SDR videos

Software-defined radio (SDR) technology can be used for many interesting technical experiments. With listening only SDR you can do many interesting things, but having a SDR that can also transmit opens many new doors. Here are some interesting videos related to SDR and cyber security:

Universal Radio Hacker – Replay Attack With HackRF

Download here: https://github.com/jopohl/urh

Radio Hacking: Cars, Hardware, and more! – Samy Kamkar – AppSec California 2016

Hacking Car Key Fobs with SDR

Getting Started With The HackRF, Hak5 1707

Hacking Ford Key Fobs Pt. 1 – SDR Attacks with @TB69RR – Hak5 2523

Hacking Ford Key Fobs Pt. 2 – SDR Attacks with @TB69RR – Hak5 2524

Hacking Ford Key Fobs Pt. 3 – SDR Attacks with @TB69RR – Hak5 2525

Hacking Restaurant Pagers with HackRF

Software Defined Spectrum Analyser – Hack RF

Locating Cellular Signal with HackRF Spectrum Analyzer SDR Software

GSM Sniffing: Voice Decryption 101 – Software Defined Radio Series #11

How To Listen To Trunked Police Radio And Why Im Done

Transmitting NTSC/ATSC Video With the HackRF One and Gnuradio

Check also Using a HackRF SDR to Sniff RF Emissions from a Cryptocurrency Hardware Wallet and Obtain the PIN article.

94 Comments

  1. Tomi Engdahl says:

    Shielding A Cheap RTL-SDR Stick
    https://hackaday.com/2022/06/29/shielding-a-cheap-rtl-sdr-stick/

    Even though not every Hackaday reader is likely to be a radio enthusiast, it’s a fair guess that many of you will have experimented with an RTL-SDR USB dongle by now. These super-cheap devices are intended for digital TV reception and contain an RTL2832 chip, which with the proper software, can be pushed into service as a general purpose software defined radio receiver. For around $10 USD they’re fantastic value and a lot of fun to play with, even if they’re not the best radio ever. How to improve the lackluster performance? One of the easiest and cheapest ways is simply to shield it from RF noise, which [Alan R] has done with something as mundane as a tubular fizzy orange tablet container.

    This is probably one of the simpler hacks you’ll see on this site, as all it involves is making an appropriate hole in the end of the tube and shielding the whole with some aluminium foil sticky tape. But the benefits can be seen immediately in the form of reduced FM broadcast band interference, something that plagues the cheaper dongles.

    Low Cost Shielding Idea for Plastic RTL-SDRs
    https://www.rtl-sdr.com/low-cost-shielding-idea-for-plastic-rtl-sdrs/

    Reply
  2. Tomi Engdahl says:

    Hacker Finds Kill Switch for Submachine Gun–Wielding Robot Dog
    The submachine gun–firing robot dog can be remotely shut down with an AI dolphin branded hacker’s tool.
    https://www.vice.com/en/article/akeexk/hacker-finds-kill-switch-for-submachine-gun-wielding-robot-dog

    Reply
  3. Tomi Engdahl says:

    Simple Breadboard SDR For Shortwave
    https://hackaday.com/2022/08/26/simple-breadboard-sdr-for-shortwave/

    One of the best ways to learn about radios is to build your own, even in the age of cheap SDR dongles. [Aniss Oulhaci] demonstrates this with a simple HF SDR receiver built on a breadboard.

    The receiver takes the form of a simplified Tayloe detector. An RF preamp circuit amplifies the signal from a shortwave antenna and feeds it into a 74HC4066D analog switch, which acts as a switching mixer. It mixes the input signal with the local oscillator’s I and Q signals to produce the intermediate frequency signals. The local oscillator consists of a SI5351 clock generator with a 74HC74D flip-flop to generate the I and Q pair. The signals pass through a low pass filter stage and get amplified by an LM358 op amp, resulting in the IQ signal pair being fed to a computer’s stereo sound card.

    An Arduino is used to control the SI5351 clock generator, which in turn is controlled by the same program created for the SDR Shield.

