Osmo-FL2K, which is a recently released open source by Steve Markgraf at OsmoDevCon 2018 that turns a common into a transmit only capable Software Defined (SDR). Slides of the presentation available at software $15 USB to VGA adapter Radio http://people.osmocom.org/steve-m/fl2k_slides/osmo-fl2k.htm Although wide-band SDR receivers are cheap until now you had to spend at least $400 if you wanted a Hack-RF SDR or similar setup capable of transmitting. This cheap USB2VGA device and the published sample code will allow us to broadcast FM radio, DTV television using the European DVB standard , a fake GPS satellite signal or simulate a UMTS base station. This can be used for practical jokes such as interfering with a co-worker’s radio or for malign purposes such as cheating GPS receivers used to track valuable merchandise or get . ships lured off-course fl2k demo gps-sdr-sim Although the power output is low, it is more than enough to hijack an FM radio a few meters away, or impersonate the signal from a GPS satellite that normally emits a low power signal thousands of kilometers away. So beware the unlicensed broadcast on most frequencies may be illegal in your country. It is the responsibility of the end user to ensure that he performs his tests within the legal limits. The idea of using VGA adapters as a transmitter has a long history.In 2001 Erik Thiele released , which transmits a signal that can be received with an AM radio. Some time later Fabrice Bellard used an ATI Radeon 9200SE to transmit DVB-T, PAL and NTSC video signals. Later in 2009, Bartek Kania published VGASIG, which allows to transmit wideband FM radio in realtime using SDL and a regular graphics card. But all of them were ugly hacks, not having the ability to transmit arbitrary signals like making a true SDR until now. In addition, VGA ports are becoming less common in laptops and desktops. Tempest for Eliza However Osmo-fl2k allows to use USB 3.0 to VGA adapters based on the Fresco Logic FL2000 chip, which are available for around $15, as general purpose DACs and SDR transmitter generating a continuous stream of samples by avoiding the HSYNC and VSYNC blanking intervals, thus becoming a real general purpose SDR transmitter. The frequency range depends in the capabilities of the USB 3.0 controller that our computer has. In the tests of Steve an Intel Corporation 8 Series USB xHCI HC (rev 04) reaches 157 MS/s so it is possible to transmit practically from 0–157 Mhz. But since our VGA does not have any type of filtering, it is possible to use the harmonics as any 150 Mhz transmitter will also TX on 300 Mhz, 450 Mhz and so on. In this way Steve has shown that it is possible to simulate a 900 Mhz GSM/UMTS telephone base station or spoof the GPS signal at 1575 MHz, transmitting on a lower frequency that has a harmonic at the appropriate frequency. GSM Network Spoofing The GSM Base Station it’s TX only so you can’t do a handshake and cellphone register; but the fact it’s precise enough to transmit a broadcast frame that a handset can decode is pretty impressive. You can still couple it with a RTL- and monitoring the uplink frequency for a cheap . SDR receiver dongle gr-gsm Stingray-like cellphone detector/tracker device Only devices based on the Fresco Logic FL2000 chip are supported. Typically they are branded as generic “USB 3.0 to VGA” adapters, and are advertised with a maximum resolution of 1920 × 1080 for USB 3.0. Beware: If they are advertised with 2048 × 1152 maximum resolution and support for Mac OS X, or only have a USB 2.0 interface, they contain a DisplayLink chipset and are with osmo-fl2k! not compatible Warning: you can find FL2K dongles without brand cheaper than $10 but they are useless since they do not usually carry the needed USB 3.0 traces, requiring . a complex hw modification to restore its operation The best way to determine if a device is compatible is to obtain the manufacturer’s driver download and verify that it has references to Fresco Logic FL2000. One of these devices is the . It can be found at $15 dollars in usual Chinese online stores like Gearbest or . Maiwo KCB003 Dealextreme MAiwo KCB003 FL2K based VGA dongle. Compiling and running Osmo-fl2k Download Source code is available from git.osmocom.orgweb access: http://git.osmocom.org/osmo-fl2k #In order to compile and install the code, you first need to install #the libusb headers if not already present and sox pv tools for FM # On distributions based on debiansudo apt-get install libusb-1.0-0-dev sox pv #Then you can continue with: git clone git://git.osmocom.org/osmo-fl2k.gitmkdir osmo-fl2k/buildcd osmo-fl2k/buildcmake ../ -DINSTALL_UDEV_RULES=ONmake -j 3sudo make installsudo ldconfig #Before being able to use the device as a non-root user, the udev #rules need to be reloaded: sudo udevadm control -Rsudo udevadm trigger Quick test that uses your Fresco Logic 2000 dongle to send out FM radio signals. You can then hear computer generated music in your radio. To transmit the audio output as mono Wide Band FM at 95 MHz, you can use the following command: pacat -r -d alsa_output.pci-0000_00_1b.0.analog-stereo.monitor | \pv -B 256k | \sox -t raw  -r 44100 -e signed-integer -L -b 16 -c 2 - -c 1 -e signed-integer -b 16 -t raw - \biquad 4.76963 -2.98129 0 1 0.78833 0 sinc -15k loudness 5 | \fl2k_fm - -s 130e6 -c 35e6 -i 44100 Although the examples work at a very short distance without the need to connect anything to the VGA port the range of the signal can be increased by connecting an antenna-like cable to the red pin (Pin 1 of the three-row 15-pin VGA connector). The ideal lenght is the size that is a quarter of a wave of the chosen frequency. You can calculate it . using this website Once you have the FM transmitter running, you can move on to other more complex modulations using FL2K-examples (FM-RDS, DAB, DVB-T, GPS, GSM, LTE, UMTS) https://github.com/steve-m/fl2k-examples Before transmitting any signals with an FL2000 device, Steve is strongly suggesting that you check the resulting spectrum with a spectrum analyzer, and apply proper filtering to suppress any but the desired transmit frequency to comply with local regulations. Credits: This article is based on the the original “Tempest for Eliza” concept by Erik Thiele , OsmoFL2k software from Steve Markgraf and GPS spoofing demo from mars999mini.

Osmo-FL2k: A $15 DTV transmitter, FM radio hijack and GPS Spoofing device.

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Deauthentication attack and other ‘wifi hacks’ using an ESP8266 module.

10 Geolocation Service Alternatives to Google for Backend Implementation

3 Easy Ways to Share Your Location on an iPhone

Five Startup Resources to Scale Your Startup's Location Based Technology

A Brief Overview Of GPS Tech

A GPS Successor Could be the Killer App Blockchain Needs

Deauthentication attack and other ‘wifi hacks’ using an ESP8266 module.

10 Geolocation Service Alternatives to Google for Backend Implementation

3 Easy Ways to Share Your Location on an iPhone

Five Startup Resources to Scale Your Startup's Location Based Technology

A Brief Overview Of GPS Tech

A GPS Successor Could be the Killer App Blockchain Needs

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps