Lime Microsystems’ Andrew Back has shown off the capabilities of the upcoming LimeSDR Mini 2.0, building a private 4G LTE cellular network using srsRAN.
“In this latest video we demonstrate a LimeSDR Mini v2 being used with the open source srsRAN software to create a private 4G mobile network complete with network core,” Andrew explains. “The demo utilises Ofcom shared-access spectrum – similar to CBRS [Citizens Broadband Radio Service] spectrum in the US – which is available for anyone in the UK to license for a low annual cost. The demo achieved up to 14Mbit/s download speed and more than 2Mbit/s upload using mostly default parameters and with no fine tuning.”
Andrew’s video demo serves as a follow-up to one released back in 2017 showcasing a similar self-contained cellular network running from a LimeSDR Mini and a Raspberry Pi 3 Model B single-board computer. It also helps to show that the LimeSDR Mini 2.0 is a drop-in replacement for most projects built around the original LimeSDR Mini — bar any which make use of custom gateware running on the FPGA, which will need to be ported to the new FPGA and toolchain in order to make use of the increased resources available on the new chip.
The full video is available on the LimeSDR Mini 2.0 Crowd Supply campaign page now; hardware, meanwhile, is still expected to begin shipping to backers in mid-October.
Osmocom users are advised that the binary packages for Linux distributions have moved, and that from November onwards attempts to update systems based on their previous locations will fail.
“The nightly and latest feeds of the Osmocom binary packages for Debian, Raspbian, Ubuntu, openSUSE, and CentOS are from now on available at downloads.osmocom.org,” explains Osmocom’s Oliver Smith. “The reason for this change is, that we decided to self-host the openSUSE build service at https://obs.osmocom.org.
“As transitional phase, the packages will still be available at the old location (download.opensuse.org) until end of October 2022 . Make sure to change the URLs on your systems, so ‘apt upgrade’ etc. still work as expected.”
Anyone currently using a package manager or manual script to keep the Osmocom Cellular Network Infrastructure (CNI) packages up-to-date on the aforementioned operating systems should visit the project wiki to find the updated URLs.
Semi-pseudonymous vintage electronics enthusiast Natalie “Agirisan” has been working on getting an old analogue carphone back up and running using a LimeSDR and the Osmocom project.
“Probably the most entertaining thing of the last month or so was getting this old AMPS car phone online using the excellent osmocom-analog on a LimeSDR,” Natalie writes, on Twitter, of the project. “I very vaguely remember the tail end of analogue cell when I was a kid so this was pretty cool to set up.”
Launched in 1983 after development at Bell Labs, the Advanced Mobile Phone System (AMPS) was a first-generation cellular network in which each conversation was assigned a particular frequency – reducing the required bandwidth compared to its predecessor the Improved Mobile Telephone Service (IMTS) it replaced by using signal strength to allow multiple users to share a single frequency so long as they were out of each others’ reception range.
Surprisingly, and despite issues with easy call eavesdropping and handset cloning, AMPS remained supported in North America through to 2008 – but now the old handsets are only functional when linked to a private analogue network.
A team of researchers from Carnegie Mellon University have come up with an approach to improve the quality of images received from Low Earth Orbit (LEO) satellites – by combining shots from multiple satellites or passes into a single image.
“LEO satellite ground receivers are bulky, expensive and sparsely deployed in the world,” the researchers explain. “Despite the exponential increase in LEO small satellites orbiting the planet today there is a significant time gap between an image capture on such a satellite and users who need it the most in remote and ecologically-sensitive regions.
“SelfieStick [is] a novel satellite receiver system that explores reducing this barrier of access to real-time satellite imagery data using a single low cost (<$30) tiny receiver. SelfieStick’s core approach takes advantage of the multiplicity of overhead Low-Earth Orbit satellites due to their exponential rise in recent years. While signals from such satellites may be individually weak, especially at a low-cost receiver, SelfieStick stitches together noisy RF captures containing underlying images of the same part of the Earth across many such satellites to generate clean Earth images.”
