Software defined radio with USB DVB-T stick

Software-defined radio (SDR) has been a hot topic for many years. Software-defined radio (SDR) is a radio communication system where components that have been typically implemented in hardware (e.g. mixers, filters, amplifiers, modulators/demodulators, detectors, etc.) are instead implemented by means of software on a personal computer or embedded system.

There has been many even free software implementations of SDR (for example Gnu Radio), but to use them you have needed some special hardware that has been quite expensive. But now there are also inexpensive hardware options for receiving: rtl-sdr is a creative form of using consumer-grade DVB-T USB receivers, turning them into fully-fledged software defined radios. At a street price of about 20 Euros/USD they are undoubtedly the most capable low-cost SDR hardware that can be bought.

RTL-SDR: Inexpensive Software Defined Radio article gives an introduction how to built software radio this way. Hare is a good picture from that article the gives overview of the hardware.

Those DVB-T receivers supported by rtl-sdr are based on the Realtek RTL2832U chipset plus a tuner IC like the Elonics E4000 (can tune from 54-2200 MHz with gap at 1100-1250 MHz). The RTL2832U is a high-performance DVB-T COFDM demodulator that supports a USB 2.0 interface. It has some undocumented commands/registers, by which it can be placed into a mode where it simply forwards the unprocessed raw baseband samples (up to 2.8 MS/s 8-bit I+Q) via high-speed USB into the PC so they can be routed to suitable receiving program.

Of course you need suitable software to decode those samples. Suitable Windows Software for the application is the very nice, fast and open source SDR#. It can natively support RTLSDR hardware. Other option to connect to SDR hardware is through TCP connection: The Osmocom RTLSDR utilities include the program rtl_tcp. This allows you to run the dongle on one PC (be it Windows or Linux) or an embedded ARM/MIPS board and pump the ADC data over a TCP connection to another computer running a compatible client such as SDR#.

To test software defined radio I got quite many months ago suitable rtl2832u-sdr hardware: Ezcap EZTV645 DVB-T Digital TV USB 2.0 Dongle with FM/DAB/Remote Controller. Here is a picture of dongle and the antenna that comes with it.

sdr0

sdr1

Here is what the USB dongle looks like inside. As you can see there are not too many components in it.

sdr2

Here is a close-up of the tuner and receiving chips.

sdr3

To make the software to work the hardware, the original USB drivers for the dongle needs to be replaced with Zadig WinUSB drivers. WinUSB is a generic USB driver aimed at simple devices that are accessed by only one application at a time directly through a simple software library.

I had some problems in installing Zadig drivers to my systems. That slowed down staring to use the hardware quite a bit. The official driver instructions say to select “Bulk-In, Interface (Interface 0)” from the drop down list, but on my system the device I had showed on my system system as REALTEK 2832U (0). Zadig needed to be “run as administrator” to work as well Zadig needed to be “run as administrator” (quite slow and needed reboot).

Replacing the original driver it with Zardig (zadig_v.2.0.1.161.exe) made it work with SDR# (old Nightly built of SDR# with built-in REALTEK 2832U drivers). Here is the screen-shot of the software in use listening to FM radio (SDR# v1.0.0.357 Nighly with RTL-SDR/RTL2832U).

sdrsharp450

SDR# seemed to work well in listening to FM stations. I could also easily use it to listen to the transmissions from different 433 MHz RF remote controllers as well. The software can decode AM, NFM, LSB, USB, WFM, DSB, CW-L and CW-U signals.

The spectrum and waterfall displays give a good overview on the received signal. The spectrum display shows around 2 MHz frequency band (+-1 MHz from center frequency).

As you can see on the spectrum, the dynamic range between the noise floor and strongest signals is quite limited (due to 7 or 8 bits resolution of samples), which means you can listen to strong signals but weaker stations can easily be lost under the sample noise. Because the E4000 is a Direct Conversion Receiver, it has an Image Rejection problem. By switching on Correct IQ in SDR# a more or less acceptable 50dBs are reached. The E4000 shows many signals actually not present at its input (“birdies”).

