This webcast was originally published on May 21, 2018.
In this video, Paul Clark discusses the fundamentals and applications of Software Defined Radio (SDR). He covers key topics including what SDR is, why it matters, and the different types of hardware and software that can enhance SDR experiences. The video also touches on practical advice for choosing, installing, and using SDR equipment effectively.
- Paul Clark from Factorial LABS discusses the accessibility and potential of SDR (Software Defined Radio) technology for various applications including rapid prototyping and reverse engineering.
- SDR allows for capturing and manipulating radio signals with a computer, facilitating advancements in RF technology without the need for extensive electrical engineering knowledge.
- The webinar covers practical advice on choosing and using SDR hardware and software, aiming to demystify the process and encourage experimentation and learning.
Highlights
Full Video
Transcript
Sierra Ward
I’m Sierra from Bhis and I’m here with Paul Clark. If you just, just joined. and he is our guest presenter today. So thank you. And if you have questions, go ahead, just type them in the question box.
I will either reply and if I don’t reply right away, it’s because I’m just going to hold on to it until Paul comes to a good place where I can ask him those and they’ll get recorded. And if you have other good things to share with us, go ahead and also put them in the question box.
And also we’ll be giving away a t shirt. So, stay tuned towards the end when we announce that, and without further ado, let me make Paul here the presenter.
Paul Clark
Okay.
Sierra Ward
And then you can just click on the little present button and away we’ll.
Paul Clark
Go show my screen. So you see a bunch of stuff there, hopefully. Let me go ahead.
And.
Sierra Ward
Do we have anybody on that’s never been on a BHS webcast before? Because I’m always really excited to. I mean, all of you guys that repeat are awesome. But hey, Samson hasn’t.
Hello.
Paul Clark
Hello, Samson.
Sierra Ward
Thanks for coming.
Paul Clark
Yes, thank you, everybody.
Sierra Ward
Everybody, thank you so much for showing up today. All right, cool. Go for it, Paul.
Paul Clark
All right, so I assume you’re seeing the slide.
Sierra Ward
Yes, we are.
Paul Clark
All right, well, as you just heard in the introduction, my name is Paul Clark from factorial Labs. I’m here to kind of give you a quick start on the SDR experience.
we won’t get a chance to dive too deeply, but, hopefully. Sorry, just having a little keyboard mouse thing. I will spend a little bit of time talking about me.
Not much. talk about what SDR is because I think a lot of folks who registered for the podcast weren’t entirely sure or had a vague idea. Also, talk about why you should care about it and then go through the different types of hardware that you might find useful, give you some advice on choosing and installing the software you’ll need.
And then I won’t have time for a demo, but I will sort of give you a really high level view of some of the cool things you can use GNU radio for, in a walkthrough.
So then we’ll have a time for q and a. so I’m an engineer and that’s proof right there. I have, a company, that we talked about factorialabs.
You can see Twitter handle GitHub website there. I think that’s the main thing, though. It’s a very engineering focused company, trying to understand the kinds of things that we can build, the kinds of things that we can do with SDR.
it’s really just a fun technology, and it’s kind. Kind of why I shifted from the chip designing stuff I used to do to SDR was just so many cool things you could do, so much power.
and, yeah, the, kind of that fanaticism about SDR led to authoring some books with my brother. we got three volumes, on kind of basic stuff, on analog SDR, on digital SDR.
And then the fourth book, coming out later this year, we’ll talk about the art and science of reverse engineering. And, we also teach some classes, the hack and fest last year, the black hat coming up.
Like we said, public trainings. And then we do some consultancy, as well. We had some really cool uav, rf projects, last year, working on some LTE stuff right now.
So tons and tons of possibilities in this field. So, to get to that first question, what is an SDR? the highest, simplest, elevator, pitchy definition is that it’s a chunk of hardware that kind of lets you suck radio signals into your computer so you can mess with them on the receive side and then on the transmit side.
It lets you build radio signals and shoot them out of the computer through this magic box. And, that’s the first level. you can kind of see even in the, little image there, just little bits kind of emanating from the computer turning into a radio wave.
That’s kind of the highest level, maybe, to think about it at, if we want to go one level deeper. and this is what I call the, lapsed engineers definition. basically, you can kind of think of an analog to digital converter.
captures these analog radio waveforms, digitizes them, and that lets you process them on a computer using a bunch of digital signal processing. And then it conversely works in reverse to do transmission using a d to a converter.
Now, this isn’t exactly correct, but it’s kind of that level deeper of thinking about it, or maybe understanding what’s going on. And then we have the more formal definition, which I’m not going to read, involves analog front ends and quadrature, modulation, all sorts of stuff.
and then there’s kind of a converse definition on the transmit side. So you don’t actually have to really grasp that last one to work with SDR.
And that’s kind of the main thing. This is not an engineer’s electrical engineering only technology. This is a very accessible, technology and capacity for all sorts of folks to pick up.
And so kind of the big picture, I think, is that you have to have a little bit more understanding that first definition. but you don’t have to really grasp all the engineering stuff to be able to use this, and to be able to use it effectively, you just really need to know a little bit more about how the analog part of the SDR works, and then after that, you’re just dealing with software.
So that is the approved definition from my perspective. I also wanted to spread around the love to make sure I wasn’t just catching the next generation people.
Why should you care about this? Also wanted to pander to the Star wars folks, too. Why should you care about this stuff? There are three major things that SDR brings to you, and they sound kind of abstract at first.
One is the ability to do field programmable rf. You can, from a corporate perspective, you can actually ship a product that has an SDR built into it, and then you can just update how the radios work in firmware.
That also helps us, as we’ll see later. But that’s one of the big value propositions of SDR. The other thing is rapid prototyping. If you’re an engineer building radios, you don’t want to spend two weeks spinning a board, sending it out, getting it back.
You can actually use an SDR, as we’ll see later, to prototype a new radio design in minutes. In some cases, the thing that we’ll probably care most about with this audience is reverse engineering and the massive, leap forward in capabilities we have to do reverse engineering with SDR.
So, like I said, the field programmable rf, it’s maybe sounds like more of a corporate thing, or more of a product side thing.
But being able to quickly build programmable scanners and tuners and demodulators and decoders, this is actually something that really benefits us when we’re, trying to see whether or not we have unexplained, suspicious, nefarious, rf signals floating around an environment that maybe we don’t want to know about or that we want to know about, because we don’t want them doing whatever it is they’re doing.
being able to set up that type of scanner in a very programmable way in minutes and configure it in seconds can be a real big advantage. being able to sort of tune into stuff that is there, that we maybe don’t need to reverse engineer, but we just want to be able to tune in and analyze the signal that can be also helpful.
These are all things that sdrs enable. And then on the rapid prototyping side, that seems even more like an engineering function. But there is one aspect that is kind of interesting, and that is being able to build, a customized transmitter and receiver is a great way to exfiltrate data from a site, if that’s what you’re interested in doing.
