PORT-A-PACK: The Swiss Army Knife of SIGINT, by GuerrillaLogistician

Reference -15
@Glogistician on X

If you already own a tiny SA Ultra, this is the next device you may want to purchase. In comparison, the tiny SA ultra is a 5-inch thick fixed-blade knife, whereas the portapack is a Swiss army knife. Both are perfectly acceptable for cutting things, but the porta pack has special tools for special projects. Like most Swiss army knives, you’ll use a handful of these tools and probably never use the others, but they are there just in case. Overall, there are several valuable applications here, and I will try to discuss these in a few articles. One of the significant advantages of this device is it has some offensive capabilities, which require additional items. Still, for now, I will stick to this device’s defensive capabilities. While the Tiny SA ultra is a stand-alone product for receiving from 0.1-800MHz or, with Ultra mode enabled, it can observe signals up to 12GHz. This covers much of the bandwidth we are worried about and huge areas we currently don’t have to worry about. The PortaPack gives you more details and precise information. It also can transmit where the tiny SA ultra is receive only. Not only that, this was made by a bunch of hackers, so it has some very nefarious technologies on board, and if you use any of these, you can end up in jail. Most of the time ItsNotARubicon is correct in saying the FCC will not come after you, but if you mess with some of this technology and applications, they are likely looking for you. If I discuss some of these applications, it will be on a theoretical basis only and for your knowledge base. These have been discussed on several other YouTube videos, so I’m not breaching any mystical information you can’t find yourself. If you cant wait the information is out there or you can wait for probably a part 2, 3 and maybe 4.

HACK RF vs Portapack

If you bought this online at www.Brushbeater.store generally speaking, you will end up with both modules built together and never realize there was any difference. The hack RF is a software-defined radio, and the porta pack is an addition, making it mobile instead of slaving it to a computer. So basically, you have two devices a radio and a small device that allows you to operate the hack RF as a radio hacking tool. The nice thing is you can run the hack RF with a computer and even decode many transmissions encrypted with P25 or other such digital systems. This isn’t possible with the portapack alone, though, so the HACK RF is even more versatile than what you have in hand. That will have to be another article in its own right. Just realize that you have both of these combined, and both are called the portapack by most people, but occasionally, I will reference the hack RF specifically.

INITIAL SETUP

I won’t dive deep into how to program these because there are too many videos on the Internet about this. I will tell you to download the software for Mayhem 2.0 and keep it somewhere in case you have any issues. I may later set up a written tutorial on how to load the software and fix a bricked device. I know Scout has gotten a few customers who probably bricked their devices. The nice thing about this device is you really can’t utterly destroy it without taking a hammer to it, and you rarely can destroy it with software unless you are very unlucky. Below is a link to two people with great information on installing the new software and updating your device without losing your mind. I think Tech Mines is a bit easier to understand and flows better through the setup process, but Sn0ren has some critical details Tech Minds skips for time and brevity. Also, if you feel you have bricked your device, check out Sn0ren and its DFU reset; that should get you back up and running. I’ve also put a link to GitHub to pick up the 2.0 firmware, and right below is the website where you can run your portapack. You will need to have Google Chrome and be updated to at least 2.0 for this to work. In the future, you may be able to put on special software, select apps, or remove things you don’t want on your portapack. If anybody has been following the Quansheng UV-K5 radios, you will see a similar software modification technique, and they both look very similar, so expect some cool things to come out of this.

