
Using USB-VGA dongles as SDR transmitter - edward
http://laforge.gnumonks.org/blog/20180423-osmo-fl2k/
======
apcragg
That's a neat party trick and all but abusing spurious emissions/harmonics to
broadcast in licensed spectrum without proper filtering is just plain
irresponsible. At low power, with an unmatched antenna those signals /
_probably_ / won't make it out of your house but it's not good practice to
spew harmonics all over the spectrum, especially GSM bands. I also can't
believe that they are working on increasing the TX power. Purposefully
emitting all over the spectrum is both iresponsible and illegal.

~~~
woah
If there’s a need for spectrum enforcement, then people should be out doing
it. There’s definitely enough money made from government granted spectrum
monopolies to pay for it!

The idea that you’re pushing here, that there should be varying degrees of a
radio equipment prohibition is anti-knowledge and only serves to strengthen
the spectrum monopoly businesses.

~~~
ThrowawayR2
> _If there’s a need for spectrum enforcement, then people should be out doing
> it._

At least in the US, there are already people doing it and anyone who gets
caught is subject to massive fines, e.g.:

[https://www.computerworld.com/article/2474412/data-
privacy/g...](https://www.computerworld.com/article/2474412/data-privacy/gps-
jammer-to-stop-tracking-messed-up-airport-navigation--driver-fired--fined--
32-000.html)

[https://www.engadget.com/2016/05/25/florida-man-
fined-48k-fc...](https://www.engadget.com/2016/05/25/florida-man-
fined-48k-fcc-jamming-cellphones/)

~~~
darkmighty
Those are intentional jamming devices, I hope unintentional sideband
interference wouldn't be treated remotely as harshly? The kind of power to
achieve this kind of jamming would be pretty large too -- I'd judge at least
50W (depending on the jamming bandwidth I guess). A few miliwatts from an SDR
transmitter isn't going to do much disruption. Not to mention there are pretty
significant interference sources from defective devices mentioned elsewhere --
cheap usb power supplies, defective lightning, and more.

That said, anyone should indeed be filtering their output unless transmitting
more than extremely low amounts of power (perhaps someone with radio
experience could give a hand of thumb? Up to hundreds of microwatts sounds
quite safe) as a matter of civility. Besides, you get to learn basic
electronics by building a simple passive filter!

~~~
Johnythree
There are two problems:

A few milliwatts can easily block the sensitive input of a Police Repeater on
the other side of town.

FWIW, your "Hundreds of Milliwatts" are routinely used by hams to communicate
world wide.

And no, a simple bandpass filter WILL NOT clean up this rubbish. Its output
spectrum is the base-band signal repeated over and over, all the way up to
VHF. It would take a very capable filter to pick out the single product
required. This is NOT the way to design a clean transmitter.

It will not only cause interference, but it will interfere with EVERYTHING
within range.

Most output filtering is a simple Low-Pass Filter which is designed to remove
harmonics. But by definition, harmonics are an octave removed from the
fundamental. This horrid device puts out a closely packed comb of spurii from
DC to daylight. A simple passive filter will not even come close to cleaning
it up.

You first start with a sound design, then add filters to clean up the last of
any unwanted emissions. Not the other way around.

