Thanks so much to the Arsenal team at Black Hat USA hosting us – they’re a great group that always puts on such an interesting and fun event!
We had a great crowd for our Arsenal lab this morning, talking about reversing and logging tire pressure monitor (TPMs) sensors. If you were able to attend – thanks! If not, you can always grab the files from our GitHub:
https://github.com/paulgclark/arsenal_tpms
Thanks, and see you in 2025 for more training and labs!
A standard installation of GNU Radio 3.10 contains a vast array of functionality, but you can add quite a bit more with a few minutes of additional work. These Out Of Tree (OOT) modules expand the functionality of GNU Radio in ways that are valuable for people learning to use the software as well as experienced users. I provide a BASH script that installs these modules on my GitHub page, and recommend my students perform this installation before attending my classes.
The install script is located here, and you should definitely take a look it before running, as it does required admin privileges to run:
https://github.com/paulgclark/grc-install/blob/master/install_scripts/flabs_training_setup_24_04.sh
The script installs the following:
There are three steps for installing this on your Ubuntu 24.041 machine:)
First, install git if you haven’t already:
sudo apt install gitNext, change to the install scripts directory and run the BASH script:
git clone https://github.com/paulgclark/grc-install
cd grc-install/install_scripts
./flabs_training_setup_24_04.shWhen the script completes, reboot. Then click your login icon. Before entering your password and completing your login, click the little gear in the bottom right of your screen to select “Ubuntu on Xorg”:
Complete your login, and you’re done! You will only need to select Xorg once – all subsequent logins will default to Xorg unless you change it back.
All of the test flowgraphs are contained in the grc subdirectory of the grc-install repo you cloned earlier. Change to that directory before proceeding2:
cd ~/grc-installRunning the following flowgraph will test GNU Radio Companion, as well as gr-satellites and gr-reveng:
gnuradio-companion grc/gfsk_loopback_sim.grcAfter the flowgraph loads, click the Execute button in the toolbar (it looks like a Play ▶️ button). If the installation went well, you’ll see a stream of messages stating “It works!” in the bottom left console. You can close the execution window to kill the simulation.
If you have a PlutoSDR, you can test that hardware support was correctly installed by plugging in your SDR hardware, then bringing up an FM receiver flowgraph with:
gnuradio-companion grc/pluto/fm_rx_hw_pluto.grcRunning the flowgraph will bring up a window that allows you to tune the FM receiver. Use the slider to select the frequency of a station known to broadcast in your area3 to listen.
If you have a USRP SDR, you can test that hardware support was correctly installed by plugging in your SDR hardware, then bringing up an FM receiver flowgraph with:
gnuradio-companion grc/uhd/fm_rx_hw_uhd.grcRunning the flowgraph will bring up a window that allows you to tune the FM receiver. Use the slider to select the frequency of a station known to broadcast in your area to listen.
Foshpor is an incredible visualization tool, but it can be tricky to set up depending on your CPU and graphics hardware. To see if your installation has worked, you can run one of the following flowgraphs:
gnuradio-companion grc/fosphor/fosphor-pluto.grc
gnuradio-companion grc/fosphor/fosphor-uhd.grcYou may need to click the corner of the execution window and stretch it out to see the display properly:
TLDR: To add support for USRP and LimeSDR to a RadioConda installation on Windows, download and run the appropriate installers.
The rest of this post will provide a step-by-step process for adding USRP and LimeSDR support to RadioConda on your Windows PC as well as building a quick flowgraph to test the installation.
This walkthrough assumes that you have installed RadioConda on your PC. If you need to do so, check out my previous post.
Go to the RadioConda GitHub Page and find the hardware support section
Clicking the “UHD (setup)” link leads you down the page to the following:
Clicking the “from the Ettus site” link takes you to the Ettus support page:
We’ll be following the instructions shown there. Start by downloading the driver from the UHD wiki page link.
If using the Edge browser, your computer may try to block the download. Click on the downloads icon in your toolbar and direct your browser to keep the file. Then navigate to your Downloads folder (or wherever you saved the file) and extract the contents of the file.
Then open your Windows Device Manager by typing “device” into the start bar:
Make sure you don’t have your USRP hardware plugged in at this point. You may see a few devices listed in the category “Other Devices”:
When you plug in your USRP, you will see a new device appear in the “Other Devices” group, likely with the name Westbridge.
Right click on the new device and select “Update driver”
In the resulting window, select “Browse my computer for drivers”
Navigate to the location of the extracted files you downloaded from Ettus:
When asked if you would like to install the device software, click “Install.”
After a few moments, the driver installation will complete.
Return to your device manager, where the Westbridge entry should have been replaced by a USRP entry.
Bring up GNU Radio by typing GNU into the start bar or clicking the shortcut you’ve made
Create a flowgraph as follows:
Attach your USRP to the PC via USB. After executing the flowgraph using the Play button in the toolbar, you should a live frequency plot several FM broadcast signals. The specific frequencies you observe will be different depending on the FM broadcasts in your area.
Although the RadioConda GitHub Page recommends using the Zadig software to install USB drivers, I had trouble getting this to work. Instead, I followed the instructions on the LimeSDR support page at MyriadRF. This directed me to the FTDI Driver Download page. Click the FTDI link scroll down to the Windows drivers. Select the “setup executable” and save it.
Double-click the saved installer and follow the dialog prompts.
Bring up GNU Radio by typing GNU into the start bar or clicking the shortcut you’ve made
Create a flowgraph as follows:
Attach your LimeSDR to the PC via USB. After executing the flowgraph using the Play button in the toolbar, you should a live frequency plot several FM broadcast signals. The specific frequencies you observe will be different depending on the FM broadcasts in your area.
TLDR: To install GNU Radio on Windows, just install RadioConda and the drivers for your SDR. Create a shortcut, double-click, and you’re running GNU Radio Companion! For hardware support, simply install the drivers for your platform.
The longer version of this post will provide a step-by-step process for using RadioConda to install GNU Radio on your Windows PC as well as building a quick flowgraph to test the installation. I’ll also show you how to enable support for the following hardware:
In addition, I’ll introduce Python virtual environments in general, Conda more specifically, and Radioconda more specifically than that.
These are configurations for your computer that include a specific version of Python as well as a number of applications, packages, and dependencies. What’s great is that none of this is installed on your machine itself! You can enter the virtual environment, execute applications, and then exit the virtual environment. Upon exiting, your operating system will return to the state it was in prior to entering the virtual environment.
Conda is a powerful management tool for virtual environments. You can use it to create any number of Conda environments, and use very simple commands to install hundreds of packages.
Mamba is essentially an optimized, higher-performing version of Conda (stuff installs faster).
Finally, we’ve arrived at the tool we’re going to use! RadioConda is based on Conda, but its default configuration includes a ton of SDR-specific packages, such as GNU Radio, RF apps, SDR hardware support, and many key out-of-tree modules. Installing it on your Windows, Linux, or Mac machine will give you an enormous amount of SDR software. And like any other Conda environment, you can enter and exit it at will, leaving your core operating system unaffected.
Navigate to the RadioConda GitHub Page:
Download the Windows installer. If using Edge, you may be temporarily prevented from completing the download. If you click on the downloads button on the upper right, you may see this warning:
Click on the three dots to select “Keep”
And then confirm by selecting “Keep anyway”
Your download should then show as complete
Double-click the installer
Agree to the license
Choose the scope of the installation (“Just Me” is good for most users, unless you want multiple users to have access the software on your machine)
Select a location for the installed files (or just click “Install” to accept the default)
The install will take a few minutes. Click “Next” when it completes
Then click “Finish”
You can now access GNU Radio Companion from your start bar by typing “gnu”
It’s a good idea to click “Pin to taskbar” if you want easy access
Go back to the RadioConda GitHub Page and find the hardware support section
Clicking the “HackRF (setup)” link leads you down the page to the following:
Clicking the “Install the WinUSB driver with Zadig” link moves you further down the page to this:
Clicking the “Zadig” link takes you to this site, which hosts a general purpose USB driver for windows devices
Scrolling down a bit, you’ll find a download link for the most recent version of the driver. Note that the advertising on this site is… extensive… and that there are may be several other links appearing to be downloads. The “Zadig 2.9” link below is the one you want (although the version may have changed by the time you read this post)
Double-click the installer, and allow it to check for updates online
Then click “Install WCID Driver”
Go back to the RadioConda GitHub Page and find the hardware support section
Click the “libiio (setup)” link, which leads you down the page to this
Click the link to download, then run the installer, accepting the license agreement
Confirm (or modify) the install location
Then confirm to begin installing
This brings you to an installer wizard, at which you click “Next”
Confirm install from Analog Devices
And Finish
Bring up GNU Radio by typing GNU into the start bar or clicking the shortcut you’ve made
On the first attempt, I’ve seen a glitch where only a blank window appears. In that case, close the blank window and try again. You should then see the GNU Radio Companion interface.
