GNU Radio Conference 2015: Presentations

The GNU Radio conference (GRCon15) is a yearly conference discussing all matters related to GNU Radio, an open source graphical block based DSP programming application that is compatible with most SDR’s, including the RTL-SDR. The conference started on August 24 and is due to close this Friday August 28, however many of the presentation slides are now available for viewing on their website.

This year there are many interesting talks, including a speech by Balint about radio direction finding, RF sniffing and digital FPV on drones. There are also several tutorial presentations that show how to install GNU Radio, how DSP sampling works, an intro to analog RF concepts and how to build a software radio from scratch.

gnuradio

Showing how the R820T stops receiving at 1.4 GHz+ with increasing temperature

Over on YouTube RTL-SDR experimenter Adam 9A4QV has uploaded a video showing how the R820T dongle can fail to receive properly at frequencies above about 1.4 GHz as the temperature in the dongle rises. This is a known problem that may cause issues when trying to receive satellite signals like Inmarsat at 1.541450 GHz. In our own tests, the R820T2 chip appears to be much less prone to this behaviour when compared with the R820T, but still fails if the ambient temperature gets too hot, for example if left in direct sunlight. We’ve had several R820T2 RTL-SDR’s running at 1.5 GHz+ for over 48 hours when left in the shade, but not one R820T ran for more than a few minutes at those frequencies. Of course the E4000 tuner is the best RTL-SDR tuner for these GHz level frequencies, but that tuner is now rare and expensive.

Over on Reddit, some people have been discussing this issue, and have proposed that the likely cause is related to the PLL failing to lock properly at higher temperatures. A fix may be to apply a blob of solder to the vias underneath the R820T chip, and then attach a heatsink. The problem also does not occur on the Airspy, a higher performance SDR that also uses the R820T2 chip in its design. This may be due to better drivers for the Airspy, or better heat dissipation in the Airspy’s hardware design.

Seeing through walls with WiFi signals and USRP software defined radios

Researchers at the University College of London have found a way to use WiFi signals to see through walls, using a USRP software defined radio and software written in LabView. The researchers have shown that they are able to utilize local WiFi signals to detect and monitor moving objects such as people behind a wall in a similar fashion to how radar systems work. The advantage over traditional radar is that their system is completely passive, requiring no transmitter, other than the already ubiquitous WiFi signal.

In a demonstration the researchers showed how they were able to not only detect the presence of a person behind a wall, but also detect small hand gestures that were made.

Detecting body gestures from WiFi signals in LabView.
Detecting body gestures from WiFi signals in LabView.

It appears the researchers are patenting their work and are looking to market their technology towards military and security surveillance operators as well as towards other applications such as traffic monitoring and the monitoring of children and the elderly.

We aren’t sure what type of radio accuracy is required for a system such as this, but it may be possible that SDR’s that cost less than the USRP may also work, assuming the software technology can ever be replicated/licensed.

wifi_hostage
A proposed application of the technology: Allowing police to see through walls in a hostage situation.

Painting on the RF Spectrum with a HackRF

Last week several people from the Chaos Communication Camp conference and others on the #hackrf IRC channel were playing around with the idea of painting pictures on the RF spectrum with the HackRF – a low cost transmit capable software defined radio. This idea works simply by modulating a signal so that it produces a desired image pattern on a frequency domain waterfall display.

To make this easier to do, GitHub user polygon has authored a Python program called Spectrum Painter which easily converts an image into an IQ file which can be transmitted with a HackRF. In addition as described in the Reddit thread linked above, a Windows program called Coagula can also be used to convert images into .wav files, which can then be transmitted on any capable radio. The RF painted images can then be received on another SDR radio like the RTL-SDR.

As always remember to only transmit at a frequency you are licensed on, or at low power in a RF controlled environment.

Below is an example image and video showing images being painted on the RF waterfall.

