Monitoring the Spectrum: Building Your Own Distributed RF Scanner Array

Presented at 30C3 (2013), Dec. 27, 2013, 7 p.m. (30 minutes)

Software-Defined Radio (SDR) has increased in popularity in recent years due to the decrease in hardware costs and increase in processing power. One example of such a class of devices is the RTL-SDR USB dongles based on the Realtek RTL2832U demodulator. This talk will discuss my experience in building a distributed RF scanner array for monitoring and spectrum mapping using such cheap SDR devices. The goal is to help the audience understand the what, why, and how of building their own RF monitoring array so that they will be able to do it themselves. In this era of increasingly being ``watched'', we must be prepared to do our own ``watching''. Software-Defined Radio (SDR) has increased in popularity in recent years due to the decrease in hardware costs and increase in processing power.One example of such a class of devices is the RTL-SDR USB dongles based on the Realtek RTL2832U demodulator. This work investigates building and running an RF scanner array for monitoring and spectrum mapping using cheap SDR devices. The array allows for both RF sampling and power analysis to be split over multiple systems in order to increase capture and spectrum analysis capabilities. The system allows for "strong signal capture" as well as, simply, signal modeling with "strong signal alerting". Also discussed will be using the array versus USRPs and the issue of antennae for all of the devices. I will explain the mistakes I made in building the array and what I did to attempt toovercome such pitfalls. The code for running the array will be introduced and released for public consumption. In addition, while we target the RTL-SDR devices, we will discuss the feasibility of including non-traditional SDR hardware in the array, including non-Realtek tuner cards and inclusion of HackRF devices.

Presenters:

• Andrew Reiter (arr,awr)
  Andrew Reiter has been involved with security scene since the mid-1990s. He holds a B.S. and M.S. in Mathematics from UMASS-Amherst and currently works as a Security Researcher for Veracode, focusing on static analysis. In a past-life he was a committer for the FreeBSD project and, in an entirely different life, he was a member of w00w00 security development. Andrew Reiter has been involved with security scene since the mid-1990s. He holds a B.S. and M.S. in Mathematics from UMASS-Amherst and currently works as a Security Researcher for Veracode. In a past-life he was a committer for the FreeBSD project where he had interest in the SMPng and TrustedBSD development. In an entirely different life, he was a member of w00w00 security development and assisted with w00giving 1999. Prior to working at Veracode, he was doing vulnerability research for BindView and Foundstone and reversing at WebSense. Also, he did time for WireCache where he worked as a software engineer on a high performance embedded system. He has previously presented at Toorcon, CanSecWest, EUSecWest, Countermeasure, and Blackhat USA. His interests range drastically, but include reading about math, doing math, playing with RF, and reversing embedded devices.

Links:

• https://fahrplan.events.ccc.de/congress/2013/Fahrplan/events/5142.html

Similar Presentations:

• TROOPERS16 (2016) / Rapid Radio Reversing
• Black Hat Asia 2016 / Rapid Radio Reversing
• DEF CON 30 (2022) / Introduction to Software Defined Radios and RF Hacking Workshop