Hacker-friendly software-defined radio

It is difficult to imagine how the world would look like today if the transmission of information through radio signals was not invented. Fortunately for us, the development of civilization has gone the other way, and today we have an incalculable amount of information floating on the air. A wide variety of consumer and industrial radio equipment that implements various communication protocols, huge information systems based on the exchange of information via radio channels. Sometimes it is of some interest how well this invisible communication and data exchange is organized.

Take a look at a couple of interesting radio tools available.

To look into this wonderful world, something more complicated than car radio is needed - professional equipment that allows you to receive and transmit data in a wide range of frequencies. In recent years, the concept of SDR (Software-defined radio) has gained popularity - a reconfigurable radio path and ADC, implemented in FPGA, transmitting an already digitized signal to a PC, where software can already be processed. The advantages of this approach are obvious: no need for hardware implementation of each configuration, relative ease of use. Essentially, the only available SDR platform with a wide range until recently was USRP from Ettus. Such a toy is worth about $ 1,000, which sets a high enough threshold for entry (this is no longer a Chinese TV tuner, just to “watch and play”). With its help, several interesting projects have already been implemented, for example, OpenBTS.

But time goes on, progress does not stand still, and now we can already speak about the next stage of development of software-defined radio systems - primarily aimed at amateurs, enthusiasts and hackers of the budget SDR platforms HackRF and BladeRF.
')

Hackrf

Main characteristics:

• Frequency range 30 MHz - 6 GHz
• Sampling rate: up to 20 MHz
• Mode of operation: Half-duplex
• Sample size: 8 bits
• USB interface: 2.0

Developed by the legend of hacker and phreaking movements by Michael Ossman, HackRF is fully open. From circuitry and PCB layout to firmware and control software, everything is available as source codes in the official repository . Thus, with certain skills and correctly growing hands, such a device can be assembled independently. In the spring of 2013, Michael sent out about 500 copies of the HackRF version of Jawbreaker as part of a beta testing program, as a result of expanding and strengthening the already existing community of enthusiasts who are ready to conduct their research using the budget SDR. And at the moment, the project has collected on Kickstarter an amount exceeding the stated amount of a little more than 7.5 times, and by January 2014 we can already expect production samples.

The beta version of the board bears the CPLD, a reconfigurable chip and an ARM controller that also implements USB for communication with a PC. For debugging and emergency flashing, a divorced JTAG is provided. Also on the board, various interfaces are interconnected for interaction with auxiliary peripherals, which allows you to create a standalone device for specific tasks. At the extreme end of the board, the built-in antenna for working in the ~ 900 MHz range, used by default, snakes around. To use external antennas through the SMA connector, the built-in need to be disconnected by hardware (scalpel).

BladeRF

Main characteristics:

• Frequency range 300 MHz - 3.8 GHz
• Sampling frequency: up to 28 MHz
• Mode of operation: Full-duplex
• Sample size: 16 bits
• USB interface: 3.0

BladeRF is the brainchild of Nuand , a small California team that has already successfully “flown up” with Kickstarter and is positioned by the creators not only as SDR, but also as an open platform for developing FPGA-based devices.

Against the background of HackRF, BladeRF stands out with its more powerful ADC / DAC, high-speed USB 3.0 interface and, of course, support for full-fledged Full-duplex and MIMO. Although the overall architecture is similar: FPGA + control controller.

Opportunities

Both projects provide a minimal set of software for working with devices, as well as support for their gr-osmosdr software layer, which makes it possible to use this hardware in conjunction with the GNURadio, a monstrous combine signal processor. Practically all the variety of technologies used for wireless data transmission falls into the supported frequency ranges, from conventional FM radio to Wi-Fi and nowadays LTE. Now the hacker movement has the tools to look into the most remote, accessible only to specialized devices corners of the radio. And that's great!

However, there is a downside: many existing systems use the radio as a channel for data transmission and at the same time do not have adequate protection not only from attacks on the protocol, but even from simple passive listening. Until now, their security was based on the closeness of the technology and the absence of a wide distribution of means that allow not only to conduct attacks, but even to investigate such technologies. Unfortunately, Pandora’s box is now open, gentlemen!

By the way, a pair of BladeRF as competitive prizes will find their new owners at the Hardware Village - the new project of the ZeroNights conference 2013 , where you can not only learn more about using SDR on the example of the devices described above, but also demonstrate your skills in analyzing the radio.