Software-defined radio (SDR) technology can be used for many interesting technical experiments. With listening only SDR you can do many interesting things, but having a SDR that can also transmit opens many new doors. Here are some interesting videos related to SDR and cyber security:
Universal Radio Hacker – Replay Attack With HackRF
Download here: https://github.com/jopohl/urh
Radio Hacking: Cars, Hardware, and more! – Samy Kamkar – AppSec California 2016
Hacking Car Key Fobs with SDR
Getting Started With The HackRF, Hak5 1707
Hacking Ford Key Fobs Pt. 1 – SDR Attacks with @TB69RR – Hak5 2523
Hacking Ford Key Fobs Pt. 2 – SDR Attacks with @TB69RR – Hak5 2524
Hacking Ford Key Fobs Pt. 3 – SDR Attacks with @TB69RR – Hak5 2525
Hacking Restaurant Pagers with HackRF
Software Defined Spectrum Analyser – Hack RF
Locating Cellular Signal with HackRF Spectrum Analyzer SDR Software
GSM Sniffing: Voice Decryption 101 – Software Defined Radio Series #11
How To Listen To Trunked Police Radio And Why Im Done
Transmitting NTSC/ATSC Video With the HackRF One and Gnuradio
Check also Using a HackRF SDR to Sniff RF Emissions from a Cryptocurrency Hardware Wallet and Obtain the PIN article.
333 Comments
Tomi Engdahl says:
Shielding A Cheap RTL-SDR Stick
https://hackaday.com/2022/06/29/shielding-a-cheap-rtl-sdr-stick/
Even though not every Hackaday reader is likely to be a radio enthusiast, it’s a fair guess that many of you will have experimented with an RTL-SDR USB dongle by now. These super-cheap devices are intended for digital TV reception and contain an RTL2832 chip, which with the proper software, can be pushed into service as a general purpose software defined radio receiver. For around $10 USD they’re fantastic value and a lot of fun to play with, even if they’re not the best radio ever. How to improve the lackluster performance? One of the easiest and cheapest ways is simply to shield it from RF noise, which [Alan R] has done with something as mundane as a tubular fizzy orange tablet container.
This is probably one of the simpler hacks you’ll see on this site, as all it involves is making an appropriate hole in the end of the tube and shielding the whole with some aluminium foil sticky tape. But the benefits can be seen immediately in the form of reduced FM broadcast band interference, something that plagues the cheaper dongles.
Low Cost Shielding Idea for Plastic RTL-SDRs
https://www.rtl-sdr.com/low-cost-shielding-idea-for-plastic-rtl-sdrs/
Tomi Engdahl says:
https://hackaday.com/2022/07/29/testing-antennas-with-wspr/
Tomi Engdahl says:
Hacker Finds Kill Switch for Submachine Gun–Wielding Robot Dog
The submachine gun–firing robot dog can be remotely shut down with an AI dolphin branded hacker’s tool.
https://www.vice.com/en/article/akeexk/hacker-finds-kill-switch-for-submachine-gun-wielding-robot-dog
Tomi Engdahl says:
https://hackaday.com/2022/08/13/remember-dab-radio-the-psion-wavefinder-gets-a-teardown/
Tomi Engdahl says:
https://hackaday.com/2022/08/14/just-how-good-is-a-tape-measure-antenna-anyway/
Tomi Engdahl says:
Simple Breadboard SDR For Shortwave
https://hackaday.com/2022/08/26/simple-breadboard-sdr-for-shortwave/
One of the best ways to learn about radios is to build your own, even in the age of cheap SDR dongles. [Aniss Oulhaci] demonstrates this with a simple HF SDR receiver built on a breadboard.
The receiver takes the form of a simplified Tayloe detector. An RF preamp circuit amplifies the signal from a shortwave antenna and feeds it into a 74HC4066D analog switch, which acts as a switching mixer. It mixes the input signal with the local oscillator’s I and Q signals to produce the intermediate frequency signals. The local oscillator consists of a SI5351 clock generator with a 74HC74D flip-flop to generate the I and Q pair. The signals pass through a low pass filter stage and get amplified by an LM358 op amp, resulting in the IQ signal pair being fed to a computer’s stereo sound card.