Create a flowgraph as follows:
Attach your HackRF to the PC via USB. After executing the flowgraph using the Play button in the toolbar, you should a live frequency plot several FM broadcast signals. The specific frequencies you observe will be different depending on the FM broadcasts in your area.
Bring up GNU Radio by typing GNU into the start bar or clicking the shortcut you’ve made
On the first attempt, I’ve seen a glitch where only a blank window appears. In that case, close the blank window and try again. You should then see the GNU Radio Companion interface.
Create a flowgraph as follows:
Attach your PlutoSDR to the PC via USB. After executing the flowgraph using the Play button in the toolbar, you should a live frequency plot several FM broadcast signals. The specific frequencies you observe will be different depending on the FM broadcasts in your area.
Hello Factoria Labs readers! As you may know, Black Hat USA happened earlier this month in Las Vegas. As well as teaching an in-person SDR class, I was also honored to present a hands-on project at the Arsenal Labs – we had a great turnout, as you can see from the picture.
My project was an end-to-end, RF reversal of a simple garage door protocol. Although the signal produced by the garage door remote was not terribly complicated, the project provided a full view of the reversing process, including:
If you caught my presentation and wanted to look at starter and solution projects, it’s all at:
https://github.com/paulgclark/garage_door
I’ve also included a PDF of the printed handout we had for Arsenal attendees.
If you’re curious, the garage door remote used in the lab was this model:
https://www.amazon.com/dp/B08RSDQKM9
Thanks for reading!
As some of you have noted, the installation instructions for gnuradio and HackRF contained in our Field Expedient SDR series no longer work. To remedy this I’ve created a set of installation scripts that automate nearly all of the steps required, updated for newer versions of gnuradio/uhd/osmosdr and supporting the Ubuntu 18.04 LTS.
The scripts install from specific releases and commits of the source code, so they should be much more stable than previous iterations of the instructions.
On an Ubuntu 18.04 installation perform the following:
sudo apt -y install git
mkdir -p install
cd install
git clone https://github.com/paulgclark/grc-install
cd grc-install/install_scripts
sudo ./grc_from_source.shcd install/grc-install/install_scripts./hackrf_from_source.shgnuradio-companion~/install/grc-install/grc/hackrf-test/fm_receiver_hardware.grc
~/install/grc-install/grc/uhd-test/fm_receiver_hardware.grcBy default the gnuradio install script installs version 3.7.13.5, the latest release before 3.8. If you want to try out the new version, simply type:sudo ./grc_from_source.sh 3.8
Note that the osmocom team hasn’t yet updated the blocks used for interfacing with the HackRF such that they work with version 3.8 of gnuradio. I’ve instead used Igor Freire‘s fork of their repository (actually, it’s his fork of Mickey Vänskä‘s fork of the osmocom repo). Thanks to both Igor and Mickey!
One of the big benefits of the PyBOMBS scheme we originally used in the book was the fact that it installs everything to a target directory under your home directory, rather than doing a global install to root-owned directories. The environment is then loaded with a simple call to a setup_env.sh script generated by the install process (which is automatically added to your ~/.bashrc).
This means if something goes wrong, you can just rm -r the target directory and delete a single line from your .bashrc file. You can then start over without worrying about the previous install polluting your environment.
I’ve preserved this scheme in the new scripts as well. By default the scripts will use the following directory for the target:~/install/sdr
If you want to use a different target, simply run the script with the new target directory as the second argument. If installing 3.7 this would be:sudo ./grc_from_source.sh 3.7 ~/install2
For 3.8, it would besudo ./grc_from_source.sh 3.8 ~/install2
This installation flow also allows you to easily keep multiple versions of gnuradio on disk. You simply install 3.7 to one target directory and 3.8 to another. You then enable the setup_env.sh file corresponding to the one you want to use at any given moment.
I’ve tested these scripts on numerous laptops and believe I’ve worked out all the issues with both Ettus and HackRF hardware. If you do have an issue, please let me know on GitHub or via email.
