That's a neat party trick and all but abusing spurious emissions/harmonics to broadcast in licensed spectrum without proper filtering is just plain irresponsible. At low power, with an unmatched antenna those signals /probably/ won't make it out of your house but it's not good practice to spew harmonics all over the spectrum, especially GSM bands. I also can't believe that they are working on increasing the TX power. Purposefully emitting all over the spectrum is both iresponsible and illegal.
That's why the osmo-fl2k page has the following text:
"Before transmitting any signals with an FL2000 device, it is strongly suggested that you check the resulting spectrum with a spectrum analyzer, and apply proper filtering to suppress any but the desired transmit frequency.
Operating a transmitter with the unfiltered FL2000 DAC output attached to an antenna outside a RF shielding chamber is dangerous. Don't do it!"
A radio amature most likely can't construct a bandpass filter with a high enough Q to filter out all of the spurs while still getting a usable signal. Releasing a tool like this and handwaving away interfearence concerns with an abstract refrence to 'proper filtering' is still iresponsible.
The project page covers all of this, and takes the time to recommend various filtering strategies. It's not like this stuff is much worse than a faulty washing machine or hair dryer doing the same, or that the very same equipment under control of its official driver couldn't spew junk in exactly the same way
The device generates a comb of the original baseband, repeated all the way up to VHF.
There is no way that a simple passive filter will pick out the wanted signal, while blocking all the others.
It would take a sophisticated multi-stage active filter to even come close.
The "very same equipment under control of its official driver" won't have an amplifier and antenna connected to its output. If it did, it obviously would fail its EMC test approvals process.
> The "very same equipment under control of its official driver" won't have an amplifier and antenna connected to its output. If it did, it obviously would fail its EMC test approvals process.
Forgive me, but this seems quite a blanket statement to make of the tens-hundreds of millions of VGA cable and LCD/CRT designs and design combinations in deployment for the past 30+ years around the world, equipment combinations that never did (and never will) undergo system testing to verify there aren't, in fact, thousands+ of unintentional transmitters deployed already, by people who haven't a clue about their aberrant devices.
It's not like you can't buy dirt-cheap $5 unshielded ultra long VGA extender cables by the literal truckload off AliExpress and eBay, and that you don't find such cables strung vertically to 640x480 projectors hanging off the ceiling of just about every conference center, lecture hall, hotel business suite or similar meeting venue known to man.
Meanwhile this project is explicitly about creating a transmitter in an environment where it is understood by every user upfront the result could be noisy
If there’s a need for spectrum enforcement, then people should be out doing it. There’s definitely enough money made from government granted spectrum monopolies to pay for it!
The idea that you’re pushing here, that there should be varying degrees of a radio equipment prohibition is anti-knowledge and only serves to strengthen the spectrum monopoly businesses.
Spectrum enforcement does happen. It usually takes a while to identify because there's usually not a large noise source or illegal transmitter. Instead it's usually malfunctioning equipment that's doing stuff it shouldn't.
Usually how enforcement happens is that someone complains that this one spot never gets a signal, or their phone always cuts out. Then the big players start getting involved to determine the problem and either get the fcc involved if needed or otherwise inform the offender to get I fixed.
Don't contact the FCC directly. Contact your cellular operator. They can investigate to see if it is a problem on their end. They will also contact the FCC if necessary.
> The only time the FCC cares is if you're fucking shit up for others.
A friend who broadcast on an FM frequency that's unused locally (broadcasting family-friendly Christmas music, I might add) got shut down by the FCC, who sent out people out in the evening to have a chat with him. They care, even when you're not fucking shit up for others. I have no idea what experience you might be basing your statement on, but traditionally the local HAM guys will take offense at any little thing that comes to their attention and the FCC will be happy to follow up on it. (I know at least one local HAM who has lightened up a bit about this stuff over the years but I don't think the feds have)
When it comes to oddball noise, they'll act pretty quickly if there's someone like a busybody HAM to spell out to them exactly where the interference is coming from. Of course, plenty of times it's a HAM who is causing the interference...
That guy in Idaho running a repeater on 146.520, national simplex calling frequency for VHF. Lol. Real genius there, I'll bet it took less than a week before a complaint was filed.
Until your crummy transmitter interferes with some emergency Service. eg Police, Aircraft, etc.
Then they will be on your doorstep within hours. Complete with a search warrant and fines of thousands of dollars, along with a permanent criminal record.