An Arduino is used to control the SI5351 clock generator, which in turn is controlled by the same program created for the SDR Shield.
Simple SDR receiver (10kHz-30MHz)
https://www.youtube.com/watch?v=G8BIYIsh-4I
Tomi Engdahl says:
Snooping On Starlink With An RTL-SDR
https://hackaday.com/2022/09/23/snooping-on-starlink-with-an-rtl-sdr/
With an ever-growing constellation of Starlink satellites whizzing around over our heads, you might be getting the urge to start experimenting with the high-speed internet service. But at $100 or more a month plus hardware, the barrier to entry is just a little daunting for a lot of us. No worries, though — if all you’re interested in is tracking [Elon]’s birds, it’s actually a pretty simple job.
Now, we’re not claiming that you’ll be able to connect to Starlink and get internet service with this setup, of course, and neither is the delightfully named [saveitforparts]. Instead, his setup just receives the beacon signals from Starlink satellites, which is pretty interesting all by itself. The hardware consists of his “Picorder” mobile device, which sports a Raspberry Pi, a small LCD screen, and a host of sensors, including an RTL-SDR dongle. To pick up the satellite beacons, he used a dirt-cheap universal Ku-band LNB, or low-noise block downconverter. They’re normally found at the focal point of a satellite TV dish, but in this case no dish is needed — just power it up with a power injector and point it to the sky.
Detecting Starlink Satellites With DIY Tricorder
https://www.youtube.com/watch?v=5cwEkhFdXGw
Tomi Engdahl says:
https://greatscottgadgets.com/2022/10-03-introducing-opera-cake/
Tomi Engdahl says:
HamRadio Packet Radio Modem over 70cm Band NPR-70 by F4HDK
https://www.aliexpress.com/item/1005004049272702.html
Tomi Engdahl says:
TRX-Duo Is A Red Pitaya Clone For Software Defined Radio
https://hackaday.com/2022/10/09/trx-duo-is-a-red-pitaya-clone-for-software-defined-radio/
If you’ve noticed the TRX-DUO software-defined radio transceiver, you might have wondered how it stacks up to other choices like Red Pitaya or HackRF. [Tech Minds] obliges with a review of the Red device in the video below.
While this unit isn’t inexpensive, it also isn’t as expensive as some of its competitors. Sure, you can pick up an RTL-SDR dongle for a fraction of the price, but then you miss out on transmitting. The device is pretty powerful compared to a cheap software defined radio:
Frequency: 10 kHz to 60 MHz
CPU: Zynq SoC with a dual-core ARM Cortex A9
RAM: 512 MB
OS: Linux
Connectivity: Ethernet and USB connectivity (WiFi with a dongle)
ADC: 16-bit at 125 MS/s (2 channels)
DAC: 14-bit at 125 MS/s (2 channels)
TRX DUO APPLICATION BASED HF SDR TRANSCEIVER (RED PIYATA)
https://www.youtube.com/watch?v=teks8v3u8F0
Tomi Engdahl says:
RF Hacking Hack Chat
https://hackaday.com/2022/10/10/rf-hacking-hack-chat/
RF Hacking Hack Chat
Find out what’s behind the waterfall
https://hackaday.io/event/187076-rf-hacking-hack-chat
Tomi Engdahl says:
The Internet Archive is building a library of amateur radio broadcasts
It’s also looking for print materials to digitize, as well as early-internet communications.
https://www.engadget.com/internet-archive-digital-library-of-amateur-radio-and-communications-180509856.html
Tomi Engdahl says:
Generating Stereo FM Signals, Thanks To Python
https://hackaday.com/2022/10/19/generating-stereo-fm-signals-thanks-to-python/
A casual understanding of how AM radio works is pretty easy to come by, and standard FM is only a little more complicated. Things can go off the tracks a bit with stereo FM, though — figuring out how they squeeze two separate audio tracks onto one radio signal is a bit of a head-scratcher. In that case, wrapping your head around the concept might be helped by mocking up a stereo FM signal with an arbitrary waveform generator and a little bit of Python.