Spectrum painter transmitted output image
Spectrum painter transmitted output image

Reverse Engineering Bus Telemetry Data with an RTL-SDR

Bastian recently wrote into us at RTL-SDR.com to let us know that he’s been working on reverse engineering the bus telemetry system used in his hometown of Paderborn, Germany. Bus telemetry is often used to update live signs at bus stops that indicate based on GPS data how long a bus user needs to wait for the next bus.

Bus sign: Wireless bus telemetry updates this sign.
Bus sign: Wireless bus telemetry updates this sign.

A similar reverse engineering of bus telemetry was performed before by Oona Raissan in Helsinki, Finland. Oona found that in Helsinki bus telemetry was transmitted as a DARC subcarrier embedded in regular broadcast FM radio. In many countries bus telemetry runs through GSM or TETRA communications as well, which are encrypted and would be very difficult to decode.

However in Paderborn, Germany Bastian discovered that the bus telemetry system used a different protocol which he discovered by noticing that some very strong signals appeared on his spectrum at 150.9 MHz whenever a bus drove by his flat.

After making a recording of this signal in GQRX, bastian analysed it in Audacity and discovered that the binary data bits were encoded by the presence or absence of a half sine wave. After discovering the encoding he was then able to determine the bit rate and build a decoder in GNU Radio. His post goes into further detail about concepts he used in his GNU Radio program such as frame detection, bit stuffing and error detection.

Finally, with all his decoder program written he was able to gather lots of data from each packet such as the bus ID, line, bus stop, distance from last bus stop, delay, position and even the orientation of the bus. Bastian has also uploaded a video showing everything in action, which we have embedded below.

Bus position heatmap from data obtained via the RTL-SDR
Bus position heatmap from data obtained via the RTL-SDR

A new AIS Decoder for the RTL-SDR on Android

A reader of our blog, EBC81, has written in to let us know about a new RTL-SDR based AIS decoder that he has written for the Android OS. AIS stands for Automatic Identification System and is used by ships to broadcast their GPS locations, to help avoid collisions and aid with rescues. An RTL-SDR with the right software can be used to receive and decode these signals, and plot ship positions on a map.

EBC81’s program is called rtl_ais_android and can be downloaded from this GitHub link. It decodes the AIS data into NMEA messages, which can then be sent via UDP to mapping programs in Android or a program like OpenCPN on your PC. To use the app you will need a USB OTG cable to connect your Android device to the RTL-SDR.

In the future EBC81 hopes to create a second app which will display the ship positions on a map.

RTL-SDR Tutorial: Decoding Inmarsat STD-C EGC Messages

Inmarsat is a communications service provider with several geostationary satellites in orbit. They provide services such as satellite phone communications, broadband internet, and short text and data messaging services. Geostationary means that the satellites are in a fixed position in the sky and do not move. From almost any point on earth at least one Inmarsat satellite should be receivable. 

Inmarsat transmits in the L-band at around 1.5 GHz. With an RTL-SDR dongle, a cheap $10 modified GPS antenna or 1-2 LNA’s and a patch, dish or helix antenna you can listen to these Inmarsat signals, and in particular decode one channel known as STD-C NCS. This channel is mainly used by vessels at sea and contains Enhanced Group Call (EGC) messages which contain information such as search and rescue (SAR) and coast guard messages as well as news, weather and incident reports. More information about L band reception is available at UHF-Satcoms page. See the end of this post for a tutorial on modifying a GPS antenna for Inmarsat reception.

Also as a small aside, you might want to use this tutorial to practice your L-band reception since Outnernet are planning to begin their L-band broadcasts later this year, which may be possibly be broadcast from Inmarsat or equivalent satellites. These broadcasts will be at a nearby frequency and will contain about 10 megabytes of daily data. The RTL-SDR should also be able to receive these broadcasts if a compatible decoder is written.

