nsa

Spying on Your Neighbours With a RTL-SDR

Tom’s Guide has a post by Paul Wagenseil on a lecture given by security researcher Melissa Elliott (better known as 0xabad1dea) at DEFCON on August 3rd. Elliott spoke about how a cheap $10 USB TV tuner dongle, better known to us as an RTL-SDR, can be used to pick up ‘accidental radio emissions’ which can then be used to fingerprint devices. Back in the 1970s the NSA had a program codenamed Tempest that was designed to investigate and study these compromising emanations. Elliott, who is a researcher at the security company Veracode in Boston, demonstrated using an RTL-SDR to pickup various emissions from electronic devices.

“I managed to go most of my life not knowing that my electronics were all leaking all of the signals that detail what they’re getting up in their private little electronic lives,” Elliott said.

But a visit to the U.S. National Radio Quiet Zone on the Virginia-West Virginia border, site of the world’s largest moveable radio-astronomy telescope, taught Elliott otherwise.

“Their biggest challenge to getting the science done is the very electronics that they need to measure and process the signal, because those same electronics blast the signal out at the sky,” Elliott said.

“They have a microwave oven, which is a Faraday cage” — a structure enclosed by a wire mesh to prevent electricity from getting in or out — “inside another Faraday cage, inside another room, which is also a Faraday cage,” she recalled. “That is how much they had to shield things just so they could reheat their pizza at 2 a.m.”

So Elliott found a website that sold USB tuners for $10, and found free software to tune and analyze the signals.

At DEF CON, she demonstrated how much radio noise electronic devices emit by using a netbook she bought for $50 on a trip to China. - Link to Story

The DEFCON Website gives this description of her talk:

If it’s electronic, it makes noise. Not necessarily noise that you and I can hear, of course – unless you know how to tune in. The air around us is filled with bloops, bleeps, and bzzts of machines going about their business, betraying their existence through walls or even from across the street. The unintentional noise lurking among intentional signals can even reveal what the machine is currently doing when it thinks it’s keeping that information to itself. Attacks exploiting electromagnetic radiation, such as TEMPEST, have long been known, but government-sized budgets are no longer needed to procure the radio equipment. USB television receiver dongles can be used as software-defined radios (SDR) that cost less than a slice of Raspberry Pi. The goal of this talk is to show you that anyone with twenty bucks and some curiosity can learn a great deal about your computers and other equipment without ever leaving a trace, and you shouldn’t neglect this risk when managing your organization’s security.

spectrumanalyzerrtlsdr

Spectrum Analyzer using Beaglebone Black and RTL-SDR

Over on YouTube, Stephen Ong has posted a video of his standalone Terratec RTL-SDR and BeagleBone Black based spectrum analyzer. What makes this unique is the lack of computer needed and dedicated 7 inch touch LCD screen (CircuitCo LCD7 cape). Powered by 6 AA batteries, the unit is nice and portable. BeagleBoards are low-cost, fan-less single-board computers based on low-power Texas Instruments processors featuring the ARM Cortex-A8 core. The BeagleBone Black DevKit used in the video costs around USD$50. He demonstrates the unit showing the RF spectrum of  commercial FM stations, car remote transmitters, analog TV (PAL B) broadcast, DVB-T broadcast, cellular GSM900 and a DECT cordless phone.

aismon

Receiving, Decoding and Plotting AIS using a RTL-SDR

DrVarnik on YouTube has posted a tutorial video on how to receive, decode and plot AIS information. The Automatic Identification System (AIS) is a system used for automatic tracking of large ships and passenger boats. It is a similar idea to tracking aircraft with ADS-B. His method uses a RTL-SDR for receiving the AIS signals with SDRSharp, decoding received signals with AISMon and plotting the decoded information with OpenCPN. He uses VB-Cable for looping the audio from SDRSharp to AISMon, but if you have a ‘Stereo Mix’ or equivalent feature with your soundcard, that will be unneeded. Best results will be achieved using a narrow-band vertically polarized antenna tuned for 161.975 MHz and 162.025 MHz (marine VHF). A directional antenna would also likely be a benefit. You can find some designs to try lower down the page. For safety, please only use this guide on land! Wouldn’t want you getting lost at sea.