I got pretty cheaply pretty nice radio receiver that can receive very many radio signals and do spectrum analysis for radio signals.

226 Comments

  1. Tomi Engdahl says:

    Building a 28.8MHz TCXO for the RTL-SDR
    https://www.youtube.com/watch?v=ZdlSHtGH8EI

    A 28.8MHz RTL-SDR TCXO that’s easy to build, and designed entirely from readily available and inexpensive components. Schematics and project files:

    Building a Better RTL-SDR TCXO
    http://www.analogzoo.com/2016/03/building-a-better-rtl-sdr-tcxo/

    Its hard to beat the cost and versatility of the ubiquitous RTL-SDR dongles, but the temperature stability of their reference oscillators isn’t sufficient for some applications. While the internal 28.8MHz quartz crystal in these units can be replaced by a high quality temperature compensated oscillator, these tend to be relatively expensive and/or difficult to source.

    Here’s a scratch-built 28.8MHz TCXO capable of +-1ppm stability from 0C-55C; best of all, it’s not only easy to build, but is designed entirely from readily available and inexpensive components. For improved temperature stability, the main oscillator can even be replaced with one of many commercially available TCXOs!

    Reply
  2. Tomi Engdahl says:

    Using a PC sound card to receive VLF radio signals
    https://www.youtube.com/watch?v=L2W1x6Rb9hI

    Julkaistu 8.3.2015

    Just connect an antenna to your computer’s microphone input, and you can receive VLF (Very Low Frequency) radio signals! A sound card (or built-in sound chip) with a recording sampling rate of at least 96 kHz is recommended.

    Excellent VLF receiving system with PC-SoundCard, SDRsharp and Mini-Whip active antenna
    https://www.youtube.com/watch?v=fKSOoZ2vhvo

    Reply
  3. Tomi Engdahl says:

    Frequency correction/calibration in SDRsharp for RTL R2832/R820T Tuner SDR dongle
    https://www.youtube.com/watch?v=gFXMbr1dgng

    Reply
  4. Tomi Engdahl says:

    APT Weather Satellite Reception with RTL-SDR, SDR#, WXtoImg, and Orbitron
    https://www.youtube.com/watch?v=drliNzdtQZw

    A while back, I did a video showing reception of APT weather satellite imagery. I thought it would be nice to do a more detailed video explaining the process and showing how to set up various pieces of software.

    How To Download Weather Directly From Satellites- Software Defined Radio
    https://www.youtube.com/watch?v=yLp3My8jUvo

    Reply
  5. Tomi Engdahl says:

    Cascade LNAs and Filters for Radioastronomy with an SDR
    http://hackaday.com/2017/08/02/cascade-lnas-and-filters-for-radioastronomy-with-an-sdr/

    It may not be the radio station with all the hits and the best afternoon drive show, but 1420.4058 MHz is the most popular frequency in the universe. That’s the electromagnetic spectral line of hydrogen, and it’s the always on the air. But studying the H-line is a non-trivial task unless you know how to cascade low-noise amplifiers and filters to use an SDR for radio astronomy.

    Because the universe is mostly made of hydrogen, H-line emissions are abundant, and their distribution can tell us a lot about the structure of galaxies.

    Building a Hydrogen Line Front End on a Budget with RTL-SDR and 2x LNA4ALL
    http://www.rtl-sdr.com/building-a-hydrogen-line-front-end-on-a-budget-with-rtl-sdr-and-2x-lna4all/

    Adam 9A4QV is the manufacturer of the LNA4ALL, a high quality low noise amplifier popular with RTL-SDR users. He also sells filters, one of which is useful for hydrogen line detection. Recently he’s uploaded a tutorial document showing how to use 2x LNA4ALL, with a filter and RTL-SDR for Hydrogen Line detection (pdf warning).

