Tagged: rtl-sdr

PineTab Linux Tablet will have an Optional RTL-SDR Expansion Module

The PineTab is an upcoming $100 open source Ubuntu Linux Tablet being created by PINE who are known for their low cost Pine64 single board computers, Pinebook Laptop and Linux based PinePhone. The PineTab is not yet for sale, and they have just announced their intention to begin taking pre-orders in late May, and that the first production run will be a limited quantity pilot production intended only for early adopters.

What's interesting about the PineTab is that they are advertising that they are working on expansion options, with one expansion module being an RTL-SDR. It seems that the expansion module will allow cards to be inserted internally, keeping everything tidy on the outside. Apart from the RTL-SDR, they will also offer LoRa, LTE (with GPS) and sata SSD add on cards.

The standard specs of the PineTab are shown below:

  • Allwinner A64 Quad Core SOC with Mali 400 MP2 GPU
  • 2GB LPDDR3 RAM
  • 10″ MiPi 720p Capacitive LCD
  • Bootable Micro SD Slot
  • 64GB of eMMC
  • microHDMI port for external HD output
  • USB 2.0 A host
  • Micro USB 2.0 OTG
  • 2Mpx front-facing camera
  • 5Mpx rear camera
  • Optional M.2 slot
  • Speakers and Microphone
  • Volume rocker and ‘home’ button
  • Magnetically attached keyboard (optional)
  • 6000mAh battery 
  • 3.5″ Barrel Power (5V 3A) Port
  • Multiple expansion boards for LTE, LoRa and SATA SSD
 

Derpcon 2020 Talk: Breaking into the World of Software Defined Radio

Derpcon is a COVID-19 inspired information security conference that was held virtually between April 30 - May 1 2020. Recently the talks have been uploaded to their YouTube channel. One interesting SDR talk we've seen was by Kelly Albrink and it is titled "Ham Hacks: Breaking into the World of Software Defined Radio". The talk starts by giving a very clear introduction to software defined radio, and then moves on to more a complex topic where Kelly shows how to analyze and reverse engineer digital signals using a HackRF and Universal Radio Hacker.

RF Signals are basically magic. They unlock our cars, power our phones, and transmit our memes. You’re probably familiar with Wifi and Bluetooth, but what happens when you encounter a more obscure radio protocol? If you’re a hacker who has always been too afraid of RF protocols to try getting into SDRs, or you have a HackRF collecting dust in your closet, this talk will show you the ropes. This content is for penetration testers and security researchers to introduce you to finding, capturing, and reverse engineering RF signals. I’ll cover the basics of RF so you’re familiar with the terminology and concepts needed to navigate the wireless world. We’ll compare SDR hardware from the $20 RTLSDR all the way up to the higher end radios, so you get the equipment that you need without wasting money. I’ll introduce some of the software you’ll need to interact with and analyze RF signals. And then we’ll tie it all together with a step by step demonstration of locating, capturing, and reverse engineering a car key fob signal.

Ham Hacks: Breaking into the World of Software Defined Radio - Kelly Albrink

GNU Radio TEMPEST Implementation Now Available

TEMPEST refers to a technique that is used to eavesdrop on electronic equipment via their unintentional radio emissions (as well as via sounds and vibrations). All electronics emit some sort of unintentional RF signals, and by capturing and processing those signals some data can be recovered. For example the unintentional signals from a computer screen can be captured, and converted back into a live image of what the screen is displaying.

Until recently we have relied on an open source program by Martin Marinov called TempestSDR which has allowed RTL-SDR and other SDR owners perform interesting TEMPEST experiments with computer and TV monitors. We have a tutorial and demo on  TempestSDR available on a previous post of ours. However, TempestSDR has always been a little difficult to set up and use.

More recently a GNU Radio re-implementation of TempestSDR called gr-tempest has been released. Currently the implementation requires the older GNU Radio 3.7, but they note that a 3.8 compatible version is on the way.

