lima 289 days ago [-]
> This alone is impressive, but [Ted] isn’t done yet. He realized that this method of transmission was generating some strong frequency harmonics which extended far beyond the theoretical maximum 1 MHz frequency of his UART SDR.

i.e., blast noise all over the spectrum. There's a reason why real transmitters are more expensive than a serial port adapter.

This kind of RF pollution is illegal for obvious reasons and if you manage to disrupt something important (emergency frequencies, mobile networks...), it's gonna be expensive.

Don't try this at home!

jimmytucson 289 days ago [-]
I don't think transmitters are made artificially expensive to keep out the newbs. As you said, it's illegal.

And if you're a newb (like me) interested enough to try this at home, you might have read to the end of the article where it states:

> DISCLAIMER: It should go without saying that you should never transmit on any frequencies or at any power levels for which you are not authorized by the local governing body, but I guess I just said it anyway.

jimnotgym 289 days ago [-]
Transmitters are not even expensive. A Baofeng is around $20. Some CW kits are $5.
subway 289 days ago [-]
Those cheap Baofengs will spew harmonics too. Quality transmitters do get a bit more expensive than the stuff that mostly-works.
poizan42 289 days ago [-]
But he doesn't have any amplification. Nothing is happening here that doesn't happen already with normal use of the UART. If what he is doing here is illegal then the RF pollution from using the UART normally would be too.
Animats 289 days ago [-]
It's an "intentional radiator", in radio terms.[1]

It's very easy to build something that blithers all over the RF spectrum by connecting a digital signal to an antenna. Hook a square wave to an antenna and you're going to get lots of harmonics. This is generally considered a bad thing.

In the early days of digital electronics, a TRS-80 Model I home computer and a Milton Bradley Big Trak toy car would both crash if near each other. Strict regulation of RF emissions, and good protection on the input side, is why we can have so many digital devices without everything randomly crashing.


bluGill 289 days ago [-]
He didn't say this, but I suspect that his antenna was that specific length for rf reasons - wires work best as antennas when their length is some multiple of the wavelength. (ask an rf engineer if you want details, I'm close enough for discussion but all rf engineers will cry when they read that)
wglb 289 days ago [-]
Multiples of 1/4 wavelengths, and if built properly 5/8 wave.
naikrovek 289 days ago [-]
... but 5/8 isn't a multiple of 1/4, Or is that not what you meant?
wglb 289 days ago [-]
Right. I should have added more detail. Multiples of 1/8 also work.

Now, you can actually make almost any length work with proper tuning circuitry, but the ones mentioned are the most effective.

lima 289 days ago [-]
Also, there's a big difference between random noise and a modulated signal on a specific frequency, with a matching antenna.

One of those is noise, the other one is a transmission.

andyidsinga 289 days ago [-]
there is an antenna - just a wire - but that changes the equation a lot relative to what a normal UART does has part of a system that already meets FCC (or other) regulatory standards.

I'm curious about the gain of the antenna and what consideration has been made re trasmit wavelength and the antenna wire length.

poizan42 288 days ago [-]
I think other commenters have already sufficiently explained this, but just to make it clear: Any wire functions as an antenne, also in a normal circuit where it is connected to something. The length of the wire will cause more radiation from some frequencies, but some designs will have wire length that matches some of the frequencies emitted by the regular communications performed (probably most of them actually - you rarely send random noise over your serial communication channels).
andyidsinga 288 days ago [-]
Yep - I totally understand that. I wasn't commenting on wires ability to act as antennas in general - I was commenting on the addition of this wire to the UART for the purpose of wireless comms.

That addition is what makes your original point wrong : "Nothing is happening here that doesn't happen already with normal use of the UART"

gsich 288 days ago [-]
I doubt the gain of a jumper wire is enough to cause any "damage".
andyidsinga 288 days ago [-]
You might well be right on that. "damage" would be good to define in general for these kinds of things. I'm guessing the FCC regs talk about this to some degree.

So, reality is, this is likely very low-power and likely low-impact experiment and likely not cause a lot of issues with nearby devices that are designed to accept all interference and continue to function or fail gracefully.

But IMHO, it is a good idea for anyone doing these kinds of experiments to think a little bit about RF design and the impacts devices might have ..hence my other comment about the value of HAM technicians license & training (which is fun and pretty easy).

wedowhatwedo 289 days ago [-]
He connected an antenna to it. That's what makes it illegal.
crankylinuxuser 289 days ago [-]
Ugh. It's not by default "illegal", unless it provably violates Part 15.

Has a Part 15 assessment been done yet? Have we analyzed power emission levels to assert that this thing is indeed 'breaking the law'?

