SDR videos

Software-defined radio (SDR) technology can be used for many interesting technical experiments. With listening only SDR you can do many interesting things, but having a SDR that can also transmit opens many new doors. Here are some interesting videos related to SDR and cyber security:

Universal Radio Hacker – Replay Attack With HackRF

Download here: https://github.com/jopohl/urh

Radio Hacking: Cars, Hardware, and more! – Samy Kamkar – AppSec California 2016

Hacking Car Key Fobs with SDR

Getting Started With The HackRF, Hak5 1707

Hacking Ford Key Fobs Pt. 1 – SDR Attacks with @TB69RR – Hak5 2523

Hacking Ford Key Fobs Pt. 2 – SDR Attacks with @TB69RR – Hak5 2524

Hacking Ford Key Fobs Pt. 3 – SDR Attacks with @TB69RR – Hak5 2525

Hacking Restaurant Pagers with HackRF

Software Defined Spectrum Analyser – Hack RF

Locating Cellular Signal with HackRF Spectrum Analyzer SDR Software

GSM Sniffing: Voice Decryption 101 – Software Defined Radio Series #11

How To Listen To Trunked Police Radio And Why Im Done

Transmitting NTSC/ATSC Video With the HackRF One and Gnuradio

Check also Using a HackRF SDR to Sniff RF Emissions from a Cryptocurrency Hardware Wallet and Obtain the PIN article.

333 Comments

  1. Tomi Engdahl says:

    Decoding Automotive Key Fob Communication based on Manchester-encoded ASK Modulation
    https://www.youtube.com/watch?v=-m5W-bRB-50

    Learn how to probe & capture key fob RF signals, hardware demodulate each burst/packet, and finally how to set up the scope to decode each transmitted message using the scope’s User-definable Manchester/NRZ Trigger and Decode option (DSOXT3NRZ/ DSOX4NRZ) on Keysight’s InfiniiVision 3000T and 4000A X-Series oscilloscopes.

    Reply
  2. Tomi Engdahl says:

    Broadcast Signal Intrusion with RPi Zero and an old rusty Guitar String

    https://pentestmag.com/broadcast-signal-intrusion-with-rpi-zero-and-an-old-rusty-guitar-string/

    #pentest #magazine #pentestmag #pentestblog #PTblog #broadcast #signal #intrusion #RPiZero #cybersecurity #infosecurity #infosec

    Reply
  3. Tomi Engdahl says:

    Get Your Weather Images Straight From The Satellite
    https://hackaday.com/2020/03/14/get-your-weather-images-straight-from-the-satellite/

    Josh] has a series called Ham Radio Crash Course and a recent installment covers how you can grab satellite images directly from weather satellites. This used to be more of a production than it is now thanks to software defined radio (SDR). Josh also has another project using a 3D printer to make an antenna suitable for the job.

    The software is the venerable WXtoImg program. This is abandonware, but the community has kept the software available. The program works on Linux, Windows, and Mac. The satellites in question operate around 137 MHz, but that’s easily in the range of even the cheap SDR dongles. [Josh] shows how to use a virtual audio cable on Windows to connect the output of the radio to the input of the WXtoImg program. Under Linux, you can do this with Pulse or Jack very easily without any extra hardware.

    How To Receive Images Directly From NOAA Satellites
    https://www.youtube.com/watch?v=PWWGDL5tC_I&feature=emb_logo

    Reply
  4. Tomi Engdahl says:

    Software Defined Everything With Mike Ossmann And Kate Temkin
    https://hackaday.com/2020/02/21/software-defined-everything-with-mike-ossmann-and-kate-temkin/

    Software defined radio has become a staple of the RF tinkerer, but it’s likely that very few of us have ever taken their software defined toolchain outside the bounds of radio. It’s an area explored by Mike Ossmann and Kate Temkin in their newly published Supercon talk as they use GNU Radio to do some things that you might find unexpected.

