The Portapack is an add on for the popular HackRF SDR which allows the HackRF to be used portably without a PC. Recently the cost of this hardware duo has come down to below US$150 due to low cost Chinese clones now being available on the market. Generally the clones are of good quality too.
Once you have the hardware it is possible to install third party custom firmware such as "Mayhem" on the Portapack which enables many features such as the ability to receive and transmit various different types of RF protocols. Back in 2018 we did a review of Mayhems predecessor which was known as the "Havok" firmware. More recently Tech Minds did a video overview of Mayhem.
Now over on his blog A. Petazzoni has started a new blog series which aims to introduce the basics of the Mayhem firmware, including installation and some hands on testing with RF spoofing, denial-of-service (DoS) and replay attacks. Currently only his first post is out, and in the post he show how to install Mayhem onto the Portapack, then goes on to briefly overview some applications such as RF replay attacks, replicating wireless remote controls, receiving and transmitting POCSAG, receiving and transmitting ADS-B, and creating a jammer.
Obviously a lot of what you can do with a Portapack and the Mayhem firmware is extremely illegal and very dangerous, so please do be careful with what and where you transmit especially if you are new to RF hobby. These signals should remain in your test area only, and not leak out into the wider environment.
Drone defense is a problem that is plaguing airports, cities, sensitive buildings and the military. These days anyone with a low cost off the shelf drone can cause havoc. Solutions so far have included net guns, drone deployed nets, wideband jammers, GPS spoofers, traditional and passive radar systems, visual camera detection, propeller noise detection, microwave lasers and SDR based point and shoot drone jamming guns like the IXI Dronekiller.
Both the expensive made for military IXI Dronekiller SDR gun, and the LimeSDR Dronesense work in a similar way. They begin by initially using their scanning feature to detect and find potential drone signals. If a drone signal is detected, it will emit a jamming signal on that particular frequency, resulting in the drone entering a fail-safe mode and either returning to base or immediately landing. Specifically targeting the drone's frequency should help make the jammers compliant with radio regulations as they won't jam other legitimate users at the same time. We note that this method might not stop drones using custom RF communications, or fully autonomous drones.
However, unlike the IXI Dronekiller gun, Dronesense requires no pointing and aiming of a gun like device. Instead it appears to be mounted on another drone, with an omnidirectional jamming antenna. It runs with a GNU Radio based flowgraph which decides if a detected signal is from a drone, and if so activates the jammer. Unfortunately the software and further details don't appear to be available due to non-disclosure agreements.
DroneSense Second Jamming Test (Software Defined Aerial Platform)
Back in May 2018 we first posted about Amungo Navigation's NUT4NT+ project, which is a four channel global navigation satellite system (GNSS) board based on the NT1065 chip. With the right antenna, it is capable of receiving any navigation satellite including GPS, GLONASS, Galileo, BeiDou, IRNSS, and QZSS. With access to multiple satellite systems, the positioning resolution can be down to the centimeter.
Currently Crowd Funding now on CrowdSupply is the NUT2NT+, which is their low cost 2-input GNSS board. Early bird units are going for $250 (12 units left at the time of posting), with the normal price being $320. Compared to their previous legacy version it has an FPGA, TCXO, bias tee and other improvements. They write:
NUT2NT+ hardware is open source, as is the software - giving the user the ability to set a receiver’s modes and frequencies, to capture all signals continuously, and to have complete control over primary processing features.
Several startups and large companies offer proprietary GNSS positioning solutions and even mobile GNSS software-defined receivers. But a closed ecosystem reduces accessibility for an enthusiast or professional developer, and it limits what a user can do with their hardware. We are happy to bring NUT2NT+ to the world as an open source option.
We note that this is an advanced device for developers and experimenters, but the possible applications they write about such as precision positioning for autonomous vehicles and black box logging are quite interesting.
Their higher end four channel input version (which appears to only be for sale via contact on their website at the moment) can be used as a coherent receiver which can locate sources of GPS jamming via an augmented reality app. In our previous post we highlighted how they were able to find the location of the GPS jammer/spoofers famously active around the Russian Kremlin buildings.
The NT1065 is an all-in-one 4-channel global navigation satellite system (GNSS) receiver chip. It is highly versatile and can receive and decode multiple navigation satellites such as GPS, GLONASS, Galileo, BeiDou, IRNSS and QZSS. Being able to receive so many satellites, it is capable of centimeter level positioning.
The team at Amungo Navigation have taken this chip and have created a product called the NUT4NT+ which is essentially a development board for the NT1065, and all the software for signal processing with it is provided as open source software. In the near future they are planning to begin fundraising for the product over on the crowd funding site CrowdSupply.
One very interesting application that they have been developing with a device similar to the NUT5NT+ is a GPS Jammer/Spoofer detector system which they call the Amungo XNZR. This is a combined 4-channel GNSS receiver and 4-antenna GNSS antenna system built into a small package that fits onto the back of an Android tablet. When connected to the software it uses augmented reality (AR) to show you exactly where GPS jammers are in the vicinity by using coherent signal processing. If you're not familiar with AR, this is the technique of overlaying digital data/images on top of a live real world camera view.
In the video below they take their XNZR detector to Varvarka Street in Moscow Russia and determine the location of a GPS spoofer in the vicinity.
More information about their product can be found on their homepage, and on various interesting forum posts by someone from the company that detail some of their experiments. Note that the forum posts are in Russian, but Google Translate can be used to translate the text.
It’s been known for a while now that it is possible to break into cars using simple wireless attacks that involve jamming of the car keyfob frequency. Sammy Kamkars “rolljam” is one such example that can be built with a cheap Arduino and RF transceiver chip. One way to secure yourself against wireless attacks like this is to run a jammer detector.
A jammer detector is quite simple in theory – just continuously measure the signal strength at the car keyfob frequency and notify the user if a strong continuous signal is detected. Over on his blog author mikeh69 has posted about his work in creating a wireless jammer detector out of a Raspberry Pi and RTL-SDR dongle. He uses a Python script and some C code that he developed to create a tool that displays the signal strength on an onscreen bar graph and also conveys signal strength information via audio tones. He writes that with a pair of earphones and battery pack you can use the system while walking around searching for the source of a jammer.
Mikeh69’s post goes into further detail about installing the software and required dependencies. He also writes that in the future he wants to experiment with creating large area surveys by logging signal strength data against GPS locations to generate a heatmap. If you are interested in that idea, then it is similar to Tim Haven’s driveby noise detector system which also used RTL-SDR dongles, or the heatmap feature in RTLSDR Scanner.