Has this device been checked by the FCC for spurious emissions during normal operation? Did it pass, or is it chinese jank uncertifiable garbage?

Edit: C'mon downvoters. If you make a claim that it's "Illegal", you need to have some sort of proof that its the case. And I'm not immediately seeing it. Further research? Sure.

wglb 289 days ago [-]
This is mostly correct, except for FCC exceptions for stuff you build yourself. For example, it is legal to broadcast on the FM band if your signal meets certain signal strength criteria. Also, the FCC itself doesn't do assessments, they are done by independent (expensive) labs.

But the rest of what you say is correct.

walshemj 289 days ago [-]
If it breaches the power limits I think it is illegal - same as if you used a high power wifi access point with a high gain antenna.
poizan42 289 days ago [-]
He connected a regular wire to it... That's kinda how you use a UART.
EarthIsHome 289 days ago [-]
The wire is being used as an antenna. When you use UART, you have the other end of the wire terminated with another circuit. (i.e. The energy goes to into the connecting circuit.)

Because the wire ends at an open circuit, the currents on the wire radiate, turning the wire into an antenna.

tjohns 289 days ago [-]
Wires connected to a closed circuit will radiate too, if you drive them at high frequency. Maybe not efficiently, but it'll still radiate. There's nothing special about an open circuit that makes an antenna work.

Shielding (e.g. coax, or a properly grounded enclosure) is what prevents ordinary wires from becoming antennas.

StillBored 289 days ago [-]
Normal rs232 is run through shielded cables as well. It was standard practice to wire the d-sub connectors to the cable shields. The wires themselves may not have been shielded, but the cable was shielded against being an antenna.
tyingq 289 days ago [-]
Sometimes. Plastic DB9 to unshielded RJ12 is pretty common.
poizan42 289 days ago [-]
> When you use UART, you have the other end of the wire terminated with another circuit. (i.e. The energy goes to into the connecting circuit.)

The other end is likely a MOSFET with an input impedance on the order of 10 GΩ...

xtf 289 days ago [-]
And it's nothing new.

Same is possible with Raspberry Pi GPIO:

lima 289 days ago [-]
We measured the output of that exact experiment at our local ham radio club and it was horrible, harmonics and noise all over the spectrum.
andyidsinga 289 days ago [-]
THIS! -- I was hoping a ham would chime in here :)

For anyone looking to do experiments like this - which are really cool to do - getting the ham technician licenses is pretty easy and very educational!

jimnotgym 289 days ago [-]
The harmonics are above the transmission frequency, so a low pass filter is normally all that is needed to clean this up.

There is a project that uses a Raspberry pi to transmit from is GPIO

To use a home built transmitter you need amateur radio license, no matter what.

jimnotgym 289 days ago [-]
I got called away while writing this earlier and rushed my last point which is clearly wrong. It is too late to edit.

Instead: To use a home built transmitter you need amateur radio license, except in certain specific low power situations. To comply with those situations would be difficult without specialised test gear.

wglb 289 days ago [-]
Not true. Low power FM and AM stations are allowed.

lima 289 days ago [-]
And there's ISM bands as well. However, all of these unlicensed bands have strict limits.

For any of the fun stuff, you need an amateur radio license :-)

andyidsinga 287 days ago [-]
> However, all of these unlicensed bands have strict limits.

This is absolutely key here - even in unlicensed bands one cannot just start using the spectrum without careful consideration of regulations for that spectrum.

When I was working in the 902-928 Mhz (FCC and similar) and 860s (for ETSI) for RFID we had to do a lot of work to ensure our transmit power, power ramp up, frequency hopping and listen before talk were all implemented properly and demonstrable for certification. It was not trivial.

vvanders 289 days ago [-]
Only for amateur bands. ISM, 2.4Ghz and 5Ghz along with a few others don't require a license.
rkachowski 289 days ago [-]
From the article, the effective range seems to be around 10 feet.

IIRC you are generally permitted to use whatever frequency you wish within a very limited radius as long as it is for "research purposes"

Edit: this last point is wrong, as mentioned below exemptions seem to apply for certain frequencies with a low powered device

wedowhatwedo 289 days ago [-]
Can you quote the FCC regulations that make this transmitter legal? (I'm assuming American law, the law in other countries obviously vary)
ac29 289 days ago [-]
The FCC regulations are very long, hard to understand, and occasionally contradictory - I know, I work in the industry. The closest section of the law that comes to mind is for very low power (typically under 1mW) devices that do not require the user to have a licence. These are so called "part 15" devices, which refers to the Code of Federal Regulations (CFR) Title 47, Part 15.