    https://www.youtube.com/watch?v=-5TAfdYpC44&feature=emb_logo

    Reply
  5. Tomi Engdahl says:

    3.2 GHz Vector Signal Generator Tear Down
    https://hackaday.com/2020/03/17/3-2-ghz-vector-signal-generator-tear-down/

    [The Signal Path] snagged a fancy Rohde & Schwarz vector signal generator that can go up to 3.2 GHz, but sadly it wasn’t in working order. It powered up and even put out a 1 GHz signal, but the amplitude output was very wrong. Interestingly relative changes to the output were correct, it was just that the absolute output amplitude was off by quite a bit and changed with frequency. That started a detective job which you can follow along in the video below.

    https://www.youtube.com/watch?v=ocSl8LtqzzM

    Reply
  6. Tomi Engdahl says:

    https://flipperzero.one/zero

    Flipper Zero is a portable multi-tool for pentesters and geeks in Tamagotchi body. It loves to hack digital stuff around such as radio protocols, access control systems, hardware and more. It’s fully opensource and customizable so you can extend it in whatever way you like.

    Reply
  7. Tomi Engdahl says:

    Receive Analog Video Radio Signals From Scratch
    https://hackaday.com/2020/05/31/receive-analog-video-radio-signals-from-scratch/

    DragonOS LTS SigDigger demodulating a 5 GHz analog video/FPV drone link (HackRF One, SigDigger)
    https://www.youtube.com/watch?v=PxKs1MXwmp0&feature=emb_logo

    Reply
  8. Tomi Engdahl says:

    BAE Systems delivers first radiation-hardened RAD5545 software defined radios on their way to Lockheed Martin to support future space communication, national security, surveillance and weather missions

    BAE Systems delivers first radiation-hardened RAD5545 radios
    https://www.intelligent-aerospace.com/satcom/article/14179372/radiation-hardened-software-defined-radio

    RAD5545 software defined radios are on their way to Lockheed Martin to support future space missions.

    BAE Systems’ software defined radio is anchored by the RAD5545 single board computer (SBC), providing the most advanced radiation-hardened quad core general purpose processing solution available today to address future threats on a variety of missions. The system leverages modular and standard building blocks including a SpaceVPX chassis and backplane electrical connectors, Serial RapidIO and Spacewire interfaces, and a fully supported expansion port for a custom interface card.

    Reply
  9. Tomi Engdahl says:

    https://www.facebook.com/groups/electronichobycircuits/permalink/3428098367214848/
    Hurricane Watch Net for ISAIAS on NA5B WebSDR

    Hello all. For those who do not have their HF up and running, there is an alternative way to listen to the Hurricane Watch Net for hurricane ISAIAS which is going to hit Florida and the East coast states in the coming days.

    Here is a link for the WebSDR server that I have been running for some years, a 24/7 basis in Washington DC Area.

    Best regards

    Hurricane Watch Net ISAIAS 40 meter: http://na5b.com:8901/?tune=7268lsb

    Hurricane watch net ISAIAS 20 meter: http://na5b.com:8901/?tune=14326usb

    Main WebSDR server: http://na5b.com

    The Hurricane Watch Net: https://hwn.org

    Reply
  10. Tomi Engdahl says:

    A fully-contained software-defined radio solution in tablet form opens new doors for field testing.

    RadioSlate: A Software-Defined Radio Tablet
    https://www.hackster.io/news/radioslate-a-software-defined-radio-tablet-6fff2aac3ce5

    A fully-contained software-defined radio solution in tablet form opens new doors for field testing.

    Tools like signal and spectrum analyzers are extremely important in the RF world, however they can be extremely expensive pieces of equipment to purchase and not the most portable or space friendly. To fill the gap, software-defined radio (SDR) hardware and software has become extremely popular as much of a radio structure can be digitized to make use of less expensive RF circuitry and fit into a compact package.

