Tagged: hackrf

Reverse Engineering NSA Spy ‘Retro Reflector’ Gadgets with the HackRF

In 2013 whistleblower Edward Snowden leaked (along with other documents) some information about the American National Security Agencies (NSA) spy tools. One such group of tools named ‘retro reflectors’ has recently been investigated and reverse engineered by Micheal Ossmann, the security researcher behind the recently available for preorder HackRF software defined radio. The HackRF is a SDR similar to the RTL-SDR, but with better performance and transmit capabilities.

Newscientist Magazine has written an article about Ossmann’s work here. From their article a retro reflectors are described in the following quote.

One reflector, which the NSA called Ragemaster, can be fixed to a computer’s monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the keyboard cable and harvests keystrokes. After a lot of trial and error, Ossmann found these bugs can be remarkably simple devices – little more than a tiny transistor and a 2-centimetre-long wire acting as an antenna.

The HackRF comes in to play in the following quote

Ossmann found that using the radio [HackRF] to emit a high-power radar signal causes a reflector to wirelessly transmit the data from keystrokes, say, to an attacker. The set-up is akin to a large-scale RFID- chip system. Since the signals returned from the reflectors are noisy and often scattered across different bands, SDR’s versatility is handy, says Robin Heydon at Cambridge Silicon Radio in the UK.

Ossmann will present his work at this years Defcon conference in August.

retro-reflector-surlyspawn     retro-relector    retro-reflector-ragemaster

 

Transmitting ADS-B with a HackRF and Receiving it with an RTL-SDR

Over on YouTube user Jiao Xianjun has uploaded a video showing how he was able to transmit an ADS-B signal from his HackRF One and receive it using an RTL-SDR with dump1090. He transmits a low power signal which shows a fake plane flying over the Senkaku islands.

Important Note: While this warning is also on the video we feel that we should re-emphasize that you should never transmit anything at 1090 MHz unless you are authorized to do so and are in a controlled RF environment.

ADS-B out by HACKRF and received by rtl-sdr + dump1090

HackRF Now Available for Preorder

The HackRF One, a TX/RX capable software defined radio for 10 MHz – 6 GHz is now available for preorder at certain resellers for $299USD . Micheal, the man behind the HackRF expects the Kickstarter HackRF rewards to be shipped in June. Then after shipping the HackRF reward units, the resellers will receive their units.

HackRF One from Great Scott Gadgets is a Software Defined Radio peripheral capable of transmission or reception of radio signals from 10 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies, HackRF One is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation.

  • 10 MHz to 6 GHz operating frequency
  • half-duplex transceiver
  • up to 20 million samples per second
  • 8-bit quadrature samples (8-bit I and 8-bit Q)
  • compatible with GNU Radio, SDR#, and more
  • software-configurable RX and TX gain and baseband filter
  • software-controlled antenna port power (50 mA at 3.3 V)
  • SMA female antenna connector
  • SMA female clock input and output for synchronization
  • convenient buttons for programming
  • internal pin headers for expansion
  • Hi-Speed USB 2.0
  • USB-powered
  • open source hardware

HackRF One has an injection molded plastic enclosure and ships with a micro USB cable. An antenna is not included. ANT500 is recommended as a starter antenna for HackRF One.

 

HackRF One
HackRF One

Transmitting DAB with the HackRF

A RTL-SDR.com reader has written in to let us know about his project involving transmitting Digital Audio Broadcasting (DAB) using GNU Radio and the HackRF. DAB is a digital radio technology that is used to broadcast radio stations. He uses the CRC-DABMUX and CRC-DABMOD software to modulate an audio file into DAB and then uses a GNU Radio python script to write the modulated signal to the HackRF for transmitting.

Controlling a Remote Control Car with the HackRF

On YouTube user 王康 has been working with his HackRF One to create a computer keyboard controlled interface for his remote control car. The HackRF is a ~$300 software defined radio similar to the RTL-SDR, but with transmit capabilities.

To control the car he wrote a GNU Radio program to generate a control signal that is transmitted by the HackRF and a GUI to listen to keyboard presses on the PC.

HackRF One with gr-remotecar

HackRF vs. BladeRF vs. USRP

To help you decide which of the recently released software defined radios is right for you, blogger Taylor Killian has written an article discussing and comparing the HackRF, BladeRF and new USRP models.

The HackRF, BladeRF and USRP are all high end SDRs which range in cost from $300 (HackRF) to $1100 USD (USRP B210). They differ from the RTL-SDR in that each is specifically designed for the purpose of software defined radio, and they all have large bandwidths and transmit capabilities.

HackRF Jawbreaker Board with EnclosureBladeRFUSRP

HackRF Receiving HRPT Weather Satellite Images

On Twitter user @uhf_satcom has been using a HackRF software defined radio together with GNU Radio, a tracking L-Band antenna and this HRPT decoding software to receive and decode HRPT weather satellite images. He used GNU Radio to output to a .RAW16 file, which the HRPT decoding software was then able to use to produce an image.

 

 

HRPT is a picture transmission protocol which stands for High Resolution Picture Transmission. There are multiple satellites which broadcast weather images in this format including the NOAA, GOES, Metop-A and Feng Yun satellites. These satellites transmit HRPT at about 1.7 GHz.

@uhf_satcom also tried to receive these images with the RTL-SDR, but was unsuccessful. But you can still receive the lower resolution APT weather satellite images using the RTL-SDR.

Below are some examples of the images he was able to receive.

hrpt_hackrf1_thumb hrptdata_noaa19a_thumb

Update: This is an image of the L-band antenna he used.

HackRF Now for Sale

HackRF is now for sale on Kickstarter, and it has already reached it’s $80,000 USD goal in less than half a day. If you didn’t already know, HackRF is an open source Software Defined Radio that can receive and transmit between 30 MHz and 6 GHz. HackRF has a 20 MHz bandwidth which when compared to the RTL-SDRs 3.2 MHz maximum is a lot.

There have already been 500 HackRF beta units sent out so the hardware should be fairly stable by now.

The basic package which includes a fully assembled HackRF board and enclosure is selling for $275. For $315 you can get a HackRF, enclosure and a Ham-It-Up upconverter as well, which is commonly also used with the RTL-SDR and will allow you to receive the HF bands between 0 – 30 MHz.

HackRF Jawbreaker Board with Enclosure

If you are interested in some videos, here is a video showing the HackRF transmitting wideband FM using GNURadio.

Here, showing 20 MHz of the GSM band

HackRF smoke testing: GSM tower

Here, 20 MHz of the broadcast FM band

HackRF smoke testing: Full FM broadcast band