This project is an RF Signal Scanner built using an ESP32, AD8317 RF detector, and various other components. It's designed to detect and measure RF signals in the environment and display the signal strength on an OLED display. It's useful to find hidden cameras, wiretapping devices, and other RF-enabled devices.
Fun fact, you can actually detect semiconductor devices even if they are powered off and hence emit no radiation unless the design took specific precautions. This works by illuminating a region with high frequency electromagnetic radiation and then listening for the effects that PN junctions have on the reflected radiation due to their nonlinearity. [1]
> Thousands of diodes were mixed by the Soviets into the building's structural concrete, making detection and removal of the true listening devices by its American occupants nearly impossible.
I wonder if it would be feasible, with modern techniques and sufficient motivation, to map where the “background” diodes ended up setting in the concrete; then to measure newer sweeps against that baseline.
That depends on what the game is. For example if they wanted the embassy to stay in their old already compromised premises they achieved that. (for about twenty years at least.) If they wanted the USA to spend a lot of money they also achieved that.
They knew about the devices in 1985, a few years after construction started in 1979 and construction didn't finish till 2000. They probably knew earlier than 1985. So it probably wasn't a big deal and would've cost the SU a lot and they were less able to afford it.
> They knew about the devices in 1985, a few years after construction started in 1979 and construction didn't finish till 2000.
That happened due to the bugs found. This is the point I'm making. If your goal was to keep them where they were already are (Mokhovaya House) then the bag full of diodes mixed into the concrete did that perfectly for like 15ish years.
> They probably knew earlier than 1985.
Doesn't change that argument.
> So it probably wasn't a big deal and would've cost the SU a lot and they were less able to afford it.
We are talking about a few bags of diodes vs rebuilding three stories of the building with imported workers. This was a very cost efficient attack.
Several days ago, a long interview with the former Czech ambassador to Moscow, Vítězslav Pivoňka, appeared in Czech newspapers. Unfortunately it is mostly paywalled. [0]
As you could expect, bugs everywhere, but some were used for intimidation. E.g. he says, on a weekend morning, we were still in bed with my wife, when a cuckoo started cuckooing out of a wall. Yeah, it was a bug, and it was meant to emit sound and make you more nervous: "we know about everything that happens in your bed".
He said that the Russians never cross the red line of actually physically manhandling diplomats, but as far as bugs and psychological pressure go, there is nothing off-limits.
It also makes me suspect that the device would not be super-useful in most environments today because our homes and offices have false positives littered all over the place. Such a countermeasure would be unnecessary now.
> our homes and offices have false positives littered all over the place
Sure, but location matters. Searching weird (for electronics to be), but line-of-sight places (like a bookcase) you might still have a good signal to noise ratio.
I had a vague recollection that rectifiers for battery chargers were once made out of stacked layers of oxidized copper disks, and then, in the article danbruc linked to, I saw this:
Note that other semi-conducting materials, such as a rusty nail or an oxidised piece of metal, also generate harmonic frequencies and may therefore cause an NLJD to generate a false positive.
I think a lived-in place has enough stuff in and near the walls to make this kind of scan less than useful. We have things hanging on the walls that'd distort it. Maybe an empty one would be OK now, but I think the ecobees all over the place would even distort it for those.
Are nonlinear junction detectors still state-of-the-art for detecting hidden devices when powered off? Does anyone know if alternatives like electronic noses (to detect chemical signatures associated with IC packaging) and magnetic anomaly detection increasingly used for this?
2023 repro of "Great Seal Bug" (1952): mechanical microphone, no power source, data exfiltrated via external directed microwave beam, https://www.youtube.com/watch?v=NLDpWrwijE8
> The AD8317 module I’m using has the logarithmic slope set to 22mV/dB. I used the output of a Viavi JD785 at different frequencies to check the slope and dynamic range of the device. Linearity and dynamic range at 1GHz and 3.5GHz is good and as expected drops off at 144MHz and 6GHz.