    The market for SDRs has grown over the past few years as makers and hobbyists have sought out better understanding of the wireless capabilities of their hardware. Engineers in industry have also started taking advantage of SDRs for mobile testing setups in the field or just to take advantage of a tight lab bench.

    The RadioSlate serves as a sturdy aluminum tablet powered by an Intel M3 8100Y dual-core SoC for a CPU, an Arduino Leonardo for an MCU, Intel UHD Graphics 615 GPU, 8 GB LPDDR3 RAM, and 1024 x 600 pixel touchscreen. RadioSlate is a fully-contained computer loaded with Ubuntu LTE (but also supports Windows 10 if a user desired to re-image it).

    Alongside the standard dual-band 802.11ac Wi-Fi and Bluetooth 4.2, RadioSlate contains a slot for either a LimeSDR Mini or HackRF One to connect to the CPU.

    https://www.crowdsupply.com/yian-it/radioslate

    Reply
  11. Tomi Engdahl says:

    We used a 1980s computer to talk to the SPACE STATION! Commodore 64 vs ISS
    https://m.youtube.com/watch?v=WJVU1stPPlQ&feature=share

    Reply
  12. electronic says:

    We learned from the web that the Electronic Barking Dog Alarm has an electronic radar-wave sense management.
    The place where you need the motion to be detected is where you set
    the Electronic Barking Dog Alarm because solely motions from the rear and from the sides are detected.

    Reply
  13. Tomi Engdahl says:

    GNU Radio Decodes Voyager Data
    https://hackaday.com/2021/09/10/gnu-radio-decodes-voyager-data/

    With the 44th anniversary of the launch of Voyager I, [Daniel] decided to use GNU Radio to decode Voyager data. The data isn’t live, but a recording from the Green Bank Telescope. The 16 GB file is in GUPPI format which stores raw IQ samples.

    The file contains 64 frequency channels of just under 3MHz each. The signal of interest is in one channel, so it is easy to just throw away the rest of the data.

    A Python block manipulates the file and provides a data source. Once you have that, the rest is pretty standard processing although, as you might expect, the signal is weak even with a 100 meter antenna. Large Fourier transforms do the trick.

    https://destevez.net/2021/09/decoding-voyager-1/

    Reply
  14. Tomi Engdahl says:

    We got a tip this week on a video about how 1/4-wave tuning stubs work. It’s a simple demonstration using a length of coax, a signal generator, and an oscilloscope to show how an unterminated feedline can reflect RF back to the transmitter, and how that can be used to build super-simple notch filters and impedance transformers.
    https://www.youtube.com/watch?v=l9YN6bPkdq8

    .We love demos that make the mysteries of RF a little simpler — W2AEW’s videos come to mind, like this one on standing waves.

    https://hackaday.com/2015/08/06/visualizing-rf-standing-waves/

    Reply
  15. Tomi Engdahl says:

    The Coolest Radio You’ve Probably Never Heard Of
    https://www.youtube.com/watch?v=h4x7cGALaC8

    Software Defined Radio (or SDR) is one of those things that I never knew existed as I was getting into the radio hobby. After learning about it, it’s one of the coolest radios in my humble communications arsenal.

    In this video I want to introduce you to SDR, and share just the slightest glimpse of what it has to offer in the hope that it inspires others to get into it and learn more.

    Reply
  16. Tomi Engdahl says:

    Raspberry Pi Tablet Gets Radio Surgical Enhancement
    https://hackaday.com/2021/10/20/raspberry-pi-tablet-gets-radio-surgical-enhancement/

    We always get excited when we buy a new tablet. But after a few months, it usually winds up at the bottom of a pile of papers on the credenza, a victim of not being as powerful as our desktop computers and not being as convenient as our phones. However, if you don’t mind a thick tablet, you can get the RasPad enclosure to fit around your own Raspberry Pi so it can be used as a tablet. Honestly, we weren’t that impressed until we saw [RTL-SDR] add an SDR dongle inside the case, making it a very portable Raspberry Pi SDR platform.

