Oona Räisänen is a RF hacker and enthusiast who has in the past brought us posts about
decoding burger pagers in restaurants,
decoding wireless bus signs and
FM-RDS withSDR’s like the RTL-SDR. This time she has written an interesting postthat shows how she can “fingerprint” radio transmitters by analysingtheir
CTCSStransmissions. CTCSS is short for “Continuous Tone-Coded SquelchSystem” and is a low frequency tone added on to some transmissions usedin handheld radio systems shared by several distinct groups. The CTCSStone prevents users of a shared system from having to listen to otherusers talking if they are not part of the same group with the same CTCSStone frequency. CTCSS provides no means for actually individuallyidentifying a radio.
Oona wanted to see if she
couldfingerprint and thus identify individual radios by their CTCSS tone bylooking at identifying features such as small variances in CTCSS tonepower and frequency. The idea is that each radio will have minutedifferences in the exact tone and power produced by the CTCSS circuitry,due to differences in the crystal oscillators and component tolerances.Oona used an RTL-SDR to record CTCSS data from a conversation on alocal handheld radio network. Then by plotting the frequency vs powerdata on a heatmap graph she was able to find 8 different clusters ofpoints, which potentially identifies 8 individual handheld radios.
Frequency vs power heatmap identifying 8 different radios.
With the individual radios identifiable by their cluster centers,each cluster can be assigned a name. Now each subsequent transmissioncan be compared to each cluster center, and assigned to the closestmatching cluster, thus matching a new unknown transmission with aknown radio. This makes it easier for someone listening in with nocontext to follow a conversation.
-----------------------------------------------------------无情的分割线---------------------------------------------------------------------------
文章大意是由于晶体或元件的公差,不同的对讲机在发射ctcss时频谱会有差异,就跟人类的指纹一样。通过软件可以分辨出来是哪个对讲机发射的(乱掐台的可要小心了)。