Tech Minds
https://youtu.be/WZqCENz-YAg?si=jWuDZEimy16aUBvf&t=82

Sn0ren

Scroll down until you can download the software. You will need to download the SD card the firmware install package. You might want to keep it all as a backup.

https://github.com/portapack-mayhem/mayhem-firmware/releases/tag/v2.0.0

Once updated, you can go directly to this website and update the device, even though I suggest you grab the backup and save it off GitHub, just in case. The web application is amazing if you are messing with a few of these devices for a team or get-together. Also, it makes it very easy to run this while connected to a laptop more covertly. According to the guys who developed this site, there is a way to load it without the internet; as soon as I figure that out, I will write something up.

https://hackrf.app/

STRAIGHT to HackRF

If you need to access the radio’s hack RF feature on the main screen, Scroll down to the icon and click it. You will get a warning sign stating that you are about to switch off the port of the pack system, and only the hack RF connected to a computer through a USB cable will be active. If you were using other applications with this device, this is probably what you would have to access first. If you click yes, you should see a solid blue screen with several visual icons representing a radio. If you double-click Your knob, it will shut down the whole system, and then by clicking it on again; we’ll turn it back on back to the mayhem setting and port a pack.

Make your Antenna

1st, we need to build an antenna for the radio; while these radios come with several antennas, sometimes you should be building your own, especially if you’re working with HF, VHF, or UHF. If you’re working with gigahertz frequencies, you may have to buy specialized antennas, which I highly recommend. They’re not too expensive right now, and you’ll want them for later. Specifically those that work in cell phones, drones, and Wi-Fi frequencies. Some of these might be acquired from dead devices as well. You will want to stick with a quarter-wavelength antenna for most of your antenna-building needs. Again, this article has been written by NCScout many times and published in many locations. If you haven’t seen it already go spend some time educating yourself.

MAIN SCREEN>Utilities>Antenna length

Frequency: which Freq (This can be clicked on, and you can punch in the Freq you desire
wave: Leave this on Quarter (If you are doing other things or know more, it gives you some options)
metric: length of antenna
Imperial: length of the antenna in eagles per foot for the Americans.

This is a brief video on how and why this is important from a nerd-centric viewpoint. Overall, though, good info.
https://www.youtube.com/watch?v=MzbAEBghcPM

WIPE SD card

God forbid you think you’re going to be overrun. This is one of the little features that probably won’t stop everyone from getting information, but it will help. Under utilities, there is a wipe SD card function that will destroy any information that is saved on the SD card specifically. If you do this, you will need to be able to reinstall the info on the SD card later to get this device running well again, especially after 2.0, where some apps may be on the SD card.

MAIN SCREEN>Utilities>Wipe SD Card

TUNE your radio

Unlike most radios, you don’t listen to this device as much as you would a Baofeng. Like the Tiny SA Ultra, you generally look for information more than listening to conversations with this device. So, let’s go over tuning your PortaPack safely.

One of the significant weaknesses of the PortaPack is the built-in amplifier. This amplifier is very fragile compared to other amplifiers on most radios. Any electrical charge, including static on the antenna, could destroy the amplifier. Especially if you leave it turned on and change an antenna on this machine,so make sure you shut it off before you disconnect or reconnect any antennas. Let’s start with where to go to find out how the radio is set up. Enter the receive menu, and then I suggest AIS boats. This allows you to see some of the settings while also giving you views of the settings you want to change. You want to move from the CH88 over to the first number. This number is your amplifier and is either set as zero or one. I recommend you not have this amplifier on unless necessary, so let’s leave it at 0. Remember, it’s there in case you need to change it in the future. Now, you’re going to debug the radio saturation by clicking the DFU(it could say ISP) button on top of the radio 2x. This will bring up an image called Radio Settings, where you will see RX Satu%. You’ll want to set this to about 80%. This will fluctuate up and down, so don’t be too worried about it. What this does for the radio is pick up all the information that it can receive, but the downside is you can oversaturate this signal, and all you hear is background noise. Think of this as digitally tuning this radio; instead of turning knobs, you’re pressing a few buttons. They say to start at 16 and raise both numbers until you get proper saturation, but sometimes those numbers will be a little off my radio, like the setting 0, 32, 48. Just play around with this enough that you get a good understanding of how to manage this. If you have issues with using an app, reference this to verify you’re not having a problem with your radio being unable to hear things or being overwhelmed by raw static. Many apps have this baked in, so you can modulate this in the app as well, which helps a lot, but sometimes the software will cut the radio settings overlay and drag it along with the waterfall. This is the main reason they say to do this in AIS BOATS.