    Simple SDR receiver (10kHz-30MHz)
    https://www.youtube.com/watch?v=G8BIYIsh-4I

    Reply
  4. Tomi Engdahl says:

    Snooping On Starlink With An RTL-SDR
    https://hackaday.com/2022/09/23/snooping-on-starlink-with-an-rtl-sdr/

    With an ever-growing constellation of Starlink satellites whizzing around over our heads, you might be getting the urge to start experimenting with the high-speed internet service. But at $100 or more a month plus hardware, the barrier to entry is just a little daunting for a lot of us. No worries, though — if all you’re interested in is tracking [Elon]’s birds, it’s actually a pretty simple job.

    Now, we’re not claiming that you’ll be able to connect to Starlink and get internet service with this setup, of course, and neither is the delightfully named [saveitforparts]. Instead, his setup just receives the beacon signals from Starlink satellites, which is pretty interesting all by itself. The hardware consists of his “Picorder” mobile device, which sports a Raspberry Pi, a small LCD screen, and a host of sensors, including an RTL-SDR dongle. To pick up the satellite beacons, he used a dirt-cheap universal Ku-band LNB, or low-noise block downconverter. They’re normally found at the focal point of a satellite TV dish, but in this case no dish is needed — just power it up with a power injector and point it to the sky.

    Detecting Starlink Satellites With DIY Tricorder
    https://www.youtube.com/watch?v=5cwEkhFdXGw

    Reply
  5. Tomi Engdahl says:

    HamRadio Packet Radio Modem over 70cm Band NPR-70 by F4HDK
    https://www.aliexpress.com/item/1005004049272702.html

    Reply
  6. Tomi Engdahl says:

    TRX-Duo Is A Red Pitaya Clone For Software Defined Radio
    https://hackaday.com/2022/10/09/trx-duo-is-a-red-pitaya-clone-for-software-defined-radio/

    If you’ve noticed the TRX-DUO software-defined radio transceiver, you might have wondered how it stacks up to other choices like Red Pitaya or HackRF. [Tech Minds] obliges with a review of the Red device in the video below.

    While this unit isn’t inexpensive, it also isn’t as expensive as some of its competitors. Sure, you can pick up an RTL-SDR dongle for a fraction of the price, but then you miss out on transmitting. The device is pretty powerful compared to a cheap software defined radio:

    Frequency: 10 kHz to 60 MHz
    CPU: Zynq SoC with a dual-core ARM Cortex A9
    RAM: 512 MB
    OS: Linux
    Connectivity: Ethernet and USB connectivity (WiFi with a dongle)
    ADC: 16-bit at 125 MS/s (2 channels)
    DAC: 14-bit at 125 MS/s (2 channels)

    TRX DUO APPLICATION BASED HF SDR TRANSCEIVER (RED PIYATA)
    https://www.youtube.com/watch?v=teks8v3u8F0

    Reply
  7. Tomi Engdahl says:

    The Internet Archive is building a library of amateur radio broadcasts
    It’s also looking for print materials to digitize, as well as early-internet communications.
    https://www.engadget.com/internet-archive-digital-library-of-amateur-radio-and-communications-180509856.html

    Reply
  8. Tomi Engdahl says:

    Generating Stereo FM Signals, Thanks To Python
    https://hackaday.com/2022/10/19/generating-stereo-fm-signals-thanks-to-python/

    A casual understanding of how AM radio works is pretty easy to come by, and standard FM is only a little more complicated. Things can go off the tracks a bit with stereo FM, though — figuring out how they squeeze two separate audio tracks onto one radio signal is a bit of a head-scratcher. In that case, wrapping your head around the concept might be helped by mocking up a stereo FM signal with an arbitrary waveform generator and a little bit of Python.

    Not that [Sebastian] of Baltic Lab was unfamiliar with multiplex FM theory, mind you. As he explains it, his goal was to generate a valid stereo FM signal with a different pure tone on each channel, 700 Hz on the left and 2,200 Hz on the right. Luckily, [Sebastian] has a nice AWG, the Siglent SDG1032X, which has an Ethernet connection that can be used to control it remotely along with PyVISA, a Python package for controlling instruments using the Virtual Instrument Software Architecture protocol.

    Generate a stereo-FM multiplex waveform with Python and AWG
    https://baltic-lab.com/2022/10/generate-a-stereo-fm-multiplex-waveform-with-python-and-awg/

    Reply
  9. Tomi Engdahl says:

    Hackaday Supercon – HunterScott : Why Phased Arrays are Cool and How to Build One
    https://www.youtube.com/watch?v=ytBmoL2wZLw

    Hunter Scott’s talk from the 2018 Hackaday Superconference explains what phased arrays are, their basic architecture, their benefits, and how to make one yourself. He also talks about how we can take advantage of new chips for the coming 5G standard to reduce hardware cost and complexity.

