This blog post isn’t directly information security related per se, but is technical in nature, so it should appeal to the geek in most of us. When Dave posted pictures of the gear being used to stream the Track talks within the Hyatt at DerbyCon this year, there was a fair amount of interest in the specs. What follows will cover not only the hardware used, but also why it was selected. If you’re the TL;DR type, just skip straight to the System Design below and don’t bore yourself with the details.
What follows is related to interior distribution systems. Line-powered outside plant systems utilize a different design methodology.
Cable TV (CATV) and/or off-air (MATV) distribution are highly frequency dependent. The longer the distances involved, the more signal loss in the line, and more amplification that is required. This isn’t free however. Distribution amplifiers can only be cascaded four times before the signal is not sufficient to drive the input stage. With that in mind, there are only two ways to solve this problem: increase of the cable diameter or reduction in the highest signal (or a combination of the two).
For cable, diameters can range from RG-6 coax (smallest) to 7/8in hardline (largest). All factors are directly proportional to the cable size. As the diameter increases, so does the cost per foot, minimum bend radius, connectors, tooling, taps/splitters, and effort to install. So, this is often a balance within the installation environment.
Reduction in frequency is obviously the limitation of total channels Since not all channels in a cable or satellite line-up are generally in demand, a maximum number of channels is selected. Since it is desired to keep the frequency as low as possible, modulators are used to shift the desired channels down into a lower frequency range. The modulators are then all combined to form a new channel line-up. An over-simplified example:
Most system designs also accommodate a reverse path (local origination) to the head-end distribution system. This allows any TV jack to be used as an input to the system. The reverse path is transmitted below the lowest channel (2) and requires a sub-band modulator at the TV end with a corresponding demodulator at the head-end. The signal is then fed back into the system just as any other channel.
We can’t argue that in 2017 anyone can stream to networks and the Internet with devices as simple as our mobile phone. In contrast, professional video streaming is an expensive proposition, when done correctly. Video codecs are predominantly from companies such as VBrick, AMX, Matrox, AJA, and Haivision. Cost can also range from $1k – $2k per channel.
Hyatt Regency Louisville
The hotel was built in 1978, so things like the CATV system are only semi-modern at best. While the distribution equipment has been updated, the cable plant is still reflective of the late 70s. It would be impractical to attempt to update the backbone portions of the system.
That being said, the system has a few shortcomings. The previously mentioned local origination does not exist. Additionally, the modulators, while semi-new, only accept composite video and mono audio as a source. This limits the available options, as a quality scan converter (VGA/HDMI -> composite video) is at least $750+ per channel. Yes, cheaper ones exist, but frankly they suck.
When renting a facility, Internet service can be provided, but the network is off limits. This means there is no way to reliably get signals from the first and second floors to the head-end equipment in the basement (which is 1.5 stories underground). There is however Internet access in the basement.
Obviously, we needed to try and keep the cost as low as possible, while trying to design something within the confines of the venue limitations. Adrian’s recording equipment is already setup to stream to YouTube, so the source is basically free. That simplest plan was to use a computer to connect to YouTube and then output to the Hyatt distribution system. For reception of the stream, the device that initially came to mind was a Raspberry Pi 1, which has native composite video. It was quickly determined that it did not have the resources to handle the video. The Raspberry Pi 3B however, has plenty of processing power and RAM, but the composite video jack is gone (or so it would seem).
What isn’t readily obvious at first glance is that the composite video has been combined with the audio signal on the 3.5mm jack. The caveat is that the pinout does not align with any cable you will find on Amazon. But who cares about connector color, right?
After an initial configuration and testing, the Pi handled continuously playing videos from YouTube for hours on end. The next step was to build something as compact as possible, while supporting for five channels plus one spare, and providing redundancy. Since the Pi is specified to need a 5V 2A power supply, each power supply would need to be rated for at least 8A, so that it would not be loaded more than 80%. The bill of materials is as follows:
(1) Anker Premium 1ft Micro USB Cables (6pk)
(1) Cable Matters Cat6 Snagless Ethernet Patch Cable, 1ft (5pk)
(5) Dynex DX-AV071 3.5mm (M) to 3 RCA (M) Audio/Video Cable, 6ft
(1) NETGEAR GS108 8-Port Gigabit Ethernet Network Switch
(3) Anker 40W/8A 5-Port USB Charger
(6) Raspberry Pi 3 Model B Motherboard
(5) SanDisk Ultra 32GB microSDHC
(1) GeauxRobot Raspberry Pi 3 Model B 7-layer Dog Bone Stack Clear Case
(2) Aluminum Heatsink for Raspberry Pi 3 (4pk)
(1) M3 x 60mm Aluminum Standoff (10pk)
The only additional item not on the list, that I had laying around, was a 4-inch fan for cooling. The quantities also include redundancy in the way of one spare each: Raspberry Pi, power supply, and micro USB cable.
The Pis are running stock Raspbian with ‘xscreensaver’ installed in order to disable the screensaver and display blanking. All were configured identically for flexibility. The desktop wallpaper was set with the DerbyCon 7 logo and Track name, so that if the browser crashed, attendees would be able to accurately report which channel was offline. Fortunately, the Hyatt has five channels available for alternate sources. While it would be nice to have a KVM switch for the keyboard/monitor/mouse, it would cost as much as the entire build.
Keep in mind that there is only one video driver on the Raspberry Pi, so only one output type can be used at a time. Providing the 3.5mm jack is connected at boot, the composite video signal is active. Otherwise, the HDMI output takes precedence.
Originally, it was intended to be in use for DerbyCon 6 in 2016. What wasn’t apparent at the time was that YouTube videos are encoded with the H.264 codec. However, live streams are HTML5. At that time, the Ice Weasel web browser did not support HTML5. A last-minute switch to Ubuntu Mate solved this issue, however there were driver issues with the audio interface that were unable to be resolved once the conference started.
Fast forward to DerbyCon 7 this year and Raspbian, once updated, supported HTML5 and had no audio driver issues. By all appearances, the room streaming went relatively smoothly. There were several trips to the basement for resets, but mostly due to the browser not resuming when the stream was stopped and restarted. Hopefully attendees enjoyed the option of chilling in their hotel room and still being able to watch the desired Track.
There you have it. The technical details and a little history of the in-hotel Track streaming. Is it perfect? Definitely not. But for roughly $550 at time of build, it gets the job done.
Author: Jason Ashton
Jason’s passion for security originated with physical security systems, where his duties included their engineering, deployment, and programming. While working at TrustedSec, Jason has provided additional perspective on these systems for their circumvention and ultimately better methods for secure installation. These interests carried over into Locksport, where he enjoys the challenge of lockpicking and physical lock bypass. In his spare time, he enjoys tinkering with all forms of technology and automation, to include a home lab environment.