INFO

LNA: Low Noise Amplifier – Main gain adjustment -Intermediate Frequency Stage of Receiver

VGA: Variable Gain Amplifier – Located at Base band stage – Fine tune adjustment like Volume.

DFU or ISP button twice will give you a debug menu. A 3rd time closes it.

RX Satu% is Receive Saturation, and you want to go for about 80%

AMP 0 off or one on Amplifier

SETUP for Radio saturation

RECEIVE>AIS BOATS
Click the DFU or ISP button 2X (small blue button on the left on top of the device.
Move the ICON from Ch88B to your AMP and make sure it is set to 0 (1 Turns it on)
Now slowly increase the LNA and VAG numbers just to the right until you have an RX Satu% of around 80 (This will bounce up and down)
Click the DFU or ISP button to exit the debugging screen and return to regular operation.

Looking Glass

Looking glass is kind of in an odd spot. Unlike most receive features, this one is situated on the main screen and is probably one of the better All-around SIGINT systems on the radio. I wouldn’t say I like this as much as I do the tiny SA ultra, but I don’t think it is as intuitive or quick to see the spectrum. However, if you bought one of these, it is still viable, and we’ll also help you figure out what you’re looking at much more quickly than flipping through a book. The significant advantage here is the preset, which allows you to look at specific spectrums such as 2m ham bands, US pager, or even LoRa frequencies. This will also allow you to use other available apps after finding what you are looking for. Let me explain because this one is a little tricky to understand. You will be looking at a waterfall just like you would on the tiny SA Ultra. Once you select a frequency using the marker, you can hit the enter button, and it will take you directly to the audio app, where you’ll be able to listen to whatever via the built-in speaker or plug-in headset.

Min: Left-most side of the waterfall in Mhz
Max: Right-most side of the waterfall Mhz
LNA: Low Noise Amplifier setting
VGA: Variable Noise Amplifier setting
RANGE: How much of the spectrum you are seeing in Mhz
FILTER: Built-in filter with Low, Medium, High, and Off.
AMP: Same Amp as above. I recommend leaving this off.
PRESET: The band you are looking at is HAM LoRa, etc
MARKER: The location of the red arrow above your spectrum.
RES: This control acts like your LNA VGA settings and should be used to drop background noise
STEP: unknown at this time
F/S – SPCTR-V/LEVEL-V/PEAK-V: Initially, you will probably see F-SPCTR-V. This allows you to see a waterfall, where level shows you more of a graph style like the Tiny SA and its trace. PEAK is the same; it is just holding the highest seen value.

Additional settings

x0 to x9: integration multiplier field, only shown if LIVE-V is selected. From x0, the quickest integration but with noises and spikes, to x9, the slowest integration, but more clean and less spikes.
RST: clears the screen
JMP: Jump to AUDIO app on MAX HOLD detected frequency

This is probably the best spot to look for signals without connecting a computer to the Hack RF. It is at your fingertips if you wish to interact with a specific band or want to keep an eye on a certain frequency range. Most settings are pre-built into this system to keep the signals relatively balanced. Once you see something interesting, go down to the marker and shift it to where you see the signal. This will give you the frequency of whatever is transmitted. Clicking again will send you into the audio app, allowing you to listen to it. Play around with the different views and go with the one you like the most. Note that as you change the presets you will either get a slower of faster refresh rate depending on the overall spectrum the device is listening to. You can also customize the area you are looking at by changing the MIN MAX. If you want, you can develop your own presets using the hackrf.app webpage, download the current presets in a txt document, add or rework what you need, and then load it back with your custom ranges.

ADS-B

RECEIVER>ADS-B

This application is specifically designed to track aircraft above your head. Much like the tuning feature you saw above, this also has that information right at your fingertips. This sets up your receiver to track every aircraft that has a transponder. You will see LNA VGA and AMP, which have the same information as the abovementioned one. You can use the same technique above; just set up the receiver here and make sure you start picking up signals. Also, ensure your antenna is set to the proper length for best reception. ADS-B operates on 978 to 1090 MHz. Even a short antenna attached directly to the Portapack will receive ADS-B when the receive preamp is enabled. I generally don’t feel like I need the AMP, but that is what the developer says, which is getting written here because they know more than I do.