    RasPad 3.0 Review: Building a Portable Raspberry Pi 4 Tablet with Built in RTL-SDR
    https://www.rtl-sdr.com/raspad-3-0-review-building-a-portable-raspberry-pi-4-tablet-with-built-in-rtl-sdr/

    Reply
  17. Tomi Engdahl says:

    Choosing a “Step Up” Software Defined Radio (SDR)
    https://www.youtube.com/watch?v=6dNE20WBogw

    In this episode we look at 4 step up SDR radio devices.
    We talk about the benefits of step up SDRs, and look at 4 models under $200.

    I would recommend that you watch Episode 3 of the 2020 SDR Guide before this episode (if you have never seen it). It looks at my recommendations for buying a budget SDR.
    https://youtu.be/FDwTGk6c2Qg

    Reply
  18. Tomi Engdahl says:

    **DIY Si4732 LW,MW,SW,SSB Radio with 2.8 inch touch TFT display**

    Now the Radio has Si4732 instead of Si4730 chip (Covers SW Band, and SSB) , and new firmware from Gert Baak with more visual and functional improvements. Thanks to Ricardo Carrati’s excellent library and Gert Baak’s software, for which I sincerely thank them for their hard work.

    Detailed video instructions, schematic diagram, and code at:

    https://youtu.be/8XQ1SpLC2zU

    Reply
  19. Tomi Engdahl says:

    Four Band Digital HF SDR Transceiver Offers High Performance For Only $60
    https://hackaday.com/2021/12/08/four-band-digital-hf-sdr-transceiver-offers-high-performance-for-only-60/

    Amateur radio is a hobby that is often thought of as being exclusive to those with a healthy expendable income. In recent years however, the tides have turned. Cheap microcontrollers and signal generators have helped turned things around, and the $60 USD QDX from QRP Labs goes even further by sending the performance/price ratio through the roof. You can see more details in the video below the break.

    The QDX is the creation of [Hans Summers] who is well known for producing affordable high performance amateur radio kits that are focused on low power transmission, called “QRP” in ham radio parlance. What is it? It’s a pocket sized four band (80, 40, 30, 20 Meters) software defined radio (SDR) that is designed to be used with some of the most popular digital radio modes: FT8 and JS8Call, as well as any other FSK based mode such as RTTY. It’s also been tested to work well (and within spec) on 60 Meters.

    https://qrp-labs.com/qdx.html

    Reply
  20. Tomi Engdahl says:

    The Ultimate RF Hacking Tool?! HackRF Portapack H2
    https://www.youtube.com/watch?v=tmLeLcpLsGM

    Reply
  21. Tomi Engdahl says:

    SDR Toolkit Bends Weather Station To Hacker’s Whims
    https://hackaday.com/2021/12/17/sdr-toolkit-bends-weather-station-to-hackers-whims/

    We probably don’t have to tell most Hackaday readers why the current wave of low-cost software defined radios (SDRs) are such a big deal for hackers looking to explore the wide world of wireless signals. But if you do need a refresher as to what kind of SDR hardware and software should be in your bag of tricks, then this fantastically detailed account from [RK] about how he hacked his La Crosse WS-9611U-IT weather station is a perfect example.

    Looking to brush up his radio hacking skills, [RK] set out to use the ADALM-PLUTO software defined radio from Analog Devices to intercept signals between the La Crosse base station and its assorted wireless sensors. He notes that a $20 USD RTL-SDR dongle could do just as well if you only wanted to receive, but since his ultimate goal was to spoof a temperature sensor and introduce spurious data into the system, he needed an SDR that had transmit capabilities.