May I introduce you to: the Log-periodic dipole array antenna[0], allowing quite a broad response range with decent directionality in a single antenna. There's probably a practical limit to just how broadband you can make one, but just from a quick search I found one commercially-available antenna[1] that covers 120mhz-2.5ghz, for example.
The most effective way would be use a Thermal Camera, because a normal "hidden camera" you get from eBay will consume around 5 Watts - a significant heat dissipation.
For others, probably just get an off the shelf TinySA?
Another way to detect hidden cameras is optical augmentation, using reflections to locate lenses; this can detect cameras that aren't currently on / actively transmitting.
Look for "bug detector" on eBay, there are lots of RF and optical camera detectors and they are fairly cheap. They work, at least so far as detecting steady streams of WiFi data, and cellphone transmissions, I've tried a couple of them:
The optical camera detectors work based on a simple idea, red LED's are used to create a circular pattern of light and you look through a red filter at your space. A camera lens is concave and symmetric so it reflects the LED's in the same circular pattern. Blink the LED's. Look through the red filter and scan around the room. Anything that reflects a discernable circular blinking LED pattern is a lens or lens like. Basically it makes it easy to see everything that reflects light symmetrically back at you. Move around a little and anything with a lens will stand out. It only works with fairly large lenses though, a pinhole camera would not be detectable.
Their RF detectors have adjustable sensitivity and indicate amplitude of the signal. Good enough to track the transmissions back to the source, though they don't provide any frequency information. Range is somewhat limited so you have to move around a room to scan it.
TinySA works well for detecting RF sources also. I don't know what the exact update rate is but the one I have seems to update at least a few times per second. It's a little tedious to use, the RF spectrum is big and you'll find quite a few spikes from sources in it and you have to zoom in on each one to get the exact frequency and observe how it behaves (or maybe there is a way to select a peak of interest? I haven't played with it much.) You'll find FM radio stations, cellular communications, cordless phones, and lots more.
Most people are not going to be finding surveillance bugs in their homes or offices. However these things are useful for understanding what your RF environment is like or troubleshooting RF devices. Might be good for telling if your smart appliance is spying on you, for example if the detector beeps every time you change channels on your TV.
> Most people are not going to be finding surveillance bugs in their homes or offices.
Sadly, hidden cameras, microphones or other forms of espionage in the workplace are rare but not unheard-of in the recent past, e.g. Wal Mart [1] or Lidl in Germany [2]. Any shop with a tradition of union-busting I'd assume to be filled with all possible sorts of surveillance by default. On top of that come the sex pest cases like [3] - and these have exploded in the last years now that tiny bugs can be had for tiny amounts of money on Alibaba and whatnot.
That camera detector is pretty pricey; I once saw a low-tech solution that was basically a dyed card that you had to put in front of your phone camera with the light on, the light reflected by the camera lens would become very visible.
Of course, only a matter of time - if they don't already exist - before there's cheap spy cameras without a reflecting lens, like a solid state camera of sorts. I believe some years ago they were experimenting with that as an alternative to a front facing camera on phones.
What I really want is something that detects any EMF above 60Hz.
When I was a kid I used to hook a coil of wire and a diode to a piezo earphone. I then listened to the emissions of various devices in my house. My Amiga 500 was particularly interesting.
I ran across a few projects that do the same thing but add an opamp and recording so you can generate sounds for electronic music.
Can you give more detail so I can do this with my kid? I'm a not a hardware person but handy enough I think. How would I connect the diode to the coil? By coil do you just mean wound-up wire or is this an electronics component?
Anything above 0Hz radiates. EMF is short for 'electromagnetic field' which even DC produces, so I guess I could have worded it better.
In any case, I would want to detect the emissions from the CPU, memory bus and SD card traffic. Not all cameras are WiFi. Sure, that won't detect passive listening devices or other advanced techniques, but most people now are worried about video and that will have certain characteristic emissions.
In most cases it's a collection of different sounds including clicking and humming. In the case of my GPU it's a high pitched whine (inductor noise). You can create music by running specific instructions.