Here are the homepages of the software used:

  • SDRSharp
  • AISMon – You may need to first join the group with a Yahoo account to gain access to the file section.
  • OpenCPN
  • VB-Cable (for looping audio from SDRSharp to AISMON)

Below is a screenshot of OpenCPN in action:

opencpn

Here are some antennas designed for AIS reception:

 

For a tutorial with other software, check out the Cheap AIS Ship Tracking page at rtl-sdr.com

NOAA_logo

How to Receive NOAA Satellite Images

For more than 50 years the National Oceanic and Atmospheric Administration’s weather satellites have been helping monitor the earth’s weather patterns. Now over on YouTube max30max31 (IZ5RZR) has posted a tutorial on how you can receive images from the NOAA weather satellites (NOAA-9, NOAA-15, NOAA-18, NOAA-19) at home using an RTL-SDR. He gives a full walk through of using Orbitron to track the satellites, WXtoImg to decode received images and using SDRSharp to tune your RTL-SDR. He also suggests building and using a QFH Antenna or Turnstile Antenna with your RTL-SDR to receive the satellites.

Here is a list of programs used and homepage links:

If you’re looking for some antenna designs, check out:

Here is an example of and image you could receive:

NOAA 18 at 16 Oct 2011 21:17:42 GMT

 

UPDATE: Jordan Jean-Philippe Blanchard has shared a link on the RTL-SDR Facebook Group to his setup for receiving the weather satellite images using an RTL-SDR, check out his setup & check out what he has received.

adsb-sharp

ADSB# – Windows ADSB Decoder for use with a RTL-SDR

If you’re looking for an application to receive ADS-B signals in AVR format using your RTL-SDR while running Windows, be sure to head over to SDRSharp.com and check out ADSB#. It can be quite a bit of fun to track the Aircraft that may be flying over your home or office at this very moment. Aircraft from all over the world are equipt to emit signals in this mode. ADSB# should be compatible with the majority of plane plotting software (ex. PlanePlotter, Virtual Radar Server, adsbSCOPE, etc…).

ADS-B, an acronym for Automatic Dependent Surveillance-Broadcast is a technology that allows tracking aircrafts using high speed radio transmissions. I have never had much interest in this technology until recently. While I was fiddling with this mode with Ian, we discovered a very simple way of demodulating this digital mode using the cheap DVB-T/FM (rtlsdr) dongles. This diagram explains how it works:

adsb-detectionThe final application, ADSB# (read ADSB-Sharp) is released under the MIT license and looks a bit like this:

adsb-sharp

For the download link and more information, head on over to SDRSharp.com and check out the page on ADSB#. For a great guide on getting started with ADSB, check out the guide at RTL-SDR.com.

nearairport-1024x758

Improving ADS-B Reception Using Multiple RTL-SDRs

lui_gough from Gough’s Tech Zone has a new post featuring his interest and progress in improving the reach of his ADS-B reception and plotting ability. His recent project involves using his ADSBpi (Raspberry Pi, RTL-SDR & dump1090), his home PC and another remote PC controlled over the internet. A diagram of this setup can be seen below.

ADSB-Network-Diagram

In order to get the most coverage as I can sensibly get, I leveraged my ADSBpi, my main desktop and another machine I have access to which is geographically much closer to the airport via VPN.lui_gough

This allows him to receive signals from a much larger area than would be possible with a single antenna, single location setup. He does mention a few caveats however, like the increased chance of occasional false decode which can mess with the plotting by visualizing a plane that is unrealistically far away. A big boost to the usability of his project was using Cygwin to compile dump1090 under windows. This allows him to use the dump1090 ADS-B hub features (decoding appears broken under Cygwin compilation) without having to dedicate a machine to linux or use a virtual machine.

Click here to read the full story on his blog. Be sure to check out all of Gough’s Tech Zone as he has few other interesting posts involving the use of RTL-SDRs to receive ADS-B

via RTL-SDR Blog

Decoding Flex 1600 Pager Traffic with SDR# & PDW

NeedSec just posted on YouTube a video illustrating how to use a RTL-SDR to decode Flex 1600 pager traffic using PDWVB-Cable and SDR#. It is always surprising there is still pager traffic as when is the last time you can remember seeing someone with a pager in public. We’ve shared videos showing this sort of thing before, but NeedSec gives a great overview of what you need to do to accomplish successful decoding of Flex-1600.

 

© 2017 RTLSDR.com. All rights reserved. Site Admin · Entries RSS · Comments RSS