Software-defined radio (SDR) technology can be used for many interesting technical experiments. With listening only SDR you can do many interesting things, but having a SDR that can also transmit opens many new doors. Here are some interesting videos related to SDR and cyber security:
Universal Radio Hacker – Replay Attack With HackRF
Download here: https://github.com/jopohl/urh
Radio Hacking: Cars, Hardware, and more! – Samy Kamkar – AppSec California 2016
Hacking Car Key Fobs with SDR
Getting Started With The HackRF, Hak5 1707
Hacking Ford Key Fobs Pt. 1 – SDR Attacks with @TB69RR – Hak5 2523
Hacking Ford Key Fobs Pt. 2 – SDR Attacks with @TB69RR – Hak5 2524
Hacking Ford Key Fobs Pt. 3 – SDR Attacks with @TB69RR – Hak5 2525
Hacking Restaurant Pagers with HackRF
Software Defined Spectrum Analyser – Hack RF
Locating Cellular Signal with HackRF Spectrum Analyzer SDR Software
GSM Sniffing: Voice Decryption 101 – Software Defined Radio Series #11
How To Listen To Trunked Police Radio And Why Im Done
Transmitting NTSC/ATSC Video With the HackRF One and Gnuradio
Check also Using a HackRF SDR to Sniff RF Emissions from a Cryptocurrency Hardware Wallet and Obtain the PIN article.
333 Comments
Tomi Engdahl says:
https://hackaday.com/2023/05/12/what-is-a-schumann-resonance-and-why-am-i-being-offered-a-7-83hz-oscillator/
Tomi Engdahl says:
LTE Sniffer Ferrets Out Cellular Communications
https://hackaday.com/2023/05/18/lte-sniffer-ferrets-out-cellular-communications/
LTE networks have taken over from older technologies like GSM in much of the world. Outfitted with the right hardware, like a software defined radio, and the right software, it’s theoretically possible to sniff some of this data for yourself. The LTESniffer project was built to do just this.
LTESniffer is able to sniff downlink traffic from base stations using a USRP B210 SDR, outfitted with two antennas. If you want to sniff uplink traffic, though, you’ll need to upgrade to an X310 with two daughterboards fitted. This is due to the timing vagaries of LTE communication. Other solutions can work however, particularly if you just care about downlink traffic.
https://github.com/SysSec-KAIST/LTESniffer
https://www.ettus.com/all-products/ub210-kit/
Tomi Engdahl says:
Titanic: Amateur radio heard SOS in Welsh town 3,000 miles away
https://www.bbc.com/news/uk-wales-65398807?at_campaign=Social_Flow&at_campaign_type=owned&at_ptr_name=facebook_page&at_format=link&at_link_id=7E0ACEAC-F878-11ED-91A6-B4D7FF7C7F44&at_bbc_team=editorial&at_link_type=web_link&at_medium=social&at_link_origin=BBC_Money
Tomi Engdahl says:
Raspi Wideband Receiver
Outdoor POE webservers for the ham bands and and other radio signals from VHF to L-band
https://hackaday.io/project/189572-raspi-wideband-receiver
Tomi Engdahl says:
Downloading Images from Russian Satellite
https://www.youtube.com/watch?v=w_QpKGK0tuE
Tomi Engdahl says:
Listening To the International Space Station The Cheap Way
https://www.youtube.com/watch?v=im9nAVsA_FU
Listening to Astronauts ON THE ISS with a Baofeng UV-5R
https://www.youtube.com/watch?v=3sNwzBC6Rbk
Tomi Engdahl says:
How To Build A V Dipole For Receiving Weather Satellites
https://www.youtube.com/watch?v=VM7sJrotjgs
Weather Satellite Tracking Software Setup
https://www.youtube.com/watch?v=bYpTsersKX8
NOAA/METEOR SDR Antenna for weather satellite images
https://www.youtube.com/watch?v=8MteT4KseyE
How to Download NOAA Weather Satellite Live Earth Images – using SDR usb stick and Homemade Antenna
https://www.youtube.com/watch?v=p60Zd-qCHoc
Ham Radio – Automate satellite capture with Gpredict and GQRX on Linux.
