Tagged: rtl-sdr

Sniffing MiniMed Insulin Pump RF Packets with an RTL-SDR

A MiniMed Insulin Pump with wireless meter

Over on GitHub we've just seen the release of a program called rtlmm made by user ps2 which decodes MiniMed RF packets with an RTL-SDR. We weren't entirely such what MiniMed was, but from Googling the name it appears that it is a product by a company called Medtronic who sell medical equipment such as portable automatic insulin pumps and glucose monitors for diabetic patients. These products have RF telemetry links that transmit to a meter which can receives data and forwards it to your phone via Bluetooth LE. Sniffing the telemetry from these sensors could allow you to build up your own data without the need of the meter.

Rtlmm was inspired by a similar program called rtlomni which is a program released a few months ago and made by F5OEO. rtlomni works with Omnipod diabetes insulin pumps and monitors which are similar products to MiniMeds offerings.

SDR and Radio Talks from the 34th Chaos Communication Congress: SatNOGs, Bug Detection, GSM with SDR, Open Source Satellites and WiFi Holography

Every year the Chaos Computer Club hold the Chaos Communication Congress (CCC) which is a conference that aims to discuss various topics related to technology and security. This year was the 34th conference ever held (34C3) and there were several interesting SDR and radio related talks which we post below. Further links and video downloads are available in the YouTube description.

SatNOGS: Crowd-sourced satellite operations

An overview of the SatNOGS project, a network of satellite ground station around the world, optimized for modularity, built from readily available and affordable tools and resources.

We love satellites! And there are thousands of them up there. SatNOGS provides a scalable and modular platform to communicate with them. Low Earth Orbit (LEO) satellites are our priority, and for a good reason. Hundreds of interesting projects worth of tracking and listening are happening in LEO and SatNOGS provides a robust platform for doing so. We support VHF and UHF bands for reception with our default configuration, which is easily extendable for transmission and other bands too.

We designed and created a global management interface to facilitate multiple ground station operations remotely. An observer is able to take advantage of the full network of SatNOGS ground stations around the world.

34C3 - SatNOGS: Crowd-sourced satellite operations

Spy vs. Spy: A Modern Study Of Microphone Bugs Operation And Detection

In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. This situation raised our awareness on the lack of research in our community about operating and detecting spying microphones. Our biggest concern was that most of the knowledge came from fictional movies. Therefore, we performed a deep study on the state-of-the-art of microphone bugs, their characteristics, features and pitfalls. It included real life experiments trying to bug ourselves and trying to detect the hidden mics. Given the lack of open detection tools, we developed a free software SDR-based program, called Salamandra, to detect and locate hidden microphones in a room. After more than 120 experiments we concluded that placing mics correctly and listening is not an easy task, but it has a huge payoff when it works. Also, most mics can be detected easily with the correct tools (with some exceptions on GSM mics). In our experiments the average time to locate the mics in a room was 15 minutes. Locating mics is the novel feature of Salamandra, which is released to the public with this work. We hope that our study raises awareness on the possibility of being bugged by a powerful actor and the countermeasure tools available for our protection.

34C3 - Spy vs. Spy: A Modern Study Of Microphone Bugs Operation And Detection

Running GSM mobile phone on SDR

Since SDR (Software Defined Radio) becomes more popular and more available for everyone, there is a lot of projects based on this technology. Looking from the mobile telecommunications side, at the moment it's possible to run your own GSM or UMTS network using a transmit capable SDR device and free software like OsmoBTS or OpenBTS. There is also the srsLTE project, which provides open source implementation of LTE base station (eNodeB) and moreover the client side stack (srsUE) for SDR. Our talk is about the R&D process of porting the existing GSM mobile side stack (OsmocomBB) to the SDR based hardware, and about the results we have achieved.

There is a great open source mobile side GSM protocol stack implementation - OsmocomBB project. One could be used for different purposes, including education and research. The problem is that the SDR platforms were out of the hardware the project could work on. The primary supported hardware for now are old Calypso based phones (mostly Motorola C1XX).

Despite they are designed to act as mobile phone, there are still some limitations, such as the usage of proprietary firmware for DSP (Digital Signal Processor), which is being managed by the OsmocomBB software, and lack of GPRS support. Moreover, these phones are not manufactured anymore, so it's not so easy to find them nowadays.

Taking the known problems and limitations into account, and having a strong desire to give everyone the new possibilities for research and education in the telecommunications scope, we decided to write a 'bridge' between OsmocomBB and SDR. Using GNU Radio, a well known environment for signal processing, we have managed to get some interesting results, which we would like to share with community on the upcoming CCC.

