Deadwood 2021 Swag Bag Lab
Welcome to the Swag Bag Lab page for the 2021 Wild West Hackin’ Fest (WWHF) Conference. This year, the Swag Bag Lab focuses on Software Defined Radio (SDR) and web application analysis. While accomplishing this challenge, you will be analyzing an unknown signal using the hardware found in the Swag Bag Lab kit. Using the information discovered via that analysis, you will then discover a number of clues that lead to the final solution and potentially our solution prize. A WWHF coin for the first three participants to successfully complete the challenge!!
To get you started, we have also provided an introduction lab to get you familiar with some of the tools and hardware used to solve the Swag Bag Lab challenge. This introduction lab might be helpful If you are new to software-defined radio (SDR) or have never used GQRX (an SDR application). You can find the introduction lab here: https://wildwesthackinfest.com/deadwood/intro-to-sdr/.
Note: The hardware and software provided for this conference are the same as that used for Wild West Hackin’ Fest – Way West.
Any time you transmit a radio signal, be sure you are following the laws and regulations that apply to your location. Like the air we all breathe, the radio spectrum is a shared resource, so it’s important to be careful how you use it.
The rules and penalties for violation are handled in the US by the FCC, in Canada by the ISED, and in other countries by similar agencies. The rules are generally easy to find and understand. Enforcement tends to be strict. Some Amateur Radio operators make a game of finding and reporting violators, so don’t think nobody will notice.
Specifically for this lab, do not modify the transmitter module by amplifying the transmitted signal (whether by an amplifier circuit or by attaching a frequency-matched wire antenna that may be too effective). If you can receive your transmitted signal from more than about 200 feet away, you may be in violation. See https://docs.fcc.gov/public/attachments/DOC-297510A1.pdf for the details of the FCC rule.
If you keep the transmitter and receiver within about a foot or two of each other during the lab, you won’t need an antenna at all on the transmitter.
When transmitting any data, be sure you don’t accidentally break any laws by illegally transmitting on regulated frequencies. The FM transmitter in the kit can only use the FM Broadcast band, and at low enough power, that’s safe to use. In the US, there are some frequencies that are illegal to even listen to, such as the parts of the 800MHz and 900MHz bands still used for cordless telephones. Learn the rules and you’ll be fine. One great way to learn the rules is to pass the licensing exam as an Amateur Radio Operator. The ARRL has guides and more information about how to do that at http://www.arrl.org/getting-licensed.
The intent of this lab is to offer an introduction to software-defined radio (SDR) and some of the tools available for forensic analysis of radio frequency (RF) signals. Participants can use the provided hardware for future SDR labs and events.
Objectives for this Lab
- Set up an FM Transmitter module to provide a “live” audio signal to capture using software-defined radio hardware and software
- Perform basic implementation of the GQRX (SDR software) application
- Introduce a few tools available to dissect and evaluate captured demodulated signals
FM Transmitter and Audio Player hardware assembly instructions
Locate the following items in the swag bag:
- (1) FM Transmitter (w/ LCD display) module
- (1) Audio Player (w/ microSD holder) module
- (1) MicroSD card (might already be inserted into the Audio Player)
- (2) MicroUSB power cables (Audio player and FM Transmitter)
- (1) 2-slot USB wall plug
- (1) 3.5mm stereo audio cable
- (1) Nooelec RTL-SDR receiver dongle w/antenna
You can see the parts included in Swag Bag Lab below:
Step 0: Download the MP3 file and copy it to the microSD card.
- Link: https://labs.wwhf.fun/FINAL-SBL.mp3
SHA1(FINAL-SBL.mp3) = C10DD7C66296B4208DE5CC41A4CB981CFCF8364D
Step 1: Insert the microSD card into the microSD holder of the Audio Player module.
Step 2: Attach one end of 3.5mm audio cable to the (black) line-out connector of the Audio Player module and the other end to the line-in connector of the FM Transmitter module. Be sure that both ends are tightly seated.
Step 3: Use a micro-USB cable to connect the Audio Player module to one of the open slots of the 2-slot USB wall plug.
Step 4: Use another micro-USB power cable to connect the FM Transmitter to the remaining open slot of the 2-slot USB wall plug
Step 5: Plug the 2-slot USB wall plug into an available wall outlet to power both modules. Keep the FM Transmitter module within a foot or so of the Nooelec RTL-SDR receiver dongle during the lab.
Hardware power up:
Upon powering up, the FM Transmitter will illuminate and display “HI” and then immediately display its default frequency; also, a red LED on the Audio Player module will blink indicating the audio file on the microSD is playing in a loop.
The audio file (mp3) includes two seconds of silence at the end of the file. This allows you to positively identify the beginning of the message.
Note: A quick check to determine that your hardware is working properly is to tune an FM radio to the transmit frequency displayed on the FM Transmitter module. If you hear beeping tones, then your hardware is working as expected.