https://www.youtube.com/watch?v=AghjgwTw-Vk
Tomi Engdahl says:
Wavelet Lab’s uSDR Is a Tiny Software-Defined Radio with Easily-Accessible Browser-Based Software
Designed to make software-defined radio more accessible, this M.2 module uses WebUSB to connect to a browser-based software bundle.
https://www.hackster.io/news/wavelet-lab-s-usdr-is-a-tiny-software-defined-radio-with-easily-accessible-browser-based-software-acf3bd40eee0
Tomi Engdahl says:
https://hackaday.com/2023/05/18/lte-sniffer-ferrets-out-cellular-communications/
Tomi Engdahl says:
https://hackaday.com/2023/05/27/hacking-a-smart-electric-toothbrush-to-reset-its-usage-counter/
Tomi Engdahl says:
How to Make a Simple But Effective Tv Transmitter (Analog)
https://www.instructables.com/How-to-Make-a-Simple-but-effective-tv-transmitter-/?amp_page=true
Tomi Engdahl says:
http://www.qrp.gr/technology/diodes_only/mjrainey/tunneldiodetransmitter.html
It’s now clear to me why nearly all of the 1960′s tunnel diode novelty transmitters were designed for phone rather than CW. Trying to keep a tunnel diode oscillator frequency-locked to a quartz crystal – while drawing staccato power from it – is akin to balancing a pea on your knife while jumping on a pogo stick! The problem is associated with the nature of non-linear oscillators in general. That is, the bias required for a reasonable output power in a keyed oscillator is higher than the bias needed for reliable frequency-locking to a quartz crystal; the circuit exhibits hysteresis.
Tomi Engdahl says:
High Schoolers Build a Radio Receiver
Students learn to melt solder, layout PC boards, use tools, and troubleshoot by building an analog, discrete component receiver.
https://hackaday.io/project/190327-high-schoolers-build-a-radio-receiver
Tomi Engdahl says:
https://hackaday.com/2023/06/05/getting-started-in-ham-hack-chat/
Tomi Engdahl says:
https://hackaday.com/2023/06/06/radio-apocalypse-hardening-am-radio-against-disasters/
Tomi Engdahl says:
https://hackaday.com/2023/06/06/reverse-engineering-a-better-nights-sleep/
Tomi Engdahl says:
The Ups and Downs of Amplitude Modulation
An Introduction to the History, Principles and Applications of AM Radio
https://blog.minicircuits.com/the-ups-and-downs-of-amplitude-modulation/?utm_source=mwrf&utm_medium=banner&utm_content=personif-display-amplitude-modulation&utm_campaign=05-23-bannerads
When you think of advancements in signal modulation, your mental time machine might go back to the turn of the 21st century and LTE which was proposed by NTT DOCOMO as “Super 3G” in early 2004.1 But over a hundred years earlier, on June 3rd, 1900, in the city of São Paulo, Brazil, the Reverend Father Roberto Landell de Moura demonstrated the transmission of voice messages over a distance of 8 km using amplitude modulation.2 Several months later, on December 23, 1900, Reginald Aubrey Fessenden successfully transmitted an amplitude-modulated signal approximately 1.6 km.3 Throughout the nearly 123 years since these transmissions occurred, arguably no modulation scheme has been of greater significance in world history than amplitude modulation (AM).
While AM is an inexpensive and simple way to transmit and receive signals over great distances, it is also susceptible to natural and man-made noise, which tend to be amplitude modulated as well. In this article, we first review the importance of some of the traditional frequency bands in which amplitude modulation has been utilized over the years and why it continues to be important today. Next, we describe the basic principles of amplitude modulation in both the time and frequency domains, enabling us to delve further into its advantages and disadvantages. Finally, we discuss modern modulation schemes for which amplitude modulation still plays a key role.