34C3 - Running GSM mobile phone on SDR

UPSat - the first open source satellite

During 2016 Libre Space Foundation a non-profit organization developing open source technologies for space, designed, built and delivered UPSat, the first open source software and hardware satellite.

UPSat is the first open source software and hardware satellite. The presentation will be covering the short history of Libre Space Foundation, our previous experience on upstream and midstream space projects, how we got involved in UPSat, the status of the project when we got involved, the design, construction, verification, testing and delivery processes. We will also be covering current status and operations, contribution opportunities and thoughts about next open source projects in space. During the presentation we will be focusing also on the challenges and struggles associated with open source and space industry.

34C3 - UPSat - the first open source satellite

Holography of Wi-Fi radiation

Can we see the stray radiation of wireless devices? And what would the world look like if we could?

When we think of wireless signals such as Wi-Fi or Bluetooth, we usually think of bits and bytes, packets of data and runtimes.

Interestingly, there is a second way to look at them. From a physicist's perspective, wireless radiation is just light, more precisely: coherent electromagnetic radiation. It is virtually the same as the beam of a laser, except that its wavelength is much longer (cm vs µm).

We have developed a way to visualize this radiation, providing a view of the world as it would look like if our eyes could see wireless radiation.

Our scheme is based on holography, a technique to record three-dimensional pictures by a phase-coherent recording of radiation in a two-dimensional plane. This technique is traditionally implemented using laser light. We have adapted it to work with wireless radiation, and recorded holograms of building interiors illuminated by the omnipresent stray field of wireless devices. In the resulting three-dimensional images we can see both emitters (appearing as bright spots) and absorbing objects (appearing as shadows in the beam). Our scheme does not require any knowledge of the data transmitted and works with arbitrary signals, including encrypted communication.

This result has several implications: it could provide a way to track wireless emitters in buildings, it could provide a new way for through-wall imaging of building infrastructure like water and power lines. As these applications are available even with encrypted communication, it opens up new questions about privacy.

34C3 - Holography of Wi-Fi radiation

Securing the Bitcoin network against Censorship with WSPR

Bitcoin WSPR Test Setup
Bitcoin WSPR Test Setup

If you didn't know already Bitcoin is the top cryptocurrency which in 2017 has begun gaining traction with the general public and skyrocketing to a value of over $19,000 US per coin at one point. In addition to providing secure digital transactions, cryptocurrencies like Bitcoin are intended to help fight and avoid censorship. But despite this there is no real protection from the Bitcoin internet protocol being simply blocked and censored by governments with firewalls or by large ISP/telecoms companies.

One idea recently discussed by Nick Szabo and Elaine Ou at the "Scaling Bitcoin 2017" conference held at Stanford University is to use the something similar to WSPR (Weak Signal Propagation Reporting Network) to broadcast the Bitcoin network, thus helping to avoid internet censorship regimes. To test their ideas they set up a HackRF One as a transmitter and RTL-SDR and used GNU Radio to create a test system.

Other ideas to secure the Bitcoin network via censorship resistant radio signals include kryptoradio, which transmits the network over DVB-T, and the Blockstream satellite service which uses an RTL-SDR as the receiver.

If you're interested in the presentation the talk on WSPR starts at about 1:23 in the video below. The slides are available here.

Scaling Bitcoin 2017 Stanford University - Day 2 Afternoon

Turning an old Radiosonde into an Active L-Band Antenna

VK5QI's Radiosonde Collection
VK5QI's Radiosonde Collection

Over on his blog VK5QI has shown how he has was able to re-purpose an old radiosonde into a wideband active L-band antenna. Radiosondes are small packages sent up with weather balloons. They contains weather sensors, GPS and altitude meters and use an antenna and radio transmitter to transmit the telemetry data back down to a ground station. With a simple radio such as an RTL-SDR and the right software, these radiosondes can be tracked and the weather data downloaded in real time. Some hobbyists such as VK5QI go further and actually chase down the weather balloons and radiosondes as they return to earth, collecting the radiosonde as a prize.

VK5QI and his friend Will decided to put some of his radiosonde collection to good use by modifying one of his RS92 radiosondes into a cheap active L-band antenna. They did this by first opening and removing unnecessary components that may interfere such as the main CPU, GPS receiver, 16 MHz oscillator, SAW filters and balun. They left the battery, LDO's, LNA's and Quadrifilar Helix GPS antenna which is tuned to the GPS L-band frequency. Finally they soldered on a coax connector to a tap point on the PCB and it was ready to use.

They then connected the new antenna to a RTL-SDR V3 and fired up GQRX. They write that their results were quite promising with several Inmarsat and Iridium signals being visible in the spectrum. VK5QI also used gr-iridium with the antenna as was able to decode some Iridium signals.