Some examples of the EGC messages you can receive on the STD-C NCS channel are shown below:

Military Operations: Live Firing Warning
STRATOS CSAT 4-AUG-2015 03:21:25 436322
SECURITE
FM: RCC NEW ZEALAND 040300 UTC AUG 15

COASTAL NAVIGATION WARNING 151/15

AREA COLVILLE, PLENTY
CUVIER ISLAND (REPUNGA ISLAND), BAY OF PLENTY
1. LIVE FIRING 060300 UTC TO 060500 UTC AUG 15 IN DANGER AREA NZM204. 
ANNUAL NEW ZEALAND NOTICES TO MARINERS NUMBER 5 REFERS.
2. CANCEL THIS MESSAGE 060600 UTC AUG 15
NNNN
Armed Robbery / Pirate Warning
NAVAREA XI WARNING
NAVAREA XI 0571/15
SINGAPORE STRAIT.
ARMED ROBBERY INFORMATION. 301845Z JUL.
01-04.5N 103-41.8E.
FIVE ROBBERS ARMED WITH LONG KNIVES IN A SMALL UNLIT HIGH SPEED BOAT APPROACHED A BULK CARRIER UNDERWAY.  ONE OF THE ROBBERS ATTEMPTED TO BOARD THE SHIP USING A HOOK ATTACHED TO A ROPE. ALERT CREW NOTICED THE ROBBER AND RAISED THE ALARM AND CREW RUSHED TO THE LOCATION. HEARING THE ALARM AND SEEING THE CREW ALERTNESS, THE ROBBERS ABORTED  THE ATTEMPTED ATTACK AND MOVED AWAY. INCIDENT REPORTED TO VTIS SINGAPORE. ON ARRIVAL AT SINGAPORE WATERS, THE COAST GUARD BOARDED THE SHIP FOR INVESTIGATION.