The GNU Radio implementation is a good starting point for further experimentation, and we hope to see more developments in the future. They request that the GitHub repo be starred as it will help them get funding for future work on the project.

The creators have also released a video shown below that demonstrates the code with some recorded data. They have also released the recorded data, with links available on the GitHub. It's not clear which SDR they used, but we assume they used a wide bandwidth SDR as the recovered image is quite clear.

Examples using gr-tempest

GR-TEMPEST: GNU Radio TEMPEST Implementation
GR-TEMPEST: GNU Radio TEMPEST Implementation

RTL-SDR Blog V3 Units and Antennas Back in Stock at Amazon (Local US Stock)

Just a note that our RTL-SDR Blog V3 units and antennas are now back in stock at Amazon.com with local US stock. There were a few manufacturing and shipping delays related to COVID-19 so they had been out of stock for a couple of months. Currently they are being fulfilled via our partners based in Chicago, and all orders will ship out within 2-business days via USPS First Class. We will look at replenishing the the Amazon Prime warehouses in a few weeks and at the moment we are only shipping to US customers from Amazon. US customers can also order directly from our store at www.rtl-sdr.com/store and this will result in the shipping fee being waived.

If you are based elsewhere in the world, please order directly from our store at www.rtl-sdr.com/store which ships non-US orders direct from our warehouse in China. Alternatively some countries might benefit from our Aliexpress store, which can now utilize the reliable Aliexpress Standard Shipping line.

Our RTL-SDR Blog V3 is an improved RTL-SDR dongle. It includes features like a TCXO, SMA port, software switchable bias tee, built in HF direct sampling mod, aluminum enclosure, improved ESD protection, improved cooling via thermal pad and many other design improvements. The kit comes with a multipurpose dipole antenna which is extremely versatile. It can be used as a standard vertical dipole for terrestrial signals, or can be mounted horizontally in a V-Dipole configuration for NOAA/Meteor LEO weather satellites. It's also easy to mount outdoors through a window for best reception with two mounting solutions included. 

Amazon Links

RTL-SDR Blog V3 Dongle + Multi Purpose Dipole Antenna Set

RTL-SDR Blog V3 Dongle Only

Multi Purpose Dipole Antenna Set Only

RTL-SDR Blog Store

We are also shipping any US orders made from our Worldwide store via our local stock. If you order directly from us you can save $1.99 on shipping.

RTL-SDR Blog Store

Features of the RTL-SDR Blog V3.
Features of the RTL-SDR Blog V3.
The RTL-SDR Blog V3 Set. Includes RTL-SDR V3 dongle, and multipurpose dipole antenna kit.
The RTL-SDR Blog V3 Set. Includes RTL-SDR V3 dongle, and multipurpose dipole antenna kit.

Running rtl_tcp over the TOR Network

Over on his DragonOS YouTube tutorial channel Aaron has uploaded a video showing how it is possible to run rtl_tcp over the TOR network. TOR is an "anonymity network" which routes your internet traffic through thousands of volunteer nodes in order to make tracing your internet activity more difficult.

Aaron's tutorial shows how to route rtl_tcp traffic through a TOR connection on his Linux distribution DragonOS (although it should work on any Linux distro), and connect to it with GQRX.

However, a major caveat is that the data streaming result is rather poor with there being lots of data drops, probably due to the slowness of the TOR network. Perhaps running a smaller sample rate, or using a more efficient server like Spyserver might work better.  