Somewhere in my HN comment history from a while back is a response to a person claiming that modern phone cameras can’t detect IR illumination and remotes.
I took a bunch of modern iPhones and Android phones, from colleagues in an IT dept, and demonstrated they can in fact see a bunch of different IR remotes and illuminators with the rear camera.
I could find zero cameras that could not see the IR.
I’m not sure where people got the notion they couldn’t.
The ultimate answer is "it depends". And upon what it depends is the particular IR wavelength the camera emits to "illuminate" a scene in IR for night photography.
My cell phone's back camera will show IR light from IR remote controls (I've used it for just that to verify that a remote is transmitting). But I also have an outdoor IP camera with IR illumination in my back yard. The same cell phone camera sees zero IR emitted from the outdoor IP camera (even though it quite well lights up a fairly broad area of the yard at night).
So for my phone, if a 'spy cam' were using the IR wavelength the IP camera uses, I would never know it was present by using the phone camera. If it used something closer to the wavelength used by IR remotes, yes, then the 'spy cam' would light up via the phone camera.
"I’m not sure where people got the notion they couldn’t."
I make IR devices. My phone is the only one in the warehouse that can pick up their emissions - everyone else's cameras have IR filters with what appears to be a sharp ~750nm cutoff. I'm the only one that will pick up 800-1064nm with my cheap Samsung, and so I'm the only one doing the testing on those diode assemblies.
Ok, I'll admit that I have not tested that many phones, but all the phones I had in the last ~8 years would not detect my remotes unless I used the front camera. That could very well be because all the remotes I tested operate on 940nm instead of 850nm (the two common options), and the IR filter in my devices are so that it would cut the one but not the other. Or that they just have a much lower power level. Either way, most modern phones that double as cameras will have an IR cut filter of some sort, otherwise some photos appear weird - like the red glow from a fire will appear purplish-white.
I don't but it's easy to test, just pick up a TV remote and press a button while pointing it towards the camera. It should look like a flashing white LED.
I should also mention that both IR illuminators and TV remotes are usually either 850nm or 940nm, I have not looked into that aspect of it. I imagine that it's possible that your camera can detect one but not the other...
Easy test - check your black levels against someone wearing a black fabric or a reflective black surface. If you get a fair bit of grey in the image, odds are very great that you don't have an IR filter installed.
Most of the bright IR lights you find on typical surveillance cameras actually visibly look a little red. I wouldn't think the same lights would be used if the intention is to spy in secret.
Would this also be able to detect something like a camera that saves videos to an SD card to be retrieved later? Something that doesn't use WiFi or a radio?
That's the main limit I see, but I'm wasn't sure if it such a device would still generate enough RF intrinsically w/o a radio.
That would only be practically useful in an environment devoid of all other electronics. How would one tell between the non-transmitting spy cam and normal household electronics
By having some spatial/angular resolution. You'd need a large directional antenna or multiple antennas to have something similar to a phased array radar, but passively (i.e. listening only).
I have long dreamt about building a portable phased array for this purpose, but additionally using the phase difference between receivers to visualize where the transmission source is.
> When I made the first video and photoshoped my impression of what I thought this would look like, I never imagined it would actually be this close. It's official, our telescope can map the wifi in a building as if it were any other form of light.
Yes, but it was obvious and I didn’t use equipment. It was in Jan 2020 at an Airbnb “hotel” in Nashville. There were two smoke detectors in the room. One of them was not like the other. I wrapped it in toilet paper. I left it wrapped so the owners knew that I knew, but I didn’t bother reporting it because I rarely used Airbnb and it was a last minute trip. And then the pandemic hit and that was that.
I found someone with a pen recording me. They left it on the desk, and I took it by mistake. I found it in my kit and realized it was a spy device.... yikes.
What is the sensitivity/range? I've always wanted something like this to carry in the woods to detect game/trail cameras. Not for any nefarious purpose, but to get an idea of how surveilled the woods are.
