Great talk. I like it how he did not stop once the signals were decoded, but used all kind of plotting software to give nice views.

radio waves are so fascinating and something we rarely ever even think about but yet we use in every aspect of day to day life

Thoroughly enjoyed even after 6yrs of publication. 👏👏✌️

Balint is my hero

wonder how not everybody just commented to this one?! this guy is a crazy scientist he got serious brains on that stuff I impressed!

When you mentioned _"came in with a B-210"_ ... I'm just old enough to think of a certain 1970s era *Datsun* (before it was rebranded as _"Nissan'.)_ Now all we need is for someone to hack _Microsoft Flight Simulator_ to import realtime ADS-B data ...

A wired mic would have been a better idea imo. So interesting though, great to watch!

Thanks a lot for this SDR hands on !

good group of lads, good effort to amuse your coworkers

Airplane text messages: "RIGHT ENGINE IS ON FIRE. LOL JK." Why does that guy have to interrupt to ask a stupid question? Last I checked he's not the only person in the audience. Good for him putting him in his place. That's my $0.02 and I hope that guy reads this post.

Bálint. It's a Hungarian name 😍 🇭🇺 Like Csíkszentmihályi Mihály 😍

The RDS encryption cracking is extremely clever, but I can't help thinking that it was a little bit unnecessary. You already have decoders available - the nav system of any suitably equipped car. Isolate its receiver from the normal wavebands (disconnect the aerial, shove it in a faraday cage...) and pipe synthetic RDS signals into it direct from your SDR transmitter. For each encoding period, just exhaustively run through each combination of encryption key and location code, and set up a camera and OCR system to scrape the generated locations off the screen. Before too long you'll have a nice database of what location comes out when it's fed a certain key and location on a particular day, and can then apply some simple filtering / sorting to spit out a list of what sets of input data correlate to each location or vice versa. You can then either apply decryption to that dataset if you like, or just use it as a lookup table. OK, so the actual search space will be somewhere in the millions (16 bits + 5 bits + however many bits for the period = probably at least 24 bits overall), which might imply it'll take some time simply generating the data depending on the reaction speed of your system, but it's not a particularly large data space for any modern system (say each location averages 32 characters, and you have 16 million of them, that's a modest 512mb memory card). And even if you just use it as an incomplete source of data for decryption, maybe only pulling a couple thousand period-key-code + location output pairs out per day, it gives you a vastly increased spread of ciphertext plus ersatz plaintext to compare against, even if there's an additional job of work in coming up with what the actual decrypted locations are (...but knowing those is only really useful if you have direct access to a database, e.g. a ~512kb ROM inside the radio, that takes that 16-bit value as an input and spits out a, say, 32-character location name at the output; as that data is likely part of a larger system ROM, itself encrypted and signed if we take the example of the database SD cards that go in my own integrated satnav, you're probably better off just correlating ciphertext+key+period trios to human-readable output strings, assigning them your own arbitrary 16-bit code based on the initial order in which they appear, and figuring out which combinations you haven't yet had the time to run through will produce those strings in future). Rinse and repeat for each separate region. With a suitably distributed effort, maybe with several people in each area tackling a particular portion of that area's codespace, you could have the location codes for the entire US figured out pretty quickly and reduce the decryption effort to a simple rainbow table style lookup. NB of course it's probably a 1MB+ table in ROM that contains not only the road / location name but a pair of GPS coords (~24 bits per lat/long should provide more than ample ~1.5m / ~5ft accuracy, meaning an additional 12 bytes, leaving a somewhat less cramped 52 bytes for the ASCII name), for the start and end nodes, especially for long roads where you want to divide them into several segments, each inter-exit section of a freeway etc. That would require quite a bit more donkey work, most likely wholly human unless you're quite good at coding up soft AI systems, to manually correlate each ASCII name with the start/end points. Unless of course there's already a suitable database out there which one could refer to...? (I genuinely don't know, but I'd be surprised if there _isn't_ )

40:00 this would be a neat way to visualize/plot where all the airports in a particular area just by compiling enough data over a long period of time and letting it play... Just remove the green and every airport on the map is highlighted red.

I found the RF tags under a table at Panera bread, I think they may have gotten those tables from somewhere else. Let's just say that the table will never say goodbye or make you cry.

I'd have loved to have seen this without the time rush toward the end... However, fascinating one the less. George M1GEO.