    Phased Array Antennas
    https://www.youtube.com/watch?v=vtPPAnvJS6c

    Reply
  10. Tomi Engdahl says:

    Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not
    Elon said no thanks to using his mega-constellation for navigation. Researchers went ahead anyway.
    https://www.technologyreview.com/2022/10/21/1062001/spacex-starlink-signals-reverse-engineered-gps/

    Reply
  11. Tomi Engdahl says:

    Build a Passive Radar With Software-Defined Radio Spot stuff with the KrakenSDR and two TV antennas
    https://spectrum.ieee.org/passive-radar-with-sdr

    Transmissions from a broadcast tower, such as the spire on top of the Empire State Building, can be used with cheap TV antennas and a software-defined radio to track the movements of airplanes.

    Unlike conventional radar, passive radar doesn’t send out pulses of its own and watch for reflections. Instead, it uses ambient signals. A reference antenna picks up a signal from, say, a cell tower, while a surveillance antenna is tuned to the same frequency. The reference and surveillance signals are compared. If a reflection from an object is detected, then the time it took to arrive at the surveillance antenna gives a range. Frequency shifts indicate the object’s speed via the Doppler effect.

    Reply
  12. Tomi Engdahl says:

    Stephen Cass Wakes the KrakenSDR and a Raspberry Pi for a Speed-Finding Passive Radar Project
    Using the Empire State Building as a radio signal source, Cass’ passive radar can pick a plane out of the air and tell you its speed.
    https://www.hackster.io/news/stephen-cass-wakes-the-krakensdr-and-a-raspberry-pi-for-a-speed-finding-passive-radar-project-01e44d1e521d

    Reply
  13. Tomi Engdahl says:

    Wi-Spy
    The Wi-Peep exploit allows an attacker to covertly locate all of the Wi-Fi-enabled devices in a building quickly using inexpensive hardware
    https://www.hackster.io/news/wi-spy-98d985364820

    Reply
  14. Tomi Engdahl says:

    Listen To 64 MHz At Once
    https://hackaday.com/2022/11/16/listen-to-64-mhz-at-once/

    We imagine that if [Tech Minds] told us he was listening to the HF bands, we might ask him which one? His reply might just be “All of them.” That’s thanks to the RX-888 MKII SDR he reviewed which delivers a 64 MHz window on the radio spectrum

    Reply
  15. Tomi Engdahl says:

    WiFi Cam 2.0 Captures ‘Photos’ of Wireless Signals
    Wireless radio signals are invisible to the human eye, but Jan Neumann’s WiFi Cam 2.0 device can capture images of them.
    https://www.hackster.io/news/wifi-cam-2-0-captures-photos-of-wireless-signals-b20702fcc382

    Reply
  16. Tomi Engdahl says:

    Russlands Sat-Spionagestation in Wien mit Technik von NATO-Lieferanten
    Alle Komponenten der vier großen Dishes stammen entweder von der kanadischen Norsat oder von Swedish Microwave (SMW). Norsat ist eine Vertragsfirma der NATO und des Pentagon, SMW beliefert ebenso in erster Linie Militärs.
    https://fm4.orf.at/stories/3029072/

    Reply
  17. Tomi Engdahl says:

    Air-gapped PCs vulnerable to data theft via power supply radiation https://www.bleepingcomputer.com/news/security/air-gapped-pcs-vulnerable-to-data-theft-via-power-supply-radiation/
    A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems isolated from the internet over a distance of at least two meters (6.5 ft), where its captured by a receiver.

    Reply
  18. Tomi Engdahl says:

    LF Electromagnetic Radiation Used for Stealthy Data Theft From Air-Gapped Systems
    https://www.securityweek.com/lf-electromagnetic-radiation-used-stealthy-data-theft-air-gapped-systems

    Mordechai Guri, a cybersecurity researcher from the Ben-Gurion University of the Negev in Israel who specializes in air gap jumping, has released a paper detailing yet another method that can be used to stealthily exfiltrate data from systems isolated from the internet and local networks.

    The new method involves using the dynamic power consumption of modern computers and manipulation of CPU loads in order to cause the device to generate specific low-frequency (LF) electromagnetic radiation in the 0-60 kHz band.