Yes but since it's the woods and not a university computer lab the only other noise source should be your personal devices so the noise from the "sleeping" camera should be pretty easily detectable even when it's simply looking for motion.
Not really, those are using PIR motion sensors to wake up, so you'd need to be able to capture the burst of activity when the camera actually wakes up and takes a picture. PIR circuit is very low power, so not much RF energy to detect while it's sleeping..
The unshielded electronics are still going to be highly RF reflective the same way that a car headlight is still reflective when not powered. Pretty much all bug sweeping works on this premise.
Finding a game cam in the woods with basic bug sweeping equipment is like finding a headlight housing on the ground in the woods at night using a flashlight.
What do you mean, exactly? Most of what you can find in the forest is 'RF reflective' because of the water contents - the trees, the grass, the ground. What's the proposed detection method that is going to discern a reflection from a small PCB from a reflection from a large tree trunk?
edit: first, the camera isn't a retroreflector so you can't just light it up from any direction and get a strong reflection. Second, the kind of equipment that would give you good directionality with a static target is some next generation beam steering radar, that stuff is so expensive you're better off walking around with a 4K camera and then processing the footage with an image detector to find possible matches with images of trail cameras.
Oh duh, yeah you are right. I had swapped RF and IR in my head for some reason when I was scanning the project page and thought this was somehow picking up signals based off noise from the sensor. Might be time for bed for me.
Game cams with cellular modems are getting to be pretty common, and you can equip them with solar panels. Basically just set em and forget em. It wouldn't surprise me if this is making them much more common...you can get them deep into the woods and don't have to go check on them hardly at all.
Sigh, it used to be at least woods offered respite from ever-present cameras. I am starting to think I should stop trying to fight the impending 'Transmetropolitan' future.
The cameras themselves are useful for catching remote area | rural thieves on mine leases, rural properties, etc. They're great for spotting and counting rare and endangered species to better direct conservation efforts.
Quite a few people dumping their trash in the woods illegally have been caught in my area with them.
They just need to outlaw private citizens putting them on public property without a permit. Big fines could be a deterrant. Maybe USFS/BLM/NPS employees need some sniffing devices. The upshot is that if it's got a cellular modem, someone's paying a bill and they can usually be found pretty easily if you have the modem.
With fire seasons going the way they are west of the Rockies, I'd be a little concerned about a bunch of lion batteries scattered through the woods. Just takes one of them to blow up in late summer (say it gets crushed by a tree) and there's a good chance it'll be a multi-billion dollar problem that kills people.
Pretty much all the C and D rate state forests, nature preserves, etc, etc, in my state were only ever having their trails maintained by the "nominally illegal but nobody actually cares" SxS and ATV riders because the dog walkers and the hunters are much less averse to going off trail and even if they weren't they aren't packing a 15lb cordless chainsaw around to clear whatever fell on the trail.
Karens with game cams have done a lot to curtail this.
Agree, if you are talking about hunters (and I feel the same about fish-finders). To them: dude, if you're going to hunt or fish, don't just cheat, learn the craft.
For my purposes, I've found a game camera extremely useful for finding what and when various critters are eating the garden and other plants in the yard, and to figure out what discouraging and diverting measures actually work. I also get a few pretty cool wildlife pics I'd never otherwise get.
So just curious; if a hunter has a limit of 1 buck and 2 doe but he really only needs 350lbs of meat, so either 1 large buck and smaller doe or all 3 if they are smaller. Should he give up using the trail camera and the knowledge of if there is a large buck out there and just kill the first 3 deer he comes across?
Another question, do you look up salary stats on Glassdoor, etc before you consider open position or asking for a raise? Would you consider it offensive if someone told you to stop cheating and just learn to negotiate better?
Or maybe, instead of relying on yet another toy of modern technology, do it the same way it was done before game cameras?
Learn the craft so that you can tell from the signs, such as tracks, droppings, markings, etc., and spend the time doing actual scouting and sightings before hunting?