And just, a simple raspberry PI connected with a very affordable and small form factor SDR with a little battery attached to it, and you’ve got yourself an interesting little exfiltration transmitter that you can transmit using all sorts of obscure digital modes that, people, people are unlikely to think about.
depending on what your particular infosec role is, there’s a lot of interesting capabilities you can come up with. but the last class somebody even mentioned, hey, I could actually build a kind of a two stage exfiltration system where I’m flying a UAV over a potential target site and uplinking to the UAV and then using the long range transmitters on those things to blast it back.
So, I mean, there’s a, there’s an enormous space, of opportunity here, I think. But reverse engineering is where most people land, on the, infosec side.
And the thing that I can never impress enough upon, folks is that the ability to capture raw RF signals, which is something sdrs allow you to do.
They allow you to pull in signals from your computer or signals from your environment, rather, and stick it on a hard drive. And it’s unbelievable how valuable that is when you’re trying to reverse engineer something.
I think sometimes people hear that and they think, oh, you’re capturing signals, and we sort of are. But we’re not just capturing signals. We’re actually, when you set up an SDR to capture a chunk of the RF spectrum, you’re actually capturing everything.
That means if you had to use, like, an FM radio example, you’re not just tuning into one station, you’re tuning into all the stations, on that band that you’re capturing from.
So you’re getting 94.9, you’re getting 97.1, you’re getting all of them at once, and you’re sticking them on a hard drive. And you’re not just getting the signals, you’re getting all the noise, you’re getting all the other stuff that might be present at that point in time, which means you might find signals you didn’t even know were there.
but you captured them. So, you have a chance to actually work with them. And so the big advantage of having the signal captured and on your hard drive is it lets you quickly experiment offline at your own leisure with all sorts of demodulation and decoding methods to kind of break down that signal.
And kind of the way I like to talk about it, even though this key fob has absolutely nothing to do with that piece of ham radio gear, is that in the old days, if you’re trying to reverse engineer a signal prior to having this capture ability, what you would end up with is somebody generating a signal.
Let’s say it’s just a simple digital signal coming out of this key fob. And then you would have to basically set up all your equipment. You would have to guess, I think it’s this type of protocol and this type of frequency, and using this type of modulation, and you’d set up all your knobs, so to speak.
And then if the transmission came in and you got a successful decode and demodulation, you’re like, hey, cool. And if you didn’t, well, you had to wait until the target pressed the button again.
With the SDR approach and the signal capture or the rf capture capability, at this point, somebody presses their button, you’re ready for it.
You capture all the signals, all the noise in a big chunk of spectrum, and then you can just offline try all sorts of different ways to reverse engineer that to your hearts.
And there’s processes that we’ll explain in our next book that kind of let you sort of do a kind of a funneling in on the characteristics based, on the characteristics of the waveform to be able to kind of work your way down until you have the bits, because ultimately you can do tons of stuff with SDR on the analog side.
But most of the people I think tuning in here are not. I’m sure there’s probably some hams on this, some ham radio folks on here, but primarily, I’m guessing, most people are interested in getting some bits and messing with those bits.
So that’s kind of the focus we’re going to have here. So you have an idea of what it is. The, next question might be, what do you do to get started?
And it might seem daunting. And my hope is, by the time we get through this podcast, or, sorry, it’s not a podcast, by the time we get through with this webcast, that it won’t seem daunting, it’ll actually seem super straightforward.
what you see in that picture is really all you need. You’ve got a lot of the stuff already, and the key item is really a PC, preferably a PC that has a beefy cpu.
This is one of those rare cases where the cpu matters dramatically. Like I’ve, I don’t know very many people that actually fully utilize the cpu’s on their computers, but I think I’m actually one of those people.
you can, I’ve actually had my cpu’s on its knees dozens of times trying to get stuff. Yeah. Crunch.
Sierra Ward
Crunched.
Paul Clark
Crunched, yes, it’s Yeah, you can see all the, all the performance monitor, cores are all spiking and yeah, fans are all whirring up like crazy.
so the more cpu the better. But that shouldn’t stop you. If you don’t necessarily have the new 8700k or better, you can still do a lot.
even with something like a raspberry PI, you can still do stuff. You just have to be more efficient and scale down your intentions. But with respect to the PC, the cpu is important.
and the actual storage can be important if you’re going to do a lot of reverse engineering. The raw rf files that I’ve talked about that are so cool, they’re also really big and you can actually get multi gigabyte files very quickly.
Sierra Ward
Paul, Don has a question. When you say more cpu’s, do you mean faster or more cores?
Paul Clark
I mean yes, all the things, the software that I focus mostly on, which is going to be GNU radio to, to give away something 20 slides from now, is actually built to be very competently multi threaded and spread out its workload on multiple cores.
So if you have one of those new 20 core intel or AMD parts, youll actually benefit from m them in some certain circumstances if you actually have 20 parallel things going on.
I actually ran into a situation on that u of e project I was mentioning, that drone project from a year ago that I was able to demodulate and decode this incoming video stream.
And then after a while it would start to get flaky. And after debugging it, I realized what was going on is I was actually maxing out all four cores, all eight threads.
And then the laptop was starting to get too hot and the cpu was thermal throttling. So I actually had to go in and make a few efficiency enhancements because that’s how hard I was, that’s how hard I was abusing the system, so, but don’t let that scare you off, even if you’ve got like, you can see a laptop back there, I think that’s, that’s a five year old Lenovo that I still use for stuff.
So you just, you get more capabilities, you can use the cpu, but there’s usually ways around it, if you don’t have it. So after you’ve got your PC, which hopefully, I mean I’m assuming just about everybody on this podcast has at least one of those lying around, you’re going to need some software, all of which is open source, fortunately.
you’re going to need some SDR hardware. And that SDR hardware is usually going to be a USB, USB 2.0, some hopefully USB 3.0 in the, in the better hardware.
And then you’ve also got some Ethernet models and some PCIe stuff for some fancy folk. I’m not going to get into that level, of stuff here, I, probably not the place you want to start anyway.
And then you really just need an antenna to screw into it. And a lot of the USB or a lot of the sdRs, they come with an antenna anyway, if you want to buy one, they’re pretty, pretty cheap.
So I want to start with how to choose the hardware and that’s probably the thing that might be the murkiest at first. And the questions you want to ask is how much can you spend?
And I’m not selling them. So I’m only asking that for, you really do need to know that there’s, there’s a there’s a lot of variation. You can go from $20 up to 20,000 if you want to.
what kind of performance or features do you need? And I’ll kind of explain what features might even be possible in a slide or two. And then those are kind of the words you might see, as you talk about that.
And then how simple and stable do you expect the software to be? How easy do you expect the drivers to be? If you’re the kind of person who’s willing to hack at some stuff, a big kind of Ubuntu jockey, then some of them less simple installation flows may be fine for you.
if you really don’t have a lot of time for that and you just want to get going today, then there’s flows for that too. But it all just factors into the choices you need to make here.
it’s all about trade offs. way I look at it is you’ve got price, performance, and ease of use. And just like basically every engineering decision, you can have two, you can’t have all three.
