Hacking, HAM Radio (EA1IYR), DSP, physics and more

BatchDrake's blog

CTS @ 2020 - Write-up (I)

It’s been a while since the last time I participated in any kind of CTF, but recently a new radio hacking-related contest came up and I couldn’t help it but participate with the Spanish team ID-10-T. Yep, I’m that basic. According to the organizers, Capture The Signal (CTS) was a new challenge-based CTF that focuses exclusively on the reverse engineering of radio signals, organized by renowned community radio-hackers for researchers, hackers, and practitioners in the field. The interesting aspect of this contest was that it could be performed remotely, using a set of tools provided by the organizers to download the I/Q samples (standard little endian 32-bit IEEE 754 float) direcly from the contest servers by means of the message-passing library ZeroMQ. Due to this particular setup, in which multiple participants had to have access to the signals in the same server, frequencies were mapped to ports. Therefore, tuning to a signal will be a synonym for connecting to a ZeroMQ port. Using ZeroMQ for remote signal access was not arbitrary: GnuRadio offers native ZeroMQ support with its RF Over IP module, and the organizers themselves insisted that the whole CTS could be performed using the legacy GnuRadio 3.7, although other tools could be used too (at least in the simplest challenges).


Automatic GRAVES monitoring with QStones

After some good feedback from my post about GRAVES and stonealert, I decided to invest some time on cleaning the code and providing a more handy user interface for the whole thing. Since I have been postponing Qt for years now, I decided to get rid of my prejudices and code a bit in C++. I named the result QStones, a Qt GUI for the algorithm discussed in my previous post, based on Suscan core library (yes, now it is also a library!) and Gqrx’s plotter widget (I have no shame, I know).


Measuring mesospheric winds with GRAVES

Last weekend I managed to plug the J-Pole antenna I built this summer to my recently acquired Yaesu FT-817 and tune it to hear GRAVES radar reflections at 143.050 MHz. But, what is GRAVES, to begin with?

GRAVES is a French space surveillance system, consisting of a bistatic radar in which the transmitting station uses 4 phased arrays covering 180º of the south of France. Each phased array scans a 45º-width sector simultaneously along with the others, with a horizontal beamwidth of 7.5º and discrete angle steps (6 in total). A full scan cycle takes 19.2 seconds before restarting again.


Demodulating NTSC for fun and profit (IV)

In the previous post we managed to frequency-demodulate the video signal, putting the black level around 0. However, we concluded that since the baseband signal amplitude was unknown, it was impossible to universally map the luminance component to the right gray level: factors like signal bandwidth, sample rate or simply the baseband gain of the transmitter’s FM modulator will strongly affect the white and sync pulse level.

Before getting to the synchronization stage, we need to stabilize the signal amplitude in order to unambiguosly map each signal level to a given gray level. This operation is performed by the AGC block.


Playing with one instruction set computers

After a fruitful conversation with SkUaTeR few weekeds ago, I discovered the wonderful world of OISCs (One Instruction Set Computers).

OISCs refer to (usually virtual) machines whose instruction set architecture is composed by only one instruction. The cool feature about these machines is that they are Turing complete, and therefore can be programmed to become a universal computer.

The single-instruction architecture we discussed was based on the RSSB instruction and follows a Von Neumann architecture (this is, data and code belong to the same address space).


< >