Seems to me you're either enjoying the whole process of learning and doing the sport, or just enjoying the results. If the former, do it for real, if the latter, just buy some game meat from someone who does. Doing everything with excess technology and little craft seems more like cosplaying and just cheating yourself of a real experience.
>>do you look up salary stats on Glassdoor, etc before you consider open position or asking for a raise? Would you consider it offensive if someone told you to stop cheating and just learn to negotiate better?
I'd look at Glassdoor as reading the actual signs in the wild, like reading tracks, markings, broken twigs, etc., not an artificial aid — it's one of the signs in the environment. And like signs in the environment, it's not like a camera, it is often obscured, gamed, and skewed. Similarly, a crafty employee would also contact people she knows and exploit connections to scout the potential employer.
However, putting game cameras, webcams, and/or recording devices in their management offices, HR offices, and meeting rooms would be considered a bit out of bounds, you think?
Not to be pendantic, but if we are talking white-tailed deer, it depends on the population characteristics of the area you are hunting. In many places in the US the game management departments would probably prefer multiple doe if you have more than 1 tag.
Additionally if you are hunting for sustenance, as in you really need the meat, then you take the first deer you can find. Waiting for the ideal deer is a good way to not end with a deer at all, regardless of whether you have them on camera or not.
This is dependent on the antenna. With a short 915 mhz antenna it picks up stuff 50 feet away. It auto calibrates on boot so if you’re in the woods I bet it would work really well. Just make sure you turn it on without a strong nearby signal.
This doesn't do anything useful. To detect RF transmissions you need to sweep a range of frequencies stopping at each frequency for a period of time for the Rx amp to sample. The AnalogDevices detector that is uses needs to be programmed, and the arduino code doesn't do that. It doesn't have the bandwidth or performance to do any real scanning. There's a reason why spectrum analyzers cost thousands (or tens of thousands) of dollars.
Its funny watch Arduino (ease) programmers try to figure out RF (very hard).
You know, when my wife opens up a webrowser on her phone and it starts transmitting this device triggers. When I go next to a wifi camera and it picks up the RF, it triggers.
Demonstrably it does detect signals. You clearly don't understand the basics (very easy).
In Japan there was a requirement to make a noise when taking a picture on a phone. I'm not a huge fan of that since there are a lot of reasonable reasons to not want noise, but I would be a fan if any capture device was require to advertise its presence wirelessly to make it easy for any smart device to notice an active recording device nearby. That wouldn't stop sophisticated surveillance but it would act like a cheap lock and stop a lot of the abusive stuff, or at least let people more quickly notice it.
> but I would be a fan if any capture device was require to advertise its presence wirelessly to make it easy for any smart device to notice an active recording device nearby
That would be convenient for burglars or dishonest cops.
A burglar isn't deterred by a camera though. I mean for this use case they'd already be inside. Cameras don't prevent nor solve crime, at best they're for legal purposes if someone is caught, or for insurance claims.
That sentiment has selection bias built in. Anyone who commits any crime wasn't deterred by everything.
It is, however, factual that people choose to behave differently when they know they are being recorded. That might mean choosing not to commit a crime, commit it elsewhere, destroying a camera, or wearing a mask. While a functional camera can't prevent crime, it can identify those who commit them.
How does the device detect very short bursts? After looking up the data sheet of the RF detector I believe you would need additional circuitry to not risk that very short bursts slip through the sampling of the ESP A/D input.
While researching for parts, I also found this one: https://www.amazon.com/dp/B07RR86PFC/
It goes up to 10GHz, and it operates on 5V. Would that also be an option, and possibly allow to get rid of the boost converter too?
Thanks OP. The detector itself has a Pulse response time of 6 ns/10 ns (fall/rise) but of course the whole system will always be slower. 1 s is a lot though, got probably nothing to do with the sampling done by the esp.
>> It's useful to find hidden cameras, wiretapping devices, and other RF-enabled devices.