While the user of these sorts of devices doesn't require a licence, the device itself needs to be certified, so that, among other things, it doesn't spew noise all over the RF spectrum. This device wouldn't pass.

There are also experimental licences that can be held by businesses such as RF equipment manufacturers that allow for using equipment that hasn't yet received FCC approval. They are usually band restricted, geographically restricted and power restricted, and you must take care to not have high levels of spurious emissions.

edit: Here's a PDF explainer on Part 15 devices:

289 days ago [-]
zoobab 288 days ago [-]
I don't live in the United States, and I don't give a damn about the FCC.
andyidsinga 288 days ago [-]
You should - many regulators around the world are modeled after FCC. When I was doing regulatory test work for RFID readers (which were transmitting at 1W ) IIRC Canada, Korea and Japan were very similar to FCC.

Additionally - if you are in Europe - regulations are defined by a body called ETSI ( For RFID these regs were quite different from FCC - we had to do listen before talk and a variety of other things to ensure compliance.

jstanley 289 days ago [-]
You can see from gqrx that his rtl-sdr can barely pick this up when it's 6 inches away on his desk. Somehow I don't think this is causing a significant amount of harmful interference. (Admittedly it is quite a distant harmonic - the actual signal will of course be stronger).
wglb 289 days ago [-]
Not true. See

Doesn't require factory built, does not require license.

cheschire 289 days ago [-]
Not being deeply into signals geekery, I had to lookup SDR. I believe the article is referring to a Software-Defined Radio.

Animats 289 days ago [-]
(Not a Surveillance Detection Route.)

Actually, this is a class D transmitter. Minus the usual output filter to eliminate the higher harmonics. Look at that spectrum chart. The second and third harmonics are huge!

It's quite possible to build something that will turn a square wave into a clean sine wave, and you need that. You can also generate waveforms digitally that have weaker higher harmonics, which means the output filter is simpler. There's something called a class E amplifier, which is like a class D but with an unusual analog tank circuit on the output end to clean things up.[1]

A device like this with no output filter is an annoyance, not a communications device.


codeulike 289 days ago [-]
veli_joza 289 days ago [-]
The SDR they talk about in article introduction is specifically using cheap USB TV tuners in combination with open source software to capture various signals. The list of applications is really impressive:
sorenjan 289 days ago [-]
Reminds me of using an output pin on Raspberry Pi to transmit FM radio:
rlonstein 289 days ago [-]
Reminds me of abusing the CRT on the TRS-80 to play "music" on an AM radio. Except we were kids and had very little idea what we were doing.
dogecoinbase 289 days ago [-]
Tempest for Eliza is an cool old piece of code to play mp3s over your CRT via AM:
sokoloff 289 days ago [-]
Used to good effect to in one step program and test the Kickstarter "Public Radio" devices. I thought that was neat:

th0ma5 289 days ago [-]
If you want to filter these signals, and are a ham, I use these on my Raspberry Pi and have been heard all around the US daily, and also across both oceans a few times without an amp.
BuildTheRobots 289 days ago [-]
USB serial dongle? pah, use the system-bus on the motherboard ;)
devereaux 289 days ago [-]
Now that is rad!
krenzo 289 days ago [-]
As mentioned in the first sentence, the RTL-SDR project is out there. You can easily buy a $20 USB Software Defined Radio with software that will handle everything for you and lets you play around with an SDR:
squarefoot 289 days ago [-]
For roughly the same price there are some DVR boards that could be converted to SDR operation once they're hacked. They already use embedded Linux although no source is provided.

rhinoceraptor 289 days ago [-]
You can also get HackRF clones, for about $100:

squarefoot 288 days ago [-]
Yup, I know the HackRF. Being too old to write Santa a letter I'm already saving money for that gift:).

Anyway my point was that those cheapo DVR boards are just asking to be repurposed for other tasks, SDR is just one of them, that chipset specs are interesting.

Here are some firmware files for a few models, hopefully compatible with that one. Binwalk-ing them shows they're normal ARM Linux images.

wglb 289 days ago [-]
And you can have some serious fun with this with a not-very-powerful computer.
heywire 289 days ago [-]
Sounds like an interesting approach to data exfiltration on an air-gapped system, provided the right pieces are in place.
apo 289 days ago [-]
It sounds interesting. Beyond controlling RC vehicles, what would be some applications of software defined radios (SDRs)?

By the way, it looks like a USB-VGA dongle can be manipulated in a similar way:

dfox 289 days ago [-]
We used to half joke that graphics card is in fact nothing more than very good and cheap DDS signal generator.