Tomi Engdahl says:
Flipper Zero Self Destructs an Electricity Smart Meter
https://www.rtl-sdr.com/flipper-zero-self-destructs-an-electricity-smart-meter/
Flipper Zero Smokes Smart Meter !
https://www.youtube.com/watch?v=kF6o9Ec4k_o
Tomi Engdahl says:
Flipper Zero Garage Doors, Gas Signs, External Radio Modules
https://www.youtube.com/watch?v=unvXVWafGcE
Tomi Engdahl says:
Wireless BadUSB With Flipper Zero’s Bluetooth — NO CABLES!
https://www.youtube.com/watch?v=lh99ssUy6FE
Was feeling cute, so updated a custom firmware and badUSB-ed without a USB cable in sight. You?
Tomi Engdahl says:
https://hackaday.com/2023/06/12/passionate-hams-make-their-mark-on-the-hack-chat/
Tomi Engdahl says:
https://hackaday.com/2023/06/10/listening-to-the-iss-on-the-cheap/
So what do you need to talk to a $100 billion space station? As it turns out, about $60 worth of stuff will do, as [saveitforparts] shows us in the video below. The cross-band repeater on the ISS transmits in the 70-cm ham band, meaning all that’s needed to listen in on the proceedings is a simple “handy talkie” transceiver like the $25-ish Baofeng shown. Tuning it to the 437.800-MHz downlink frequency with even a simple whip antenna should get you some reception when the ISS passes over.
Tomi Engdahl says:
https://hackaday.com/2023/06/16/long-distance-wi-fi-with-steam-deck-server/
Tomi Engdahl says:
https://hackaday.com/2023/06/18/detecting-meteors-with-sdr/
Tomi Engdahl says:
Flipper Zero “Smoking” A Smart Meter Is A Bad Look For Hardware Hackers
https://hackaday.com/2023/06/14/flipper-zero-smoking-a-smart-meter-is-a-bad-look-for-hardware-hackers/
Alright, we’re calling it — we need a pejorative equivalent to “script kiddie” to describe someone using a Flipper Zero for annoyingly malign purposes. If you need an example, check out the apparent smart meter snuff video below.
The video was posted by [Peter Fairlie], who we assume is the operator of the Flipper Zero pictured. The hapless target smart meter is repeatedly switched on and off with the Flipper — some smart meters have contactors built in so that service can be disconnected remotely for non-payment or in emergencies — which rapidly starts and stops a nearby AC compressor. Eventually, the meter releases a puff of Magic Smoke, filling its transparent enclosure and obscuring the display. The Flipper’s operator mutters a few expletives at the results, but continues turning the meter on and off even more rapidly before eventually running away from the scene of the crime.
Tomi Engdahl says:
Ham Almost Cooks ‘Dog
https://hackaday.com/2023/06/14/ham-almost-cooks-dog/
For those of us licensed in other countries it comes as something of a surprise to find that American radio amateurs now have to run RF exposure calculations as part of their licence requirements. [Ham Radio Crash Course] as approached this in a unique fashion, by running around 800 watts of 6-metre power into a vertical antenna festooned with hotdogs. That’s right, this ham is trying to cook some ‘dawgs! Is his station producing dangerous levels of power that might cook passers-by?
Of course, aside from a barely-warmed line along where the ‘dogs were attached to the antenna there’s no heating to be found. But we think he’s trying to make the point in the video below the break about the relative pointlessness of applying RF field limits which are definitely relevant at much higher frequencies, to hams at low frequencies.
Cook Hotdogs With A Radio? 6 Meter RF Exposure Test
https://www.youtube.com/watch?v=IJJGpXUjK-U
All amateur radio operators are now required to run simple calculations to make sure your antennas are not to close to be dangerous to others.
Tomi Engdahl says:
Better Antennas Via Annealing (Simulated)
https://hackaday.com/2023/06/18/better-antennas-via-annealing-simulated/
http://www.persion.info/projects/antenna_annealing/
Tomi Engdahl says:
Multichannel Vector Signal Analysis with Oscilloscopes
June 14, 2023
With Tektronix’s SignalVu-PC software, the company’s 5 and 6 Series B MSO oscilloscopes can perform RF spectral and modulation analysis of multiple channels.
