Tagged: Software-defined radio

An online Software Defined Radio training course

We’ve recently found what looks to be a new online video based course that uses the RTL-SDR to teach basic software defined radio topics. The course is not free, it is priced at $29.99, but the first three videos are free. Judging from the first three videos the content appears to be quite basic, but is presented in a very clear way that may be useful for beginners. Currently the lessons include:

  1. Course Overview 

    Welcome to the exciting world of Software Defined Radio. In this video, we’ll discuss what SDR is, and why it’s such a hot button topic right now.

  2. Setting up the environment

    In this module, we’ll setup our environment for development. If you’re already very comfortable with Ubuntu, you might want to just follow the guide below.

  3. Browsing the spectrum 

    In this module, we’ll cut our teeth on GRQX, and learn a little about the radio spectrum.

  4. Signals Intelligence

    In this module, we’ll learn how to find transmissions in the frequency domain, and capture them to disk for offline analysis.

  5. Modulations

    In this module, we’ll learn how to identify two types of basic digital transmissions, and talk a little about the history of radio.

  6. Demodulation – Part 1

    In this module, we’ll practice capturing signals in the wild, identifying the modulation, and demodulating the signal with GNU Radio.

  7. Demodulation – Part 2

    In this module, we’ll learn about clock recovery. And we’ll pull out packets from the garage door remote.

It also appears that they plan to have some live classes in the future.

We note that there are also alternative SDR training courses available such as Micheal Ossmanns lessons at greatscottgadgets.com/sdr.

sdrtrainingonline

ARM Radio: A Cheap SDR built out of an ARM Processor and not much more

A software defined radio can theoretically be made out of little more than a microprocessor with an onboard ADC and some DSP code. This is exactly what Alberto di Bene (I2PHD) achieved by connecting an antenna directly to the on board 12-bit ADC on a STM32F429 Discovery board.

To make it actually work as an SDR he also wrote some code to utilize the development board’s ARM processor which processes the ADC input into a radio signal, demodulates it and then turns it into audio via the boards DAC and speaker. The radio can tune from 8 kHz up to about 900 kHz.

The only real extra hardware in Alberto’s system is a low pass filter for anti-aliasing and impedance transformation, and a reconstruction filter to get sound to the speakers from the DAC. He also used the boards LCD screen to implement a full GUI tuning system.

A PDF document detailing his work can be downloaded here.

ARM Radio and its GUI interface.
ARM Radio and its GUI interface.
The ARM Radio with the low pass filter and reconstruction filter shown.
The ARM Radio with the low pass filter and reconstruction filter shown.

Controlling Siri and Google Now with a Yagi and USRP

Wired magazine have recently run a story that shows how French researchers have discovered a method for remotely controlling modern smartphones through an RF attack that targets the voice control functionality called Siri on the iPhone and Google Now on Android. The attack only works for phones that have voice commands enabled, and there must be a pair of microphone enabled headphones plugged in.

The attack is pretty simple in theory. It works by using a software defined radio to transmit a high power amplitude modulated CW signal that will be picked up by the microphone’s cable which acts like an antenna. The AM CW signal is modulated in such a way that the built in low pass filter in the microphone works as a demodulator and turns the signal into an audio voice command.

In their experiments they were able to use a USRP SDR, amplifier and directional Yagi antenna to cause a smartphone to load up their webpage. The same attack could probably be performed with a cheaper HackRF SDR. 

A talk by the researchers was uploaded to Google earlier this month and is shown below.

HIP15-TALK:You don't hear me but your phone's voice interface does

New Talk by Balint Seeber: Hacking the Wireless World with SDR

Balint Seeber is a researcher at Ettus, designers of the USRP line of software defined radios. Every so often he gives an interesting conference talk about his latest projects. This time he’s given a talk at Ruxmon Sydney in April of this year and it has just been uploaded to YouTube.

In the talk Balint overviews the projects that he’s working on or completed. His topics include:

  • His work with creating his own battery powered GSM base station including a live demo where members from the audience connect to and call him via the base station.
  • His work with FPV drones and creating an SDR based FPV digital video system.
  • Hacking restaurant pagers.
  • Attempting to communicate with and revive the ISEE-3 spacecraft using the large radio dish at Arecibo.
  • Gathering actual RADAR data from listening to a real airport active RADAR system and plotting the returns on a map.
  • Investigating RFID tags and attempting to unlock his car via an SDR.
Ruxmon Sydney (April 2015): Hacking the Wireless World with SDR

PortableSDR now on Kickstarter

Back in November, 2014 we posted about the PortableSDR, a 0 – 35 MHz portable software defined radio transceiver that was the third place winner in the Hackaday Prize competition. The PortableSDR project is gaining traction and now has a Kickstarter campaign. They write:

The Portable Software Defined Radio, or PSDR, is an Open Source, Fully stand-alone HF/Shortwave Software Defined Transceiver. It includes a Vector Network Analyzer and Antenna Analyzer as well as GPS. It’s built for rugged portable use. It is designed to be a flexible platform for development, a learning aid, and and a useful instrument for electronics enthusiasts.

Features:

  • Coverage from 0 to 35MHz
  • Waterfall display that lets you see radio signals
  • Receives AM, USB (Upper Side Band), LSB (Lower Side Band), and Morse code (CW)
  • Modulates USB and LSB signals
  • Variable bandpass filter

The campaign hopes to raise $60,000 USD to aid in the development of the hardware and software and with the manufacturing process. The kickstarter is offering kits at various stages of completion from $250 to $475 and a fully assembled kit at $499. They note that the current PSDR2 that you will receive from the Kickstarter is still a development version, not the final product. The PSDR2 is missing some key features that will be in the final version like filters and output amplifiers.