I believe it takes 4 days to learn the basics of software defined radio, even if you’ve never done a single radio-related thing in your life. Less than a week.
If you lay that solid foundation in SDR and gnuradio, you’ll be far more effective in your future endeavors, whether that’s:
Join us this August at Black Hat to get started with SDR. We have a two-day introductory class that’s perfect for beginners. You don’t need to know a thing, and you don’t need to bring a thing. You’ll use our laptops and SDR hardware. No pre-class installation homework, just show up and sit down. You’ll learn the basics of gnuradio, RF theory and SDR operation – which will enable you to build analog transmitters and receivers.
You can then move on to our Intermediate Digital SDR class, where we’ll work through all the stuff you need to build digital radios:
If you’ve already spent some time with SDR and know the basics of gnuradio, you can jump straight to the intermediate class. Feel free to contact us if you have any questions about this. We can also chat about our advanced classes in reverse engineering or gnuradio application development.
Hope to see you in Vegas!
Yesterday, I had the privilege of giving a talk about a project I’d been working on to the Wild West Hackinfest in Deadwood, SD. Over the last year or two I’d been wanting to build a clean radio communication system using SDR and gnuradio. There were a number of not-so-obvious things I’d learned over the years, and I thought releasing some code that implemented such a system could help out folks that may have been struggling with some of the same things that I did.
The project I settled on was an RF exfiltration system, with a host laptop sending commands to a headless Raspberry Pi 3 B+. The twist, however, was that each time the host requested data, it also told the xfil box how to send the data: what frequency, modulation scheme, preamble, etc. The goal was to be able to communicate in a manner that was as flexible as possible, even capable of changing the RF parameters with each transmission.
The code is still at “proof-of-concept maturity” but it should help you see how to get digital payloads from external Python code into a flowgraph (on transmit) and vice versa (on receive). You can see it all here:
http://github.com/paulgclark/exfil
I’m incredibly grateful to John Strand and all the folks who made the conference happen. It’s an awesome event with great people both running and attending. If you haven’t been, you should definitely go in 2019.
PS There was a camera running, so I’ll provide an update post when the video is posted.
Hello SDR fans. A long-standing wish of mine is to have a grc block that detects a preamble on an incoming byte stream and tags it with a fixed length. There has been a block in grc for a long time called the Correlate Access Code – Tag Stream (kind of a mouthful, I know) which almost does this but not quite. This original block scans the 32 samples after the preamble and tries to extract a frame length field, which it will then use for the tag value. That function is kind of neat if you’re building your own transmitter/receiver pair, but it doesn’t help when you’ve got a mystery signal on your hands that won’t have that header in place.
So for a while a worked around the issue. On short projects, I’d use the now-deprecated Correlate Access Code block, dump the data to a file and whip up a quick Python script to handle things (you can see some examples of this in Volume 3 of our book series). For more complex situations, I employ WaveConverter, which I built to extract and analyze large amount of payload data. Despite these options, I always wanted a simple grc-only method of quickly looking at payload data.
All of which brings me to the block I built, Correlate Access Code – Tagged Stream – Fixed Length (yeah, I didn’t really reduce the mouthful any). I simply created a new module and block with the gr_modtool utility and copied over the *.cc, *.h and *.xml files from the original block. I then cut out the header parsing and added a property for you to set the Packet Length. After a bit of debug and cleanup, I had a useable block, which you can grab from:
https://github.com/paulgclark/gr-reveng
The example flowgraph below shows how easy it is to use:
The new block allows you to detect the preamble and tag it such that the subsequent Tagged Stream to PDU block can convert the payload (and only the payload) to a Message PDU, which you can then print out with a Message Debug sink. The PDUs simply appear in the console window as you run your flowgraph.(I’m using the print input of the Message Debug block because I have ASCII data, but if you have binary data, you should use the print_pdu input instead.)
Note that you can also dump the message PDUs to a File Sink, which gives you a nice file containing only payload data, none of the preamble or inter-frame dead air. A couple lines of Python can read this file and extract each payload into a list, from which you can do all sorts of fun stuff.
I’ll be on the Black Hills InfoSec webcast tomorrow talking about all the things you need to know to get started with SDR. You can register for the webcast at the link below:
https://register.gotowebinar.com/register/3587817882602530306
Please bring your questions on SDR hardware, software, installation issues or anything else you can think of. See you there!