    Hydrogen atoms randomly emit photons at a wavelength of 21cm (1420.4058 MHz). Normally a single hydrogen atom will only very rarely emit a photon, but since space and the galaxy is filled with many hydrogen atoms the average effect is an observable RF power spike at 1420.4058 MHz. By pointing a radio telescope at the night sky and integrating the RF power over time, a power spike indicating the hydrogen line can be observed in a frequency spectrum plot. This can be used for some interesting experiments, for example you could measure the size and shape of our galaxy. Thicker areas of the galaxy will have more hydrogen and thus a larger spike.

    Reply
  6. Tomi Engdahl says:

    One Transistor RTL-SDR Upconverter
    http://hackaday.com/2017/08/07/one-transistor-rtl-sdr-upconverter/

    Even if you haven’t used one, you’ve probably seen the numerous projects with the inexpensive RTL-SDR USB dongle. Originally designed for TV use, the dongle is a software defined radio that many have repurposed for a variety of radio hacking projects. However, there’s one small issue. By default, the device only works down to about 50 MHz or so. There are some hacks to change that, but the cleanest way to get operation is to add an upconverter to shift the frequency you want higher. Sounds complicated? [Qrp-Gaijin] shows how to do it with a single transistor.

    RTL-SDR upconversion with diode-ring mixer: part 2
    http://qrp-gaijin.blogspot.fi/2017/07/rtl-sdr-upconversion-with-diode-ring_30.html

    This post describes an improved version of my homebrew, one-transistor RTL-SDR upconverter, including a circuit diagram and videos of the unit in operation.

    The previous version of my homebrew RTL-SDR HF upconverter used a Pierce crystal oscillator with a crystal that was marked as 49.8 MHz.

    Monitoring on a nearby receiver revealed that the oscillator was generating signal energy at 16.6 MHz and 33.2 MHz as well as at 49.8 MHz. Therefore, the simple Pierce oscillator was exciting the crystal at its fundamental frequency, with the desired LO energy at 49.8 MHz being merely a side-effect. So the LO was producing signal energy at many harmonically-related frequencies, which will introduce a host of unwanted mixing products at the mixer output, greatly increasing spurious signals and IMD.

    Reply
  7. Tomi Engdahl says:

    Improving the RTL-SDR
    https://hackaday.com/2016/03/28/improving-the-rtl-sdr/

    The RTL-SDR dongle is a real workhorse for radio hacking. However, the 28.8 MHz oscillator onboard isn’t as stable as you might wish. It is fine for a lot of applications and, considering the price, you shouldn’t complain. However, there are some cases where you need a more stable reference frequency.

    [Craig] wanted a stable solution and immediately thought of a TCXO (Temperature Compensated “Xtal” Oscillator). The problem is, finding these at 28.8 MHz is difficult and, if you can find them, they are relatively expensive. He decided to make an alternate oscillator using an easier-to-find 19.2 MHz crystal.

    Reply
  8. Tomi Engdahl says:

    ColibriNANO USB SDR Receiver Reviewed
    http://hackaday.com/2017/08/08/colibrinano-usb-sdr-receiver-reviewed/

    At first glance, the ColibriNANO SDR looks like another cheap SDR dongle. But after watching [Mile Kokotov’s] review (see video below), you can see that it was built specifically for software defined radio service. When [Mile] takes the case off, you notice the heavy metal body which you don’t see on the typical cheap dongle. Of course, a low-end RTL-SDR is around $20. The ColibriNANO costs about $300–so you’d hope you get what you pay for.

    The frequency range is nominally 10 kHz to 55 MHz, although if you use external filters and preamps you can get to 500 MHz. In addition to a 14-bit 122.88 megasample per second A/D converter, the device sports an Altera MAX10 FPGA.

    In addition to interfaces to different software packages, the dongle works with remote software. The idea is to put the dongle and an antenna somewhere advantageous (that is, high and radio-quiet) and then use a Raspberry Pi or similar computer to pipe signal over the Internet.

