Tagged: rtl2832u

Several Performance Upgrades Made to the Latest Versions of SDR#

Recently the popular SDR# (SDRSharp) software has had several improvements made to it (changelog). One of the most noticeable improvements is a decent reduction in the amount of CPU usage required by the software. We tested the new version on an i7 CPU and compared it against an older version using an Airspy. We saw 12% CPU usage on the older version and 7% on the newer version. With the RTL-SDR the older version showed 5% CPU usage which reduced to 3% on the newer version. Using an older i5 PC resulted in even larger improvements, going from about 35% CPU on the older version down to 25% or lower usage on the new version with the Airspy. The improvements are especially noticeable when decimation is used with the Airspy. These performance updates may help users on older PC’s and tablets run the software, or help users who run many programs at one time. The SDR# author is also testing out a 64 bit version of SDR#, which may be released in the future.

Recent versions over the past few months have also made improvements to the included noise blanker plugins and they have also added a default band plan plugin which shows the various frequency bands visually on the FFT spectrum.

Showing the very low CPU usage obtainable with the latest SDR# versions.
Showing the very low CPU usage obtainable with the latest SDR# versions.

Talk: Decoding Data from Iridium Satellites

At this year’s hacker themed Eleventh Hope conference, Stefan “Sec” Zehl and Schneider gave a talk which discusses their latest work on decoding data from Iridium satellites using SDR’s. Iridium is a truly global satellite service which provides various services such as global paging, satellite phones, tracking and fleet management services, as well as services for emergency, aircraft, maritime and covert operations too. There are currently 72 operational satellites operating.

In their talk they discuss how Iridium security is moderate to relaxed, pointing out that Iridium claims that the majority of ‘security’ comes from the complexity of the system, rather than actual security implementations. They then go on to discuss how the Iridium system works, how to receive it with an RTL-SDR or HackRF/Rad1o, how the gr-iridium decoder implementation works, and how to use it to actually decode the data. Later in the presentation they show some interesting examples such as an intercepted Iridium satellite phone call to a C-37 aircraft.

Iridium Satellite Hacking - HOPE XI 2016

USBee: Leaking Data from Air-Gapped Computers and Receiving it with an RTL-SDR

This Monday researchers from Ben-Gurion University of Negev released an academic paper detailing their research in showing how attackers could cause your PC to wirelessly leak data. They write that usually covertly modified USB devices are required to leak data, as is the case with the NSA’s COTTONMOUTH device which is detailed in their ANT catalog. However, the innovation from these researchers is that their own implementation can be used to turn any unmodified USB device into a make shift transmitter.

The attack works by first infecting a computer with their malware software. The malware then utilizes the USB data bus to create electromagnetic emissions on a connected USB device. In these tests they use a USB flash drive and write a file to the device in such a way that the emissions produced are transmitting decodable data. They write that any binary data can be modulated and transmitted to a nearby receiver, such as an RTL-SDR dongle. Data rates can reach up to 80 bytes/s.  The data is modulated with binary frequency shift keying, and their receiver code is implemented in GNU Radio.

This story has also been featured on arstechnica and threatpost. The video below demonstrates the attack.

USBee: Jumping the air-gap with USB

Three New Reviews of our V3 RTL-SDR using the HF Direct Sampling Mode

Recently this week three new reviews of our RTL-SDR V3 came out, all reviewing its operation on HF frequencies.

In the first review Mike (KD2KOG) reviews the dongle and provides a video of it in action in SDR# receiving AM and SSB signals. (Update: Sorry the video has been removed)

In the second review Gary (W4EEY) posts a review to swling.com and provides various screenshots of the dongle in action in HDSDR.

Finally over on YouTube user Johnny shows the dongle running in CubicSDR and listening to various SSB signals. (Video Removed)

 

Using an RTL-SDR to Listen to Superhet Radio’s Unintentional Emissions

Recently two students (Léo Poughon and his friend Thomas Daniel) wrote in to let us know about their work with SDR’s for their school project. Their project was to try and repeat the work of “Operation RAFTER” which was a technique use by MI5 in the 60’s to find hidden soviet spy radio equipment. Essentially, all superhet radios (almost any consumer radio is of the superhet design) will emit unintentional emissions from its local oscillator. By tuning to these unintentional emissions, and then emitting your own signal, it is then possible to know what frequency a radio is listening to.

They write the following:

As a french student (sorry for my bad english) in Higher School Preparatory Classes, I (and a friend) had to work with a rtl-sdr dongle for a school project. We tried to do, with the help of amateur radio near Toulouse (F6GUS, his club F5KUG) the same thing as the “RAFTER Operation” (https://en.wikipedia.org/wiki/Operation_RAFTER ) did during the 60′ : hearing at unintentional electromagnetic emissions coming from a widely-used consumer superhet receiver.