https://www.mwrf.com/technologies/test-measurement/video/21267886/tektronix-multichannel-vector-signal-analysis-with-oscilloscopes?utm_source=RF+MWRF+Today&utm_medium=email&utm_campaign=CPS230616140&o_eid=7211D2691390C9R&rdx.identpull=omeda|7211D2691390C9R&oly_enc_id=7211D2691390C9R
Tomi Engdahl says:
Easy Modifications For Inexpensive Radios
https://hackaday.com/2023/06/23/easy-modifications-for-inexpensive-radios/
https://github.com/Tunas1337/UV-K5-Modded-Firmwares
Tomi Engdahl says:
https://hackaday.com/2023/06/23/the-voice-of-gps/
Tomi Engdahl says:
Understanding Phase-Noise Measurement Techniques
June 26, 2023
Phase noise can be measured and analyzed either with traditional spectrum analyzers or dedicated phase-noise analyzers.
https://www.electronicdesign.com/technologies/test-measurement/article/21268413/rohde-schwarz-understanding-phasenoise-measurement-techniques?utm_source=EG+ED+Analog+%26+Power+Source&utm_medium=email&utm_campaign=CPS230621091&o_eid=7211D2691390C9R&rdx.identpull=omeda|7211D2691390C9R&oly_enc_id=7211D2691390C9R
Normalization
Phase noise is specified as the noise power contained within a bandwidth of 1 Hz. Spectrum analyzers measure power using a resolution-bandwidth (RBW) filter, and in most spectrum analyzers, the filter used to measure power is more than 1 Hz wide. Therefore, noise power measured by these wider RBW filters must be normalized to a 1-Hz bandwidth.
Tomi Engdahl says:
https://hackaday.com/2023/06/27/espboy-turned-into-functional-walkie-talkie/
Tomi Engdahl says:
https://hackaday.com/2023/06/28/field-testing-a-home-made-wifi-antenna/
Tomi Engdahl says:
https://hackaday.com/2023/06/23/easy-modifications-for-inexpensive-radios/
Tomi Engdahl says:
https://www.cnx-software.com/2023/06/16/usdr-an-m-2-sdr-board-controllable-from-your-web-browser/
Tomi Engdahl says:
https://hackaday.com/2023/06/10/listening-to-the-iss-on-the-cheap/
Tomi Engdahl says:
http://www.electronics-diy.com/BA1404_Stereo_FM_Transmitter.php?fbclid=IwAR3Y1DmSKUsVD8Al5F5EMmHJHE5EmHww9R22O64O9OBjdiKv3_n5dgo-N1o
Tomi Engdahl says:
“AntSDR E200 – Gigabit Ethernet connected SDR with Xilinx Zynq SoC FPGA supports 70 MHz –6 GHz range”
AntSDR E200 – Gigabit Ethernet connected SDR with Xilinx Zynq SoC FPGA supports 70 MHz – 6 GHz range (Crowdfunding)
https://www.cnx-software.com/2023/07/03/antsdr-e200-gigabit-ethernet-connected-sdr-with-xilinx-zynq-soc-fpga-supports-70-mhz-6-ghz-range/?fbclid=IwAR3Qb7Rjdxr3_Yre8bWEqyiJA3Bpz1yAiNrOXSUzJL26PBTTStFJDirvBZQ
We’ve just written about the uSDR M.2 SDR module on Crowd Supply, but it turns out the crowdfunding platform is hosting another SDR (Software-Defined Radio) project with the AntSDR E200 board equipped with an AMD Embedded Zynq 7020 SoC FPGA and an Analog Devices AD9363 or AD9361 RF chipset, and providing Gigabit Ethernet connectivity to the host.
Tomi Engdahl says:
7 cool and useful things to do with your Flipper Zero https://www.zdnet.com/article/7-cool-and-useful-things-to-do-with-your-flipper-zero/
I like my Flipper Zero, but what I hate is all the fake stuff that people looking for attention upload to TikTok. No, the Flipper Zero can’t change gas station signs, can’t copy credit and debit cards, and can’t turn off the displays at your burger joint.
But that doesn’t mean that the Flipper Zero can’t do some very cool, useful things.
