Using RTL-SDR under Linux

First steps:

```

sudo apt install rtl-sdr gnuradio-dev gqrx

```


This will install GQRX, which is an excellent program to view and listen to the spectrum.

When running GQRX, you need to specify the I/O device. Input should be your RTL-SDR and output should be your soundcard device.

Next, specify an FM radio station and you should be able to tune to it quite easily, remembering to demodulate WFM (Wide FM) Stereo to hear it properly.

Note the spectrum analysis is done by FFT (Fast Fourier Transform) on the signals received by the SDR. This is the brilliancy of using SDRs -- they make cheap spectrum analyzers -- spectrum analyzers used to cost $250k AUD back in the day!

Next you might want to try dump1090, which gets you an airplane's transponder information.

```

sudo apt install dump1090 (or it's dump1090-mutability)

dump1090 --interactive --net

```

Some other interesting things:

NSW Police radio band (unfortunately they use encrypted radios, but it's interesting if you're studying P25 encrypted radio protocol):

https://www.radioreference.com/db/aid/1026

There's something interesting about using encryption (AES-256) -- it means they use a shared key, and for it to be a stream cipher (e.g. CBC or GCM modes), it means everyone has to lock onto some timing signal to synchronize the stream cipher, or else they use the insecure block modes to encrypt their data. Best case is they use a nonce in AES-256-GCM mode.

I wonder if the radios they use are easily buffer overflow hackable... (e.g. imagine sending a dodgy encrypted packet on the air and hacking every police radio at the same time!)

I wish I could get my hands on a police radio to reverse engineer. But I think since they use a standard protocol (P25), all I need is an encrypted P25 radio, e.g. from Motorola, etc.

Something for the people at ASD (Australian Signals Directorate) to play with, I'm sure.

Spread spectrum signal jamming (ideas)

First off, spread spectrum (frequency hopping) signal jamming is difficult if you hop on "pseudo-random" frequencies... that is, the frequencies are generated pseudo-randomly -- most likely via a special cryptographic random number generator.

They would use a shared private key between both transceivers. This is most likely used by military-grade radios.

However, they could be limited by the number of channels available for use, i.e. hardware or software.

For example, with Wi-Fi there's only 14 channels available for the 802.11b/g standard. So if you jam all 14 channels, you've essentially blocked all the possible frequency hopping that could be done.

So if you log all incoming frequencies using a spectrum analyser (or an SDR with a FFT) you can see which frequencies are being used by the hopping algorithm. From there, you can determine whether there's a fixed number of channels (so they're cycling through them) or there's an infinite number of channels (pseudo-random generated via an SDR for example).

If it's the latter, another approach must be taken.

Breaking the pseudo-random number generator, or reverse engineering it.

Utilising neural-networks capabilities in being excellent pattern recognition classifiers, we can attempt to reverse engineer the PRNG / frequency hopping algorithm.

Ultimately, one could employ a wide-band jammer -- for example, a microwave oven generates 2.4ghz, and can be used to disrupt Wi-Fi (802.11b/g) because it's very noisy and disturbs the entire band that 802.11b/g is on.

Anyway, to summarize, these are the ideas:

• Fixed channel frequency hopping:
• Log all frequencies and then jam them
• PRNG based SDR frequency hopping:
• Use NN to analyse and jam accordingly
• Alternatively, deploy wide-band jammer on frequency band that it uses

 

 

Captain Drone Killer (captaindronekiller.com)

I'm making a new product from Drudget called "Captain Drone Killer".

Its purpose is to detect and bring down drones, using a variety of methods.

They include:

- spread spectrum signal jamming (using SDR)
- detection and locating drones using trilateration and triangulation from radio and audio sensors
- anti-AI based drones, utilising backdoors or kill switches in their products, or exploiting security flaws in their code (e.g. buffer overflows).

Video game, FPGA CPU or SDR?

So I'm looking for volunteers who are interested in making something cool on the weekends.

Basically it falls down to 3 things: 1) a video game using Irrlicht or Unreal (C++), 2) an FPGA based CPU using verilog/vhdl, 3) something cool with SDR (software defined radio).

Let me know if any of those 3 things interests you, by sending me a message on the form at https://www.drudget.com.au

What is a buffer overflow, anyway? By j00n1x

S0 my f3ll0w pupils, j00 w4nt t0 kn0w wh4t a buff3r 0verfl0w is, am i right? J00 w4nt t0 b3 1337?

Let's follow in the footsteps of someone before us: aleph1's article in phr4ck.

https://phrack.org/issues/49/14.html

Okay? Have you read that? D0 j00 f33l l33t n0w?