If no audio is heard, recheck the steps above, ensure there is a programmed microSD installed in the Audio Player, ensure all cable connections are secure, ensure the FM Transmitter display is illuminated and displaying a frequency, ensure the radio is tuned to this frequency, and ensure the red LED is blinking on the Audio Player module.
Important: You can adjust the transmitting frequency up or down by pressing the FRE+ or FRE- buttons on the FM Transmitter module. You should locate a frequency that is not busy with local radio station broadcasts in your area, which can interfere with your transmission.
Software-Defined Radio (SDR) Setup
To create a system from which to do the swag bag lab SDR challenges, follow the instructions below. It is important to get the specified version of GQRX in particular, as both older and newer versions are very likely to create unusable files.
The lab works best with the operating system and tools listed here. After the list, you will find step-by-step instructions.
- Ubuntu 18.04.5 LTS (available from http://releases.ubuntu.com/18.04/)
- RTL2832U Osmocom drivers manually installed
- GQRX version 2.9
- GQRX 2.8 and 2.12 are known to NOT WORK for this lab.
- GQRX 2.12 is the default version on Ubuntu 20.04 (and will not work).
- Audacity version 2.2.1
- ffmpeg version 22.214.171.124
Create an Ubuntu 18.04 Desktop System
Download the Ubuntu 18.04 Desktop ISO image from http://releases.ubuntu.com/18.04/
Create a virtual machine from the ISO, or (better) install it on a spare system. The software side of SDR can be resource intensive and virtualization sometimes causes problems such as choppy recordings, which will get in the way of the exercise.
Log in to the Ubuntu system you just created, click ‘Activities’ and start typing “terminal” to open a bash terminal window.
If prompted, decline the offer to update to “a new version of Ubuntu,” but it’s OK to install the updated software: Don’t upgrade the operating system, but go ahead an install updated software.
Install Drivers for SDR Hardware
Step 1: Open a terminal and confirm you’re in your home directory. This is the preferred convention and will be assumed throughout this text.
Step 2: Update your distribution.
sudo apt update
Step 3: Install the tools needed to retrieve, compile, and build the drivers.
sudo apt install -y git cmake build-essential pkg-config libusb-1.0-0-dev
Step 4: Retrieve, build, and compile the RTL2832U Osmocom drivers from the source.
git clone git://git.osmocom.org/rtl-sdr.git
mkdir build && cd build
sudo make install
Step 5: Blacklist the driver that Ubuntu already had (which treats the dongle as a TV tuner) because that driver clashes with the new Osmocom drivers we just installed, and we want to use the dongle as a generic receiver, not a TV tuner.
5a: Open your /etc/modprobe.d folder as an administrator.
5b: Create a new file ‘blacklist-rtl.conf’ and add this one line (that’s a lower-case RTL (not RT1) in the middle there)
5c: Save the file, close the editor and restart the machine.
Install the Remaining Software
sudo apt install gqrx-sdr audacity ffmpeg
Try out GQRX
Ensure an antenna is attached to the Nooelec RTL-SDR dongle and your Ubuntu system is running.
Attach the Nooelec RTL-SDR dongle to an available USB slot on the PC. When prompted, attach it to your Ubuntu VM and not the host.
Please refer to the Intro to SDR link (https://wildwesthackinfest.com/deadwood/intro-to-sdr/) for screenshots and further information for the below instructions if needed.
gqrx -e (the -e flag prompts you to select your SDR hardware as GQRX starts up)
- Choose the RTL-SDR dongle from the dialog box and click OK.
- Click on the Receiver options tab.
- Adjust the frequency setting to match your FM transmitting frequency (89.1MHz = 891 000 000 for this example).
- Zero out any offset value in the top right of the window (red arrow below pointing to 115.000: set yours to 000.000).
- Select Mode “WFM (stereo)” (wideband, FM, stereo).
- Set AGC (automatic gain control) to Fast.
- Click the “Play” button.
Note: You will likely need to make a slight adjustment to get centered on the actual FM transmission. Simply left click in the center of the signal peak (as shown below). The red line will move to this position. The screenshot below shows that the received signal is at 89.115Mhz (whereas the transmit frequency indicated on the FM module was 89.1MHz; this minor offset is normal). Alternately, you can fine adjust the frequency offset by changing the numbers at the top of the main display (89.115.000 below)
Recording and saving the demodulated audio signal
Listen to the audio signal and watch the waterfall. When the audio signal cycle completes, there will be a two-second silence in the signal; nothing will be heard, and the waterfall will show a constant signal level. During this silence, click the REC (Record) button at the bottom right of the display one time and monitor another full cycle of the audio signal session. When the silence occurs again, click the REC button again to stop the recording.
