Tagged: usrp

New Talk by Balint Seeber: Hacking the Wireless World with SDR

Balint Seeber is a researcher at Ettus, designers of the USRP line of software defined radios. Every so often he gives an interesting conference talk about his latest projects. This time he’s given a talk at Ruxmon Sydney in April of this year and it has just been uploaded to YouTube.

In the talk Balint overviews the projects that he’s working on or completed. His topics include:

  • His work with creating his own battery powered GSM base station including a live demo where members from the audience connect to and call him via the base station.
  • His work with FPV drones and creating an SDR based FPV digital video system.
  • Hacking restaurant pagers.
  • Attempting to communicate with and revive the ISEE-3 spacecraft using the large radio dish at Arecibo.
  • Gathering actual RADAR data from listening to a real airport active RADAR system and plotting the returns on a map.
  • Investigating RFID tags and attempting to unlock his car via an SDR.
Ruxmon Sydney (April 2015): Hacking the Wireless World with SDR

Monitoring Drone FPV Frequency Usage with a USRP Software Defined Radio

Over on YouTube balint256 (Balint), a researcher at Ettus (creators of the USRP line of software defined radios) has uploaded a video showing how he is using his USRP to help with frequency management at FPV time trial racing events. FPV a.k.a First Person View is a term used to describe the act of flying a remote controlled aircraft such as a quadcopter with an onboard camera that transmits live video down to the pilot. FPV racing is a new sport where pilots race FPV controlled drones around a track.

One important technical challenge at these events is frequency management. FPV drones use many frequencies at around 2.4 GHz for control and 5.8/2.4/1.3 GHz for video. With many drones in the air it is important that frequencies are managed appropriately so as to not jam each others signals.

To try and solve this problem Balint has been using GNU Radio coupled with a USRP X310 software defined radio to get very wide band RF spectrum waterfall views of the 2.4 and 5.8 GHz bands. In the waterfalls he is able to see when control signals and video signals are transmitted and at what frequency, and is able to tell if any are overlapping and jamming each other.

SDR Wideband Spectrum Monitoring for Drone FPV Frequency Management

In addition to this, Balint has also been working on his custom software defined radio based digital video downlink. Back in March we posted about his earlier work on this concept. In the video Balint demonstrates his drone with an on board USRP E310 which is used to send a custom 4.2 Mbps video downlink.

SDR digital video downlink (custom drone FPV) with E310 + webcam

Using a USRP E310 for Digital Video Downlink and Scanning on a Drone

Balint, one of the researchers at Ettus Research (the company behind the USRP range of software defined radios) has recently uploaded a video to YouTube showing one of his projects where he is prototyping the use of a digital signal for transmitting digital FPV video on a drone. The drone carries a USRP E310 SDR and transmits a QPSK video down developed in GNU Radio to a receiver on the ground.

FPV strands for “first person view” and is a growing hobby where remote controlled aircraft such as quadcopter drones are flown in first person view using live video from an on board camera.

Drone + SDR: USRP E310 real-time digital video downlink (teaser)

In another video balint also shows how the on board E310 can be used to transmit frequency scan FFT data via a WiFi link. This can be very useful for getting an antenna up high enough to get good reception for a scan.

Drone + SDR: USRP E310 airborne spectrum monitoring (teaser)

Designing a Low Noise UHF Front End with Sharp Filtering for SDR

Most wideband SDR’s do not come with any front-end filtering built in. This limits their ability to receive weak signals in the presence of strong signals. Recently Sivan, a reader of RTL-SDR.com wrote in to let us know about a paper he published through the ARRL detailing how to design a concrete front-end unit for SDR use. A front-end helps to filter out signals that are outside of the desired passband, thus reducing interference from nearby strong signals significantly. Although Sivan uses a USRP with WBX daughtercard in his paper, he writes that the same front-end design principals can be applied to the RTL-SDR as well.

In the paper he designs a 431 – 435 MHz front-end using low cost SAW filters, a low noise amplifier (LNA) and a limiter to protect the radio. He writes that the design could easily be adapted for other bands as well.

A Selective and Robust UHF Front-End
A Selective and Robust UHF Front-End

SDR on TV: Using SDR to Break into Homes with Wireless Alarms

Earlier this year the American TV show Good Morning America featured a segment on software defined radios being used to break into houses with wireless alarm sensors. The story is based on a Defcon 2014 paper “Home Insecurity: No Alarms, False Alarms, and SIGINT” by Logan Lamb. In the TV segment Logan shows how he uses a USRP software defined radio to send a false alarm signal, jam a wireless sensor and finally to record sensor activation data from the alarm system.

Although Logan used a USRP, the same attack could be done with the cheaper HackRF.

SDR HackRf: Home Insecurity: No Alarms, False Alarms, and SIGINT

Brute Force Unlocking a Car with a USRP Software Defined Radio

Wired.com has posted an article showing how security researcher Cesare was able to use his USRP software defined radio to unlock a car with wireless entry. Essentially his hack involves brute forcing the rolling security code used by the wireless unlocking security protocol. Even with just a brute force attack he was able to unlock his car in just a few minutes. While this hack probably won’t work with newer cars which disable unlocking for a few minutes after a number of failed code attempts, Cesare notes that the hack will probably work for many similar cars of the 10 years or older generation.

This article goes along with their previous one discussing how thieves could hack into a home alarm system using a software defined radio.

The USRP is an advanced software defined radio that sells for around a thousand dollars but we note that the same attack could be performed with the cheaper and almost available HackRF SDR.

Rebooting the ISEE-3 with USRP Software Defined Radios

The ISEE-3 is a exploratory spacecraft that was launched in 1978 and placed in an orbit around the sun. It was mission was to study the interaction between solar wind and the earth's magnetic field and was later the first spacecraft to pass through the tail of a comet. NASA suspended communications with the spacecraft in 1997 and it was last heard of in 2008.

Recently there has been interest in rebooting the spacecraft and bringing it back into an earth orbit. Once safely in orbit the spacecraft's science instruments would be made publicly available for educational purposes. Unfortunately, the RF communications hardware and knowledge that was used to interface with the spacecraft has long been lost.

Luckily, the scientists and engineers at Ettus were able to devise a plan that would use the world's largest single dish radio telescope at Arecibo connected to some of their USRP N210 SDR radios to contact the probe. The USRP N210 is an advanced software defined radio that sells for around $1700 USD. Using their setup together with GNU Radio and the spacecraft's documentation from NASA they were able to make contact with the spacecraft and fire the thrusters. They have yet to actually correct the trajectory which will bring it back to earth, but they hope to be able to do that soon.

The ISEE-3
The ISEE-3
USRP at the Arecibo Dish
USRP at the Arecibo Dish

Pranking Colleagues with the USRP B210 Software Defined Radio

The Ettus USRP B210 is an advanced $1,100 software defined radio that is capable of both transmit and receive. Balint, one of the researchers at Ettus, has posted a video showing how he was able to play a light hearted prank on some of his colleagues using the B210.

Earlier in the year we posted about how Oona Raisanen was able to use her RTL-SDR to receive and decode restaurant pagers (the wireless devices given out at some restaurants to notify you when your food is ready).

Balint used his USRP210 controlled by a mobile phone app to transmit a fake signal to his colleague’s pager, causing it to activate before his food was ready.

You Can Page Me Anytime - USRP B210 + GNU Radio (teaser)