaded his latest video about using a HackRF and Airspy R2/Mini to explore the signals coming out of an internet cable modem's coax cable. In the video he performs a wideband scan with his Airspy R2 and the SpectrumSpy software which shows not only his, but the downstream signals from other users in his neighborhood on the cable network too.
Next using his HackRF with Spectrum Analyzer and the hackrf_sweep fast sweeping software, he was able to determine the uplink portion of his cable modem. By running an internet speed test in the background he was also able to visualize the increased cable data activity on the spectrum waterfall display.
The Secret Signals Hiding In Your Cable Modem | SDR Used to Sniff Cable Internet Modem Coax
A ground penetrating radar (GPR) is a system that uses RF pulses between 10 to 2.6 GHz to image up to a few meters below the ground. A typical GPR system consists of a transmitting radio and antenna that generates the radar pulse aimed towards the ground, and a receiving radio that receives the reflected pulse.
GPR is typically used for detecting buried objects, determining transitions in ground material and detecting voids and cracks. For example, in construction it can be used to determine rebar locations in concrete, and in the military it can be used to detect non-metallic landmines and hidden underground areas.
Their system uses a step-frequency continuous waveform (SFCW) signal which scans over multiple frequencies over time, and the software was written in GNU Radio. In their tests they were able to detect a dry block of sand buried 6 cm below the ground, and a wet block 20 cm below.
Ground Penetrating Radar with two HackRF software defined radios.
During the 2019 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting conference, authors Xuemei Huang, Kun Yan, Hsiao-Chun Wu and Yiyan Wu presented a research paper titled "Unmanned Aerial Vehicle Hub Detection Using Software-Defined Radio". In their work they describe how they were able to use three HackRFs to determine the location of a UAV drone transmitter. The method they use is fairly simple as it makes use of path loss propagation models to determine an estimated distance from each HackRF, so prior knowledge of the transmitter properties is still required.
The applications of unmanned aerial vehicles (UAVs) have increased dramatically in the past decade. Meanwhile, close-range UAV detection has been intriguing by many researchers for its great importance in privacy, security, and safety control. Positioning of the UAV controller (hub) is quite challenging but still difficult. In order to combat this emerging problem for public interest, we propose to utilize a software-defined radio (SDR) platform, namely HackRF One, to enable the UAV hub detection and localization. The SDR receiver can acquire the UAV source signals. The theoretical path-loss propagation model is adopted to predict the signal strength attenuation. Thus, the UAV hub location can be estimated using the modified multilateration approach by only three or more SDR receivers.
Unmanned Aerial Vehicle Hub Detection Using Software-Defined Radio
Over on the TechMinds YouTube channel a new video titled "GPS Spoofing With The HackRF On Windows" has been uploaded. In the video TechMinds uses the GPS-SDR-SIM software with his HackRF to create a fake GPS signal in order to trick his Android phone into believing that it is in Kansas city.
In the past we've seen GPS Spoofing used in various experiments by security researchers. For example, it has been used to make a Tesla 3 running on autopilot run off the road and to cheat at Pokemon Go. GPS spoofing has also been used widely by Russia in order to protect VIPs and facilities from drones.
A few readers have written in to let us know the role SDRs played in the last season of "Mr. Robot". The show which is available on Amazon Prime is about "Mr. Robot", a young cyber-security engineer by day and a vigilante hacker by night. The show has actual cyber security experts on the team, so whilst still embellished for drama, the hacks performed in the show are fairly accurate, at least when compared to other TV shows.
Spoilers of the technical SDR hacks performed in the show are described below, but no story is revealed.
In the recently aired season 4 episode 9, a character uses a smartphone running an SSH connection to connect to a HackRF running on a Raspberry Pi. The HackRF is then used to jam a garage door keyfob operating at 315 MHz, thus preventing people from leaving a parking lot.
Shortly after she can be seen using the HackRF again with Simple IMSI Catcher. Presumably they were running a fake cellphone basestation as they use the IMSI information to try and determine someones phone number which leads to being able to hack their text messages. The SDR used in the fake basestation appears to have been a bladeRF.
HackRF Used on Mr Robot
In season 4 episode 4 GQRX and Audacity can be seen on screen being used to monitor a wiretap via rtl_tcp and an E4000 RTL-SDR dongle.
E4000 RTL-SDR Being used for Wiretap Monitoring
Did we miss any other instances of SDRs being used in the show? Or have you seen SDRs in use on other TV shows? Let us know in the comments.