Nope. It is used to find RF-emitting devices, the sort of low-sophistication stuff you can buy online for real-time continuing surveillance. For many decades, the real spy stuff has operated in burst mode: collecting data quietly and only transmitting it at an agreed time or in response to an external signal. To detect them you need to be monitoring 24/7 with a rig capable of triangulating signals that might only last a second or two.
I've been lurking yc for a while and you inspired me to reach out to the community..
This would be pretty awesome, please advise if there's anything I (or anyone) could do to support you in getting this logic onto a flipper (project support, testing, etc).
Okay, I don't think it would be hard, most of the Flipper Modules use some sort of ESP module like an ESP8266 for the Wifi module.
I've got a flipper right here. I find it cumbersome to use, but it's a pretty popular consumer product. I'll look at what the wiring cost could be to print a board. I've never done that.
First of all, I also would be very grateful if you can make this happen. I don't have too much free time currently and also no skill in hardware, but if there is anything else I can help with, I'd be happy!
Is the ESP32 mainly to drive the LCD display and provide a numeric readout, or is it also needed to control the sensor-side so that it cycles through different settings and frequencies?
Rule of thumb in manufacturing is 5x BOM costs. This comment will be downvoted but only by people who have not been associated with a successful manufacturer.
But does that work for putting together what are essentially modular pre-assembled boards? The RF detector, display, charge controller, and ESP are already consumer parts, and they are put together not unlike how a desktop computer can be built from retail parts. Would you say that 5x retail cost for the parts is fair for a custom built PC?
The custom PC components are already finished goods by the time they get to your PC assembly person. Most of the markup is already baked in. I would in fact expect to pay $120 or so to have a PC assembled for me, so we still get to the $150 figure in either scenario. I assume you have never worked for, or originated, any such business. That $150 has to cover overhead like assembly labor, rent, credit card charges, insurance, accounting, bookkeeping, excise tax, chargebacks and refunds, advertising, website development and social media, bookkeeping, software subscriptions, fulfillment, compliance, and so on. Running any business in the western world is complicated and expensive these days.
If you’re imagining you can take $30 worth of parts, sell the finished item for $60 or $90, and sustain that enterprise, it’s time to reconsider your business acumen.
> "I have had personal experience trying (and failing) to drive down retail cost of electronics below this rule of thumb"
Didn't have to make such a statement because I paid attention to people who knew what they were doing. If someone had been this "insulting" with my attempt to beat Craigslist, OTOH, I'd have saved $1.4 million of my own money. I'm happy to be "insulted" by people with more experience.
Since you are asserting that you do care about how you impact others, I would like to point that you have acted contrary to that assertion in our conversation. In particular, your:
* use of dismissive sarcasm ("active imagination") to deflect legitimate concerns
* deliberate infantilizing tone ("budding social critic of your skill level")
* preemptive dismissal of differing viewpoints ("This comment will be downvoted but only by people who...")
* assumption of others' inexperience ("I assume you have never worked for...")
* defensive response claiming that you have the right to be insulting to others ("I'm happy to be "insulted" by people with more experience.")
If you honestly do care about how you come across in your communications and have a desire to use your interactions with others productively and not in a way which comes across as bullying, I am happy to work with you privately towards this goal. Is this something you would be interested in?
Those 128x64 displays are easy to use, but frustratingly variable. They have differing start up sequences which using the wrong one leaves a blank screen.
Usually WiFi, so it doesn't need a cable to transmit the video/audio. The video processing electronics in cameras probably also emit some RF but that would be at a variety of much lower frequencies and only detectable with something like a loop of wire and an oscilloscope over very short distances, like this:
I would think it would work really well for that usage case. You could tune the antenna to focus on the in use bands. The automatic baselining solves a lot of this.
It baselines on power on. So you'll need to get closer to raise the baseline. It also doesn't seem to alert on beaconing (or very little), my wifes phone and other devices need an active transfer to trigger it. (more than a 1/2 second)
[1] https://en.wikipedia.org/wiki/Nonlinear_junction_detector