Not that [Sebastian] of Baltic Lab was unfamiliar with multiplex FM theory, mind you. As he explains it, his goal was to generate a valid stereo FM signal with a different pure tone on each channel, 700 Hz on the left and 2,200 Hz on the right. Luckily, [Sebastian] has a nice AWG, the Siglent SDG1032X, which has an Ethernet connection that can be used to control it remotely along with PyVISA, a Python package for controlling instruments using the Virtual Instrument Software Architecture protocol.
Generate a stereo-FM multiplex waveform with Python and AWG
https://baltic-lab.com/2022/10/generate-a-stereo-fm-multiplex-waveform-with-python-and-awg/
Tomi Engdahl says:
Defcon killer hertz
https://m.youtube.com/watch?v=ICjSXak50uo&feature=youtu.be
Tomi Engdahl says:
Hackaday Supercon – HunterScott : Why Phased Arrays are Cool and How to Build One
https://www.youtube.com/watch?v=ytBmoL2wZLw
Hunter Scott’s talk from the 2018 Hackaday Superconference explains what phased arrays are, their basic architecture, their benefits, and how to make one yourself. He also talks about how we can take advantage of new chips for the coming 5G standard to reduce hardware cost and complexity.
Phased Array Antennas
https://www.youtube.com/watch?v=vtPPAnvJS6c
Tomi Engdahl says:
https://hackaday.com/2022/11/01/identify-that-antenna-by-sight/
Tomi Engdahl says:
https://hackaday.com/2022/11/01/the-many-ways-you-can-easily-ruin-your-pcb-antenna-design/
Tomi Engdahl says:
Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not
Elon said no thanks to using his mega-constellation for navigation. Researchers went ahead anyway.
https://www.technologyreview.com/2022/10/21/1062001/spacex-starlink-signals-reverse-engineered-gps/
Tomi Engdahl says:
Build a Passive Radar With Software-Defined Radio Spot stuff with the KrakenSDR and two TV antennas
https://spectrum.ieee.org/passive-radar-with-sdr
Transmissions from a broadcast tower, such as the spire on top of the Empire State Building, can be used with cheap TV antennas and a software-defined radio to track the movements of airplanes.
Unlike conventional radar, passive radar doesn’t send out pulses of its own and watch for reflections. Instead, it uses ambient signals. A reference antenna picks up a signal from, say, a cell tower, while a surveillance antenna is tuned to the same frequency. The reference and surveillance signals are compared. If a reflection from an object is detected, then the time it took to arrive at the surveillance antenna gives a range. Frequency shifts indicate the object’s speed via the Doppler effect.
Tomi Engdahl says:
Stephen Cass Wakes the KrakenSDR and a Raspberry Pi for a Speed-Finding Passive Radar Project
Using the Empire State Building as a radio signal source, Cass’ passive radar can pick a plane out of the air and tell you its speed.
https://www.hackster.io/news/stephen-cass-wakes-the-krakensdr-and-a-raspberry-pi-for-a-speed-finding-passive-radar-project-01e44d1e521d
Tomi Engdahl says:
Wi-Spy
The Wi-Peep exploit allows an attacker to covertly locate all of the Wi-Fi-enabled devices in a building quickly using inexpensive hardware
https://www.hackster.io/news/wi-spy-98d985364820
Tomi Engdahl says:
Baofeng transplant
https://youtu.be/CIeT4SWneeo
Tomi Engdahl says:
https://hackaday.com/2022/11/15/getting-to-the-heart-of-a-baofeng/
Tomi Engdahl says:
Listen To 64 MHz At Once
https://hackaday.com/2022/11/16/listen-to-64-mhz-at-once/
We imagine that if [Tech Minds] told us he was listening to the HF bands, we might ask him which one? His reply might just be “All of them.” That’s thanks to the RX-888 MKII SDR he reviewed which delivers a 64 MHz window on the radio spectrum
Tomi Engdahl says:
https://hackaday.com/2022/11/17/number-stations-gone-wild/
Tomi Engdahl says:
https://hackaday.com/2022/11/20/this-standalone-camera-gets-the-picture-through-with-sstv/
Tomi Engdahl says:
WiFi Cam 2.0 Captures ‘Photos’ of Wireless Signals
Wireless radio signals are invisible to the human eye, but Jan Neumann’s WiFi Cam 2.0 device can capture images of them.
https://www.hackster.io/news/wifi-cam-2-0-captures-photos-of-wireless-signals-b20702fcc382
Tomi Engdahl says:
https://blog.dataparty.xyz/blog/rfparty-a-new-way-to-see-ble/
Tomi Engdahl says:
Russlands Sat-Spionagestation in Wien mit Technik von NATO-Lieferanten
Alle Komponenten der vier großen Dishes stammen entweder von der kanadischen Norsat oder von Swedish Microwave (SMW). Norsat ist eine Vertragsfirma der NATO und des Pentagon, SMW beliefert ebenso in erster Linie Militärs.
https://fm4.orf.at/stories/3029072/
Tomi Engdahl says:
http://soldersmoke.blogspot.com/2022/12/but-why-why-cant-i-listen-to-dsb-or-am.html
Tomi Engdahl says:
Air-gapped PCs vulnerable to data theft via power supply radiation https://www.bleepingcomputer.com/news/security/air-gapped-pcs-vulnerable-to-data-theft-via-power-supply-radiation/
A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems isolated from the internet over a distance of at least two meters (6.5 ft), where its captured by a receiver.
Tomi Engdahl says:
LF Electromagnetic Radiation Used for Stealthy Data Theft From Air-Gapped Systems
https://www.securityweek.com/lf-electromagnetic-radiation-used-stealthy-data-theft-air-gapped-systems
Mordechai Guri, a cybersecurity researcher from the Ben-Gurion University of the Negev in Israel who specializes in air gap jumping, has released a paper detailing yet another method that can be used to stealthily exfiltrate data from systems isolated from the internet and local networks.
The new method involves using the dynamic power consumption of modern computers and manipulation of CPU loads in order to cause the device to generate specific low-frequency (LF) electromagnetic radiation in the 0-60 kHz band.
Guri showed how a malicious actor who has managed to plant a piece of malware on the targeted device — this can be achieved through insiders, supply chain attacks or social engineering — can exfiltrate small pieces of highly sensitive information, such as passwords or encryption keys.
The researcher demonstrated that the attack can be conducted over distances of 2 meters (6.5 feet) and even more. The attack method has been named COVID-bit because this distance is often recommended for preventing Covid-19 transmission.
Mordechai Guri, a cybersecurity researcher from the Ben-Gurion University of the Negev in Israel who specializes in air gap jumping, has released a paper detailing yet another method that can be used to stealthily exfiltrate data from systems isolated from the internet and local networks.
The new method involves using the dynamic power consumption of modern computers and manipulation of CPU loads in order to cause the device to generate specific low-frequency (LF) electromagnetic radiation in the 0-60 kHz band.
Guri showed how a malicious actor who has managed to plant a piece of malware on the targeted device — this can be achieved through insiders, supply chain attacks or social engineering — can exfiltrate small pieces of highly sensitive information, such as passwords or encryption keys.
The researcher demonstrated that the attack can be conducted over distances of 2 meters (6.5 feet) and even more. The attack method has been named COVID-bit because this distance is often recommended for preventing Covid-19 transmission.