So. And I really have no idea why the ancient alien guy is in this meme, but I felt like I needed to get him in here, so it’s crazy.
I will not reference aliens any further in this podcast, which it’s not. so here’s kind of a description of the different kinds of things that are SDR specs, and a lot of them, they may have kind of funny sounding engineering words, but they’re really pretty basic.
you can see on the whether something is full or half duplex, you might remember from maybe days of messing around with modems, but, full just means you can transmit and receive at the same time.
Half means you got to choose. You’re either transmitting or needed to flip to being receiver or flip to being a transmitter. So some SDRs support half, some support full, some even support multiple channels of full, so you can do all sorts of stuff.
so that’s one spec you might be interested in. The number of ADC and DAC bits is kind of in a more engineering way of saying how accurate are the measurements that the SDR is making of the real world signals.
And what that manifests in is, clearer signals when you’re trying to work with them in the software later on.
So preferably you want this number to be higher rather than lower. The Mac. Excuse, excuse me, let me, let me head off that.
the maximum sample rate or the bandwidth, they’re not exactly the same thing, but they tend to, resolve into how many frequencies you can kind of look at at the same time.
Whether or not, if we’re to use the FM example, whether or not you can only look between channels 96 and 98, or maybe you can look from 94 all the way to 108.
That’s what the bandwidth or the maximum sample rate they both feed into how wide a chunk of radio stuff you can look at. Then oscillator precision and frequency accuracy, that’s not usually a big deal.
But, if you’re say, communicating from one SDR to another, then if there’s some error between, what the first SDR thinks of as 10, what the other one thinks of as 10 MHz, they’re going to have trouble communicating and you might have to kind of fine tune them.
So the better SDR is you don’t really have to do that fine tuning stuff. It’s got rock solid accuracy, out of the box frequency ranges. Not all sdrs can go, Well, they can’t.
They have limits to how low or how high they can go in terms of their frequency operations. So you’ve got some ham radio people doing things at some very low frequencies. Most sdrs can’t work in those.
You’ve got some satellite, microwave people doing stuff, crazy high frequencies, and most sdrs can’t work with that out of the box. Now, if people have interest in that, I can talk about ways you can get around that.
But, frequency range is just something you want to think about. If you’re aware of a particular set of signals you want to mess with, then FPGA gate count and transmit power, don’t even worry about those.
I can get into what that means. That’s going to be down the road for almost anyone working in SDR. I’m going to go through a little bit of a reverse triage, I guess, talking, about what kind of SDR hardware I would recommend.
If money is not really a big object and you’re willing to blow $1,000 on an SDR or close to it, I, would advise going straight to the EDIs USRP devices.
I’m not being paid by them, but I do use their products, and, they are the easiest to get working. They have very good performance.
Multiple, channels on some of them, full duplex on all of them, precise oscillators. You don’t have to worry about calibrating that stuff out. And they have a really great form factor, too.
This is the, B 200 mini, really tiny. The antenna is actually probably more cumbersome than the actual SDR itself.
so definitely a big fan of the EDIs devices. But understand that, if you’re just starting out, maybe you don’t want to blow $800 or more on a SDR.
So there’s also a great mid range option. Michael Osman came out with the hack, rf one, a number of years back, and it’s significantly m more affordable at $300 or so, depending on where you get it and what kind of package you get with it.
But you can do a lot, do a tremendous amount with a hackrf. It’s not going to have, you’ll notice, it’s got an eight bit ADC instead of the twelve bit on the last one. So that means the signals aren’t going to be as clear, they’re not going to stick out from the noise quite as much.
It’s a half duplex device, meaning you can receive and you can transmit, can’t do them at the same time. The oscillator is not super precise.
So if you were to set up a system where the hackr f one was talking to another hacker f one, you’d definitely have to calibrate out the oscillator error in most cases. And it’s pretty easy to install.
I think almost as easy as the edis devices. They basically one extra step and you’ll have your hackr f one working.
It’s a great choice, if the edis parts are, too rich for your blood, if you really want to just start out with the basic.
Sierra Ward
Hey Paul, back to that other hackrf one. You said it’s easy to install, but it requires an extra step. What’s the extra step?
Paul Clark
depending on your install flow, you just have to, I mean, I’ll get into the specifics of the install flow later, but you just have to put the drivers and utilities, you have to get those via a different package than the GNU radio standard stuff.
It’s not a big deal though. if the $300 is too much and you just want to get started with the most simple, cheap way.
not necessarily simple, but the cheapest way possible. Then there’s these interesting little gadgets out there called the RTL SDR dongles. And they have kind of a fascinating history because they’re not really, they’re not designed to be anything like what we’re using them for.
They are actually a digital television receiver that people were originally, they were sold to plug into people’s computers. And then you can just watch digital television on your laptop.
And it turns out that rather than build a product that does this with fixed function components, the engineers decided, well, it’s easier to just use a low cost SDR.
And so we’ll stick that in there. That way we can tweak it with firmware updates based on stuff we learn about, how the digital television standard changes, or supporting additional countries down the road, or whatever their rationale was.
They had no interest in building these things to support the SDR hacker community. It just so turns out that people realized, hey, there’s an SDR in these things. We can actually unlock that, put our own firmware on there and create our own SDR.
And since these things are only about $20 anyway, it’s probably the cheapest way we can do that. And so sure enough, that’s what we have here. And then companies like Noalek have actually kind of put their own cases, their own branding on the original hardware, which is kind of funny, nice.
No, it’s a great, it’s a great story, because before this people had actually found a way to use their sound cards in their computers to kind of hack them into being sdRs, which it’s not the greatest, but it’s free if you already got one.
So that’s it’s really cool how people have made this, they really democratize this, they’ve made this accessible to just about anyone at this point.
The downsides to using the RTL SDR is it’s got an even lower resolution ADC. It’s actually eight bits, but you only really get seven bits out of it effectively.
And so you’re half, basically you have half as much noise resistance as you did with the hack RF, which has an eight bit a to DAC system.
And then you can’t transmit with this. So the only thing you can do with this is look at signals, reverse engineer them. You can’t actually create your own signals to do interesting things to the systems that you’ve reversed engineered.
And then it doesn’t actually, the frequencies range is much more compressed, and it varies a lot depending on which RTL SDR dongle you get.
And so some of them you can’t even go up to a gigahertz, others you can go a little over a gigahertz, it varies, but it’s significantly less than like the hack RF, which will go up to I think 6 GHz, or the EDIs devices which are pretty similar.
Sierra Ward
we have a bunch of questions, so I’m not going to ask you all of them yet, but you mentioned m transmitting. So a couple people have asked.
Thank you, Martin and Samson. Like what are the legal ramifications of transmitting? Yes, and can you tell us about that? Or I mean if you get to that later we can just hold off.
Paul Clark
But no, I can mention that now. Transmission is an interesting thing because the FCC retains authority over basically any kind of receiving and transmitting that gets done.