VESSELS REQUESTED TO BE CAUTION ADVISED.
Armed Robbery / Pirate Warning
NAVAREA XI WARNING
NAVAREA XI 0553/15
SINGAPORE STRAIT.
ROBBERY INFORMATION. 261810Z JUL. 
01-03.6N 103-36.7E. 
DUTY ENGINEER ONBOARD AN UNDERWAY PRODUCT TANKER DISCOVERED THREE ROBBERS IN THE ENGINE ROOM NEAR THE INCINERATOR SPACE. THE ROBBER THEIR BOAT. A SEARCH WAS CARRIED OUT. NO ROBBERS FOUND ON BOARD AND NOTHING REPORTED STOLEN. VTIS SINGAPORE INFORMED. COAST GUARD BOARDED THE TANKER FOR INVESTIGATION UPON ARRIVAL AT SINGAPORE PILOT EASTERN BOARDING AREA.VESSELS REQUESTED TO BE CAUTION ADVISED.
CANCEL 0552/15.
Submarine Cable Repair Warning
NAVAREA XI WARNING
NAVAREA XI 0569/15
NORTH PACIFIC. 
SUBMARINE CABLE REPAIRING WORKS BY 
C/V ILE DE SEIN. 05 TO 20 AUG. 
IN VICINITY OF LINE BETWEEN 
A. 21-37.3N 156-11.5W AND 25-03.6N 148-43.2E.
CANCEL THIS MSG 21 AUG.
Search and Rescue – Missing Vessel
ON PASSAGE FROM LAE (06-44S 147- 00E) TO FINSCHHAFEN (06-36S 147-51E), MOROBE PROVINCE. VESSEL DEPARTED LAE AT 310500Z JUL 15 FOR FINSCHAFFEN WITH ETA OF 310800Z JUL 15 BUT FAILED TO ARRIVE. 
ALL VESSELS REQUESTED TO KEEP A SHARP LOOKOUT AND BE PREPARED TO RENDER ASSISTANCE. REPORTS TO THIS STATION OR MRCC PORT MORESBY VIAEMAIL: ******@****.***.**, TELEPHONE +*** *** ****; RCC AUSTRALIA VIA TELEPHONE +*********** INMARSAT THROUGH LES BURUM (POR ***,IOR***), SPECIAL ACCESS CODE (SAC) **, HF DSC *******
NL BURUM LES 204 4-AUG-2015 03:23:14 773980
AMSA_ER 23150928
PAN PAN
FM JRCC AUSTRALIA 030858Z AUG 15 INCIDENT 2015/5086
AUS4602 CORAL AND SOLOMON SEAS
23FT WHITE BANANA BOAT WITH BROWN STRIPES, AND A 40HP OUTBOARD AND 5 ADULT MALES IS OVERDUE ON PASSAGE FROM LAE (06-44S 147- 00E) TO FINSCHHAFEN (06-36S 147-51E), MOROBE PROVINCE. VESSEL DEPARTED LAE AT 310500Z JUL 15 FOR FINSCHAFFEN WITH ETA OF 310800Z JUL 15 BUT FAILED TO ARRIVE. 
ALL VESSELS REQUESTED TO KEEP A SHARP LOOKOUT AND BE PREPARED TO RENDER ASSISTANCE. REPORTS TO THIS STATION OR MRCC PORT MORESBY VIA EMAIL: *******@****.***.**, TELEPHONE +*** *** ****; RCC AUSTRALIA VIA TELEPHONE +************ INMARSAT THROUGH LES BURUM (POR ***,IOR ***), SPECIAL ACCESS CODE (SAC) **, HF DSC *********, EMAIL: ******@****.***.** OR BY FAX +************.
NNNN
Scientific Research Vessel Drilling – Request for wide clearance
NL BURUM LES 204 4-AUG-2015 02:29:41 709950
AMSA_ER 23153978
SECURITE
FM JRCC AUSTRALIA 040224Z AUG 15 
AUSCOAST WARNING 202/15
SPECIAL PURPOSE VESSEL JOIDES RESOLUTION CONDUCTING DRILLING OPERATIONS IN POSITION 28 39.80` S 113 34.60` E
2.5NM CLEARANCE REQUESTED.
NNNN
Weather Warning
PAN PAN
TROPICAL CYCLONE WARNING / ISSUED FOR THE NORTH OF EQUATOR OF METAREA
XI(POR).
WARNING 050900.
WARNING VALID 060900.
TYPHOON WARNING.
TYPHOON 1513 SOUDELOR (1513) 930 HPA
AT 19.9N 133.2E WEST OF PARECE VERA MOVING WEST 12 KNOTS.
POSITION GOOD.
MAX WINDS 95 KNOTS NEAR CENTER.
RADIUS OF OVER 50 KNOT WINDS 80 MILES.
RADIUS OF OVER 30 KNOT WINDS 240 MILES NORTH SEMICIRCLE AND 210 MILES
ELSEWHERE.
FORECAST POSITION FOR 052100UTC AT 20.1N 130.6E WITH 50 MILES RADIUS
OF 70 PERCENT PROBABILITY CIRCLE.
935 HPA, MAX WINDS 90 KNOTS NEAR CENTER.
FORECAST POSITION FOR 060900UTC AT 20.8N 128.1E WITH 75 MILES RADIUS
OF 70 PERCENT PROBABILITY CIRCLE.
935 HPA, MAX WINDS 90 KNOTS NEAR CENTER.

JAPAN METEOROLOGICAL AGENCY.=

Continue reading

A Tutorial on Decoding NOAA and Meteor M2 Weather Satellite Images in Ubuntu

Recently an RTL-SDR.com reader by the name of Pete wrote in to let us know about a comprehensive tutorial that he has written about setting up NOAA and Meteor M2 weather satellite decoding in Ubuntu Linux with an RTL-SDR.

Pete’s tutorial starts from a fresh install of Ubuntu and uses GQRX, GNU Radio Companion, WxtoIMG and the MeteorM2 decoding tools. He shows how to set up the audio piping within Linux, how to run the MeteorM2 LRPT Offline decoder Windows tool in Wine, a Linux Windows emulator and how to use WxtoIMG together with GQRX.

The NOAA and Meteor M2 weather satellites transmit images that they have taken of the earth. With an RTL-SDR and appropriate antenna you can receive these images. On this blog we have Windows tutorials on receiving NOAA and Meteor M2 satellites.

The Windows LRPTOfflineDecoder tool running in Linux with Wine.
The Windows LRPTOfflineDecoder tool running in Linux with Wine.