Charlton's Blog

SDR Presentation

I gave a short presentation on SDR at the Hack@UCF meeting today. If that piqued your interest and you’re ready to dive in, here are…

Published: Sep 29, 2017
Category: Hardware Hacking, Presentations, Projects
Tags: , , ,

I gave a short presentation on SDR at the Hack@UCF meeting today. If that piqued your interest and you’re ready to dive in, here are supplemental materials and some cool links that will get you started down the radio rabbit hole.


    / [pdf]


Tracking Airplaines with Dump1090

Capturing and analyzing GSM traffic using Gr-GSM and WireShark

Want to start scanning the airwaves, but you don’t have any hardware yet? Hundreds of universities and hobbyist clubs have you covered! This site will link you up to hundreds of different receivers around the world, which you can listen to and control free of charge.

Any products sold in the US that let off radio waves have to be tested and registered with the FCC. When this happens, the FCC assigns an ID to the product, which is usually on the exterior somewhere. You can look this ID up at either of the sites above to find a wealth of information, including the frequencies it uses. Here’s an example.

A great community of SDR & radio enthusiasts. Be sure to check out the wiki!

More Sweet Demos

Getting Started

Recommended reading:


This is the dump1090 project, which was one of the pieces of software I demoed. Using your SDR dongle, dump1090 receives the ADS-B transmissions of nearby aircraft, which includes information about its location, altitude, speed, and more. Check out this article about ADS-B for more info, or these other cool projects that use ADS-B data.

Desktop SDR Software


You can get the cheap stuff off of amazon/ebay/alibaba for around $6–10, just search for “DVB-T” or “SDR”. Also, make sure you check out the list of compatible dongles (the only real requirement is that it’s based on the RTL2832U chipset).

If you have a lot of money to throw at things, here are some much fancier, feature packed, and more expensive receivers. You probably won’t need these.

Cellular Stuff

Interested in hacking cell phones? Cool! You can use OpenBTS to start building your very own cellular network.

Sniffing GSM

The above are some great tutorials with plenty of information for getting started sniffing GSM traffic. It even dumps the data into Wireshark (nothing is decrypted, though, because that would be illegal!). Note: if you want me to send a copy of the VM I used in my presentation, you can find my contact details here. This would take a lot less time than compiling GNURadio.

Detecting Stingrays

A stingray is a device used to collect IMSI information of nearby cell phones. It does this by impersonating a BTS (cell tower), and is often used for surveillance purposes (especially by police in protest environments, for example). Use of stingrays by law enforcement is a kind of passive surveillance that falls in a legal gray area, and you can learn more about the legal implications of them here.

There was a presenter as Shmoocon 2017 who built his own AMPS (1G) network. Video of the presentation should be up in a few months.

That same guy was part of the NinjaTel group, who brought their own cellular network to DEFCON 2012 (Check out their van!).

Trunked Radio

Do you want to listen to your local police/fire department/university/any organization using using radios on a medium-large scale? Then welcome to the world of trunked (aka 2–way) radio!

There are plenty of ways to listen in on trunked radio using SDR, though you should note that many implementations will require that you use two SDR dongles (one to listen to the control channel, the other to receive transmission data). For those who want to listen in on the cheap, the second link shows you how to set up Unitrunker such that you can listen to trunked comms with just one dongle.

UCF Frequency Listings:

What blog post would be complete without a big list of interesting, localized things to tune to?