    ColibriNANO SDR-Receiver REVIEW
    https://www.youtube.com/watch?v=PT30XEk0KAI

    Reply
  9. Tomi Engdahl says:

    PSA4-5043+ LNA for SDR
    A simple but flexible LNA for improving reception for SDR experiments
    https://hackaday.io/project/6617-psa4-5043-lna-for-sdr

    This project is a wideband LNA used to amplify weak signals so the can be picked up by an SDR.
    The design is inspired by 9A4QV’s LNA4ALL and is based on the Mini Circuits PSA4-5043+ wideband LNA.

    Along with the LNA board I made a board for an external bias tee that fits into the same enclosure and reuses the LNA front and back panels.

    The LNA can be powered in multiple ways:

    power injected through the SMA output connector from an external bias tee
    self-powered with unregulated DC through the 2.1mm DC jack and on board regulator
    regulated DC into the 2.1mm jack without using the on board regulator

    Along with the external bias tee this allows this LNA to be adjusted to different receiver and antenna setups.

    Reply
  10. Tomi Engdahl says:

    Radio MDZhB
    http://hackaday.com/2017/08/12/radio-mdzhb/

    If you have a shortwave receiver, tune it to 4625 kHz. You’ll hear something that on the surface sounds strange, but the reality is even stranger still. According to the BBC, the radio station broadcasts from two locations inside Russia — and has since 1982 — but no one claims ownership of the station, known as MDZhB.

    If you don’t have a shortwave handy, you can always try one of the many web-based software defined radios. Search for 4.6 MHz, and pick a location that should have propagation to Russia and you are all set.

    What could it mean? No one knows.

    Reply
  11. Tomi Engdahl says:

    NooElec NESDR Mini 2+ 0.5PPM TCXO USB RTL-SDR Receiver (RTL2832 + R820T2) w/ Antenna and Remote Control
    http://www.nooelec.com/store/nesdr-mini-2-plus.html

    NooElec NESDR Mini 2+ 0.5PPM TCXO-based RTL-SDR USB set. Ultra-high quality, Japanese-made TCXO, individually tested to ensure specification compliance. R820T2 tuner is guaranteed.

    This custom NooElec SDR is a modified DVB-T USB dongle tuned for SDR usage, including a high-accuracy, Japanese fabricated, GPS-rated 0.5PPM TCXO crystal, and improved capacitors and inductors compared to generic devices. Full compatibility with a large array of software packages, such as MATLAB®, HDSDR, SDR Touch, SDR#, Planeplotter–too many to list.

    MathWorks® and NooElec™ have coordinated to bring MATLAB® support for our SDR receivers. The RTL-SDR radio support package enables you to design wireless receivers using real world signals. Using Communications System Toolbox™ in conjunction with an RTL-SDR USB radio, you can design and prototype systems that process real-time wireless signals in MATLAB® and Simulink®

    Wireless engineers, students, and hobbyists can learn to receive and decode real-world radio signals using this low cost RTL-SDR hardware connected to your computer.

    These units are based on the R820 (R820T2) tuner IC made by Rafael Micro. This provides substantial performance improvements over R820T in both lab and real-life usage scenarios. They have a frequency capability of approximately 25MHz-1750MHz, though this can vary somewhat from unit to unit. There is also an RTL2832 (RTL2832U) IC on board of course, which acts as the demodulator and USB interface.

    The connector type on the antenna and USB board is MCX–male MCX on the antenna, female MCX on the SDR. There are plenty of adapter and adapter cables available in our store if you want to connect your favorite antenna!

    Want HF too? You can modify the dongle for HF reception, but it’s really a bad way of doing things
    However, we strongly recommend you take a look at the upconverter available

    Reply
  12. Tomi Engdahl says:

    Sorry US; Europeans Listen to Space with GRAVES
    http://hackaday.com/2017/08/27/sorry-us-europeans-listen-to-space-with-graves/

    In Europe, the GRAVES radar station beams a signal on 143.050 MHz almost straight up to detect and track satellites and space junk. That means you will generally not hear any signal from the station. However, [DK8OK] shows how you can–if you are in Europe–listen for reflections from the powerful radar. The reflections can come from airplanes, meteors, or spacecraft. You can see a video from [way1888] showing the result of the recent Perseid meteor shower.