Those are intentional jamming devices, I hope unintentional sideband interference wouldn't be treated remotely as harshly? The kind of power to achieve this kind of jamming would be pretty large too -- I'd judge at least 50W (depending on the jamming bandwidth I guess). A few miliwatts from an SDR transmitter isn't going to do much disruption. Not to mention there are pretty significant interference sources from defective devices mentioned elsewhere -- cheap usb power supplies, defective lightning, and more.
That said, anyone should indeed be filtering their output unless transmitting more than extremely low amounts of power (perhaps someone with radio experience could give a hand of thumb? Up to hundreds of microwatts sounds quite safe) as a matter of civility. Besides, you get to learn basic electronics by building a simple passive filter!
A few milliwatts can easily block the sensitive input of a Police Repeater on the other side of town.
FWIW, your "Hundreds of Milliwatts" are routinely used by hams to communicate world wide.
And no, a simple bandpass filter WILL NOT clean up this rubbish. Its output spectrum is the base-band signal repeated over and over, all the way up to VHF. It would take a very capable filter to pick out the single product required. This is NOT the way to design a clean transmitter.
It will not only cause interference, but it will interfere with EVERYTHING within range.
Most output filtering is a simple Low-Pass Filter which is designed to remove harmonics. But by definition, harmonics are an octave removed from the fundamental. This horrid device puts out a closely packed comb of spurii from DC to daylight. A simple passive filter will not even come close to cleaning it up.
You first start with a sound design, then add filters to clean up the last of any unwanted emissions. Not the other way around.
And because these faults have been well documented, this equipment would most definitely be classed as an "intentional jamming device".
Thanks for the reply! I'm quite interested in this.
> FWIW, your "Hundreds of Milliwatts" are routinely used by hams to communicate world wide.
Read again, I've written "hundreds of microwatts" :)
And that's for a reasonably wideband signal! A narrowband signal with high power has a lot more potential to interfere with a specific application. I seriously doubt anything of that order specially with a rough bandpass (passive) filter around the frequency of interest can cause significant interference. Passive filters have <1 gain, so they shouldn't risk narrowband amplification of the weak signal. The background noise should be within this order of magnitude, no?
(I don't quite have the time to give numbers right now, but here's a source from quick googling: https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7833115 -- the ambient noise should be on the other of .1 uW / GHz; at a few hundred meters away this competes with our wideband microwatt-scale transmitter?) I'll see if I can do some actual calculations later
GPS is quite easy to jam with very low power. Something as low as 500mW could easily disrupt a fairly wide area. The reason being that GPS signals are generally already below background noise as measured from the ground.
Indeed. When I was experimenting with GPS spoofing, an output of 20dBm (100mW) was enough to make devices think they were in the middle of the ocean in a 200m radius (line of sight). With a quickly improvised yagi antenna I was able to push it to 500m, even after losing 3dB from switching from circular to linear polarization(!). IIRC, GPS satellites have 25W transmitters, that's insanely powerful, but they're 20000Km away, so it's rather easy to overpower their signal from close due to the inverse-square law.
Even with the first tests with 10mW in my room, iPhones at my house picked up GPS signal to know the time and timezone, which caused my flatmates to miss appointments and many websites stopped working due to certificates being expired by "2030".
> IIRC, GPS satellites have 25W transmitters, that's insanely powerful, but they're 20000Km away
Both numbers are correct, but 25W isn’t “insanely powerful”. The spec for GPS satellites lists the antenna gain at 13dBi. 25W fed through a 13 dBi antenna is just shy of 500W EIRP. Sitting near me is a 2W 2.4ghz amp and a 24 dBi parabolic antenna. That combo is just over 500W EIRP. The reason you stated (distance) is the big factor, over 12,500mi, the free space path loss is huge (182dB assuming flat gains). 500W is just shy of 27 dBW, so 27-182 is -155, which is a very very very weak signal.
The old AM border blasters were legitimately "insanely powerful". John R. Brinkley's XERA was transmitting at 1 megawatt EIRP back in the 1930s. It covered almost the whole of the US and parts of Canada, even on a crystal set.
Today, the Solt transmitter in Hungary operates at 2 megawatts.
Yeah, my wording wasn't the best. It's insanely powerful, (the transmitter leaving the antenna aside) in this sense:
Low earth orbit satellites are much closer to the Earth, so transmitters need less power to cover the range with high quality signal. For example, NOAA satellites are able to send images of the earth at 5W that you can reliably receive with a dipole and a $5 amplifier.
Geostationary satellites are significantly higher, ~35000 Km, but stationary (duh), so they benefit from high gain, very directional antennas both on the satellite and the ground. They send high data and symbol rate signals for HD video of hundreds of channels, and each transponder sits at 15 to 150W (depending on many factors: band, area to cover, etc). They tend to have multiple transponders, though.