And if you, and you can get licenses to do that, that’s basically what the ham radio community is, are people who are licensed to build their own radios and utilize them.
And the examination process for getting that ham license is basically it’s understanding technical stuff, but it’s also understanding the rules under which you can transmit and what powers you can transmit at and what characteristics of the signals you transmit, what those are, and most importantly, what frequencies you’re allowed to transmit on and that’s really the thing is, the FCC is kind of the traffic cop for radio stuff in general in this country.
They’ve sort of, that’s why when you are using your FM radio, all those FM stations are in the same range of frequencies. They’re all between 88 and 108 MHz.
That’s why your AM radios, stations, are all between, what is it, 600 and 1600 kilohertz. That’s why your Wi Fi routers are all using 2.4 and 5 GHz.
they’ve basically defined who can transmit and where. One of the things that if you, if you look at the rules and you follow them carefully, you actually don’t need a license to transmit.
If you fall into a certain set of categories. One is if you’re using the ISM bands, the industrial, scientific and medical bands, there’s some, frequencies that are set aside for basically companies, or individuals to prototype products and even utilize products, in these certain bands that have different licensing requirements.
And as you’re working on the prototypes, if you are, and this gets a little squishy, but if you’re not transmitting constantly but you have a low duty cycle is the technical term, you’re only transmitting intermittently and, and relatively infrequently and you’re transmitting at sufficiently low powers and you’d have to look up what those are.
and you’re transmitting in these bands. You can actually, you can actually do stuff if you want to run some kind of pirate radio station, that’s a whole different thing.
I think because then you would.
Sierra Ward
Always be transmitting stuff, right?
Paul Clark
Well, you’d always be transmitting, but you’re also likely transmitting at a higher power, otherwise nobody would be able to hear it. So you’re transmitting at a higher power and you also have the issues of one of the things that’s required for, and the ham folks go through some training on this to get their, certifications or to pass their tests, they need to know this, that there’s, you’re supposed to identify who you are in some way, shape or form, in most cases, if you’re transmitting in a lot of different bands.
And so if you’re running a pirate radio station, I guess you could be identifying yourself. It seems like it would defeat the purpose someone. So there’s, I think somebody asked, prior to the show whether or not there’s like squads of FCC, SWAT teams running around trying to find rogue transmitters and kick down doors.
it is not the case, to my knowledge that there are any of those that exist. But there is an interesting community of individuals that take it upon themselves to kind of find stuff that should be going on.
And the ham community is a remarkably skilled group of people with respect to rf understanding. and they are, they’re not necessarily trained engineers in most cases, but they know an enormous amount.
There’s a lot of free classes. If you want to get your ham license, you can go to these classes. And it’s amazing how much these guys know, about stuff. And they have this sort of like, they have this sort of like community, that really doesn’t like people doing stuff they’re not supposed to be doing.
Right? I mean, if you’re transmitting in a way that is irresponsible in their mind, and oftentimes if you’re transmitting in an illegal way, it is irresponsible.
It’s probably very, very similar. then you are impacting the community of hams that are trying to do things right. And so they actually, they actually will take efforts to kind of find out when people are doing stuff they shouldn’t be doing.
And so yes, the FCC doesn’t have their hit squads, but damn radio does. There are a group of unhappy and justly so, I think, unhappy hams that may, may report you to the FCC and may find out somewhat where you are.
Sierra Ward
So would they, is this something that they would be upset with then, doing this stuff?
Paul Clark
Well, no, no. So, and this gets into using the SDRs responsibly. I mean, SDR is just another type of radio equipment at the end of the day. And if you are transmitting at very low power that doesn’t even exit your, your office or your laboratory, or whatever space you’re working in, it’s not going to be an issue.
now I’m not saying legally that you’re completely fine because I’m not a lawyer. You should get a lawyer and talk to that lawyer. so feel free to put disclaimers below on the thing page.
You take no responsibility, but keep in mind that every time you press a button on one of these things, you’re generating a radio signal. If you use an SDR and you’re playing around with your car, trying to see how you get into it, and you generate a radio signal to get into your car that looks just like this thing, you’re not really impacting the environment, the rf environment that much.
The other thing to keep in mind, I said don’t worry about transmit power, on the slide before in terms of specs, one reason you don’t have to worry about transmit power is none of these things are very powerful.
When you’re talking about just a mobile phone.
Sierra Ward
This is not what you would buy to start your pirate radio station.
Paul Clark
No. You would need to get an external amplifier and a big antenna and all sorts of stuff that would then cause you to be on the FCC’s and the other fellow Hams radar.
this is a, I think, what is it, ten milliwatts or something, output at if you’re in the right frequency band. If you’re a little bit off to the side it’s less. I mean ten milliwatts is not a ton.
And I mean just to use rf power is kind of a squishy thing. And talking about how many watts will go how far is not really something you can do because there’s so many factors and so many variables.
But a fairly beefy drone control link was I think a two to five watt system and that could go about 10 km, maybe 20 on a clear day.
So when you’re talking about several orders of magnitude less than that, it’s not going to go very far.
it doesn’t mean you should just leave your SDR transmitting on because you don’t care. be careful when you transmit. But and don’t transmit on frequencies that, I mean if you live right next to an airport you should, you should not be transmitting on frequencies that the airport is using and you can look up what those are.
It’s not, not too hard, but yeah, in general, in general this isn’t, I would say a big issue. Okay. cool.
Sierra Ward
One other question because we were talking. Sorry, one other question from Samson. do you recommend getting involved in ham radio before you move to SDR? Do you feel like there’s value in.
Paul Clark
Understanding that, there’s definitely value in understanding that. There’s a lot that you will learn really quickly about practical radio, technique and what I sometimes call rf hygiene.
just keeping things clean and keeping things well formed and well structured but it’s definitely not necessary. What I like to tell people is leap before you look.
With SDR it’s really easy to get going, it’s really easy to get the software up and running. It’s easy to mess with it. I would advise you maybe look before you transmit, but don’t look before you.
Sierra Ward
Just don’t overthink getting involved.
Paul Clark
Absolutely not. think twice before you transmit. Maybe. but don’t worry about on the receive side, just go ahead and jump in, it’s fine.
Sierra Ward
Okay, cool.
Paul Clark
The water’s fine. So I want to give you, I want to give a mention to this fourth option because I just mentioned three options.
The expensive one, the mid range, the cheap one, the affordable one. Sorry, but there’s this really interesting thing emerging that it’s not quite there yet in my view, but when it becomes there I think it’ll be huge.
And that is a company out of the UK called lime Microsystems produces something called a limestr. They’ve got a small one which I’m holding here, and they’ve got a larger one that has multiple channels to it.
But this thing on paper has all the capabilities of the Edis production. so in theory it should be just as good.
Only cost $140 instead of 800. Unfortunately, what we have is a situation where the drivers, the documentation, the installation flow, it’s all still a little wonky.