And because these faults have been well documented, this equipment would most
definitely be classed as an "intentional jamming device".

~~~
darkmighty
Thanks for the reply! I'm quite interested in this.

> FWIW, your "Hundreds of Milliwatts" are routinely used by hams to
> communicate world wide.

Read again, I've written "hundreds of _micro_ watts" :)

And that's for a reasonably wideband signal! A narrowband signal with high
power has a lot more potential to interfere with a specific application. I
seriously doubt anything of that order specially with a rough bandpass
(passive) filter around the frequency of interest can cause significant
interference. Passive filters have <1 gain, so they shouldn't risk narrowband
amplification of the weak signal. The background noise should be within this
order of magnitude, no?

(I don't quite have the time to give numbers right now, but here's a source
from quick googling:
[https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7833115](https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7833115)
\-- the ambient noise should be on the other of .1 uW / GHz; at a few hundred
meters away this competes with our wideband microwatt-scale transmitter?) I'll
see if I can do some actual calculations later

------
OliverJones
Heh heh. Back in the day when VRAMs cost a fortune I hacked low-level display
software for a new frame buffer product in development.

The unshielded hardware lab prototypes emitted noise that stepped on the
signal of the hardware team's favorite FM rock station. So they tweaked the
clocks to be a little slower.

Then they forgot they did that.

Then benchmark time came around. And the new product wasn't up to spec. And
tweaking it back up made it unreliable.

Ferrite cores and shielding boxes are your friends, and your investors'
friends.

------
peterburkimsher
Interesting! Researchers have successfully listened in to VGA signals using
professional equipment [1]. Could the same be done with rtl-sdr receivers?

One application I can imagine is to build an osmo-fl2k transmitter that looks
like a USB memory stick, ask someone to plug it into the projector computer at
church, and then record the video stream with the lyrics. Most projectionists
have been helpful and willing to share their PPT files so I can study Chinese,
but some are refusing to share them because of copyright issues. The
translated songs were not officially licensed, so they're refusing to
distribute their data. It is usually possible to ask someone to plug in a USB
device (e.g. "to charge"), so if that's a possible entry vector then it would
interesting to develop the transmitter further.

[1]
[http://www.cl.cam.ac.uk/~mgk25/iss2006-tempest.pdf](http://www.cl.cam.ac.uk/~mgk25/iss2006-tempest.pdf)

~~~
cushychicken
Are you implying that you'd use this technology to steal lyrics from a church?

~~~
peterburkimsher
"steal" implies ownership. Their translations aren't officially licensed. They
refuse to share it because they don't want to be sued for making illegal
translations. But that also means I can't sing along with them, because I
can't read the Chinese characters on the screen (I need to copy-paste it to my
app to translate it to pinyin). When humans aren't cooperative, I try to find
ways to work with the machines to achieve the goal.

------
d33
Nice, but where can I actually buy those things? A quick web search doesn't
get me anywhere.

EDIT: it looks like it's just the chipset and it's not sold directly -
instead, one should look for devices based on it. I wonder if they have any
competition, or whether I can just safely assume that any USB3.0 to VGA dongle
will work.

EDIT2: Also found this:

> If they are advertised with 2048 × 1152 maximum resolution and support for
> Mac OS X, or only have a USB 2.0 interface, they contain a DisplayLink
> chipset and are not compatible with osmo-fl2k! The price range for the
> FL2000-based adapters is $5-15, whereas the DisplayLink devices typically
> cost more than $25. Also note that devices sold with USB type C connector
> contain a different chipset (e.g. Realtek RTD2166) and are just DisplayPort
> to VGA converters.

~~~
asclepi
> Nice, but where can I actually buy those things? A quick web search doesn't
> get me anywhere.

Plenty to be found on Amazon or eBay. See the coverage on the RTL-SDR.com
blog[0] for a few links.

> EDIT: it looks like it's just the chipset and it's not sold directly -
> instead, one should look for devices based on it.

Yes, that's correct. You need a USB 3.0 to VGA adapter that is based on the
Fresco Logic FL2000 chipset.

[0] [https://www.rtl-sdr.com/osmo-fl2k-a-tx-only-sdr-hacked-
from-...](https://www.rtl-sdr.com/osmo-fl2k-a-tx-only-sdr-hacked-from-
commodity-5-usb-to-vga-adapters-demos-available-for-transmitting-wbfm-gsm-
umts-gps/)

------
DoctorOetker
How about a cheap optical links? If there is a similar blank- and porchless
VGA to USB3.0 ADC.