ICAO/CALL: Callsign
Lvl: Altitude in 100 feet intervals 115 = 11500 feet
Spd: Mph
Amp: how well you are receiving the signal
Hit: # of packets received (useless to you)
Age: how old the info is in seconds

Once you receive a signal, the call sign and information will be displayed. You can Scroll down and click your enter button to see more data. You’ll see crosshairs next to the call sign if the data is good. This means that it has been located with GPS coordinates, and you will be able to see it on a map. To get to the map and the details, you’ll want to Scroll down onto the aircraft in question and click on the call sign, which will bring up a screen of information. This gives you quite a bit of detail and allows you to see it on the map and look at even more details by clicking on either button. If you follow the instructions above, you will have a map preloaded that will allow you to see almost anywhere in the world where the aircraft is. If it doesn’t have good information, generally, it will put the aircraft out in the middle of the ocean near Africa until it gets enough GPS data, and then it will show the last known position. For the A/C details or aircraft details, will tell you what kind of aircraft it is, who it is registered to, sometimes the manufacturer, and who the aircraft operator is. This also includes any military aircraft not flying with their transponders off.

Click on the aircraft.

Click on either A/C details or See on Map.

 

Thanks to the guys for giving me this info. This is where the images were taken.

https://github.com/portapack-mayhem/mayhem-firmware/wiki/Automatic-dependent-surveillance%E2%80%93broadcast-(ADS-B)

AUDIO RX

The audio receive app on this is designed to interact with many other apps. Primarily, Looking Glass will be the one you’ll most likely find yourself using and then coming here to listen to what you saw. This turns your portapack into a standard receiver. This isn’t anything fancy, and to be honest with you, I only use it occasionally at best. However, you should know how to use this just in case your radio doesn’t work or something else is going on, and many of these features are also things you’ll see in some of the computer-based applications that you can connect to your hack RF.

SPEC/AM/NFM/WFM: This changes the modulation
FREQ: Your current Frequency you are set on
LNA: (same as above)
VGA: (same as above)
THREE BARS BLUE, RED, GREEN: AKA Signal Display: The three colored displays are top-to-bottom RSSI(Red/Blue) with an average marker in the line. Next is the Baseband signal, and last is the Audio level.
VOL: Volume setting

Secondary information: Various settings for each of the modulations will be in the blue bar. This wont always be present and isn’t exhaustive in detail.

STEP: how much the frequency jumps as you turn the knob
REC: Records the audio you are receiving onto the SD card saves as Date,Time, and freq
FREQ Marker in Hz: This allows you to move a little red marker in to get the exact signal spot.

We have gone over the basic listening features that will at least get you some good situational awareness. From here, I will probably be writing a few more articles, and one will at least have to be more about apps like RECON and possibly Weather. Then, I will try to dive into the offensive software available. If you like this article, let me know, and for the love of god, if you have come this far and I have something wrong, let me know so I can address it. I have had this for a few years and still feel like I don’t grasp everything it can do well. You can also reach me at @Glogistician on X.

By Published On: March 29, 2024Categories: GuerrillaLogistician, Intelligence, SIGINTComments Off on PORT-A-PACK: The Swiss Army Knife of SIGINT, by GuerrillaLogistician

Share This Story, Choose Your Platform!

About the Author: Patriotman

Patriotman currently ekes out a survivalist lifestyle in a suburban northeastern state as best as he can. He has varied experience in political science, public policy, biological sciences, and higher education. Proudly Catholic and an Eagle Scout, he has no military experience and thus offers a relatable perspective for the average suburban prepper who is preparing for troubled times on the horizon with less than ideal teams and in less than ideal locations. Brushbeater Store Page: http://bit.ly/BrushbeaterStore

GUNS N GEAR

Categories

Archives