Tomi Engdahl says:
https://openrepeater.com/downloads
Tomi Engdahl says:
Trio JR-500S ham radio vs SDRplay RSP1A SDR Radio
Old Tube radio vs modern SDR radio comparision
https://hackaday.io/project/188592-trio-jr-500s-ham-radio-vs-sdrplay-rsp1a-sdr-radio
Tomi Engdahl says:
https://hackaday.com/2022/12/16/antenna-mount-designed-for-on-the-go-sdr/
Tomi Engdahl says:
https://hackaday.com/2022/12/17/citizen-driven-network-monitors-public-service-radio-for-natural-disaster-alerts/
Tomi Engdahl says:
Connecting Commercial 433 MHz Sensors To MQTT And Home Assistant With RTL-SDR
https://hackaday.com/2022/12/26/connecting-commercial-433-mhz-sensors-to-mqtt-and-home-assistant-with-rtl-sdr/
When [Elixir of Progress] was looking at setting up environmental sensors around their home to keep track of temperature, humidity and such, the obvious ideas of using WiFi-connected sensors didn’t work due to lack of WiFi range. Although Zigbee (Z-wave) sensors have longer range than WiFi, they are decidedly more expensive, proprietary and require a special transceiver hub. That’s where 433 MHz sensors for weather stations come into the picture.
The idea is simple: virtually all of those sensors – many of them rated for outdoor use – use the unlicensed 433 MHz spectrum that can easily be captured using cheap RTL-SDR (software defined radio) USB dongles. With the data stream from these sensors captured, the open source rtl_433 project enables automatic decoding of these data streams for a wide range of supported sensors.
https://cohost.org/Elixir-Of-Progress/post/463783-probing-weather-in-h
https://github.com/merbanan/rtl_433
Tomi Engdahl says:
https://hackaday.com/2022/12/23/this-week-in-security-github-actions-sha-1-retirement-and-a-self-worming-vulnerability/
Your Tires Are Leaking (Data)
Back a few years ago, [Mike Metzger] gave a DEFCON talk about TPMS, Tire Pressure Monitoring Systems. This nifty safety feature allows sensors in car tires to talk to the infotainment center, and warn when a tire is low. [Drew Griess] decided to follow up on this bit of info, and see just how practical it would be to use and abuse these gizmos.
An RTL_SDR and the very useful rtl_433 project do the job quite nicely. Add an antenna, and the signals are readable over fifty feet away. It really becomes interesting when you realize that each of those sensors have a unique ID sent in each ping. Need to track a vehicle? Just follow its tires!
Your Car is Trackable by Law
TPMS Tracking
Today I learned how to read the unique ID of a tire pressure sensor which can be used to track vehicles using a sensor network.
https://medium.com/@doctoreww/day-2-your-car-is-trackable-by-law-1d5f74388850
Tomi Engdahl says:
https://hackaday.com/2022/12/28/supercon-2022-mooneer-salem-goes-ham-with-an-esp32/
Tomi Engdahl says:
Software-Defined Radio Brings Agility to Hardware Design
December 28, 2022 Alex Colpitts and Brendon McHugh
https://www.eetimes.eu/software-defined-radio-brings-agility-to-hardware-design/?utm_source=newsletter&utm_campaign=link&utm_medium=EETimesEuropeWeekly-20230119
Software-controlled hardware is
transforming the technological landscape, and radio hardware has been swept up in this rapid progression.
Tomi Engdahl says:
https://hackaday.com/2023/01/23/listening-to-a-flashlight-lunar-flashlight/
Tomi Engdahl says:
How to become a Shortwave listener (SWL) with Fedora Linux and Software Defined Radio
https://fedoramagazine.org/how-to-become-a-shortwave-listener-swl-with-fedora-linux-and-software-defined-radio/
Tomi Engdahl says:
A Single-Resistor Radio Transmitter, Thanks To The Power Of Noise
https://hackaday.com/2023/01/27/a-single-resistor-radio-transmitter-thanks-to-the-power-of-noise/
Tomi Engdahl says:
https://hackaday.com/2023/01/28/speak-to-the-machine/
Tomi Engdahl says:
https://hackaday.com/2023/01/27/a-single-resistor-radio-transmitter-thanks-to-the-power-of-noise/
Tomi Engdahl says:
Mercury Minimizes the Signal Chain with Direct RF Technology
Feb. 3, 2023
Mercury Systems’ Ken Hermanny and Rodger Hosking discuss the company’s deployment of Direct RF technology in its signal-processing products for defense and aerospace applications.