    Guri showed how a malicious actor who has managed to plant a piece of malware on the targeted device — this can be achieved through insiders, supply chain attacks or social engineering — can exfiltrate small pieces of highly sensitive information, such as passwords or encryption keys.

    The researcher demonstrated that the attack can be conducted over distances of 2 meters (6.5 feet) and even more. The attack method has been named COVID-bit because this distance is often recommended for preventing Covid-19 transmission.

    Mordechai Guri, a cybersecurity researcher from the Ben-Gurion University of the Negev in Israel who specializes in air gap jumping, has released a paper detailing yet another method that can be used to stealthily exfiltrate data from systems isolated from the internet and local networks.

    The new method involves using the dynamic power consumption of modern computers and manipulation of CPU loads in order to cause the device to generate specific low-frequency (LF) electromagnetic radiation in the 0-60 kHz band.

    Guri showed how a malicious actor who has managed to plant a piece of malware on the targeted device — this can be achieved through insiders, supply chain attacks or social engineering — can exfiltrate small pieces of highly sensitive information, such as passwords or encryption keys.

    The researcher demonstrated that the attack can be conducted over distances of 2 meters (6.5 feet) and even more. The attack method has been named COVID-bit because this distance is often recommended for preventing Covid-19 transmission.

    Reply
  19. Tomi Engdahl says:

    Trio JR-500S ham radio vs SDRplay RSP1A SDR Radio
    Old Tube radio vs modern SDR radio comparision
    https://hackaday.io/project/188592-trio-jr-500s-ham-radio-vs-sdrplay-rsp1a-sdr-radio

    Reply
  20. Tomi Engdahl says:

    Connecting Commercial 433 MHz Sensors To MQTT And Home Assistant With RTL-SDR
    https://hackaday.com/2022/12/26/connecting-commercial-433-mhz-sensors-to-mqtt-and-home-assistant-with-rtl-sdr/

    When [Elixir of Progress] was looking at setting up environmental sensors around their home to keep track of temperature, humidity and such, the obvious ideas of using WiFi-connected sensors didn’t work due to lack of WiFi range. Although Zigbee (Z-wave) sensors have longer range than WiFi, they are decidedly more expensive, proprietary and require a special transceiver hub. That’s where 433 MHz sensors for weather stations come into the picture.

    The idea is simple: virtually all of those sensors – many of them rated for outdoor use – use the unlicensed 433 MHz spectrum that can easily be captured using cheap RTL-SDR (software defined radio) USB dongles. With the data stream from these sensors captured, the open source rtl_433 project enables automatic decoding of these data streams for a wide range of supported sensors.

    https://cohost.org/Elixir-Of-Progress/post/463783-probing-weather-in-h

    https://github.com/merbanan/rtl_433

    Reply
  21. Tomi Engdahl says:

    https://hackaday.com/2022/12/23/this-week-in-security-github-actions-sha-1-retirement-and-a-self-worming-vulnerability/

    Your Tires Are Leaking (Data)

    Back a few years ago, [Mike Metzger] gave a DEFCON talk about TPMS, Tire Pressure Monitoring Systems. This nifty safety feature allows sensors in car tires to talk to the infotainment center, and warn when a tire is low. [Drew Griess] decided to follow up on this bit of info, and see just how practical it would be to use and abuse these gizmos.

    An RTL_SDR and the very useful rtl_433 project do the job quite nicely. Add an antenna, and the signals are readable over fifty feet away. It really becomes interesting when you realize that each of those sensors have a unique ID sent in each ping. Need to track a vehicle? Just follow its tires!

    Your Car is Trackable by Law
    TPMS Tracking
    Today I learned how to read the unique ID of a tire pressure sensor which can be used to track vehicles using a sensor network.
    https://medium.com/@doctoreww/day-2-your-car-is-trackable-by-law-1d5f74388850

    Reply
  22. Tomi Engdahl says:

    Software-Defined Radio Brings Agility to Hardware Design
    December 28, 2022 Alex Colpitts and Brendon McHugh
    https://www.eetimes.eu/software-defined-radio-brings-agility-to-hardware-design/?utm_source=newsletter&utm_campaign=link&utm_medium=EETimesEuropeWeekly-20230119

    Software-controlled hardware is
    transforming the technological landscape, and radio hardware has been swept up in this rapid progression.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*