    Using a software-defined radio receiver, [DK8OK] tunes slightly off frequency and waits for reflections to appear in the waterfall. In addition to observing the signal, it is possible to process the audio to create more details.

    Why is there a giant vertical radar transmitter in the middle of France? The transmitter uses a phased array to send a signal over a 45-degree swath of the sky at a time. It makes six total steps every 19.2 seconds. A receiver several hundred miles away listens for reflections.

    GRAVES: Reflections out of the blue
    https://dk8ok.org/2017/08/23/graves-reflections-out-of-the-blue/

    Undoubtly, a Graves is a fine French wine from the Bordeaux region in western France. So it is so surprise that also GRAVES is an extraordinary Radar station. It was built to detect and follow satellites and their debris. They sequentially cover from 90° to 270° azimut in five big sectors A to D, and change from sector to sector each 19,2 seconds. Each of this sector is further divided into 6 segments of 7,5° width, covered for 3,2 seconds each.

    They are transmitting on 143,050 MHz. If you are in Europe and tune into 143.049,0 kHz USB, you probably will hear/see some reflections of meteors, airplanes and even spacecraft. The distance between the transmitter and my location is about 630 km, and for their southly directed transmissions, there most of the time is no direct reception.

    So, if you tune into 143.049,0 kHz, you will see just a blue spectrogram: noise. If you wait for a while, some signals will appear out of this blue; see screenshot on the top.

    Reply
  13. Tomi Engdahl says:

    19 RTL-SDR Dongles Reviewed
    https://hackaday.com/2017/09/05/19-rtl-sdr-dongles-reviewed/

    Blogger [radioforeveryone] set out to look at 19 different RTL-SDR dongles for use in receiving ADS-B (that’s the system where airplanes determine their position and broadcast it). Not all of the 19 worked, but you can read the detailed review of the 14 that did.

    Granted, you might not want to pick up ADS-B, but the relative performance of these inexpensive devices is still interesting. The tests used Raspberry PI 3s and a consistent antenna and preamp system. Since ADS-B is frequently sent, the tests were at least 20 hours in length. The only caveat: the tests were only done two at a time, so it is not fair to directly compare total results across days.

    The author points out that differences under about 2% don’t mean much. However, the article does draw a series of conclusions at the end. For instance, you can buy an $8 dongle and build a coketenna and have less than $10 tied up. You could also spend $150, but you won’t get 15 times the data nor 15 times the enjoyment.

    Group ADS-B test: 19 dongles
    http://www.radioforeveryone.com/p/group-ads-b-test-19-dongles.html

    9 RTL-SDR dongle variations tested with identical Raspberry Pi 3 based ADS-B stations, sharing the same antenna and filtered preamp.

    Reply
  14. Tomi Engdahl says:

    Ethernet to Radio Adapter
    https://hackaday.io/project/2507-ethernet-to-radio-adapter

    Stop wasting time and money on expensive coaxial cable and put the whole radio right at the antenna feedpoint!

    The stereotypical HF amateur radio installation has an expensive, commercially made radio driving an antenna relatively far away, connected with coaxial cable. Depending on how far away you want to house the radio, you may be talking hundreds of feet of coax, which either costs a fortune for “the good stuff”, or is lossy and leaky. My goal is to put the radio right at the feed point of the antenna, even as the center “insulator” for the antenna.

    Reply
  15. Tomi Engdahl says:

    BlackRock SDR: BeagleBone SDR cape
    HF Rx SDR cape for the BeagleBoneBlack based on the SoftRock RXII
    https://hackaday.io/project/2185-blackrock-sdr-beaglebone-sdr-cape

    Official Hackaday Prize Entry

    View Gallery
    3.1k
    4
    793
    16
    Team (1)

    eresonance

    Join this project’s team

    SoftRock Ensemble RXII
    KD2BOA
    blackrock_sdr
    M0RZF
    Project Intro Video

    radio SDR beagleboneblack hf
    This Project Is In These Lists
    2014 Hackaday Prize: Quarterfinalists
    BeagleBone Projects
    TI MCUs, ARM, BeagleBone
    Texas Instruments Parts
    Browse all lists »
    This project is submitted for

    Official Hackaday Prize Entry

    This project was created on 07/29/2014 and last updated 3 years ago.
    Description
    HF Rx based on the SoftRock Ensemble RXII.

