With the explosion of Internet of Things (IoT) devices, and some hardware now being banned from certain facilities due to spying concerns, it would be nice if there was an easy way to scan your office to see if there are any hidden microphone “spy” devices.
Salamandra is a tool to detect and locate spy microphone devices in closed environments. Usually the “Spy” microphones you can find online will record audio and then re-broadcast it at a certain frequency. Salamandra displays any detected microphone type devices along with its broadcasting frequency. Using a displayed signal strength, it is possible to find the general location of the device.
In this article we will use Kali Linux, an RTL-SDR (I used a NooElec Nesdr Smart with the included extendible antennae), and Salamandra.
Installing RTL-SDR software
On the Kali system, connect your RTL-SDR card. Open a Terminal window and install rtl-sdr:
- apt install rtl-sdr
- Run “rtl_test” to make sure Kali correctly sees the card.
You should see an output as below:
- Press “Ctrl-c” to stop test.
Tool authors: Sebastian Garcia, Veronic Valeros
Tool Website: https://github.com/eldraco/Salamandra
Download Salamandra with git clone:
Change to the Salamandra directory.
You will need to install “pygame” as it is required by Salamandra and is not installed by default in Kali:
- pip install pygame
Now, just run Salamandra with the recommended options:
- ./salamandra.py -t 0 -a 100 -b 200 -s -S
Salamandra will then automatically detect any RF bugs it can find. The display includes the frequency and the signal power. Power is displayed by “#” signs. The stronger the signal, the more “#” signs that will be shown:
- Press “q” to quit.
Listening to a Detected Signal
Now that you have the frequency of the bug, you can listen to and/or record it using Gqrx.
To install Gqrx:
- apt install gqrx
Now run the program:
On the “Configure I/O devices” screen, select your device. Mine was the Realtek RTL2838UHID device, as seen below:
You may want to drop your sampling rate if you have any issues.
When you click “OK”, you will then see the main Gqrx program interface. Just hit the “Play” icon in the upper left corner to turn it on, and then select your frequency by clicking on the large frequency numbers on the top of the screen:
Picking a live radio station (as shown above) is usually the best way to figure these programs out if you are not familiar with them.
Change your mode to the correct signal type. Usually it is one of the FM signals (WFM, NFM). Click in the middle of the graphical signal wave to put the red line in the middle of the highest peak. Then drag the sides to the right and left of the signal slopes, as seen above.
And that is it! If you have the correct settings you should have audio.
- Now that you know it works using a radio station, tune in to the frequencies that were detected by Salamandra
You may need to play with the setting some to get a clean signal. Most likely there may be nothing there, it may be picking up your headset microphone or something else. But it is very good at picking up analog listening devices.
To Record Signal
In Gqrx, hit “Rec” at bottom right to record.
- The file will record and save in the “Root” folder.
You can hit the Play button in Gqrx to listen to the file that you just recorded. You could also install a program like Audacity to listen to the saved file.
In this article we covered how to use an SDR-RTL device as a bug scanner. With Internet of Things type devices becoming more common place in the home and office, it isn’t a bad idea to scan to see if any of these may have a built-in microphone. For more information on the tool, see RTL-SDR’s article, which includes a link to a white paper written by the tool authors.