I gave a short presentation on SDR at the [email protected] meeting today. If that piqued your interest and you’re ready to dive in, here are…
I gave a short presentation on SDR at the [email protected] meeting today. If that piqued your interest and you’re ready to dive in, here are supplemental materials and some cool links that will get you started down the radio rabbit hole.
Tracking Airplaines with Dump1090
Capturing and analyzing GSM traffic using Gr-GSM and WireShark
Want to start scanning the airwaves, but you don’t have any hardware yet? Hundreds of universities and hobbyist clubs have you covered! This site will link you up to hundreds of different receivers around the world, which you can listen to and control free of charge.
Any products sold in the US that let off radio waves have to be tested and registered with the FCC. When this happens, the FCC assigns an ID to the product, which is usually on the exterior somewhere. You can look this ID up at either of the sites above to find a wealth of information, including the frequencies it uses. Here’s an example.
A great community of SDR & radio enthusiasts. Be sure to check out the wiki!
More Sweet Demos
- Balint Seeber: Hacking the Wireless World with SDR (slides)
- Samy Kamkar’s Opensesame project, which can open any garage door (Samy is my hero)
- Sniffing/Decoding Bluetooth LE
- Analyzing captured packets from a remote to reverse-engineer automatic window blinds
- Building a GSM base station with a BeagleBone, OpenBTS, and a USRP
- Reverse Engineering Signals with the Universal Radio Hacker Software
- History of RTLSDR
- Technical Background
This is the dump1090 project, which was one of the pieces of software I demoed. Using your SDR dongle, dump1090 receives the ADS-B transmissions of nearby aircraft, which includes information about its location, altitude, speed, and more. Check out this article about ADS-B for more info, or these other cool projects that use ADS-B data.
Desktop SDR Software
- GQRX — My personal favorite, runs on your favorite *nix flavor (including mac OS!)
- URH (Universal Radio Hacker) — Absolutely excellent software for reverse-engineering wireless protocols using SDR, which is useful for reverse-engineering. (Windows/Mac/OS X)
- SDR# (pronounced “sdr-sharp”) — Great for Windows users!
- rtl_fm — Another favorite, really useful console SDR tools. Great for scripts, or for piping transmissions through sox/ffmpeg filter chains.
- Click here for ✨Even More Software✨!
You can get the cheap stuff off of amazon/ebay/alibaba for around $6–10, just search for “DVB-T” or “SDR”. Also, make sure you check out the list of compatible dongles (the only real requirement is that it’s based on the RTL2832U chipset).
If you have a lot of money to throw at things, here are some much fancier, feature packed, and more expensive receivers. You probably won’t need these.
Interested in hacking cell phones? Cool! You can use OpenBTS to start building your very own cellular network.
The above are some great tutorials with plenty of information for getting started sniffing GSM traffic. It even dumps the data into Wireshark (nothing is decrypted, though, because that would be illegal!). Note: if you want me to send a copy of the VM I used in my presentation, you can find my contact details here. This would take a lot less time than compiling GNURadio.
A stingray is a device used to collect IMSI information of nearby cell phones. It does this by impersonating a BTS (cell tower), and is often used for surveillance purposes (especially by police in protest environments, for example). Use of stingrays by law enforcement is a kind of passive surveillance that falls in a legal gray area, and you can learn more about the legal implications of them here.
There was a presenter as Shmoocon 2017 who built his own AMPS (1G) network. Video of the presentation should be up in a few months.
That same guy was part of the NinjaTel group, who brought their own cellular network to DEFCON 2012 (Check out their van!).
Do you want to listen to your local police/fire department/university/any organization using using radios on a medium-large scale? Then welcome to the world of trunked (aka 2–way) radio!
There are plenty of ways to listen in on trunked radio using SDR, though you should note that many implementations will require that you use two SDR dongles (one to listen to the control channel, the other to receive transmission data). For those who want to listen in on the cheap, the second link shows you how to set up Unitrunker such that you can listen to trunked comms with just one dongle.
UCF Frequency Listings:
What blog post would be complete without a big list of interesting, localized things to tune to?
- Talkgroup list (for trunked comms- most walkies and so on will communicate this way)
- Additional Talkgroups
- Listing of ALL FCC licenses registered to UCF