So because of its structure, a superheterodyne receiver (i.e. listening at FM broadcast) spreads some unintentional radiations due to the local oscillator upstream the mixer. Anybody with a suitable receiver (for example any rtl-sdr based dongle) can receive these emissions. Because of standards, in most FM radio the local oscillator (that is what the user actually tune) is tuned at the frequency he wants to listen plus 10.7 MHz. So if somebody in the close neighborhood is listening at a broadcast at 100 MHz, you will be able to “receive” its local oscillator at 110.7 MHz. (Please note it may be illegal in some countries to listen at these bands)

What is interesting is to know if a signal you receive at these frequency is actually coming from a radio receiver. During the RAFTER Operation, MI5 broadcast on the band they thought to be heard by soviet spies, and then listened for “the change in the superhet tone” to identify them.

We was able to receive with RTL-SDR the Local Oscillator of a superhet receiver we own.

rafter_1

We can see that the frequency isn’t stable on most of the time (the receiver was tuned to “France Info”, a french public station), but becomes stable sometime (when there is a “blank” between two news) : the frequency of the local oscillator “follows” what the superhet receiver demodulates.

Among other factors, a variation of the supply voltage of the local oscillator can make its frequency slightly shift. So we established experimentally a link between the supply voltage of our radio receiver and what is broadcast via the speaker (because when a speaker is using electrical current, the supply voltage slightly varies).

rafter_2

On the top, the HP voltage, and behind there is the supply voltage. Then, we saw that voltage variations could make the frequency to vary

capture du 2016-04-05

Here we supply the receiver (with a low frequency generator) making the supply voltage slightly varying and plot the frequency of local oscillator with a Python script we made.

Then, listening at the radio receiver local oscillator with GQRX and our RTL-SDR dongle, demodulating it with “narrow FM” demodulation and adapted parameters, we could hear with the PC (and obviously with poorer quality) what the radio receiver was listening at.

With the stock antenna we could hear at our radio only a dozen meters away, but with a homemade very low quality discone antenna we could receive it on another building, 60 meters away of our antenna. The ability to listen more or less the local oscillator broadcast depends also of the shielding of the radio receiver, its price (because a cheap radio will have a bad power supply and so its local oscillator frequency can “follow” what the speaker is telling, allowing us to “listen” at the local oscillator spike) and how you supply it (with the power grid or with batteries).

To conclude, we could (more or less depending on the previously cited parameters) know what a radio receiver in the neighbourhood was listening to using a RTL-SDR.

Modifying the Outernet LNA for Iridium Reception

A few days ago we posted a review on the Outernet LNA which can can be used to help receive their new L-band service signal. Their LNA uses a filter which restricts the frequency range from 1525 – 1559 MHz as this is the range in which the Outernet signals are located.

By default this LNA cannot be used to receive Iridium because the pass band on the default SAW filter does not cover the Irdidium frequency band of 1616 – 1626.5 MHz. Over on Reddit, devnulling decided to experiment with one of these LNA’s and see if he could replace the default SAW filter to enable Iridium reception. In his post he shows how he removes the default SAW filter, and replaces it with a Murata SF2250E SAW filter, which is the same size, but has a center frequency of 1615 MHz and a bandwidth of 20 MHz. Iridium is used for data services like satellite pagers, and with the right tools can be decoded.

We are also curious to see if this LNA could be modified to be used with GOES reception, which occurs at 1692 MHz.

Note: For those who had trouble with obtaining international shipping on these LNA’s the Outernet store now supports USPS international shipping, and NooElec appear to now be selling them on their site directly. Their products can also still be obtained on Amazon for US customers.

Additional Note Regarding the Downconverter: Also, it appears that the Outernet downconverter prototype that we posted about back in May has unfortunately been discontinued indefinitely and will not enter mass production. For now the LNA is the best option for receiving their signal.

Outernet LNA Modified for Iridium Reception
Outernet LNA Modified for Iridium Reception

More videos showing HF reception on the RTL-SDR V3 Dongle

In this video icholakov from our last post continues his testing, and does some more tests on daytime HF reception.

RTL SDR V3 Dongle vs. SDR Play HF and MW part 2

In his third video he tests night time reception against the SDRplay.

RTL SDR Dongle V3 nighttime vs SDRPlay Part 3

In this video YouTube user Michael Jackson tests his RTL-SDR V3 at 8 MHz, with a dipole antenna.

RTL-SDR v3 Dongle on HF

Finally, in this video YouTube user jonny290 tests the V3 dongle on HF reception using CubicSDR.

A Preliminary Review of the HF Mode on Our V3 Dongles

Over on YouTube user icholakov shows a video where he compares our new RTL-SDR V3 dongles with direct sampling against an SDRplay and Icom 7100. The video shows reception at various HF frequencies on AM shortwave, time signals and SSB signals during day time reception. The performance seems to be fairly decent, but of course not as good as the more expensive SDRplay or Icom receivers.

This was originally posted on swling.com.

RTL Dongle V3 vs SDRPlay vs Icom 7100 Part 1