DragonOS LTS Remote access RTL-SDR over TOR network (Gqrx, rtl_tcp, OpenWRT)

GNU Radio Code for Android Now Released

Back in November 2019 we posted how Bastian Bloessl (@bastibl) had teased us with his ability to get GNU Radio running on an Android phone. Now he has officially released his code to the public on GitHub. This is quite a remarkable development as you can now carry a full DSP processing suite in your pocket. In addition to the code, he's put up a short blog post explaining a bit about the port. He notes some highlights of the release:

  • Supports the most recent version of GNU Radio (v3.8).
  • Supports 32-bit and 64-bit ARM architectures (i.e., armeabi-v7a and arm64-v8a).
  • Supports popular hardware frontends (RTL-SDR, HackRF, and Ettus B2XX). Others can be added if there is interest.
  • Supports interfacing Android hardware (mic, speaker, accelerometer, …) through gr-grand.
  • Does not require to root the device.
  • All signal processing happens in C++ domain.
  • Provides various means to interact with a flowgraph from Java-domain (e.g., Control Port, PMTs, ZeroMQ, TCP/UDP).
  • Comes with a custom GNU Radio double-mapped circular buffer implementation, using Android shared memory.
  • Benefits from SIMD extensions through VOLK and comes with a profiling app for Android.
  • Benefits from OpenCL through gr-clenabled.
  • Includes an Android app to benchmark GNU Radio runtime, VOLK, and OpenCL.
  • Includes example applications for WLAN and FM.

He's even included demonstration code that turns a USRP B200 SDR connected to an Android phone into a WLAN transceiver which can run in real time on faster devices.

Installing it may not be easy for most, but Bastian has included full build instructions on the GitHub page, and makes use of a Docker file which should simplify the installation a bit.

GNU Radio running on an Android phone, usinga USRP B200 SDR as a WLAN transceiver.
GNU Radio running on an Android phone, usinga USRP B200 SDR as a WLAN transceiver.

GNU Radio 3.8 on un-rooted Android receiving FM w/ HackRF (take 2)

Performing a Side Channel TEMPEST Attack on a PC

TEMPEST refers to a technique that is used to eavesdrop on electronic equipment via their unintentional radio emissions (as well as via sounds and vibrations). All electronics emit some sort of unintentional RF signals, and by capturing and processing those signals some data can be recovered. For example the unintentional signals from a computer screen could be captured, and converted back into a live image of what the screen is displaying. We have tutorials on how to do this with a program called TempestSDR available on a previous post of ours.

Recently Mikhail Davidov and Baron Oldenburg from duo.com have uploaded a write up about their TEMPEST experiments. The write up introduces the science behind TEMPEST eavesdropping first, then moves on to topics like software defined radios and antennas.

At the end of their post they perform some experiments like constantly writing data to memory on a PC, and putting the PCs GPU under varying load states. These experiments result in clear RFI bursts and pulsing carriers being visible in the spectrum, indicating that the PC is indeed unintentionally transmitting RF. They note that machine learning could be used to gather some information from these signals.

Their write up reminds us of previous TEMPEST related posts that we've uploaded in the past. One example is where an RTL-SDR was used to successfully attack AES encryption wirelessly via the unintentional RF emitted by an FPGA performing an encryption algorithm. Another interesting post was where we saw how a HackRF was used to obtain the PIN of a cyprocurrency hardware wallet via TEMPEST. Search TEMPEST on our blog for more posts like that.

TEMPEST PC Side Channel Setup: RF pulses from writing to memory and a GPU.
TEMPEST PC Side Channel Setup: RF pulses from writing to memory and a GPU.

YouTube Video Replicates our Galactic Hydrogen Line Detection Tutorial

Earlier in the year we posted a tutorial showing how to detect the Galactic Hydrogen Line at home with less than $200 in components. All that is really needed is a 2.4 GHz WiFi dish, an RTL-SDR and an LNA. With this setup it's possible to do home science like determining the size, shape and rotational speed of our own galaxy. 

Over on YouTube user Nicks Tech Hobby has successfully replicated our tutorial with similar hardware, and has uploaded a time lapse video showing his results. His success confirms that this is a good way to get introduced into radio astronomy. What's also interesting is that it is possible to spot the Hydrogen line energy on the live waterfall even without averaging/integration. 

My first successful attempt to detect galactic hydrogen (Hydrogen line)