Radio fingerprinting

Few days ago I heard about a guy that created a script for recognise spurious emissions from a list of known devices, and I wanted to do the same in a simpler way.

I do not own any downconverter for my RTL-SDR – most spurious emissions are located near to 0 MHz and my SDR device starts on 24 MHz – so I created a very simple script using wide-range frequencies scan with rtl_power, then converted to image schema with heatmap.py, and compared with imagemagick in a probabilistic way to determine which profile is the most similar to database entries. I called it Radioprint.

Radioprint discovering nearby devices

Below you will find radioprint.sh sourcecode. Remember install all dependencies [imagemagick, rtl_power] and run the script in the same folder of heatmap.py. You must create an empty directory called «database» in the same folder in order to compare profiles before running the script.

The script reads from 24MHz to 921MHz. Maybe a narrower range would make the script more efficient, but also more innacurate. Feel free to modify it.

./RADIOPRINT.SH

rm log.html 1.png 2.png probe.csv r.txt; 
echo '<html><body bgcolor="#34495e"><font face="verdana" color="white"><h1>Radioprint</h1><br>' > log.html; 
while true; 
	do rtl_power -f 24M:921M:60k -g 50 -i 10 -e 10s probe.csv; 
	python heatmap.py probe.csv 1.png; convert 1.png -gravity Center -crop 100%x+0+26 2.png; 
	echo "<b>" >> log.html; 
	cd database; rm r.txt; 
		for line in `ls | xargs | tr " " "\n"`; 
		do convert -metric AE ../2.png $line -trim -compare -format "%[distortion]" info: >> r.txt; 
		echo -n ",$line" >> r.txt; echo " " >> r.txt; 
		done; 
	cat r.txt | sort | awk "NR==1" | cut -f2 -d"," | cut -f1 -d"." >> ../log.html; 
	cd ..; echo "</b> - " >> log.html; 
	content=$(base64 -w0 < "2.png"); 
	b64=$(echo "data:image/png;base64,$content"); 
	data=$(date +%d.%m.%y.%H.%M.%S); 
	hash=$(echo $content | base64 -d | md5sum | cut -f1 -d" "); 
	echo '<a>'$data' - '$hash':</a><br><img src="'$b64'" width=100% height=25 /><br>' >> log.html; 
done;

How it works

Run the script -without arguments- and let it work in the background. Minimize the console and open log.html with your favourite web browser in order to see real-time results – pressing F5 each 30 seconds. The script adds the scan results on this page each ~20-30 seconds.

Le puede interesar también:   Especulando con Python: automatización de operaciones con Ethereum y la API de Coinbase

Connect to your SDR device a small wire as antenna, about 7-8 centimeters, and let it work in a place far away from electronic devices [>1 meter]. Refresh webpage and wait until you see an appropiate spectrum representation of «normality» in «log.html», then right-click, save image as…, go to /database folder and save it [without spaces] as «normal.png». You’ve just created your first profile for nothing found.

Now put your mobile phone touching directly the small antenna. Wait for the correct profile image in «log.html», and save it in the same way we did for «normal» profile. Now save the file in /database as «smartphone.png«. Now we have two profiles: normal and smartphone.

Radioprint will start to compare distortion between saved images and the new real-time generated images. Start checking if the script detects if your smartphone is near, for example.

Update 1/10/19. RTL-SDR.com has just released a review of my script! It is a great privilege and I appreciate it very much.




Copyright, 2019. José Carlos Rueda, abogado.

Realizamos un análisis preliminar de tu caso completamente gratis.

Si este artículo te ha servido, escribe una reseña positiva y tendrás un 10% de descuento en cualquier servicio.

4 comentarios

Añade el tuyo →

Responder a Telectroboy Cancelar la respuesta