SDR videos

Software-defined radio (SDR) technology can be used for many interesting technical experiments. With listening only SDR you can do many interesting things, but having a SDR that can also transmit opens many new doors. Here are some interesting videos related to SDR and cyber security:

Universal Radio Hacker – Replay Attack With HackRF

Download here: https://github.com/jopohl/urh

Radio Hacking: Cars, Hardware, and more! – Samy Kamkar – AppSec California 2016

Hacking Car Key Fobs with SDR

Getting Started With The HackRF, Hak5 1707

Hacking Ford Key Fobs Pt. 1 – SDR Attacks with @TB69RR – Hak5 2523

Hacking Ford Key Fobs Pt. 2 – SDR Attacks with @TB69RR – Hak5 2524

Hacking Ford Key Fobs Pt. 3 – SDR Attacks with @TB69RR – Hak5 2525

Hacking Restaurant Pagers with HackRF

Software Defined Spectrum Analyser – Hack RF

Locating Cellular Signal with HackRF Spectrum Analyzer SDR Software

GSM Sniffing: Voice Decryption 101 – Software Defined Radio Series #11

How To Listen To Trunked Police Radio And Why Im Done

Transmitting NTSC/ATSC Video With the HackRF One and Gnuradio

Check also Using a HackRF SDR to Sniff RF Emissions from a Cryptocurrency Hardware Wallet and Obtain the PIN article.

342 Comments

  1. Tomi Engdahl says:

    LTE Sniffer Ferrets Out Cellular Communications
    https://hackaday.com/2023/05/18/lte-sniffer-ferrets-out-cellular-communications/

    LTE networks have taken over from older technologies like GSM in much of the world. Outfitted with the right hardware, like a software defined radio, and the right software, it’s theoretically possible to sniff some of this data for yourself. The LTESniffer project was built to do just this.

    LTESniffer is able to sniff downlink traffic from base stations using a USRP B210 SDR, outfitted with two antennas. If you want to sniff uplink traffic, though, you’ll need to upgrade to an X310 with two daughterboards fitted. This is due to the timing vagaries of LTE communication. Other solutions can work however, particularly if you just care about downlink traffic.

    https://github.com/SysSec-KAIST/LTESniffer

    https://www.ettus.com/all-products/ub210-kit/

    Reply
  2. Tomi Engdahl says:

    Raspi Wideband Receiver

    Outdoor POE webservers for the ham bands and and other radio signals from VHF to L-band

    https://hackaday.io/project/189572-raspi-wideband-receiver

    Reply
  3. Tomi Engdahl says:

    Listening To the International Space Station The Cheap Way
    https://www.youtube.com/watch?v=im9nAVsA_FU

    Listening to Astronauts ON THE ISS with a Baofeng UV-5R
    https://www.youtube.com/watch?v=3sNwzBC6Rbk

    Reply
  4. Tomi Engdahl says:

    How To Build A V Dipole For Receiving Weather Satellites
    https://www.youtube.com/watch?v=VM7sJrotjgs

    Weather Satellite Tracking Software Setup
    https://www.youtube.com/watch?v=bYpTsersKX8

    NOAA/METEOR SDR Antenna for weather satellite images
    https://www.youtube.com/watch?v=8MteT4KseyE

    How to Download NOAA Weather Satellite Live Earth Images – using SDR usb stick and Homemade Antenna
    https://www.youtube.com/watch?v=p60Zd-qCHoc

    Ham Radio – Automate satellite capture with Gpredict and GQRX on Linux.
    https://www.youtube.com/watch?v=AghjgwTw-Vk

    Reply
  5. Tomi Engdahl says:

    Wavelet Lab’s uSDR Is a Tiny Software-Defined Radio with Easily-Accessible Browser-Based Software
    Designed to make software-defined radio more accessible, this M.2 module uses WebUSB to connect to a browser-based software bundle.
    https://www.hackster.io/news/wavelet-lab-s-usdr-is-a-tiny-software-defined-radio-with-easily-accessible-browser-based-software-acf3bd40eee0

    Reply
  6. Tomi Engdahl says:

    http://www.qrp.gr/technology/diodes_only/mjrainey/tunneldiodetransmitter.html

    It’s now clear to me why nearly all of the 1960′s tunnel diode novelty transmitters were designed for phone rather than CW. Trying to keep a tunnel diode oscillator frequency-locked to a quartz crystal – while drawing staccato power from it – is akin to balancing a pea on your knife while jumping on a pogo stick! The problem is associated with the nature of non-linear oscillators in general. That is, the bias required for a reasonable output power in a keyed oscillator is higher than the bias needed for reliable frequency-locking to a quartz crystal; the circuit exhibits hysteresis.