GPS satellites sit in the middle, pretty high up, so there's a ton of free space loss, in a non geostationary orbit, so high gain antennas are useless, plus receivers are supposed to be portable, hence there's no room for helix/axial antennas or arrays on the ground. So for this reason they have to ramp up the power to geostationary, TV broadcast levels, only to push a very, very slow data rate (50 bits/s).
This is a recent investigation that I found particularly intriguing. It involves a device used to monitor electric utilities that ended up interfering VZW's signal in Silicon Valley.
Heh heh. Back in the day when VRAMs cost a fortune I hacked low-level display software for a new frame buffer product in development.
The unshielded hardware lab prototypes emitted noise that stepped on the signal of the hardware team's favorite FM rock station. So they tweaked the clocks to be a little slower.
Then they forgot they did that.
Then benchmark time came around. And the new product wasn't up to spec. And tweaking it back up made it unreliable.
Ferrite cores and shielding boxes are your friends, and your investors' friends.
Interesting! Researchers have successfully listened in to VGA signals using professional equipment [1]. Could the same be done with rtl-sdr receivers?
One application I can imagine is to build an osmo-fl2k transmitter that looks like a USB memory stick, ask someone to plug it into the projector computer at church, and then record the video stream with the lyrics. Most projectionists have been helpful and willing to share their PPT files so I can study Chinese, but some are refusing to share them because of copyright issues. The translated songs were not officially licensed, so they're refusing to distribute their data. It is usually possible to ask someone to plug in a USB device (e.g. "to charge"), so if that's a possible entry vector then it would interesting to develop the transmitter further.
"steal" implies ownership. Their translations aren't officially licensed. They refuse to share it because they don't want to be sued for making illegal translations. But that also means I can't sing along with them, because I can't read the Chinese characters on the screen (I need to copy-paste it to my app to translate it to pinyin). When humans aren't cooperative, I try to find ways to work with the machines to achieve the goal.
Nice, but where can I actually buy those things? A quick web search doesn't get me anywhere.
EDIT: it looks like it's just the chipset and it's not sold directly - instead, one should look for devices based on it. I wonder if they have any competition, or whether I can just safely assume that any USB3.0 to VGA dongle will work.
EDIT2: Also found this:
> If they are advertised with 2048 × 1152 maximum resolution and support for Mac OS X, or only have a USB 2.0 interface, they contain a DisplayLink chipset and are not compatible with osmo-fl2k! The price range for the FL2000-based adapters is $5-15, whereas the DisplayLink devices typically cost more than $25. Also note that devices sold with USB type C connector contain a different chipset (e.g. Realtek RTD2166) and are just DisplayPort to VGA converters.
The article doesn't mention it, but I think Fabrice Bellards PoC [1], in which he generated a valid DVB-T and PAL/SECAM carriers using a graphics card (2005), is very elegant and highly related prior art.
Why do you need Tx for an IMSI catcher? Also, a USB TV tuner won’t work for the receiving side either. You’ll need to step up into an actual proper SDR for that. Still easily sub $500, but sub $100 is a bit too far a stretch.
A $12 RTL-SDR USB stick will 100% work for most GSM rx (won't hit the 1900+MHz bands without a downconverter, but that's why you want tx - you'll use it to force the phone onto the 800-900MHz bands anyway, the top half of the 915MHz ISM band in the US if you have a HAM licence and are trying to not break _too_ many laws at once).
Gives a good overview of why you need tx to capture an IMSI - without forcing a handset into transmitting non-encrypted, you only get the TMSI (unless you can crack the crypto - and why bother, when a base station can instruct a handset to just not encrypt anything?)
It's neat, but practically speaking having a transmit only device isn't useful for GSM. Having to use filtering on the output is also a major pain.
It is perhaps more interesting for use as a data exfiltration technique. Simple devices, usually used without analysis, can punch out a signal which is easily decoded, with a simple (and seemingly accidental) antenna.
well you can buy video ADCs from parts suppliers (digikey etc, some parts are pretty cheap, but again, it was seldom clear if they could be used continuously or would refuse to work without proper VSYNC etc) or source them from older digital monitors/dvd players/VGA2HDMI etc (roughly anything that has a VGA in)
such a scope would not be a raw part, but include an FPGA: summarize the triggered traces that happened since the last transfer to PC... alternatively speaking, consider the amount of information on the screen of an oscilloscope, thats a low color count, with relatively large areas of the screen unaffected, so 60fps of very compressible image data..