You can get it working. but it’s not the easiest thing. If you’re, if you’re the hacker type or if you just want to kind of take a shot at something a little more exotic.
I think it’s a reasonable to reasonable option. They’re crowdfunded things, so it’s not like there’s some company that came out with a product and it wasn’t ready. I mean they, they said all along this is crowdfunded, it’s going to come out, we’re going to have some glitches here and there, but we just want to get to the market as fast as possible.
And so total respect for what they’re doing. But Just another option. It’s a little early maybe, but something to consider.
So I want to talk about software now and specifically about the kinds of software that I believe is the best choice for SDR work.
It’s going to depend a lot on your operating system and I very strongly believe Linux has the best stuff you can get.
Things working on Windows, some of it’s native built for Windows, other stuff can be compiled for Windows. other types of things can work. Sometimes it works better on Windows, sometimes it works better on Mac.
Almost all of it is going to work more cleanly on a Linux box and specifically Ubuntu 16.04. I’ve done some installations on 1804 and it’s unfortunately there’s still some weird stuff happening so I can’t really recommend 1804 just yet, but if you have the ability to wipe off a partition.
Put a fresh 1604 on there. That’s the easiest way to get going. but an existing 1604 partition should work fine too.
Do not use a VM unless you want to give yourself a headache. It’s anytime for.
Oftentimes at, SDR classes, people used to bring their own computers to my SDR classes. Now, I just supply all the SDR or all the SDR equipment and computers, just because it’s so much simpler to have people sit down at a computer that’s prepped, ready to go, has all the software, has all the files, boom.
And so, before that, though, sometimes people would, I would tell people, make sure you have this, this and this software installed. Come to class and we’ll get started.
There would always be some people that would come in with vms, and it will sort of work. But as is always the case with vms, the trickiest thing is to get the hardware driver interface working and working efficiently.
And sdrs streams so much data over these USB ports that in almost every case I have seen problems.
And when you start dropping data from that stream, your radio signal basically becomes garbage.
So as tempting as it is, I would really recommend that you not use a VM. So in terms of the software, there’s two basic types of software you might want to use.
The first, excuse me, the first is these kind of GUI’s that do simple scanning and demodulation. They’re kind of one stop shops. you click around in them and you see what’s out there.
You listen to things. That chunk of software is one basic type. The second basic type are software suites that you can use to actually program the SDR, or more accurately, it’s actually not the best description there.
It’s not so much programming the SDR as much as it is programming the whole system. So basically things that allow you to build programmable radios, more like software development, coding essentially.
all of these options are open source, which is nice. You shouldn’t have to pay for any SDR software at this point in time anyway. So with respect to the scanning software, I’m not going to spend a ton of time on this, but they are kind of fun to play with when you first get started.
like I say, they’re basically a graphical interface that will show you the radio information coming in at a certain segment of the rf spectrum, and you can kind of see these peaks indicate that there’s some signals here, and then you can kind of click on those peaks and then you can select the, There’s a lot of things here you can select, but you can basically choose to interpret that signal that you’ve clicked on as being an AM radio signal or an FM radio signal or some ham radio mode.
And then it will either play some audio if it gets some, or it’ll give you static if you don’t. You can tweak the knobs. These are really interesting and neat pieces of software.
you can hook them up to output some digital stuff if you go through some, some hoops. But it’s not really my recommended usage of these things. This is more just an interesting survey piece of software to see what’s out there and play with your SDR.
GQRX is the, most commonly used and I think the most bulletproof, choice for a Linux system and works with just about every SDR under the sun.
M has that cool FFT display which stands for fast Fourier transform. But it’s really just that picture of the frequencies, kind of where the frequencies on the X axis like we just saw and you see those peaks.
That’s really just what an FFT display looks like practically. And like I say, kind of point and click to demodulate your major audio modes. You’ve got AM FM, narrowband FM, which is something used in some commercial applications as well as some ham radio applications, single side band and continuous wave or ham radio modes that the software will work with.
And it worked with a few other things as well, but those are the major ones. I kind of view GQRX as being a little bit ham centric, but, it’s definitely, I think, a good starting point.
It’s easy to install and worth taking a look at.
Sierra Ward
Raphael had a question that kind of, he asked a while ago, when you are looking at the RF signal, will the software determine the type of modulation to look at?
which you just mentioned with that.
Paul Clark
Other one, it will not. That’s something you’ve got to figure out.
Sierra Ward
Okay. It’ll see all of it.
Paul Clark
It’ll see a peak and then it’ll see a peak maybe. And then the software. I don’t use GqRx a whole lot. I’ve maybe, I don’t believe it automatically figures out the modulation.
I think you would have to sort of click between the available ones just to see which one works.
Sierra Ward
Okay.
Paul Clark
yeah, so other options? there’s an interesting package out there called SDRa angel that works a little bit like GQRX, but it also allows you to do some transmission, which is kind of cool.
M that one actually runs on Windows as well as Linux and it kind of half runs on Mac. SDR sharp is a big sort of Windows version of G code, QRX for lack of a better description.
That’s actually, it’s open sourced I think, but it’s run by a company. Now, I don’t. The history of SDR sharp is a little fuzzy and I didn’t use it a whole lot. HDSDR is another option that’s similar to that.
But some of these are less likely to support your hardware than others. So you just want to take a look depending on what type of hardware you get. If you get one of the EDis boards, of the HackRF boards, you should be fine though.
So the other big group of software out there besides these kind of GQRX scanner type all in one bundles, are programmable SDR software.
That’s the other kind of school of software out there. And you’ll see what I put up here. I’m not going to go into all the pieces of this, but that’s the kind of thing you’re looking at with more of the programmable SDR software.
You’re basically either graphically in this case, or you actually can ignore the graphical stuff and just use Python or C code. that’s what we’re looking at, at this point.
the benefits to going this more programmable, deeper route is that you just have a lot more flexibility, a lot more powerful applications, that you can make than with the simple scanning stuff like GQRX.
You can build a lot more different types of radios. You can engage in reverse engineering that you really can’t with GQRX. And the downside of course is there is a steeper learning curve, which I don’t want to fib and tell you that there is no learning curve or that you’ll figure it out in a day or two days.
I will tell you though that the learning curve exactly, it’s not as. Don’t be afraid, it’s not as steep as it seems. You absolutely don’t need to be an engineer. There’s very little, relatively little mathematics involved and the stuff that there is is very manageable.
So yeah, just don’t get scared. there’s really only two major packages out there, GNU radio.
And there’s something out there, pothos, which I haven’t worked with as much, but I hear does some pretty fun things. I focus on GNU radio. It’s a free open source, platform, unbelievably feature rich.
there are blocks that just handle dozens of RF modes out of the box. And you can add on software to do tons and tons more than that. It’s a graphical input method like you saw on the slide before.
But it also gives you APIs if you want to do C or python coding. And it’s a relatively straightforward thing to figure out how to do that. It can be installed on all the major oss, but you’re going to want to do it on Linux.
