The "Chaos Computer Club (CCC)" have recently been uploading videos to YouTube from their "Remote Chaos Experience rC3" online conference. One talk is by Jacek Lipkowski (SQ5BPF) who presents his Etherify project which we have posted about a few times on this blog already. Etherify is a program that allows users to exploit unintentional RF leakage from Ethernet hardware in order to transmit data over the air, essentially creating a primitive software defined radio. In particular the Raspberry Pi 4 was found to have extreme unintentional leakage, with the signal being receivable from over 50m away.
Primitive soft tempest demos: exfiltrating data via leakage from ethernet and more :)
In this talk i will describe shortly the concept of soft tempest, and show a demo of etherify and sonify. Etherify uses radio frequency leakage from ethernet to exfiltrate data. Sonify uses ultrasound. Both demos by design use very primitive tools and hardware, and are easy to replicate.
#rC3 Etherify - bringing the ether back to ethernet
The answer is yes, there is some RF leakage, however unlike the Pi 4 the speed at which the leakage can be modulated is much slower, and also the signal strength is much lower. Despite the slow modulation speed, Jacek was still able to transmit data by using QRSS CW, which is essentially just very slow morse code. Using this idea he was able to transmit, and receive the CW signal with an RTL-SDR over a distance of 3 meters at 375 MHz, 625 MHz and 250 MHz. The signal strength is nothing like the Pi 4's Ethernet RF leakage which can be received strongly from over 50 meters away however.
Not too long ago we posted about Jacek Lipkowski (SQ5BPF)'s project called "Etherify" which seeks to use unintentional RF radiation from Ethernet hardware/cables to transmit arbitrary signals such as morse code and FSK. During his earlier experiments he noted how he felt that the Raspberry Pi 4 had an unusually strong radiated Ethernet signal. In his recent post Jacek investigates this further.
Over on his blog SQ5BPF has been documenting a TEMPEST experiment where he's been able to transmit data via RF being leaked from a Raspberry Pi's Ethernet connection. The idea was born when he found that his Raspberry Pi 4 was leaking a strong RF signal at 125 MHz from the Ethernet cable. He went on to find that it was easy to turn a tone on and off simply changing the Ethernet link speed with the "ethtool" command line tool. Once this was known it is a simple matter of creating a bash script to generate some morse code.
Quite amazingly the Ethernet RF leakage is very strong. With the Raspberry Pi 10 meters away, and a steel reinforced concrete wall in between, SQ5BPF was able to receive the generated morse code via an RTL-SDR connected to a PC. Further experiments show that with a Yagi antenna he was able to receive the signal from 100 meters away.
His post explains some further experiments with data bursting, and provides links to the scripts he created, so you can try this at home.
Update - SQ5BPF also notes the following:
The leakage differs a lot with the hardware used. The Raspberry Pi 4 is exceptional and also allows to switch the link speed quickly, so was a nice candidate for a demo, but other hardware works as well.
The first tests were done on some old laptops I had laying around, and they leak as well. Maybe someday I will publish this, but everyone of them behaves differently.
Etherify 1 demo receiving via SDR and decoding via fldigi
Thank you to a few users who have submitted links to u/ThePhotoChemist's Reddit post showing his e-ink display for his live GOES-16 weather satellite images. The post doesn't go into much detail about the setup, however it seems that he is using a Raspberry Pi, and displaying the images via a 9.7 inch E-Ink display which he notes does not come cheaply. He also notes that the resolution is quite low, and that it's limited to 16 shades of grey, however the images do still look good on it. The display is mounted into a picture frame which makes a very nice display piece.
If you're interested in receiving live GOES (or GK-2A) weather satellite images with an RTL-SDR we have a tutorial available here.
Evariste (F5OEO) has just announced the release of an update to RPiTX which allows it to now be used on a Raspberry Pi 4. If you are unfamiliar with it, RPiTX is a program for Raspberry Pi single board computers that allows you to transmit almost any type of signal on frequencies between 5 KHz up to 1500 MHz with nothing more than a piece of wire connected to a GPIO pin. Evariste also notes that the new version is compatible with the beta 64-bit version of Raspbian.
Some examples of signals you can transmit with RPiTX include a simple carrier, chirp, a spectrum waterfall image, broadcast FM with RDS, SSB, SSTV, Pocsag, Freedv and Opera. You can also use an RTL-SDR to record a signal, and replay the IQ file with RPiTX. However, please remember that transmitting with RPiTX you must ensure that your transmission is legal, and appropriately filtered.
Numbers Stations are mysterious radio broadcasts that typically consist of a voice speaking a seemingly random string of numbers. It is mostly accepted that these stations are a way for spy agencies to communicate to intelligence operators stationed overseas.
However, recently Simon Roses wrote in and wanted to share his project where he created his own numbers station at home. The idea is to use a Raspberry Pi and the Pi-FM-RDS software to transmit a simulated numbers station. If you didn't already know, a Raspberry Pi can be used as a somewhat useful RF transmitter by using software like Pi-FM-RDS which manipulates a GPIO pin connected to a piece of wire acting as an antenna.
In his write up, Simon notes that he uses a program called PiNumberStation which is a text to speech program that passes the generated voice to Pi-FM-RDS. Pi-FM-RDS then transmits the signal, allowing a nearby FM radio to pick up and play the audio.
If you wanted to try this as a prank or joke, please remember that transmitting in the FM bands over a certain power level may be illegal in some countries, and the Raspberry Pi TX capabilities are known to require filtering to prevent interference occurring on other frequencies. Transmitting incorrectly could have dire consequences, so please make sure you do your research first.
Over on his YouTube channel Tech Minds has uploaded a video introducing and demonstrating the Langstone Project. Langstone is a standalone homebrew SDR transceiver project by Colin Durbridge (G4EML) which at its most basic implementation is based on an Adalm PlutoSDR, Raspberry Pi 4 and 7" LCD touchscreen.
In the video Tech Minds shows how to install the Langstone Pi4 software on the SD card, and then demonstrates it in action. He also notes that the output power of the PlutoSDR is too low for any real communications, however it is possible to add an amplifier and appropriate band filtering. To help with that, the software makes us of the GPIO pins on the Pi4 which can be used to switch in optional band filters.
Langstone Project - SDR Transceiver using an Adalm PlutoSDR