    Making it rain with Software Defined Radio
    https://spuriousemissions.com/making-it-rain-with-software-defined-radio/

    Reply
  22. Tomi Engdahl says:

    Raspberry Pi Virus Detection System Can Detect Malware on other Devices
    https://community.element14.com/technologies/sensor-technology/b/blog/posts/raspberry-pi-virus-detection-system-can-detect-malware-on-other-devices

    The system uses the Pi, an H-field probe and an o-scope to detect electromagnetic wave signatures from multiple virus types.

    Reply
  23. Tomi Engdahl says:

    What’s on Tap for Software-Defined Radio in 2022?
    Feb. 3, 2022
    This year, look for SDRs to offer increasing sampling rates, system designs to handle data at up to 5 GS/s, and diminishing hardware complexity.
    https://www.mwrf.com/technologies/systems/article/21215881/per-vices-corp-whats-on-tap-for-softwaredefined-radio-in-2022?utm_source=RF%20MWRF%20Today&utm_medium=email&utm_campaign=CPS220203069&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R

    Reply
  24. Tomi Engdahl says:

    RF comb Generator | Using comb generator for EMC,RFI testing
    https://www.rfwireless-world.com/test-and-measurement/comb-generator-basics-and-vendors.html

    Comb generator is the signal generator which produces harmonics of its input signal. Output spectral components are spaced at equal intervals.

    Reply
  25. Tomi Engdahl says:

    Analog RF Sensor Integration at the Edge Drives New Solutions
    Feb. 8, 2022
    By moving to RFSoC-based PCIe cards, engineers gain more options in their toolbox to innovate and develop better solutions for navigating the opportunities at the edge.
    https://www.mwrf.com/technologies/systems/article/21216244/bittware-analog-rf-sensor-integration-at-the-edge-drives-new-solutions?utm_source=RF%20MWRF%20Today&utm_medium=email&utm_campaign=CPS220211031&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R

    Reply
  26. Tomi Engdahl says:

    https://www.facebook.com/groups/2600net/permalink/3241557489400687/

    The documentation that describes how the LTE signals are modulated
    This contains 886 ms of data recorded at 30.72 Msps, and has much more than what we will be looking at here (in fact there is a PRACH right at the beginning). In this recording, the phone happens to be using Band 20. Specifically, a 10 MHz channel at 847 MHz. The demodulation is done in a Jupyter notebook using NumPy.

    Demodulation of the LTE uplink
    https://destevez.net/2022/02/demodulation-of-the-lte-uplink/

    Reply
  27. Tomi Engdahl says:

    RF Exploitation: IoT and OT Hacking with Software-Defined Radio
    https://m.youtube.com/watch?v=88RfClJvPRQ&feature=youtu.be

    Recent years have seen a flood of novel wireless exploits, from vulnerable medical devices to hacked OT devices, with exploitation moving beyond 802.11 and into more obscure standard and proprietary protocols. While other non-WiFi RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think. SDR is changing the game for both offense and defense.Learning Objectives:1: Become familiar with common security concerns and attack surfaces in a wireless communication system.2: Understand the ease and prevalence of wireless exploitation, with sophisticated examples.3: Learn to view IoT devices, security and privacy collectively.

    Reply
  28. Tomi Engdahl says:

    Hacking Toy RC Cars With The HackRF One
    https://hackaday.com/2022/04/30/hacking-toy-rc-cars-with-the-hackrf-one/

    The origin story for many who’d call themselves a member of the hacker community usually starts with taking things apart as a child just to see how they worked. For [Radoslav], that trend doesn’t seem to have slowed down, and he’s continued taking toys apart. Although since it’s his daughters little radio controlled car, he stuck to a non-destructive teardown. The result? He’s able to control the car with his laptop through a HackRF One SDR transceiver as shown in the video

    Controlling 2.4GHz FSK car with HackRF
    https://www.youtube.com/watch?v=mqSv-Nycy_4

    Reversing 2.4GHz remote control
    https://xakcop.com/post/re-2.4ghz/

    I have an old project on Github called rf-car for controlling a radio car with HackRF. A few months ago, my daughter received a new RC car made by Dickie Toys

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*