I’ve gotten to working on Macs, I’ve gotten to working on PCs. And it’s just not worth it. That’s my view. so there are either in the box type of blocks that GNU radio has, or there’s just a host of people that you can just go up in their GitHub and install their own blockchain blocks that you can easily plug in, to GNU radio.
Or you have just complete third, like complete applications that are built on the GNU radio APIs that do just about every wireless thing you can imagine. And as much as it may not be interesting to simply build an LTE base station or an LTE virtual handset, you might have some interest if you want to run an LTE network, but maybe at a different frequency or maybe somebody else is doing that and you want to see why they are or what they’re doing on those different frequencies.
There’s an incredible amount of programmability you get with SDR that allows you to work in these different technologies, but not necessarily color inside the lines or detect other people who are not coloring inside the lines, so to speak.
So yeah, and kind of this last thing. There’s a number of ways to get digital data out of GNU radio or out of a GNU radio based application so that you can shove it into wireshark and do things that I think would be familiar to a lot of folks on this.
I keep calling it a podcast in my head. But in this web cast, it’s a cast of something. Just quickly, how to install GNU radio?
Easiest way, just use the package manager. It is going to give you basic functionality. you may have to install the drivers depending on which SDR you’ve got.
very quick and simple. You’re done in 3 seconds and you got something you can work with. You will get an older version of GNU radio if you do this. Three 7.10 doesn’t sound like that’s so much different than 3712, the latest.
But they have added a ton of stuff recently. So that is a downside. The other option you can do is you can go through something called PI bombs, which is basically a utility that builds GNU radio from source and builds a lot of drivers and other things as well.
It probably takes over an hour on most systems. It’s not a quick process. You have to go through a bunch of different commands and ubuntu incantations to get it working.
I got the pros and cons swapped. so it is not a con that you get newer software and is not a pro that it takes that long. But. Sorry, I’ll fix this before we post this.
the thing is though, you don’t have to do this alone. I’ve got Pibom’s walkthrough for Ubuntu 16.04.
You can download basically chapter two from our books, which is always here’s how you install the software. it’ll walk you through every step of that. You can just go ahead and download the PDF, from our website if you want to go the package manager based route that also installs a bunch of drivers for all sorts of different things.
I’ve put up a script on GitHub and this actually contains the install script. There’s a bunch of GNU radio flow graphs or programs so to speak, that you can also use to test out your setup, which can be useful.
Some kind of digital radios. If you’ve got two sdrs especially. It’s kind of cool to be able to just set up receiver and a transmitter and, and have stuff work, make you give you a sanity check.
So in the few minutes left here, I want to go through a very, very high level, walkthrough of what working in GNU radio looks like. I’m not going to dig into it.
I’m not going to drop blocks on in a demo form. I’m just going to kind of give you. Well, I have no idea why this austrian guy is jumping out of this plane, but I think that dog’s got the coolest job ever.
that’s the height we’re talking about here. so basically I’m giving you two minutes at most of how a radio is put together. maybe 1 minute on how GNU radio works at the highest possible level.
And then I’ll show you two flow graphs or programs, so you can see what that is. So on the receive side, basically every radio on earth.
And if you take the SDR out of here. this works for fixed function radios too. is you’ve got the, Let’s focus on the SDR side though, just to simplify it.
You’ve got the SDR producing data that’s coming through that USB port. In most cases coming into your computer. You do some kind of tuning, meaning you’re focusing on one signal and then ignoring all the others, getting, getting rid of all the others.
And then you’re taking that good signal that you’ve kind of tuned to, and you’re demodulating it. You’re taking all those kind of analog radio squiggles and you’re turning it into something else.
And then you’ve got at the end of that process, what we’ll call your baseband, which has a slightly different definition in radio, world than it does in some other telecom context.
But what it means is basically the signal that you’re trying to get. That means digital bits or it means analog stuff like voice.
That’s what every radio receiver looks like. on the SDR side, we just have to build those different pieces. GNU radio is a software package.
You can think of it as three elements, sources that allow data to come in to your program or your flow graph. You’ve got blocks that mess with that data.
And then you’ve got sinks where the data goes out and does something. And so I’ve got here an FM receiver.
This flow graph is all you need to do to use an SDR to get FM broadcast signals and listen to them. Up at the top I’ve got a bunch of variables just like you’d have in any program.
and then here in the rest of the flow graph, I’ve got a little block that connects to the SDR and brings data from the SDR into the flow graph. I’ve got this block which does all the tuning, kind of figures out what signal you want and filters out everything else and gets rid of all the stuff you don’t care about.
It’s got a demodulator that turns that good chunk of signal into your baseband signal, which is in this case voice.
And then it’s got these three blocks that all they do is they kind of tweak that baseband signal to clean it up and make, sure it works with the source or the sync.
Sorry, the baseband output, which is just the sound card on your computer. This may not be that interesting, to somebody wanting to get into some deep infosec bit wrangling, but it’s the same format, as if you were to, work with a digital radio.
The same basic blocks are there. You just use slightly different techniques. So when you run this flow graph here, you’re going to get the frequency display here, or the FFT display.
All these little peaks are FM radio signals. you can kind of tune it, set the volume. This is what the fm radio flow graph is going to do.
If I show you the digital side, you got a lot of similar blocks. You got the SDR block. It goes into a tuner. It’s actually the same tuner block.
We’ve got a few extra things. We got a squelch block, we got a demodulator block, which is the same thing as we had in the previous. And we got a few more of these things before you send it out, to a sink where you can actually look at the results.
But ultimately, if I run this digital flow graph, I’ll get bits here that come out. Now you can actually see the bits or the digital data printed out there.
so the quick summary here, use ubuntu 16.04 for now, my recommendation is just go ahead and grab my GitHub install script and use that.
And you can get that at the link there. go ahead and play with the git bundle. flow graphs. there are different flow graphs for each of, the major, well, each of the lime.
Edis and Hackrf, they all have some flow graphs that you can just use out of the box there. And then this little python script will tell you which SDR you should buy. basically, if you can afford the Edis, get that.
If you can’t, but you can afford the hackrf, get that. Otherwise, buy the RTL SDR. and then that’s pretty much it. Just questions. if you have a question next week or two months from now, you can go ahead and, there’s contact info on the factorial labs website.
you can send an email to Paulactoria labs if you want to. I’ve got a Twitter feed, upcoming trainings, like I mentioned, DC area in June, black hat Vegas.
And if you want to just get links to all of that stuff, you can just, go to my website under training and you’ll be able to do that. So, boom. I actually finished a minute late.
Sierra Ward
Well, it was because I. You would have, you would have, you would have finished, except for I interrupted you with a minute of shirt pandering.
Paul Clark
No, no, that’s important stuff.
Sierra Ward
okay, so we do have a question, another question from Samson, who has had so many good questions. So thanks for being on Samson.
Paul Clark
sure.
Sierra Ward
So do you have antenna recommendations?
Paul Clark
So, yeah, I do. one thing that, is really neat is I think everyone should have this guy here, some kind of telescoping, antenna that this actually comes free with the hackrf.