    Essentially you take the proven design of the softrock, remove the audio interface and go direct to a decent ADC, and feed that into a beaglebone black linux board for all the end processing.

    Reply
  16. Tomi Engdahl says:

    A Ham Radio Go-Box Packed with Functionality
    https://hackaday.com/2017/09/09/a-ham-radio-go-box-packed-with-functionality/

    “When all else fails, there’s ham radio.” With Hurricane Harvey just wrapping up, and Irma queued up to clobber Florida this weekend, hams are gearing up to pitch in with disaster communications for areas that won’t have any communications infrastructure left. And the perfect thing for the ham on the go is this ham shack in a box.

    Ham Radio Go Box With Raspberry Pi And Bluetooth speaker and SDR
    https://www.youtube.com/watch?v=Ry71P9r5cMg

    Ham Radio Go Box with a Raspberry Pi connected to a 7inch touchscreen. Running Ubuntu Mate and Gpredict for satellite tracking and QTCSDR for my USB dongle. BTECH tri-band radio hooked up to a external speaker. Bluetooth speaker hooked up to the Raspberry Pi 3.

    Reply
  17. Tomi Engdahl says:

    Attack Some Wireless Devices With A Raspberry Pi And An RTL-SDR
    https://hackaday.com/2017/09/10/attack-some-wireless-devices-with-a-raspberry-pi-and-an-rtl-sdr/

    If you own one of the ubiquitous RTL-SDR software defined radio receivers derived from a USB digital TV receiver, one of the first things you may have done with it was to snoop on wide frequency bands using the waterfall view present in most SDR software. Since the VHF and UHF bands the RTL covers are sometimes a little devoid of signals, chances are you homed in upon one of the ISM bands as used by plenty of inexpensive wireless devices for all sorts of mundane control tasks.

    Some of these devices, such as car security keys, are protected by rolling encryption schemes to deter would-be attackers. But many of the more harmless devices simply send a command in the open without the barest of encryption. The folks at RTL-SDR.com put up a guide to recording these open data bursts on a Raspberry Pi and playing them back by transmitting them from the Pi itself.

    Tutorial: Replay Attacks with an RTL-SDR, Raspberry Pi and RPiTX
    https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/

    With an RTL-SDR dongle, Raspberry Pi, piece of wire and literally no other hardware it is possible to perform replay attacks on simple digital signals like those used in 433 MHz ISM band devices. This can be used for example to control wireless home automation devices like alarms and switches.

    In this tutorial we will show you how to perform a simple capture and replay using an RTL-SDR and RPiTX. With this method there is no need to analyze the signal, extract the data and replay using a 433 MHz transmitter. RPiTX can replay the recorded signal directly without further reverse engineering just like if you were using a TX capable SDR like a HackRF to record and TX an IQ file.

    PiTX is open source software which allows you to turn your Raspberry Pi into a general purpose transmitter for any frequency between 5 kHz to 500 MHz. It works by using square waves to modulate a signal on the GPIO pins of the Pi. If controlled in just the right way, FM/AM/SSB or other modulations can be created. By attaching a simple wire antenna to the GPIO pin these signals become RF signals transmitted into the air.

    Of course this creates an extremely noisy output which has a significant number of harmonics. So to be legal and safe you must always use bandpass filtering.

    Reply
  18. Tomi Engdahl says:

    RF transmitter for Raspberry Pi
    https://github.com/F5OEO/rpitx

    rpitx is a radio transmitter for Raspberry Pi (B, B+, PI2, PI3 and PI zero) that transmits RF directly to GPIO. It can handle frequencies from 5 KHz up to 500 MHz.