David Maliniak
https://www.electronicdesign.com/markets/defense/video/21259474/microwaves-rf-minimizing-the-signal-chain-with-direct-rf-technology?utm_source=EG+ED+Analog+%26+Power+Source&utm_medium=email&utm_campaign=CPS230202027&o_eid=7211D2691390C9R&rdx.identpull=omeda|7211D2691390C9R&oly_enc_id=7211D2691390C9R
While it’s not a brand-spanking-new technology, Direct RF receiver architectures are now coming to the fore in numerous aerospace and defense applications, such as radar and electronic warfare. Direct RF architectures bring a host of advantages. For one, they eliminate the need for a mixer or local oscillator for frequency downconversion. A wideband RF analog-to-digital converter (ADC) digitizes the RF signal directly as opposed to operating on an IF signal of lower frequency, reducing complexity, risk, cost per channel, and, critically, SWaP. At the same time, the architecture boosts performance, latency, and channel density.
Among vendors in the signal-processing space that have embraced Direct RF, Mercury Systems is at the forefront. The company offers Direct RF-based signal chains in the forms of both an RF system-in-package (SiP), exemplified in its RFS1140, and at board level, most recently in its new DRF3182 Direct RF processing module.
Tomi Engdahl says:
SDR Scanner Listens To Everything
https://hackaday.com/2023/02/06/sdr-scanner-listens-to-everything/
In the old days, scanners would listen to a bunch of channels in a round-robin fashion. If a signal breaks the squelch, the scanner stops and scanning continues scanning after a few seconds of inactivity. But with modern SDRs, you don’t have to listen to one channel at a time. You can listen to all of them. [Tech Minds] shows RTL SDR Scanner on Linux to record up to 20 MHz of the band simultaneously. It records all the channels in the band of interest. The actual project is on GitHub.
RTL SDR Scanner – FULL Bandwidth Recording With WEB UI
https://www.youtube.com/watch?v=YzQ2N0VkKvE
https://github.com/shajen/rtl-sdr-scanner-cpp
Tomi Engdahl says:
https://etn.fi/index.php/13-news/14580-dataa-laehetettiin-ilman-virtaa
Tomi Engdahl says:
Getting Started With Software Defined Radio (SDR)
https://makezine.com/article/electronics/getting-started-with-software-defined-radio-sdr/
Eavesdrop on virtually the entire radio spectrum — for 30 bucks!
Not long ago, enthusiasts with an urge to listen to radio broadcasts had to make hard choices about what equipment to buy based on their interests. “Multi-band” radios provided circuitry for a selected set of frequencies, usually requiring crystals specific to each band. A basic one might receive AM, FM, shortwave, and NOAA weather radio; for more than that, you’d be looking at serious cash.
But today, a little USB dongle costing around $30 can receive AM, FM, shortwave (SW), amateur/ham HF, VHF, UHF, SHF, maritime, aviation, EMS, satellite, NOAA, HD radio, trunked radio, P25, GPS, APRS, radar, HAARP, CW, TV, GSM, pagers, baby monitors, DMR, D-STAR, PSK, RTTY, SSTV, and pretty much anything else broadcasting from 500kHz up to 1.75GHz. More expensive models can extend that range and even transmit!
Tomi Engdahl says:
Gabe Emerson’s Spacedeck Is a Radio-Packed Upcycled Luggable for “Legal Satellite Hacking”
https://www.hackster.io/news/gabe-emerson-s-spacedeck-is-a-radio-packed-upcycled-luggable-for-legal-satellite-hacking-acb022a58b3e
Built using upcycled parts from the Windows XP era, this Linux-based luggable packs everything you need for satcom work.