Tomi Engdahl says:
Minimal Mods Make Commodity LNBs Work For QO-100 Reception
https://hackaday.com/2023/07/04/minimal-mods-make-commodity-lnbs-work-for-qo-100-reception/
Tomi Engdahl says:
Inexpensive Ham Radio Gets Upgrades Thanks To A Trojan
https://hackaday.com/2023/07/06/inexpensive-ham-radio-gets-upgrades-thanks-to-a-trojan/
Love them or hate them, the crop of cheap hand-held amateur radio transceivers is here to stay. They’re generally horrible radios, often smearing spurious emissions across the spectrum, but they’re cheap enough to throw in a glove box for emergencies, and they invite experimentation — for instance, modifying the firmware to add functionality the OEM didn’t think to offer.
The new hotness in this class of radios is the Quansheng UV-K5, a two-band transceiver you can pick up for about $40, and we suspect it’ll get hotter still with this firmware trojan by [Piotr (SQ9P)]. We’ve already seen a firmware hack for these radios, one that aimed at unlocking the full frequency range of the RF chip at the heart of the radio. Honestly, we’re not huge fans of these mods, which potentially interfere with other allocations across multiple bands. But [Piotr]’s hacks seem a bit more innocuous, focusing mainly on modifying the radio’s display and adding useful features, such as a calibrated received signal strength bar graph and a numerical RSSI display. The really neat new feature, though, is the spectrum display, which shows activity across a 2-MHz slice of spectrum centered on the currently set frequency. And just because he could, [Piotr] put in a game of Pong.
https://github.com/piotr022/UV_K5_playground
Tomi Engdahl says:
Snooping in on satellites is getting to be quite popular, enough so that the number of people advancing the state of the art — not to mention the wealth of satellites transmitting signals in the clear — has almost made the hobby too easy. An SDR, a homebrew antenna, and some off-the-shelf software, and you too can see weather satellite images on your screen in real time….
USING AN OLD SATELLITE TO SEE THE EARTH IN A NEW LIGHT
https://hackaday.com/2023/07/08/using-an-old-satellite-to-see-the-earth-in-a-new-light/?fbclid=IwAR0ye701hIlIL42IiBBhOQLpbSlXPbiK2zMj3C9UEgYYQchkAF4PbNZ3oYY
Snooping in on satellites is getting to be quite popular, enough so that the number of people advancing the state of the art — not to mention the wealth of satellites transmitting signals in the clear — has almost made the hobby too easy. An SDR, a homebrew antenna, and some off-the-shelf software, and you too can see weather satellite images on your screen in real time.
Tomi Engdahl says:
https://hackaday.com/2023/07/05/cheap-ham-radio-improves-the-low-end/
Tomi Engdahl says:
Flipper Zero, the “Hacker’s Multi-Tool,” Gets an Official App Store for Easier Customization
An updated mobile app now makes it possible to find and install free apps on the stock Flipper Zero firmware.
https://www.hackster.io/news/flipper-zero-the-hacker-s-multi-tool-gets-an-official-app-store-for-easier-customization-5980e96b274e
Tomi Engdahl says:
https://www.n5dux.com/ham/files/pdf/?fbclid=IwAR0xTZoqhFEgK-ltQtzBfdo76qdetDOSaFunUvwmE6v3_zRpZ2z6qaiPURY
Tomi Engdahl says:
https://github.com/joelsernamoreno/EvilCrowRF-V2
Tomi Engdahl says:
https://cyborg.ksecsolutions.com/product/evil-crow-rf-v2/
Tomi Engdahl says:
Regenerative receivers provide a surprising level of performance with only a handful of components. They excel at receiving amplitude modulated signals from below the AM broadcast band up to the higher short-wave bands above which the superregenerative detector becomes the better choice
http://techlib.com/electronics/regen.html?fbclid=IwAR2Ju_qctbX-p-gvjbJFnjThOhFINOG-6-5v5gR0GFXrRWoASKMJ94ATqcs
Tomi Engdahl says:
https://www.rtl-sdr.com/rtl-sdr-blog-v4-dongle-initial-release/
https://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/
Tomi Engdahl says:
https://hackaday.com/2023/08/16/the-dipole-antenna-isnt-as-simple-as-it-appears/