    Before you transmit, know your laws. rpitx has not been tested for compliance with regulations governing transmission of radio signals. You are responsible for using your rpitx legally.

    Plug a wire on GPIO 18, means Pin 12 of the GPIO header (header P1). This acts as the antenna. The optimal lenght of the wire depends the frequency you want to transmit on, but it works with a few centimeters for local testing.

    Reply
  19. Tomi Engdahl says:

    3D Printed Helical Satcom Feed
    https://hackaday.com/2017/11/09/3d-printed-helical-satcom-feed/

    With the advent of cheap software defined radios made popular by the RTL-SDR project a few years back, satellite communications are now within the budget of even the most modest hacker. For $20 USD you can get a USB SDR module that is more than capable of receiving signals from any number of geosynchronous satellites, but you’ll need something a little more robust than rabbit ears to pick up a signal broadcast from over 22,000 miles away.

    Building a satellite-capable antenna isn’t necessarily difficult, but does involve a fair bit of arcane black magic and mathematics to do properly; something that can scare away those new to the hobby. But by using a 3D printed mandrel, [Tysonpower] has come up with a feed you can build and mount on a standard dish without having to take a crash course in antenna theory. [Tysonpower] reports the feed has a center frequency 1550 MHz, and works well for reception of Inmarsat, AERO and HRPT signals.

    LHCP Helical L-Band Feed (1550mhz center)
    https://www.thingiverse.com/thing:2627680

    Reply
  20. Tomi Engdahl says:

    A TEMPEST in a Dongle
    https://hackaday.com/2017/11/26/a-tempest-in-a-dongle/

    If a couple of generations of spy movies have taught us anything, it’s that secret agents get the best toys. And although it may not be as cool as a radar-equipped Aston Martin or a wire-flying rig for impossible vault heists, this DIY TEMPEST system lets you snoop on computers using secondary RF emissions.

    If the term TEMPEST sounds familiar, it’s because we’ve covered it before. [Elliot Williams] gave an introduction to the many modalities that fall under the TEMPEST umbrella, the US National Security Agency’s catch-all codename for bridging air gaps by monitoring the unintended RF, light, or even audio emissions of computers. And more recently, [Brian Benchoff] discussed a TEMPEST hack that avoided the need for thousands of dollars of RF gear, reducing the rig down to an SDR dongle and a simple antenna. There’s even an app for that now: TempestSDR, a multiplatform Java app that lets you screen scrape a monitor based on its RF signature.

    TempestSDR: An SDR tool for Eavesdropping on Computer Screens via Unintentionally Radiated RF
    https://www.rtl-sdr.com/tempestsdr-a-sdr-tool-for-eavesdropping-on-computer-screens-via-unintentionally-radiated-rf/

    Reply
  21. Tomi Engdahl says:

    Remote video eavesdropping using a software-defined radio platform
    https://github.com/martinmarinov/TempestSDR

    Reply
  22. Tomi Engdahl says:

    Remote video eavesdropping using a software-defined radio platform
    https://github.com/martinmarinov/TempestSDR

    TempestSDR

    This project is a software toolkit for remotely eavesdropping video monitors using a Software Defined Radio (SDR) receiver. It exploits compromising emanations from cables carrying video signals.

    Raster video is usually transmitted one line of pixels at a time, encoded as a varying current. This generates an electromagnetic wave that can be picked up by an SDR receiver. The software maps the received field strength of a pixel to a gray-scale shade in real-time. This forms a false colour estimate of the original video signal.

    The toolkit uses unmodified off-the-shelf hardware which lowers the costs and increases mobility compared to existing solutions. It allows for additional post-processing which improves the signal-to-noise ratio. The attacker does not need to have prior knowledge about the target video display. All parameters such as resolution and refresh rate are estimated with the aid of the software.

    The software consists of a library written in C, a collection of plug-ins for various Software Define Radio (SDR) front-ends and a Java based Graphical User Interface (GUI).

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*