The secret to SelfieStick’s impressive results: the combination takes place while the received data is still in the radio-frequency (RF) domain – rather than after it has already been decoded into a low-quality image. In testing, the team was able to improve the peak signal-to-noise ratio (PSNR) of captures from the NOAA constellation by 5dB after combining data from ten satellites.
A PDF of the paper is available to download from co-author Swarun Kumar.
The MagicSDR smartphone radio interface project has gained a new ability, brought to our attention by RTL-SDR.com: Streaming of audio via the User Datagram Protocol (UDP).
“This feature can be used to send audio to external data decoders,” MagicSDR author Vlad Haliuk writes of the new UDP streaming functionality. Compatible with the LimeSDR family, the latest release provides additional flexibility – not only allowing for demodulated audio to be streamed off-device but also to other applications running on-device, with a demonstration video showing it being used to decode a Morse signal in an Android port of multimon-ng.
The is one caveat to the feature, though: It only sends the left channel, and at a fixed 48kHz sample rate and 16-bit signed sample format.
Security researcher Dr. Mordechai Guri has showcased a new way to defeat air-gap computing protections, using radio signals emanated from SATA cables to exfiltrate data from a non-networked machine.
“Although air-gap computers have no wireless connectivity,” Mordechai explains, “we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6GHz frequency band.
“The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this attack highly available to attackers in a wide range of computer systems and IT environments.
“[Our] results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver,” Mordechai adds. “Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background.”
This isn’t Mordechai’s first data exfiltration experiment: the researcher’s air-gap page lists earlier work including Air-Fi on Wi-Fi frequencies, POWER-SUPPLaY to turn power supplies into speakers, a technique for using adjustable screen brightness for data exfiltration, and AiR-ViBeR – which uses “covert surface vibrations” to retrieve data.
Radio ham Giuseppe “IZ0GZW” Morlè has shown off a portable ferrite antenna design built for 520-1,800kHz and 3.5-18MHz, housed in a weatherproof box.
“It is composed of three ferrites of 20cm each in a tube for electrical systems with two separate windings, one for medium waves and one for short waves, 40 turns for medium waves, four turns for short waves,” Guiseppe explains. “I use a 750pF variable to tune the two windings and a switch is used to eliminate a winding. Since there is only one variable, if you listen to the medium waves I interrupt the winding of the shorts.
“On short waves it is preferable to place the system on an iron railing which, due to inductive effect, behaves like a really long wire antenna. For the medium waves it is enough to bring the receiver close to the ferrites and also in this case, the induction will have its effect with an excellent increase in signal and modulation.”
Guiseppe’s full write-up and demonstration video are available on the SWLing Post.
Developer Zachary Ennenga has turned his attention to an unusual reverse-engineering project: documenting the radio protocol used by Hasbro’s turn-of-the-century Pox handheld LCD games.
“2001 ended up being a year in which a game about disease-themed aliens invading the earth was seen as in bad taste by higher ups at Toys R Us for… a number of reasons,” Zachary explains of the now-rare gadgets, “and the game was pulled from the market, with an overall lifetime of under a year.
“Something that, at the time, seemed magical was it’s multiplayer model: Pox allowed asynchronous, wireless, interaction-free battles. You simply enabled the ‘fight’ mode, and your little disease monster would go beat up everyone in range using it’s preprogrammed WAD. Compared to the rigmarole of getting our Game Boys hooked up for a Pokémon battle, it was positively refreshing. I always wondered how exactly it worked, and I’ve wanted to play around with a radio-based reverse engineering project for awhile, so this seemed like an apt opportunity.”
Using public documents, including a filing with the US Federal Communications Commission (FCC) and a patent on the handheld games, GNU Radio and Inspectrum linked to a software-defined radio, and a development version of the as-yet unreleased Flipper One multitool, Zachary was able to capture and analyse the signals and figure out the format – using that information to create three “artificial intelligences” which would cheat to win, deliberately lose, or play at random.
Zachary’s works is documented on Medium, with source code published to GitHub under an unspecified open-source license.