And the one thing, and book two of our series goes through this. There’s only about three pages of stuff you need to know and you can easily figure it out online.
but there’s something called an SMA connector, which almost all of the sdrs you’re going to use have this SMA connector here.
And so that’s the only thing you want to make sure is you get the right one and don’t get RP SMA. That’s this weird thing the FCC made the wifi people do so that you couldn’t swap out antennas easily.
so avoid RP SmA, unless you have an adapter of some sort, which you probably don’t. So this is what I would start with, because the way our RF works with respect to receiving it with antennas is that the length of the antenna is going to influence what frequencies it’s good at picking up.
And so if you’re trying to pick up a lower frequency, you’ll actually extend it, and a higher frequency, you’ll retract it. The other thing you can do though, because they are remarkably affordable.
You can see this little guy here, which I’ve got this cheap, label maker, label on, this is a 433 MHz antenna. And it’s nice sometimes when you’re working with a specific band of frequencies, not to have to worry about the, the retraction and the extension, but rather just to get something that is always optimized for the frequency in question.
So 433, there’s a lot of stuff that operates at 433 315, which is where a lot of the car key fobs in the United States are located. If you’re going to play around with car key fobs and spend some time hacking them, then go to Amazon and spend $8 on a 315 MHz antenna and it’s just a lot simpler and cleaner.
Now, the number and types of antennas out there is essentially infinite. You can get something like this that is an LTE antenna that actually has multiple elements in here so that it can receive and transmit at the lower 700 to 900 band, as well as the higher multi, gigahertz band.
These aren’t that much either. I think this was $10. it’s not a bad idea to just build, if you’re going to work in this area, to just build, a little kit with five or ten antennas in it.
They don’t cost that much.
Sierra Ward
Cool. his second question is, are you able to jam signals using SDR?
Paul Clark
You definitely can. the transmit power thing that I talked about earlier, it gets into that because you can jam any signal if you’re close enough and you have enough power or some trade off of the two.
I don’t know if you remember the, this is the most physics I’m going to get into. But if you remember the inverse square law, that just means that the signal, if a signal is emanating in all directions, you start to lose power, not linearly as you go further away, but much faster than that.
That means it’s much easier for me to jam something 1 meter away than 10 meters away, vastly. You can use the Hackrf without any external amplifiers to jam things like the car key fob thing is a nice starter project for a lot of folks.
One of the things that you can do, is you can actually jam the 315 MHz band where they’re trying to operate on such that they can’t get into their car.
Are there reasons why you want to do that? And some man in the middle stuff that makes that useful? But you do that basically just by transmitting a simple tone that doesn’t really do anything, just a basic signal, with no data or anything in it.
Right. About 315 key fob won’t work. So just as a sort of a practical, I don’t know, rule of thumb, if you’re working with the hack, RF you can jam, and you’re working at max power, you can jam somebody trying to get into their car from maybe 20ft away.
that’s going to vary based on the conditions, but that’s, that’s the kind of rule of thumb. You’re not going to jam somebody across a football field with something like this. For that you’re going to need a directional antenna and, or a power amplifier.
Sierra Ward
No, but these are good ways to annoy your neighbors. And by good I mean terrible, terrible ways.
Paul Clark
So, yeah. Or, yeah, if they’ve got like an RF remote like on their TiVo or something like that, yes. If you wanted to be a terrible citizen, yes.
Sierra Ward
Okay, here’s another question, and this is kind of a more practical question. I have a lake house in the middle of nowhere. And I wanted to make a cell phone signal repeater using the blade RF 40.
Could I achieve this without breaking laws? I realized it would be transmitting constantly, but it would basically just be repeating the signal that’s already there. Right. What else would I need if I wanted LTe?
Paul Clark
so, there’s an open LTE package out there that can allow you to transform a computer plus SDR into a base station, essentially.
And if you’re operating that. So let me just say it’s probably illegal, but I’m not a lawyer.
You were to operate that in the middle of nowhere. Whether or not anyone would, know or do anything about that is another question, but I’m pretty sure that you’re, not supposed to be doing that.
They do actually sell, repeaters for exactly that purpose. but I know that costs a few hundred bucks. I’ve been told, though, and this may not be the cool SDR route that I should be, evangelizing, but I’ve been told that if you walk into your cell phone provider and you complain about cell phone coverage, that sometimes they’ll give you a discount on those things and you can get them for like $100.
So. Yeah.
Sierra Ward
Good, good.
Paul Clark
I think it is possible, I mean, I know it’s possible, but maybe not advisable. The problem is, though, here’s the thing. Here’s the thing. the problem is, and let me think about this a little more, you probably are not going to be able to integrate into the network as the problem problem.
So, building the extender, I think that’s going to be the issue is you can’t necessarily integrate into the network. You’re going to be able to build your own base station, but it’s basically going to operate, it’s basically going to be like operating your own cell phone network.
Let me retract what I said a little bit, is you can probably operate your own cell network with that blade RF. I know you can. we’ve done that, but, legally, you can’t just splice into whatever it is t mobile, Verizon or sprint is doing.
Sierra Ward
So you wouldn’t be able to like.
Paul Clark
And pass calls like that. Yeah. In terms of the boosting thing, I mean, I think if what the caller is asking about, like I’m on a radio show, if what you’re asking about is can you simply use it like a forwarding thing, like a signal’s coming in, I’m going to forward that and then I’m going to use the other channel to, or the full duplex mode to basically.
yeah, I mean, I’m thinking about this through on the, through this on the fly. I think. I think if you wanted to do that, you’d probably need a two channel SDR where you’re actually.
And then you run into problem. Yeah, I think. I don’t know if you’ve ever played around with wifi repeaters, but those things can sometimes get sketchy because you’ve got sometimes interference between the original device transmitting and you’ve got the repeater or the extender.
And I would probably not go down that route if I were you. Sorry for the long winded answer.
Sierra Ward
Don’t do it.
Paul Clark
It was a little bit more of a thought experiment that I thought had a more obvious answer at first, and then maybe not so much.
Sierra Ward
Okay. another question from Daniel. Is encryption a problem or is everything sent as plain text? And a couple of people have asked this in some form, or else encryption.
Paul Clark
Is definitely a problem. for Bluetooth WiFi, lots of times. I know there’s been cases where protocols like z wave will support encryption, but that doesn’t necessarily mean that it’s being used by the manufacturer of the IoT device that you might be trying to mess with.
Encryption is definitely something that you need to be aware of, but it’s not always there. Other times you’ve got things that are like encryption, like rolling codes, on the car key fobs, which is, it’s not exactly encryption, but it’s kind of similar to it, where, you can sometimes do something about that.
but not always.
Sierra Ward
Okay. and then one more, or two more, actually. Marcin asked a while ago, so we’re just getting back to it. How fast can you exfill data with SDR?
Paul Clark
Pretty fast if you want to. so to get a little bit more into RF engineering, just as a general rule of thumb, the speed at which you can transmit data is going to be proportional to the bandwidth that you’re consuming.
Even something as affordable as the Hackrf, is going to support 20 MHz bandwidth. You can actually shove data out of this thing pretty quickly if you want to.
Now, it’s not exactly 20 MHz that you’re outputting. It’s going to depend on the mode you use and a bunch of different things. Professor Shannon has some things to say about that, but ultimately it’s roughly proportional.
You can transmit megabits worth of data out of this thing if you wanted to. It takes some power and it’d be probably not the best way.
Also, if you’re x filling data you probably want to be a little bit more surreptitious. And using a big chunk of 20 MHz makes you stand out a little bit more. But if you needed to, yeah, you could dump data at it pretty quickly.
Sierra Ward
Okay. David Fletcher asked have you used Red Hawk? Is it as powerful as GRC?
Paul Clark
I have not. I’ve seen it. I think I’ve got so invested in the GRC for the training and then I’ve sort of built a lot of sort of code that calls GNU radio APIs.
And so I’ve kind of invested myself a little bit in that ecosystem and so I really haven’t looked outside as much as perhaps I could have. Cool. You’re always finding yourself grabbing utilities that you’ve used in the past.
And I got a few things on GitHub that may or may not be useful to people, but.
Sierra Ward
Okay, cool. All right, well that is it for questions. There’s still a lot of you on, If you want to go ahead Paul, and explain these blocks to us.
Paul Clark
Yeah. And again this is still going to be well maybe a 5000 foot view, not so much the deep dive, but Just so you can get an idea of. I mean, what I want you to get from this flow graph is that this stuff is a little tricky, but it’s not super tricky.
This is stuff that if you learn six or seven things, this will make sense.
I’ll show at the high level what those six or seven things would be. You’ve got the SDR that is set up to bring data into the flow graph. We talked about that.
in the other FM flow graph as well, we’ve got this filter which if we look at this, the filter, it’s called fir translating filter.
But ultimately all that block does is it sort of tunes or it centers in on let’s say for example this peak. If we, if we type in the right number, it’ll go to this peak right here and then it’ll use a filter to basically sort of keep all the stuff close to that peak and then it’ll just get rid of everything on either side.
And my books are books that get a lot into filters and how they work. And you actually probably know a lot more about filter than you think you do out there because maybe you’ve messed with your car stereo or if you’ve, you’ve done some stuff that If you just connect the dots it’ll be usually a light bulb going off and people say, oh, I guess I do know about filtering and frequencies.
I just didn’t think about it that much. that’s all this block does, though, is it just isolates the signal you want and gets rid of the stuff you don’t want. There’s this block called a power squelch.
all that does is say, lots of times there’s noise. I don’t want to listen to noise. I don’t want to try to figure out what digital bits are in noise, because there’s nothing in noise.
It’s random junk. But when the signal gets up above a certain point, then I want to start trying to turn it into bits. That’s all the, that’s all. Sorry. That’s all the squelch block does. And it has a little level that you set between this is signal and this is noise and garbage.
Next we’ve got a GFSK block, which, that’s called gaussian frequency shift keying, which is, this block does an amazing amount of stuff, and you don’t need to know a ton to use it.
It helps to understand what frequency shift keying is, but all that really means is that a transmitter is sending out two frequencies.
When it wants to send out a zero, it’ll send out the first frequency, and then when it wants to send you a one, it’ll change to a different frequency. That’s all that is.
the other thing that this block does is it handles the timing. It actually determines, hey, ten milliseconds went by, for example, that’s one bit. So I’m going to output a zero or a one, and then I’m going to wait ten milliseconds, I’m going to do the other.
That’s the timing aspect of this. because this whole flow graph is operating at 2 MHz. that means that there’s 2 million pieces of radio data going through this every second.
you don’t have, in this case, 2 million bits per second. You don’t have a two megabit per second digital link here. and so this block also, besides converting the radio into digital, it also kind of converts this big, super high, frequency stream of digital into the lower frequency bits.
And that may not be entirely obvious, but it’s actually one of the harder things about receiving digital streams is figuring out, hey, what’s a bit? Do I have a zero here or do I have two zeros in a row?
Or do I have three zeros in a row? That’s something that takes some thought this correlate access code tag stream is a horribly named block. And if you’ve worked with ethernet stuff, you might have come across the concept of a preamble.
But all that means is a certain binary pattern denotes hey, I’m starting a new packet or I’m starting a new transmission.
And so the access code is just 0101, it’s basically 5555 and in Hex. And anytime it sees that exact pattern the correlate access code is going to tag the bitstream and say hey, a new packet starting or a new transmission is starting.
Then repacking the bits just means it’s going to take individual ones and zeros and pack them into bytes. And then this tag stream to PDU.
PDU is called a protocol data unit. And this is a cool thing that GNU radio lets you do where instead of just working in bits and radio samples, it allows you to transform into this new boundary, where you’re now using a higher level concept called messaging or pdus, which are the format that you can store message in.
I’m hand waving a little bit there, but you can see actually how that happens because you get this transformation from this purple input to this gray output.
That just means a different kind of data is being handled in the flow graph. Like here it’s blue in the very beginning because that’s radio data coming in. And then after the demodulation we don’t have radio data anymore.
We got digital data. And then we go through here and now we’ve got message data and we go to a message debug sync, which if you look at the output here, that’s what’s printing out in the console window is this.
Hey I’ve got a message debug and I found a PDU that’s 13 bytes long and here’s the contents of it. Now this is kind of a debug thing. You could do something a lot more interesting with this.
If you wrote a python script that wrapped around it and then took the data and dumped it to a file or put it to a display or made it control some other thing. I mean all that’s possible.
Nice. Yeah. And then you can see here, this is the actual Digital data that’s being displayed, where each little dot is one bit. And you can see the beginning, it’s got these up down, up downs.
That’s the 5555 of the preamble. But yeah, and it just repeats over and over again. So. And this was actually taken with the or this this screenshot was taken from operation of the flow graphs that I included in that GitHub project I pointed you guys to.
So you can, if you have two different sdrs, you can actually run this and yeah, in that GitHub bundle there.
Sierra Ward
Nice. Cool. Well, thanks for explaining all that. We had a bunch of people that already left, but they wanted to thank you for an awesome webcast.
And we really appreciate you being on. This is super interesting if you guys are wanting to dive deeper into this. Paul is teaching a class on SDR at Blackhat, so.
And you can email him.
Paul Clark
That’s right. Yeah. Well, thank you very much. I appreciate the opportunity to be here. Sierra and John and all at black hat or at Black Hills.
Sierra Ward
Too much black.
Paul Clark
Yeah. And yeah, thanks everyone for signing on and listening.
Sierra Ward
Mike says great podcast.
Paul Clark
Yes.
Sierra Ward
Or radio show or whatever this is. Callers, we appreciate you being on and we will catch you later. Thank you.
Thank you.
Paul Clark
Bye. Bye. Bye all.