    Reply
  7. Tomi Engdahl says:

    High Schoolers Build a Radio Receiver

    Students learn to melt solder, layout PC boards, use tools, and troubleshoot by building an analog, discrete component receiver.

    https://hackaday.io/project/190327-high-schoolers-build-a-radio-receiver

    Reply
  8. Tomi Engdahl says:

    The Ups and Downs of Amplitude Modulation
    An Introduction to the History, Principles and Applications of AM Radio
    https://blog.minicircuits.com/the-ups-and-downs-of-amplitude-modulation/?utm_source=mwrf&utm_medium=banner&utm_content=personif-display-amplitude-modulation&utm_campaign=05-23-bannerads

    When you think of advancements in signal modulation, your mental time machine might go back to the turn of the 21st century and LTE which was proposed by NTT DOCOMO as “Super 3G” in early 2004.1 But over a hundred years earlier, on June 3rd, 1900, in the city of São Paulo, Brazil, the Reverend Father Roberto Landell de Moura demonstrated the transmission of voice messages over a distance of 8 km using amplitude modulation.2 Several months later, on December 23, 1900, Reginald Aubrey Fessenden successfully transmitted an amplitude-modulated signal approximately 1.6 km.3 Throughout the nearly 123 years since these transmissions occurred, arguably no modulation scheme has been of greater significance in world history than amplitude modulation (AM).

    While AM is an inexpensive and simple way to transmit and receive signals over great distances, it is also susceptible to natural and man-made noise, which tend to be amplitude modulated as well. In this article, we first review the importance of some of the traditional frequency bands in which amplitude modulation has been utilized over the years and why it continues to be important today. Next, we describe the basic principles of amplitude modulation in both the time and frequency domains, enabling us to delve further into its advantages and disadvantages. Finally, we discuss modern modulation schemes for which amplitude modulation still plays a key role.

    Reply
  9. Tomi Engdahl says:

    Flipper Zero Garage Doors, Gas Signs, External Radio Modules
    https://www.youtube.com/watch?v=unvXVWafGcE

    Reply
  10. Tomi Engdahl says:

    Wireless BadUSB With Flipper Zero’s Bluetooth — NO CABLES!
    https://www.youtube.com/watch?v=lh99ssUy6FE

    Was feeling cute, so updated a custom firmware and badUSB-ed without a USB cable in sight. You?

    Reply
  11. Tomi Engdahl says:

    https://hackaday.com/2023/06/10/listening-to-the-iss-on-the-cheap/

    So what do you need to talk to a $100 billion space station? As it turns out, about $60 worth of stuff will do, as [saveitforparts] shows us in the video below. The cross-band repeater on the ISS transmits in the 70-cm ham band, meaning all that’s needed to listen in on the proceedings is a simple “handy talkie” transceiver like the $25-ish Baofeng shown. Tuning it to the 437.800-MHz downlink frequency with even a simple whip antenna should get you some reception when the ISS passes over.

    Reply
  12. Tomi Engdahl says:

    Flipper Zero “Smoking” A Smart Meter Is A Bad Look For Hardware Hackers
    https://hackaday.com/2023/06/14/flipper-zero-smoking-a-smart-meter-is-a-bad-look-for-hardware-hackers/

    Alright, we’re calling it — we need a pejorative equivalent to “script kiddie” to describe someone using a Flipper Zero for annoyingly malign purposes. If you need an example, check out the apparent smart meter snuff video below.