Hello I'm new today :) glad I got told about this ♡

I'm glad you are on 'our side' - Ha, ha, ha, ha..... ;-)

As a technical person, I am impressed by the material. But as a citizen, I find it concerning. If one could transmit a false road report (the digital equivalent of "Aircraft crash into Golden Gate bridge - bridge closed"), GPS-directed traffic throughout the bay area could be stalled. This is more than a prank - it could cost lives (critical patients in ambulances), disrupt work (medical folks unable to get to work), etc., cost hundred of millions of dollars in lost productivity. Rail systems rely on track-side diagnostic equipment. Some of those use RF to communicate. Imagine that a false indication of a switch malfunctioning was sent. Commuter train traffic into and out of NYC's Penn Station could be halted. I suspect that there are fuel and natural gas pipelines with remote sensors using RF to provide status. Could a bogus status packet cause a shutdown of a natural gas pipeline (similar to the Colonial Pipeline incident)?

Superb presentation!

I test GM 2.17 Software with a BTS System, it was unbelievable..

Hello Balint, re 56:21: How can there be separate sets of waves from the reader and card as you have shown with red and green (yellow?) boxes on the scope screen shot if the card uses load modulation of each wave from the reader to send a coded response back to the reader?

Just awesome, great job Balint!

Interesting presentation :)

Balint = Brilliant

I was impressed until the end when it was thought important to listen to the transmission which drowned out his voice.

Hello I have a hackrf one portapack do you have a link to make the parameter thank you

My brain exploded. Then I ordered an Rtl SDR board for 20 bux

WOW Thank you for this vid this is exactly what i needed to know! :D

That encryption scheme - maybe the _”Puzzle Palace”_ should take notes … Just kidding - sort of. Or maybe .. it’s so _”ridiculous”_ that it might be useful because no one would suspect such a naive implementation. (Or use something _”super secure”,_ like *ROT13.)*

Didn't quite catch that last bit at the end there...

He has such a nice boss

Unfortunately he skipped the better parts of the (prepared) talk. Good video however.

59:59 - 01:01:20 WAT? I can't hear you.

Can this get a 1g network working to play with a old bag phone

The sneeze at 32:56 haha.

I have the ADS-b software but where can you get the google earth program?

its like war driving for gsm and any hf in his car!!!.... (my head just exploded)

is it legal to use an airport's Primary Surveillance RADAR to build your own bistatic RADAR system ?!!

I wish to work with him..

What's the software?

Are any of the flowchart source available? I'd love to try the gsm/asterisk demo on a limesdr! Regarding the reverse engineering of the rf transmitter, how does this compare to Michael Ossman's Clock Recovery technique presented at GRCon16? His video shows a way of automating the data recovery given a bunch of recorded files. Finally, can gnuradio be used to transmit atsc? I'd love to test transmitting video and see if if my tv picks it up!

really wonderfull

Wonder how many viewers are Ham Radio ops? -- de M1GEO.

hola, me interesa como usar el radar primario de un aeropuerto para tener un radar personal usando la la señal de potencia de ellos , interesante , hay alguna novedad del proyecto?

Sure blame it on the nitrogen because the hydrazine isn't going to outgass.

NÅGOT ATT ENS HA?

Gray hat

yes tal k over the raw frequencies you derpleton

Up

portapack h2 mayhem

WOuld anyone be kind enought to point me in the direction of building a GSM network of my own for fun? THanks :)

i think i just had a stroke watching this video ....

Let's send bitcoin via SDRs!

My whole concern is... Why approach that question in that manner? I'm not qualified to speak on behalf on mathematics, although I was an A+ student in HS, trig, ap calc... I'd like to think that one has the capacity to resolve an equation from MULTIPLE angles of resolve. think Geometry.

OpenBTS

this was back in 2015? Interesting information just not presented very user friendly. Can't understand most of the stuff he talks about. Still is interesting.

i have a hacker doing this type of thing to my guitar amplifier, have you ever heard of that?

anyway, Malasian 370 is gone to black hole. ;-(

Yeah, this is bad in the wrong hands. Our property was stolen from us. i have been testing our phones and pcs and have found that we are still hacked connected to asterisk pbx system. U. S. army combat communications 31k, cellphone repair and installation, Central office equipment installation.

super but if you are student you dont have cash for such a super thing

That mic pop though

so expensive, my goodness

Officially it's illegal in the US to monitor cell traffic. Not sure why the FCC isn't all over him.

Very unorganized and hectic. He could've done better :/

The government should ban these sort of devices