In our first part on software-defined radio and signals intelligence, we learned how to set up a radio listening station to find and decode hidden radio signals — just like the hackers who triggered the emergency siren system in Dallas, Texas, probably did. Now that we can hear in the radio spectrum, it’s time to explore the possibilities of broadcasting in a radio-connected world. So how did the hackers in Dallas broadcast the code they found to control the sirens and why? Was it a distraction to divert attention from their real goal, a test of a foreign government probing American infrastructure, or were they just engaging in the time-honored American pastime of being annoying?
Whatever their goal, the attack was done by rebroadcasting a series of codes in the emergency band around 900 MHz to trigger a series of repeaters to scare the crap out of some Texans. Did they need thousands of dollars of sophisticated equipment to do so? Likely not. In fact, we can take over some radio systems without knowing any codes at all simply by being closer to our target. This tutorial will show you a technique to use this effect to hack civilian FM radio bands and play your own social engineering payload. Maybe you simply don’t like the music a radio station in a particular business or vehicle is playing and you’d like to play your own. Maybe you’d like to play a message to get your target to do something you want them to. Whatever the goal, all you really need to rebroadcast signals in the radio spectrum is a $35 Raspberry Pi and a piece of wire for an antenna.
The Pi as a Software-Defined Radio Transmitter for Hacking
The Raspberry Pi, with the addition of some free software, is capable of pulsing power on one of its general purpose input-output (GPIO) pins to transmit on any civilian FM radio frequency from around 87.5 MHz to 108 MHz. Without a wire, the range is only a foot or two. We’ll focus on using this ability to insert our messages into the most common type of radio signals everyone has access to. FM radios exist in almost every car and in many businesses and homes. The ability to broadcast directly to them gives us a powerful way of speaking to someone anonymously, seemingly from a trusted source.
Hobbyists have embraced the Pi FM radio hack by adding a wire as an antenna for streaming music, short-range communications, and even as an FM modem for exchanging information between devices. Applications like rpitx can even transmit slow-scan TV images via FM. This hack is fun and useful for creating a signal with an intentionally limited range, and through some testing, I’ve found the signal is just powerful enough to overpower FM stations at close range.