And as for SDR applications: most of modern radio devices use software defined radios and many modern radio interfaces cannot be reasonably implemented in any other way.

krallja 289 days ago [-]
AM & FM audio transmission

Amateur TV

Ham radio

Point-to-point communication

Radio telescopy

Receiving satellite signals

Lots of opportunities to reverse engineer existing signals

jedimastert 289 days ago [-]
A YouTube channel called The Thought Emporium has a series about using a sdr called the HackRF to make a radio telescope and a satellite receiver for a few weather sats.

entity345 289 days ago [-]
There are not many commercial applications because it is usually much cheaper to implement in hardware and flexibility is not important.
IIAOPSW 289 days ago [-]
Well now we know what radio waves are produced by 0x55. How about other characters? I'm willing to bet that everyone's wired keyboard is an SDR so to speak and a well placed receiver can keylog you.
wiml 289 days ago [-]
Sure. A classic article from 1990:

An interesting thing from reading about practical experiments in EM eavesdropping is that it's not just the obvious emanations that you have to worry about. Your sidechannels have sidechannels. In that paper, for example, the actual communication radiates and can be received in the shortwave band, but also a frequency-modulated version of it appears in the FM radio band. Presumably a bit of power-supply droop is modulating a local oscillator causing it to transmit a clear signal.

bluGill 289 days ago [-]
Most keyboards don't have an antenna attached. While you can keylog a keyboard via emissions like this, you have to have physical access to the office to do so - at that point putting a usb keylogger inline with the keyboard is easier and more reliable. (or substitution your own keyboard with a real radio)
IIAOPSW 289 days ago [-]
>Most keyboards don't have an antenna attached.

What about meter long wire that runs from the keyboard to the back of the tower.

bluGill 288 days ago [-]
it is twisted pair. Not great shielding, but enough to make the signal weak.
anonymfus 289 days ago [-]
Why office? Imagine such keyloggers under tables in public spaces where people can put their laptops.
heywire 289 days ago [-]
I wonder how fast you could toggle the capslock LED... hmm
oh5nxo 287 days ago [-]
Via Xlib, with USB keyboard, 10 Hz starts to become uncomfortable, 10% in system time.

Had to test ! :)

madengr 289 days ago [-]
0xAA. Maybe 0x55,0xAA, ... for PSK.
hexagon5un 289 days ago [-]
This is so rad. It's like Tempest, but on purpose. And I love that he hammers it down by filtering out the fundamental and transmitting over 10 feet.
zoobab 288 days ago [-]
RF hackers should have their own country:

"Zooland is a new country where there are no regulations on electromagnetic transmissions.

Those regulations are from the past and stifle innovation and development in RF technologies.

They also encourage expensive communications.

Current RF regulations are a pure spacial and economic waste."

ngcc_hk 289 days ago [-]
Still remember doing some programming on ICl terminal and a colleague bought a radio controled car for fun. Then we found out these car will be taken over by the terminal.

Not very impressed then as we are sitting there nights and days.

StillBored 289 days ago [-]
This is just the RF version of the apple ][ speaker playing audio. Toggle a binary pin attached to something analog fast enough and you can approximate a signal (plus a ton of harmonics).
rsp1984 289 days ago [-]
Can someone with understanding of the matter ELI5 why this matters?
Fordec 289 days ago [-]
Without having to hack and/or expose I/O pins, anything with a USB port that can run the open source code can be given wireless communication capabilities with a very common and cheap chip
sokoloff 289 days ago [-]
With the tradeoff of being incredibly disruptive to the RF spectrum (and therefore strongly ill-advised for use in a product)
sokoloff 289 days ago [-]
It doesn't really matter that much in any practical sense; it's just kind of cool.
289 days ago [-]
walterbell 289 days ago [-]
Hacking an object designed for A, to do B.

See: MacGyver

emilfihlman 289 days ago [-]
How is this different from an AVR reading values from uart and banging ports?

It's not.

289 days ago [-]
vtesucks 289 days ago [-]
I have a converter that I plug into my USB socket and then I can plug my old style keyboard into this converter. Is that what is being talked about here? The picture looks different.
jablan 289 days ago [-]
Not sure what is inside of one of those keyboard adapters, but this is something called a serial adapter (or, more precisely, UART adapter). It is usually used to program microcontrollers (read Arduinos), so everyone dabbling with those (typical audience of probably has at least one at home, they cost like $2-3.
sand500 289 days ago [-]
What you are talking about is the USB to PS/2 converter. The "serial" they are talking about is UART. Something like this which is quite common for hobbyists to own already: