January 30, 2023

Slovenian whistleblower who was convicted for reporting a flaw in Police TETRA with an RTL-SDR requests donations

Back in May 2016 we posted about Dejan Ornig, a then 26 year old student at the University of Maribor's Faculty of Criminal Justice, Slovenia who was almost imprisoned for using an RTL-SDR and finding a security flaw in Police TETRA communications. Dejan's story was one of the first of several stories we presented over the years involving a person getting into legal or political trouble from the use of SDRs like the RTL-SDR in more authoritarian countries.

TETRA is a RF digital voice and text communications protocol often used by authorities in European and other countries due to its ability to be secured via encryption. By using an RTL-SDR and an open source TETRA decoder, Dejan discovered that despite official documents specifying that all Police TETRA terminals must be authenticated (we assume this refers to encryption), none actually were.

Dejan went ahead and ethically reported his findings to the Slovenian authorities, working together with Police officers to disclose all his findings. However, in the end no action was taken, and Dejan took his findings to the press. It was then that Dejan was prosecuted by Slovenian Police, his house raided, and he discovered that Police had been collecting evidence against him for more than a year.

To complicate matters further it appears that Dejan also worked as an intelligence informant for the Police and was illegally instructed and helped by two Police detectives to hack into e-mails, Facebook profiles and other online communications of people deemed suspicious.

After seven years of court hearings, his case on the TETRA hack ended in 2022 with Dejan subjected to a seven month suspended prison sentence . Although suspension means that Dejan will not physically reside in jail, his record still records him as a criminal.

The criminal trial and conviction has led to Dejan having problems securing a job and moving forward with his life. He is currently asking for donations online in order to help get his life back on track. Dejan's full story can be read at the funding site. Alternatively you can donate via PayPal.

NOTE: As donation requests can often be scams, we have independently verified that it is indeed Dejan Ornig who submitted this story to us, and that the donation site and PayPal link is legitimate.

NOTE 2: In the past we have had issues moderating comments with stories involving transgender and female contributors. Dejan's story contains info about his sexual orientation and we will not accept derogatory comments on this site regarding this. If desired, please discuss the technical and legal nature of Dejan's situation, any other comments will be removed.

TETRA Decoding (with telive on Linux) — An Example TETRA decoding setup

February 9, 2022

Turbine: Capture and Stream all Frequencies in a Trunked Radio System with a HackRF

Over on Reddit we've discovered an interesting program called 'Turbine' that has recently been open sourced by the author. This program connects to a wideband capable SDR such as a HackRF and captures and streams all frequencies in a trunked radio system. Users can then browse the recordings online. On his reddit post u/norasector introduces Turbine, and his application for it called 'NoraSector'.

I am open sourcing the SDR code for NoraSector, which currently captures and streams the radio systems for both King and Snohomish County, WA. It uses a HackRF One to capture every channel concurrently, and can even process multiple systems at the same time, provided they are within the same bandwidth that is captured by the SDR and there's adequate reception. I plumb the output through a WebRTC streaming infrastructure I built to stream audio to clients over the web with very low latency. My goal was to give complete access to an entire system to anyone over the web, just as they would have if they were using a handheld scanner, and with comparable latency.

Turbine is a bit different other SDR software out there. It's written entirely in Go, and was built explicitly to only use a single SDR rather than bonding multiple SDRs together.

Turbine works by tuning known control frequencies and then tuning all voice frequencies it learns from them. Voice transmissions are encoded using the Opus audio codec for compatibility with WebRTC and blasted out as frames over UDP. It also includes a functional-but-janky built-in visualization web server to look at each stage of the DSP pipeline for each frequency, which was crucial for debugging as I was building it.

Right now, it only supports legacy Motorola SmartZone systems (which is what is used near me), but it shouldn't be a large lift to make it support P25. The code is heavily influenced by op25 and GNURadio (and in some places just outright copying them). I built it in Go because a) it's what I'm most familiar with and b) the sheer density of GNURadio made it hard for me to piece things together how I wanted. Go's concurrency model is a natural fit for doing many concurrent operations on the byte stream, and I haven't had issues with garbage collection pausing execution in a detrimental way.

Turbine isn't intended for use with lower sample rate SDRs like the RTLSDR. It has a driver for it, but doesn't support bonding multiple SDRs together. If an entire system fits within the 2MHz sample rate, it would probably be fine. You should be able to fire it up with a RTLSDR but it will not be able to capture very much. It currently only officially supports the HackRF One, but adding other SDRs should be relatively trivial. Note that the HackRF I am using is the model with the upgraded TCXO, as I found that the built-in oscillator was not accurate enough.

Turbine has only been tested to run on Linux and is very CPU-intensive; the production radio runs on a dedicated i7-11700k 8c/16t CPU and consumes about 60% of all cores decoding both systems. There are some potential optimizations that could be made that would lower CPU consumption during periods of low activity, but I built it for the worst case of having to encode every voice frequency at once.

The usual disclaimers about OSS apply. I hope you find it interesting or perhaps useful, and maybe portions can be adapted so Go can be used more in SDR projects.

There have been similar projects in the past like radiocapture-rf, scaneyes, and broadcastify calls, but Turbine looks like one of the most comprehensive.