Over on the Tech Minds YouTube channel, Matt has uploaded a video where he tests out 'Intercept', a new tool for RF signals intelligence with RTL-SDRs and other wireless devices. It is open source with code available on GitHub and can be installed on Linux and OSX devices.
Intercept is a tool that combines multiple external decoder tools into one easy-to-access web interface. It is capable of the following:
Pager Decoding - POCSAG/FLEX via rtl_fm + multimon-ng
433MHz Sensors - Weather stations, TPMS, IoT devices via rtl_433
Aircraft Tracking - ADS-B via dump1090 with real-time map and radar
Listening Post - Frequency scanner with audio monitoring
Satellite Tracking - Pass prediction using TLE data
WiFi Scanning - Monitor mode reconnaissance via aircrack-ng
Bluetooth Scanning - Device discovery and tracker detection
We note that features like WiFi and Bluetooth scanning will require a separate WiFi and Bluetooth adapter to be connected. In terms of supported SDR hardware, Intercept supports RTL-SDRs, as well as any SDR supported by SoapySDR.
In the video Matt shows how to install Intercept, and shows it decoding data from the various supported signal types.
Intercept Radio Signals For Intelligence Gathering With An RTL SDR
Thank you to Edwin Temporal for writing in and showing how his proprietary neuromorphic engine, GhostHunter (Anti-LIF), is being used to recover satellite data buried in the noise floor, which typical DSP methods would fail to do.
To recover the signals, Edwin uses trained Spiking Neural Networks (SNN). SNNs are artificial neural networks that draw further inspiration from nature by incorporating the 'spiking' on/off behavior of real neurons. Edwin writes:
My engine has successfully extracted and decoded structured data from high-complexity targets by mimicking biological signal processing:
Technosat: Successful decoding of GFSK modulations under extreme frequency drift and low SNR conditions.
MIT RF-Challenge: Advanced recovery of QPSK signals where traditional digital signal processing (DSP) often fails to maintain synchronization.
These missions are fully documented in the https://temporaledwin58-creator.github.io/ghosthunter-database/, which serves as a public ledger for my signal recovery operations. Furthermore, the underlying Anti-LIF architecture is academically backed by my publication on TechRxiv, proving its efficiency in processing signals buried deep within the noise floor.
Although the engine remains proprietary, I provide comprehensive statistical reports and validation metrics for each mission. I believe your audience would be thrilled to see how Neuromorphic AI (SNN) is solving real-world SIGINT challenges.
In the database, Edwin shows how his Anti-LIF system has recovered CW Morse code telemetry and QPSK data from noisy satellite signals.
While Edwin's Anti-LIF is proprietary, he is offering proof of concept decoding. If you have a 250MB or less IQ/SigMF/Wav recording of a signal that is buried in the noise floor, you can submit it to him via his website, and he will run Anti-LIF on it for analysis.
Advanced readers interested in AI/neural network techniques for signal recovery can also check out his white paper on TechRxiv, where he shows signal recovery from signals buried in WiFi noise, as well as results from use in ECG and Healthcare applications.
An Example Signal Recovery with the Anti-LIF Spiking Neural Network
Over on YouTube, Rob VK8FOES has uploaded a video showing how to install and use the "dontlookup" open-source Linux Python research tool for evaluating satellite IP link security. Back in October, we posted about a new Wired article that discussed how many geostationary satellites are broadcasting sensitive, unencrypted data in the clear and how a cheap DVB-S2 receiver and satellite dish can be used to eavesdrop on them.
In the video, Rob discusses the new dontlookup tool, which is an excellent one-stop shop open-source tool for parsing IP data from these satellites. He goes on to show the full steps on how to install and use the tool in Linux. The end result is private internet satellite data being visible in Wireshark (blurred in the video for legal reasons). In the video description, Rob writes:
I thought I would make a video showcasing this new open-source Python tool for Linux. 'Don't look up' is the result of a research campaign conducted by a group of cyber security researchers from the USA for decoding DVB-S2 satellite data transponders.
Geostationary communications satellites are somewhat of a 'perfect target' to malicious threat actors, due to their downlink signals covering large portions of earth surface. This gives attackers are large attack surface to intercept IP traffic being transmitted from space. To most peoples surprise, little-to-no security, such as encryption, are being used on these data transponders!
This is all old news to myself, and the fans of my YouTube channel that have been following my TV-satellite hobby for the past couple of years. Most of this was already possible with consumer-grade satellite equipment and a Python application called GSExtract. However, the scope of GSExtract was a lot more narrower than that of DontLookUp, with the developers claiming to have achieved an exponential packet recovery rate compared to GSExtract.
Join me in this video today where I will be showing my users how to patch and build the TBS5927 USB satellite receiver drivers for RAW data capturing. I'll also be showcasing the software application called 'DVBV5-Zap' which interfaces with our satellite receiver to capture RAW data from a satellite. And finally, I will finish-off the video by demonstrating the actual usage of DontLookUp itself. To make the tutorial as accessible as possible, I'm doing the entire process inside a Linux virtual machine!
This tutorial will probably only work in DragonOS FocalX R37 Linux by the wonderful @cemaxecuter. You are welcome to try on other Linux distributions, but your mileage will vary! Also, due to the TBS5927 using something called a 'Isochronous Endpoint', it's only possible to use this satellite receiver via USB Passthrough in VMWare versions 17.5 and above. VirtualBox does not support Isochronous USB Endpoints in any version. It's always best to run Linux on 'bare-metal' by installing it directly to your PC's internal SSD, or running it from a bootable USB thumb drive.
Please understand that if you own an internal PCI-E satellite receiver card from TBS, it is not possible to 'pass it through' to Linux running inside in a Type-2 Hypervisor (VMware, VirtualBox etc.) Installing Linux on bare-metal is the only hope for PCI-E card owners. Thanks very much for watching!
HARDWARE: TBS5927 USB Satellite Receiver 90cm 'Foxtel' Satellite Dish Golden Media GM202+ LNB Hills RG-6 Coaxial Cable (F-Type Connectors, 75 Ohm)
SOFTWARE: VMWare Workstation 17.6.2 DragonOS FocalX R37 Linux TBS 'Linux_Media' Drivers 'RAW Data Handling' Patch DVBV5-Zap DontLookUp
If you're interested in this topic, Rob's YouTube channel has many videos on this topic that are worth checking out.
Don't Look Up (No, Not The Movie): A New Research Tool To Evaluate Satellite IP Link Security!
The researchers used a simple off-the-shelf 100cm Ku-band satellite dish and a TBS-5927 DVB-S/S2 USB Tuner Card as the core hardware, noting that the total hardware cost was about $800.
Simple COTS hardware used to snoop on unencrypted satellite communications.
After receiving data from various satellites, they found that a lot of the data being sent was unencrypted, and they were able to obtain sensitive data such as plaintext SMS and voice call contents from T-Mobile cellular backhaul and user internet traffic. The researchers notified T-Mobile about the vulnerability, and to their credit, turned on encryption quickly.
They were similarly able to observe uncrypted data from various other companies and organizations, too, including the US Military, the Mexican Government and Military, Walmart-Mexico, a Mexican financial institution, a Mexican bank, a Mexican electricity utility, other utilities, maritime vessels, and offshore oil and gas platforms. They were also able to snoop on users' in-flight WiFi data.
Cellular Backhaul We observed unencrypted cellular backhaul data sent from the core network of multiple telecom providers and destined for specific cell towers in remote areas. This traffic included unencrypted calls, SMS, end user Internet traffic, hardware IDs (e.g. IMSI), and cellular communication encryption keys.
Military and Government We observed unencrypted VoIP and internet traffic and encrypted internal communications from ships, unencrypted traffic for military systems with detailed tracking data for coastal vessel surveillance, and operations of a police force.
In‑flight Wi‑Fi We observed unprotected passenger Internet traffic destined for in-flight Wi-Fi users on airplanes. Visible traffic included passenger web browsing (DNS lookups and HTTPS traffic), encrypted pilot flight‑information systems, and in‑flight entertainment.
VoIP Multiple VoIP providers were using unencrypted satellite backhaul, exposing unencrypted call audio and metadata from end users.
Internal Commercial Networks Retail, financial, and banking companies all used unencrypted satellite communications for their internal networks. We observed unencrypted login credentials, corporate emails, inventory records, and ATM networking information.
Critical Infrastructure Power utility companies and oil and gas pipelines used GEO satellite links to support remotely operated SCADA infrastructure and power grid repair tickets.
The technical paper goes in depth into how they set up their hardware, what services and organizations they were able to eavesdrop on, and how they decoded the signals. The team notes that they have notified affected parties, and most have now implemented encryption. However, it seems that several services are still broadcasting in the clear.
Thank you to Kaustav Bhattacharjee for writing in and submitting to us his project, where he created a small 11.2 GHz motorized radio telescope with a TV dish and an RTL-SDR. A full description of Kaustav's work can be found in a white paper he wrote on behalf of the Department of Physics at the Indian Institute of Technology Roorkee. In summary he writes:
Briefly put, the hardware Setup comprises a 66 cm parabolic dish, a standard Ku-band LNB with bias tee power injection as the frontend, an RTL-SDR V3 tuned to 1.45 GHz (due to downconversion) as the receiver and a Raspberry Pi 5 handling SDR data (via GNU radio) and stepper motor control (using GPIO pins). A heatmap of the southern sky at 0.9° resolution, showing a belt of geostationary satellites, is the primary result of interest!
We also want to point out that his rotor setup involves several 3D printed gears driven by two NEMA17 stepper motors. However, Kaustav notes that the long term resolution is limited due to cumulative backlash errors from the open-loop control scheme.
Kaustav's 11.2 GHz RTL-SDR Radio TelescopeGeostationary satellites visualized with the radio telescope
Recently, Sarah Rose Giddings (aka SignalsEverywhere) has been actively developing several radio and SDR based projects for Android, and she would like to provide an update on them.
First, as mentioned in a previous post, Sarah has been developing APRS.chat, an online mailbox system for APRS messages sent over RF. She has also been making progress on various other projects, including various useful Android apps, which she has updated interested people on in her latest livestream.
Hangout Chat | Linux | HackRF NTSC Transmission | Android APPS and More!
Some of the links to the Android software she's working on have been provided below:
With the recent decommissioning of NOAA POES (NOAA-15, NOAA-18, NOAA-19), many amateur weather satellite hobbyists might be asking themselves if the hobby is now dead.
While NOAA POES satellites were the easiest stepping stones into amateur weather satellite reception, the hobby has seen massive strides in enabling easier reception of other satellites over the past few years. Furthermore, in the near future, various new satellites are scheduled for launch, which should be receivable by amateurs.
While almost all of these satellites (apart from Meteor-M's LRPT 137 MHz signal) require a satellite dish and L-band, S-band, or X-band feed, recent products like our Discovery Dish can make setting up an L-band or S-band system significantly easier.
Over on the SatDump blog developers Aang23 and Lego11 have recently uploaded a post discussing their plans to move SatDump towards Version 2.0.0. SatDump is currently the most comprehensive and popular software for SDR users wanting to decode images and data from satellites.
The developers note that their update frequency has slowed down recently due to their focus on V2.0.0. The new version introduces significant under-the-hood changes that will make SatDump easier to manage and develop in the future, and also focuses on improved documentation.
Users of SatDump will also see an improved GUI, new functionality such as crop, an SSTV decoder, support and improvements for a wide range of satellites, any many other improvements discussed in the post.
We note that V2.0.0 has not yet been released. The post notes that at some point in the near future they will begin merging the new V2.0.0 branch into master, followed by frequency alpha releases, before finally releasing an official V2.0.0.