    The video was posted by [Peter Fairlie], who we assume is the operator of the Flipper Zero pictured. The hapless target smart meter is repeatedly switched on and off with the Flipper — some smart meters have contactors built in so that service can be disconnected remotely for non-payment or in emergencies — which rapidly starts and stops a nearby AC compressor. Eventually, the meter releases a puff of Magic Smoke, filling its transparent enclosure and obscuring the display. The Flipper’s operator mutters a few expletives at the results, but continues turning the meter on and off even more rapidly before eventually running away from the scene of the crime.

    Reply
  13. Tomi Engdahl says:

    Ham Almost Cooks ‘Dog
    https://hackaday.com/2023/06/14/ham-almost-cooks-dog/

    For those of us licensed in other countries it comes as something of a surprise to find that American radio amateurs now have to run RF exposure calculations as part of their licence requirements. [Ham Radio Crash Course] as approached this in a unique fashion, by running around 800 watts of 6-metre power into a vertical antenna festooned with hotdogs. That’s right, this ham is trying to cook some ‘dawgs! Is his station producing dangerous levels of power that might cook passers-by?

    Of course, aside from a barely-warmed line along where the ‘dogs were attached to the antenna there’s no heating to be found. But we think he’s trying to make the point in the video below the break about the relative pointlessness of applying RF field limits which are definitely relevant at much higher frequencies, to hams at low frequencies.

    Cook Hotdogs With A Radio? 6 Meter RF Exposure Test
    https://www.youtube.com/watch?v=IJJGpXUjK-U

    All amateur radio operators are now required to run simple calculations to make sure your antennas are not to close to be dangerous to others.

    Reply
  14. Tomi Engdahl says:

    Multichannel Vector Signal Analysis with Oscilloscopes
    June 14, 2023
    With Tektronix’s SignalVu-PC software, the company’s 5 and 6 Series B MSO oscilloscopes can perform RF spectral and modulation analysis of multiple channels.
    https://www.mwrf.com/technologies/test-measurement/video/21267886/tektronix-multichannel-vector-signal-analysis-with-oscilloscopes?utm_source=RF+MWRF+Today&utm_medium=email&utm_campaign=CPS230616140&o_eid=7211D2691390C9R&rdx.identpull=omeda|7211D2691390C9R&oly_enc_id=7211D2691390C9R

    Reply
  15. Tomi Engdahl says:

    Understanding Phase-Noise Measurement Techniques
    June 26, 2023
    Phase noise can be measured and analyzed either with traditional spectrum analyzers or dedicated phase-noise analyzers.
    https://www.electronicdesign.com/technologies/test-measurement/article/21268413/rohde-schwarz-understanding-phasenoise-measurement-techniques?utm_source=EG+ED+Analog+%26+Power+Source&utm_medium=email&utm_campaign=CPS230621091&o_eid=7211D2691390C9R&rdx.identpull=omeda|7211D2691390C9R&oly_enc_id=7211D2691390C9R

    Normalization

    Phase noise is specified as the noise power contained within a bandwidth of 1 Hz. Spectrum analyzers measure power using a resolution-bandwidth (RBW) filter, and in most spectrum analyzers, the filter used to measure power is more than 1 Hz wide. Therefore, noise power measured by these wider RBW filters must be normalized to a 1-Hz bandwidth.

    Reply
  16. Tomi Engdahl says:

    “AntSDR E200 – Gigabit Ethernet connected SDR with Xilinx Zynq SoC FPGA supports 70 MHz –6 GHz range”

    AntSDR E200 – Gigabit Ethernet connected SDR with Xilinx Zynq SoC FPGA supports 70 MHz – 6 GHz range (Crowdfunding)
    https://www.cnx-software.com/2023/07/03/antsdr-e200-gigabit-ethernet-connected-sdr-with-xilinx-zynq-soc-fpga-supports-70-mhz-6-ghz-range/?fbclid=IwAR3Qb7Rjdxr3_Yre8bWEqyiJA3Bpz1yAiNrOXSUzJL26PBTTStFJDirvBZQ

    We’ve just written about the uSDR M.2 SDR module on Crowd Supply, but it turns out the crowdfunding platform is hosting another SDR (Software-Defined Radio) project with the AntSDR E200 board equipped with an AMD Embedded Zynq 7020 SoC FPGA and an Analog Devices AD9363 or AD9361 RF chipset, and providing Gigabit Ethernet connectivity to the host.

