It's my understanding that active superhet receivers can be detected by looking for the emissions from the local oscillator, particularly because the LO's frequency is usually set at some fixed offset from the carrier.
Is a similar technique applicable to software-defined radios, especially if the LO is set exactly at the carrier frequency? Are there SDRs that don't have an RF LO at all to be detected?
You might be able to detect a regenerative receiver. This is because this receiver topology uses positive feedback to increase the Q of the tuned circuit. If the feedback is too much it becomes an oscillator which transmits quite conspicuously.
Detecting just any huperhet receiver is a different matter. The coupling between the LO and the antenna is not deliberate as it is in a regenerative receiver.
That's not to say there aren't detectable emissions. Anything with an oscillator could be detected. That includes all digital electronics, and every switch mode power supply. In fact looking around me now the only electronic device I see which does not have an oscillator in it is a fish tank heater.
All these oscillators are detectable, if you know well enough what you're looking for and have enough resources. But detecting the emissions from a superhet receiver among all the noise of everything else with an oscillator in it is a challenge, to say the least.
If anything, SDRs are easier to detect. Some SDRs have at least one mixer which would have an LO. Some are direct sampling, meaning they ADC runs at such a high rate it doesn't need to down-convert the signal before sampling it. But all SDRs have an ADC, and an ADC requires a clock, which is another oscillator. Whatever is processing the digital data will undoubtedly have another clock and a plethora of other noisemakers.
A direct sampling SDR does not need a LO anywhere within the frequency range or tracking the signal of interest.
A processor running off of a fixed clock frequency well above twice the RF signal frequency of interest could use that clock to run an ADC and directly sample the RF signals, producing no other RF noise other than the EMI from the processor and its assorted power, IO, and memory subsystems.
It's my understanding that active superhet receivers can be detected by looking for the emissions from the local oscillator.
I have it on good authority that that information originated with the German radio government authorities years ago. They tax every home radio receiver, and that helped bring more tax money into their coffers. :-) They allegedly drove detection vehicles up and down every street to see who didn't report their radios, and then sent letters out demanding that they register theirs.
Having said that, I once raised the question whether German broadcast receivers were modified to radiate a signal. But since only one or two Germans answered, I am not going to say whether that's true. ;-)
Wim Van Eck published about ability to reproduce CRT displays from the RF emissions. There might be ways to exploit emissions from computers and SDRs https://hackaday.com/2017/06/25/tempest-in-a-software-defined-radio/