Let's consider the figure of 140MS/s x 3 (RGB) x 5 bits per sample (instead of
8 due to noise). then it would constitute about 2.1 Gb/s...

~~~
adrianN
Here are some plans to build your own LOS optical network:
[http://ronja.twibright.com/](http://ronja.twibright.com/)

Apparently you can get 10Mbps over a distance of a kilometer or so.

------
alexforster
Not mentioned in the article: its range is apparently from UHF to 1.7GHz+

~~~
themodelplumber
Thank you. So it's not like this by itself is going to enable some miraculous
transceiver setup.

------
k0ngo
The article doesn't mention it, but I think Fabrice Bellards PoC [1], in which
he generated a valid DVB-T and PAL/SECAM carriers using a graphics card
(2005), is very elegant and highly related prior art.

[1] [https://bellard.org/dvbt/](https://bellard.org/dvbt/)

------
RpFLCL
This is a cool technique and super interesting. My little rtl-sdr dongle just
became more powerful.

At the same time, I hope this doesn't result in abuse of the spectrum followed
by tightened regulations on the cheap dongles.

Please be responsible

------
bigiain
So one of these for tx and a usb tv tuner for rx, a Raspberry Pi running
OpenBTS, and you've got yourself a sub $100 IMSI catcher...

~~~
jsjohnst
Why do you need Tx for an IMSI catcher? Also, a USB TV tuner won’t work for
the receiving side either. You’ll need to step up into an actual proper SDR
for that. Still easily sub $500, but sub $100 is a bit too far a stretch.

~~~
bigiain
A $12 RTL-SDR USB stick will 100% work for most GSM rx (won't hit the 1900+MHz
bands without a downconverter, but that's why you want tx - you'll use it to
force the phone onto the 800-900MHz bands anyway, the top half of the 915MHz
ISM band in the US if you have a HAM licence and are trying to not break _too_
many laws at once).

This DefCon talk:
[https://www.youtube.com/watch?v=fQSu9cBaojc](https://www.youtube.com/watch?v=fQSu9cBaojc)

Gives a good overview of why you need tx to capture an IMSI - without forcing
a handset into transmitting non-encrypted, you only get the TMSI (unless you
can crack the crypto - and why bother, when a base station can instruct a
handset to just not encrypt anything?)

------
angry_octet
It's neat, but practically speaking having a transmit only device isn't useful
for GSM. Having to use filtering on the output is also a major pain.

It is perhaps more interesting for use as a data exfiltration technique.
Simple devices, usually used without analysis, can punch out a signal which is
easily decoded, with a simple (and seemingly accidental) antenna.

~~~
Rjevski
Wouldn’t you be able to use an RTL-SDR for the receive part, and thus, have a
full-duplex SDR?

~~~
angry_octet
Theoretically yes, but a HackRF One is US$300 and you will save an enormous
amount of time.
[https://greatscottgadgets.com/hackrf/](https://greatscottgadgets.com/hackrf/)

~~~
Rjevski
HackRF actually can’t be used with GSM as it’s half-duplex only and GSM
requires full-duplex.

------
DoctorOetker
I have often considered trying to reverse: using high resolution VGA ADC's to
digitize for a cheap scope, but the effort involved seemed to high

~~~
rasz
reverse "VGA ADC" in what exactly?

~~~
DoctorOetker
well you can buy video ADCs from parts suppliers (digikey etc, some parts are
pretty cheap, but again, it was seldom clear if they could be used
continuously or would refuse to work without proper VSYNC etc) or source them
from older digital monitors/dvd players/VGA2HDMI etc (roughly anything that
has a VGA in)

~~~
rasz
fast ADC is not the problem per se, you can buy $10 ARM parts with 80MHz 12
bit ADC (LPC4370), pumping that data into computer fast enough is.

~~~
DoctorOetker
such a scope would not be a raw part, but include an FPGA: summarize the
triggered traces that happened since the last transfer to PC... alternatively
speaking, consider the amount of information on the screen of an oscilloscope,
thats a low color count, with relatively large areas of the screen unaffected,
so 60fps of very compressible image data..

------
quasarj
Well, that's pretty cool!