    Reply
  17. Tomi Engdahl says:

    7 cool and useful things to do with your Flipper Zero https://www.zdnet.com/article/7-cool-and-useful-things-to-do-with-your-flipper-zero/

    I like my Flipper Zero, but what I hate is all the fake stuff that people looking for attention upload to TikTok. No, the Flipper Zero can’t change gas station signs, can’t copy credit and debit cards, and can’t turn off the displays at your burger joint.

    But that doesn’t mean that the Flipper Zero can’t do some very cool, useful things.

    Reply
  18. Tomi Engdahl says:

    Inexpensive Ham Radio Gets Upgrades Thanks To A Trojan
    https://hackaday.com/2023/07/06/inexpensive-ham-radio-gets-upgrades-thanks-to-a-trojan/

    Love them or hate them, the crop of cheap hand-held amateur radio transceivers is here to stay. They’re generally horrible radios, often smearing spurious emissions across the spectrum, but they’re cheap enough to throw in a glove box for emergencies, and they invite experimentation — for instance, modifying the firmware to add functionality the OEM didn’t think to offer.

    The new hotness in this class of radios is the Quansheng UV-K5, a two-band transceiver you can pick up for about $40, and we suspect it’ll get hotter still with this firmware trojan by [Piotr (SQ9P)]. We’ve already seen a firmware hack for these radios, one that aimed at unlocking the full frequency range of the RF chip at the heart of the radio. Honestly, we’re not huge fans of these mods, which potentially interfere with other allocations across multiple bands. But [Piotr]’s hacks seem a bit more innocuous, focusing mainly on modifying the radio’s display and adding useful features, such as a calibrated received signal strength bar graph and a numerical RSSI display. The really neat new feature, though, is the spectrum display, which shows activity across a 2-MHz slice of spectrum centered on the currently set frequency. And just because he could, [Piotr] put in a game of Pong.

    https://github.com/piotr022/UV_K5_playground

    Reply
  19. Tomi Engdahl says:

    Snooping in on satellites is getting to be quite popular, enough so that the number of people advancing the state of the art — not to mention the wealth of satellites transmitting signals in the clear — has almost made the hobby too easy. An SDR, a homebrew antenna, and some off-the-shelf software, and you too can see weather satellite images on your screen in real time….

    USING AN OLD SATELLITE TO SEE THE EARTH IN A NEW LIGHT
    https://hackaday.com/2023/07/08/using-an-old-satellite-to-see-the-earth-in-a-new-light/?fbclid=IwAR0ye701hIlIL42IiBBhOQLpbSlXPbiK2zMj3C9UEgYYQchkAF4PbNZ3oYY

    Snooping in on satellites is getting to be quite popular, enough so that the number of people advancing the state of the art — not to mention the wealth of satellites transmitting signals in the clear — has almost made the hobby too easy. An SDR, a homebrew antenna, and some off-the-shelf software, and you too can see weather satellite images on your screen in real time.

    Reply
  20. Tomi Engdahl says:

    Flipper Zero, the “Hacker’s Multi-Tool,” Gets an Official App Store for Easier Customization
    An updated mobile app now makes it possible to find and install free apps on the stock Flipper Zero firmware.
    https://www.hackster.io/news/flipper-zero-the-hacker-s-multi-tool-gets-an-official-app-store-for-easier-customization-5980e96b274e

    Reply
  21. Tomi Engdahl says:

    Regenerative receivers provide a surprising level of performance with only a handful of components. They excel at receiving amplitude modulated signals from below the AM broadcast band up to the higher short-wave bands above which the superregenerative detector becomes the better choice
    http://techlib.com/electronics/regen.html?fbclid=IwAR2Ju_qctbX-p-gvjbJFnjThOhFINOG-6-5v5gR0GFXrRWoASKMJ94ATqcs

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*