The PSDR v.1
The PSDR v.1
PortableSDR - 2014 Hackaday Prize Judge Recap

Hackaday Prize Finalist: A PortableSDR

The popular Hackaday blog is having a contest where contestants submit homemade prototypes of opensource devices they have created. The prize is a trip to space and the winner will be awarded to the best example of an open, connected device. The finalists were recently announced and a device called the PortableSDR is one of them.

The PortableSDR is a portable rugged standalone software defined radio transceiver with a 0 to 30 MHz tuning range (also 144 MHz). A standalone SDR means that no computer is required to use the radio, and can work in a similar way to a standard handheld hardware radio. Its advantages come from its SDR design, which allow it to have a wide tuning range, be able to easily decode most protocols and to also work as an antenna analyzer or vector network analyzer.

Some people have been calling this radio a Baofeng UV-5R killer, which is very high praise as the Baofeng is one of the most popular low cost hardware radios out there.

Roundup of Software Defined Radios

New software defined radio (SDRs) products are popping up every few months these days so we thought we'd compile a big list of available SDRs as there are a few people who were bitten by the RTL-SDR bug and are now looking to upgrade.

For each SDR we compare the cost, frequency range, ADC resolution, maximum instantaneous bandwidth, whether or not it can TX and if it has any pre selectors built in. Here is a quick guide to what some of these metrics mean.

Frequency Range: The range of frequencies the SDR can tune to.
ADC Resolution: Higher is better. More resolution means more dynamic range, less signal imaging, a lower noise floor, more sensitivity when strong signals are present and better ability to discern weak signals. Some SDR's give their resolution in ENOB which stands for effective number of bits.
Instantaneous Bandwidth: The size of the real time RF chunk available.
RX/TX: Can the radio receive and/or transmit.
Preselectors: Analogue filters on the front end to help reduce out of band interference and imaging.

* - Denotes top choice for high value

General Use Software Defined Radios

We define general use SDRs as ones with a wide frequency range and with no focus on any specific frequency band.

R820T RTL2832U a.k.a RTL-SDR*

RTLSDR_PCB

Cost: $10 - 22 USD
Frequency Range: approx. 24 MHz - 1766 MHz (below 24 MHz available on RTL-SDR.com V3 dongles)
ADC Resolution: 8 Bits
Max Bandwidth: 3.2 MHz / 2.4 or 2.8 MHz max stable.
TX/RX: RX Only
Preselectors: Uses tracking RF filters on the R820T2 chip.
Release Date: August 2016

The RTL-SDR is still the best 'bang for your buck' software defined radio out there. While it was never designed to be used as a general purpose SDR in the first place, its performance is still surprisingly good. If you're on a budget or are just starting out with SDR or radio this is the one to get. (Link)

Continue reading

Videos from DEFCON 22 Wireless Village Talks

Another security and hacking conference that recently finished is Defcon 2014. During this conference there was a “Wireless Village” were there were talks discussing all things related to radio frequency. During this conference there were many talks related to Software Defined Radio.

A list of all talks at the Defcon Wireless Village 2014 can be found on this page. The most interesting talks that we found related to SDR are shown below.

Hacking the Wireless World with Software Defined Radio

Presented by Balint Seeber, SDR Evangelist as Ettus Research. Balint presented a similar talk at Black Hat and the slides to go along with that can be found here.

Ever wanted to spoof a restaurant’s pager system? How about use an airport’s Primary Surveillance RADAR to build your own bistatic RADAR system and track moving objects? What sorts of RF transactions take place in RFID systems, such as toll booths, building security and vehicular keyless entry? Then there’s ‘printing’ steganographic images onto the radio spectrum…

Wireless systems, and their radio signals, are everywhere: consumer, corporate, government, amateur – widely deployed and often vulnerable. If you have ever wondered what sort of information is buzzing around you, this talk will introduce how you can dominate the RF spectrum by ‘blindly’ analysing any signal, and then begin reverse engineering it from the physical layer up. I will demonstrate how these techniques can be applied to dissect and hack RF communications systems, such as those above, using open source software and cheap radio hardware. In addition, I’ll show how long-term radio data gathering can be used to crack poorly-implemented encryption schemes, such as the Radio Data Service’s Traffic Message Channel. If you have any SDR equipment, bring it along!

14 Hacking theWireless world with software defined radio 2 0

So ya wanna get into SDR?

Not explained through erotic interpretive dance, though could be, this presentation will cover the essentials for getting into the software defined radio hobby. Hardware requirements, distributed nodes, architecture designs, tips/tricks, random projects and common mistakes will be explained. This will be a technical talk that will be open for harassment, jokes, interaction and presented in a way that everyone will be able to take something away from it; wait, this is Vegas… but we’re hackers…

01 so you want to sdr

SDR Tricks with HackRF

HackRF and some other Software Defined Radio platforms can be used in creative ways. I’ll show methods, including a dirty trick or two, for using HackRF outside the advertised frequency range. I’ll also show how the HackRF design lends itself to use as an oscilloscope or function generator suitable for many hardware hacking tasks.

18 SDR Tricks with the hackrf

PortaPack: Is that a HackRF in your Pocket?

The PortaPack H1 transforms the HackRF One software-defined radio into a hand-held radio exploration tool. Spectrum analysis, monitoring and logging, and demodulation and injection of simpler digital modes will be demonstrated by Jared Boone, a HackRF project contributor.

16 Porta pack is that a hackrf in your pocket

PHYs, MACs, and SDRs

The talk will touch on a variety of topics and projects that have been under development including YateBTS, PHYs, MACs, and GNURadio modules. The talk will deal with GSM/LTE/WiFi protocol stacks.

17 PHYs MACs and SDRs

SDR Unicorns

A panel with SDR Gurus Michael Ossmann, Balint Seeber and Robert Ghilduta.