Modified Radiosonde L-Band Antenna connected to a RTL-SDR V3.
Modified Radiosonde L-Band Antenna connected to a RTL-SDR V3.

Transmitting and Receiving Text Data via an MP3, FM Transmitter and RTL-SDR

Over on his YouTube channel Kris Occhipinti has uploaded some videos where he shows how he is able to send text data over FM radio frequencies by using an MP3 audio file that  encodes the text data, an FM transmitter connected to an Android phone or MP3 player to transmit the file and an RTL-SDR on the receiving side to receive the FM signal from the FM transmitter. The software used to encode the text into an MP3 is Minimodem, and on the receiving side Minimodem is also used which can easily decode the received audio. Minimodem is a command line program which can generate FSK modem tones from data.

These two videos are part of a series that Kris has been working on that includes many videos about using Minimodem to transfer data like text, files and images between computers via radio.

12 Minimodem an FM Transmitter and a USB SDR Dongle

13 Radio Data Trasmission with RTL FM and SDR

An RTL-SDR Based Ground Penetrating Radar & Metal Detector

Thanks to Dr. Celalettin Uçar from Turkey for submitting a video of the work done by a PhD student who as part of his research created an RTL-SDR based ground penetrating radar simulation and metal detector. He writes:

This apparatus (YAĞRIN) was created with rtlsdr in a phd work. We achieved detecting a metal gasoline tube from the depth of aproximately 1 meters. Furthermore, we created the time domain signal and ploted the reflaction from the metal with using the matlab (simulink) model.

A video on YouTube is linked which we display at the end of the post. They write that the system consists of a 12V DC supply, step down voltage regulator, ADF 4350 programmable signal generator, 25W power amplifier (470 MHz, 45 dBm signal power), Philips omnidirectional antennas (RX,TX), a 64 dB low noise amplifer and an RTL-SDR and computer to display the output. The software he uses is SDR# which appears to simply listen for a tone and detect any changes that occur when something metal moves near it. The PC also runs a MATLAB Simulink model which we believe helps detect metal signatures by plotting the reflection.

In the past we posted about a similar but simpler metal detector implementation by Ancient Discoveries.

RTL-SDR BASED GPR (Simulation) & METAL DETECTOR (YAĞRIN) - Dr. Celalettin UÇAR

Monitoring Home Power Consumption with an RTL-SDR

Over on his blog "K-roy" has completed a writeup discussing how he is using an RTL-SDR dongle to monitor and graph the power usage of his home. After seeing multiple ads for the Sense home power usage monitor, K-roy decided to roll his own similar device instead. 

Many homes in the US and elsewhere no longer require meter reader personnel to come onto the property to read a physical meter at the back of the house. Instead the meter transmits wireless data in the 900 MHz ISM band about electricity usage, and all the meter reader has to do is turn up outside the house and take a reading from the street. 

These electricity usage signals are unencrypted and can easily be decoded and displayed with an RTL-SDR and a ready to use program called rtl_amr. The signals even travel quite far, and there have been reports of receiving neighbours signals up to 600m away. K-roy took his RTL-SDR and rtl_amr and wrote on top of it a program that creates a JSON output of the data for easy processing, a PHP, SQLite3 and JQuery based database system for storing the data, and an HTML5 based page for graphing and displaying the data.

If you are interested, there is also a discussion about K-roy's work over on Reddit.

Power usage data collected and graphed by K-roys RTL-SDR, rtl_amr and his software.
Power usage data collected and graphed by K-roys RTL-SDR, rtl_amr and his software.

A Tiny Object/Animal Tracking Device with RTL-SDR + Yagi Locator

The Tiny Transmitter
The Tiny Transmitter

Over on Hackaday.io we've come across a project by "Tom" who has created a small tracking device which is located using an RTL-SDR dongle and directional Yagi antenna. The tracking device itself is a simple fingernail sized low power UHF transmitter that transmits short pulses about every second or so in the 915 MHz ISM band. Tom writes that the range is about 400m (line of sight) and with a small button cell battery the device lasts a couple of days with its 180 uA current draw. Presumably longer operation could be achieved by significantly reducing the pulse rate of the circuit.

To receive the tracking device an RTL-SDR is combined with a high gain directional Yagi antenna, a three level 10 - 30 dB attenuator and an Android phone running the RF Analyzer app. The idea is to simply use the attenuator and directional Yagi antenna to determine the direction in which the signal is strongest. That direction with the strongest signal will indicate where the transmitter is. Tom's video below shows an example of the transmitter and RTL-SDR based tracking setup.

Low-tech Tiny UHF tracker transmitter