Recently we received an email from RTL-SDR.com reader @Ivoidwarranties about his latest project which involved using a HackRF to reverse engineer the RF protocol used by a public parking electronic display. Once reverse engineered @Ivoidwarranties used a XR-2206 monolithic function generator, hybrid RF amplifier and an Arduino to create a device that overrides the public parking display and plays a game of Tetris on it.
We don’t have any details on the HackRF reverse engineering side of things, but he has uploaded a video to YouTube showing the hack in action.
At this years Defcon 2015 conference researcher Lin Huang from Qihoo 360 presented her work on spoofing GPS signals. Qihoo 360 is a Chinese security company producing antivirus software. Lin works at Qihoo as a security researcher where her main job is to prevent their antivirus software and users from becoming vulnerable to wireless attacks. Her research brought her to the realm of GPS spoofing, where she discovered how easy it was to use relatively low cost SDRs like a USRP B210/BladeRF/HackRF to emulate GPS signals which could allow a wireless attacker to manipulate the GPS on smartphones and cars.
Previous attempts at GPS spoofing have all used more expensive custom hardware. One attempt in 2013 allowed university researchers to send a 213-foot yacht off course, and it is suspected that hackers from the Iranian government have used GPS spoofing to divert and land an American stealth drone back in 2011.
In Lin’s presentation she shows how she was able to trick a smartphone into thinking it was in a different location. In addition she writes how this method could be used to trick the phone into changing it’s time, as many smartphones will periodically refresh the clock accuracy by using GPS satellites. She also shows how she was able to bypass a DJI drones forbidden area no fly zone policy. DJI drones come with a feature where the engines will not power up if the on board GPS detects that it is in a no drone fly zone. By spoofing the GPS she was able to get the drone to power up inside a no fly zone in Beijng.
Last month we posted about the Rad1o badge, a HackRF inspired software defined radio that is being given out for free to participants of the Chaos Computer Club (CCC) camp conference in Germany. The Rad1o has an operating frequency range of 50 MHz – 4000 MHz, an ARM Cortex M4 CPU, a color LCD screen, a 2.5 GHz ISM band PCB antenna, an audio connector for headphone and microphone connections and an on board battery for portable use. It is also fully compatible with HackRF software. It is not for sale at the moment and only available to conference participants.
Micheal Ossmann, creator of the original HackRF was able to get a Rad1o from a CCC member who helped in the design. He has posted his first impressions of the radio on his blog. Micheal writes how the Rad1o is a variation on the HackRF and how it is kind of similar to a HackRF plus Portapack on a single PCB. He also mentions how he noticed some peculiar component choices on the Rad1o, which is due to the fact that they had to use several components freely obtained from sponsors, in order to be able to afford give them away for free to conference antendees.
The firmware needs to be flashed into the HackRF RAM or ROM, and he provides instructions for this over on his post. The video below shows the HackRF and software in action on an iPad.
ADS-B to BTLE HackRF Relay
Air relay ADS-B to BTLE via single HACKRF in realtime
The Rad1o is inspired by the HackRF, but seems to have several additional features. It has an operating frequency range of 50 MHz – 4000 MHz, an ARM Cortex M4 CPU, a color LCD screen, a 2.5 GHz ISM band PCB antenna, an audio connector for headphone and microphone connections and an on board battery for portable use. It is also fully compatible with HackRF software.
They write that the Rad1o is not for sale at the moment, and that the only way to get one right now is to attend the camp. If there is enough interest after the camp they will consider producing a second manufacturing run. Despite that, all hardware design files appear to be open source and available at https://github.com/rad1o. More information about the Rad1o can be found here.
The Rad1o, a HackRF compatible software defined radio.
The HackRF PortaPack is a portable LCD screen with control interface and processor that connects to a HackRF software defined radio. The PortaPack’s goal is to allow for portable RF spectrum visualization, tuning and eventually demodulation of many modes. It has been in development from around the time of the August 2013 HackRF kickstarter and is now almost ready to be shipped out to the initial backers. For more information about the PortaPack see this Hak5 segment that we previously posted about where Jared Boone the inventor of the PortaPack is interviewed.
In his post Jared writes:
Getting the PortaPack H1 ready for shipping was a long slog. And as is my way, I took a lot of detours along the way. I incorporated a lightweight operating system (ChibiOS) into the firmware. I built a simple UI framework that would support arrow-key navigation, with touch as an option where appropriate. I developed a sophisticated test jig (based on this) to ensure the units I ship work correctly. I designed a milled aluminum case that I’ll offer as an option. And I finished and tested all the units myself, including doing failure analysis on a bunch of PortaPacks. I learned a great deal, and hope that my next product development cycle will be much easier and faster.
Because of all the manufacturing effort, work on the firmware hasn’t advanced very far. At this point, the PortaPack is mostly useful as a basic narrowband AM/FM receiver. But there’s still a lot of capability to be tapped in the HackRF ARM processors! I’m eager to get back to firmware, and implement more signal analysis and capture functionality, along with some digital modes demodulation and decoding support.
Simon (G0FCU) has been using his HackRF Blue to transmit DVB-S video captured from his video camcorder. In the ham radio hobby there is something called digital amateur television (DATV) in which amateurs transmit digital video over radio to repeaters. Simon writes that in the UK DATV is usually transmitted at above 1.2 GHz and in the DVB-S format, which is the same format used by some satellite TV services.
Although there are dedicated DATV radios, Simon decided that he wanted to use the HackRF Blue as the radio for transmitting his own DATV signals. To do this he uses the software dvgrab to grab the video stream from the camera, then passes it to ffmpeg to compress the raw video into MPEG-2 and then uses a GNU Radio program called gr-dvbs to use the HackRF to transmit the DVB-S stream at 1000 MHz.
To test that his signal was transmitting correctly, Simon then used a standard DVB-S satellite TV with the LNB bypassed.
We’ve received a note from RTL-SDR.com reader Tim about a new ExtIO module available for the HackRF and HDSDR. ExtIO stands for External IO, and is a special DLL file that allows HDSDR and other software to access hardware like the HackRF.
To use it, simply copy the HackRF ExtIO dll file into the HDSDR directory, and select it when opening HDSDR. The module currently supports 2, 4, 8, 10, 12.5, 16 and 20 MSPS sample rates. We tested it briefly on our own HackRF and it ran just fine at all sample rates.