GQRX saves this recorded sample using the following naming convention: gqrx_date_time_frequency.wav
For example: gqrx_20210328_184039_89115000.wav was recorded on March 28, 2021, at 18:04:39 local time while tuned to 89.115MHz.
At this point, we can power down the FM Transmitter / Audio Player hardware. Clicking the Play button from the “Audio” tab (see below) will replay the captured audio signal and display the GQRX-generated filename. There will be no waterfall running during the replay.
Locate the saved GQRX .wav audio file and make note of its folder location.
Check Out Audacity
Click File -> Import -> Audio and locate your saved GQRX .wav file.
After the file loads, make two selections from the drop-down menu by clicking the upside-down triangle as indicated in the image below.
The “Waveform (dB)” view makes the on and off pulses in the signal more prominent. The “Split Stereo Track” item allows you to work with the two channels independently.
Click the Solo button for the left channel.
When we click the Solo button and then click Play, we can hear what appears to be Morse code. From the screenshot above, we can clearly see the dots and dashes making up the audio we hear when soloing on each channel (left and right). The screenshot also shows us that the left and right channels appear to have two distinctively different patterns.
NOTE: If you do not see different patterns between the left and right audio, it could be that you are running the wrong version of GQRX or that the receiver was set to “WFM (mono)”, “Narrow FM”, or another non-stereo setting when the recording was made. GQRX version 2.21 will record in mono even if the transmitted signal is stereo when the signal-to-noise ratio is too low. Most FM radios do this automatically, as well.
At this point, we could use Audacity to save the left and right channels as two separate .wav files for further analysis; however, there is also a cool Linux command line tool that will do this for us quickly and efficiently. FFmpeg is a collection of libraries and tools to process multimedia content such as audio, video, subtitles, and related metadata.
Check out FFmpeg
Note: Testing of this lab was conducted using version 126.96.36.199 of FFMpeg.
You can use FFMpeg to save the left and right audio channels to separate files. The command below will do this.
ffmpeg -i gqrx_20210521_155306_89115000.wav -map_channel 0.0.0 left.wav -map_channel 0.0.1 right.wav
Based upon our analysis of the data in Audacity, we can clearly see we are dealing with on-off keying (OOK), denoting the simplest form of amplitude-shift keying (ASK). Morse code, in fact, uses continuous wave (CW), which is a simple on-off keying modulation (OOK) mode. We can therefore conclude that we have two unique Morse code messages, one message on the left channel and one message on the right channel.
A quick search online can provide us with an abundance of information pertaining to Morse code decoding. There are plenty of sites displaying Morse code charts, images, and software applications for decoding and encoding Morse code. For example, you can learn more about Morse code here: https://en.wikipedia.org/wiki/Morse_code.
With the help of any one of these sites, we could manually decode our data fairly easily. But there’s an even faster way. A quick Google search of “Online Morse code decoder” provides us with https://morsecode.world/international/translator.html, where we can input the dots (“.”) and dashes (“-“), and the tool will output the corresponding alphanumeric text.
To complete this Swag Bag Lab, you will need to decode the messages from your radio transmission using the aforementioned tools and hardware. Each channel of the decoded message will provide a different 32-character hexadecimal value. When you discover the value, append it to the following URL:
For example, if the hex value you discover was 1234ABCD , then the URL would be:
The hex value in the URL should be given in lower-case letters.
The other decoded message will provide you with an AES ECB cipher key that you will need after you navigate to your newly appended URL.
When you arrive at your newly formed URL, you will need to discover the secret message embedded within the page.
IMPORTANT: Please do not perform resource intensive attacks against the web pages (i.e., running content discovery or brute-force attacks). This is considered out of scope.
After the Wild West Hackin’ Fest Deadwood 2021 conference in September, we will post a solution file for both conferences.
Problems or questions? Check out the Appendix below or post a question in the #swag-bag-lab channel in the conference Discord server.
Problem: No red blinking LED on Audio Player module when powered up
Possible cause: MicroSD card missing, corrupt, or not fully seated
Possible cause: Defective microUSB power cable
Fix: Download file for MicroSD card at https://labs.wwhf.fun/SBL.mp3
Problem: Stereo waveform appears as mono waveform in Audacity
Possible cause: Use of a GRQX version that is NOT 2.9
Possible cause: Transmitter too far from SDR dongle (signal to noise ratio too low)
Possible cause: GQRX not tuned to the center frequency during recording
Problem: No signal visible in GQRX
Possible cause: GQRX not set to use correct SDR hardware
Possible cause: GQRX “Play” button not activated
Possible cause: Loose 3.5mm patch cable between Audio Player and FM transmitter
Possible cause: GQRX not tuned to same frequency as shown on FM transmitter
Problem: Sound from GQRX is garbled or otherwise unclear
Possible cause: Receiver not set to “WFM (Wideband FM)”
Possible cause: GQRX not tuned to center frequency of transmitter
Possible cause: Interference from other radio sources in the area