Friday, September 18, 2009

SDR helps to crack GSM

Episode 213 of the Security Now netcast discussed the topic of cracking GSM cell phone security. The episode reported on work that has been underway for several years to demonstrate the vulnerability of GSM to cracking, and how present-day hardware and software make this very feasible compared with the outlook of the GSM Association. The latest developments have been reported by cnet news and many other sources.

Starting at page 10 of the Security Now PDF transcript, Steve Gibson describes the weakness of GSM's encryption technology. At page 12 he discusses the current approach for cracking GSM that makes use of:
  • A Universal Software Radio Peripheral available from Ettus. This provides the necessary radio hardware. A 7-inch receiver board with appropriate daughterboards can tune the radio frequencies of interest and capture a wide swath of RF spectrum via USB or Gigabit Ethernet interface.
  • The GNU Software Radio, which provides free, open source software to accomplish the needed signal processing.
  • A distributed computing project to crack the encryption and compile it into a code book
Security Now episode 214 contains some feedback about the different versions of encryption used by GSM.

This project to explore and demonstrate the vulnerability of GSM encryption provides an example of the emerging power of SDR technology.

Tuesday, April 7, 2009

The Universal Handset

The April 2009 issue of IEEE Spectrum includes a short article The Universal Handset which describes how SDR will enable handsets to speak WiFi, 3G, WiMAX and more. It recounts the origins of SDR in 1992 and focuses on how this technology will be applied to future handset designs. The hardware and software challenges are also described.

Friday, May 23, 2008

Sound Card Testing

Various references on SDR receiver usage with PC sound cards emphasize the importance of a good sound card design for good receiver performance. A message thread at the DRM Software Radio Forum site provides test results for a number of sound cards and motherboard-based sound chips.

After building the simple sound card tester described in the June 2007 issue of Elektor Electronics and on certain web sites, I proceeded to test the sound card functions in my two PCs.

The older 600 MHz Pentium 3 PC has a Soundblaster card installed. It produced the following display on the SDRdio software from I2PHD with the test signal turned on.

This compares favorably with the screen shots of other sound cards reported in the forum referenced above. Another screen shot with the test signal off shows the background noise level of the card.

My newer, faster PC has only the motherboard-based sound chips, and its test results were not so good. Below is a screen shot with the test signal on. In addition to the two test signal spikes, there are many spurs that represent aliasing and other undesired products that would muddle the performance of a connected SDR receiver.

Similar views were obtained using the Winrad software from I2PHD. It is clear that this PC will require a separate sound card for satisfactory SDR performance.

-- John

Tuesday, April 29, 2008

Elektor SDR Receiver

The Elektor SDR receiver that I ordered via arrived yesterday. Since it was fully assembled, the only work required to check it out was to install the needed software and make connections to the PC's USB port and sound card line input.

Here is a photo showing the 3 connections to the circuit: USB cable at bottom, stereo audio cord at middle, antenna wire at top. I included a quarter for size reference. The circuit board is about 3" x 4".

With the required USB drivers installed, the receiver was recognized upon connection to my PC. I started up the popular G8JFC SDR software and began working through the configuration steps in the program documentation.

At the procedure for calibrating the image rejection I was not able to achieve the expected rejection ratio. This is probably due to inadequate antialias filtering in the sound chip on my PC motherboard. Here is a view of the calibration setup, where the image signal at 5024 kHz should be much lower than the 5000 kHz signal.

Additional testing of the sound chip may confirm this issue, which can be overcome with an appropriate add-in or external sound card. More on that later. . .

Saturday, April 26, 2008

Ulf Schneider SDR

Another source for a low cost SDR.
See Ulf Schneider.

Tuesday, April 22, 2008


This may be the most impressive example yet of what can be done with SDRs. This is a screen shot of a WEB based software defined radio developed by the Faculty of Engineering, Mathematics, and Computer Science of the University of Twente, The Netherlands. This implementation is for the 40m and 80m band. This is a real time applications. Click on the link and hear 40m and 80m in Europe!

G8JCF's Software Defined Radio

The G8JCFSDR software defined radio (SDR) uses RF front-end hardware to down-convert RF frequencies into the 0~24KHz range accepted by most PC soundcards. Using the soundcard to process the incoming audio signal, G8JCRSDR carries out all of the filtering, demodulation, AGC, and notch filtering normally performed by a traditional receiver.

This is one of several software packages currently being used with the Elektor SDR receiver.