Broadcasting Analgoue NTSC TV with a $7 ESP8266

The ESP8266 is a $7 WiFi module that can be used to give any microcontroller access to a WiFi network. It is designed for creating Internet of Things (IoT) devices and has various features such as it’s ability to host it’s own web applications. The ESP8266 also has a I2C output with DMA support. By hooking up this I2C output pin to a short wire, YouTuber CNLohr has demonstrated that he is able to use the ESP to broadcast full color NTSC TV.  This works in a similar way to how PiTX works, but using the pin to modulate a radio signal. CNLohrs code note only broadcasts color NTSC, but also provides a full web interface for controlling it.

In the first video CNLohr shows off his initial work at getting the NTSC output working and in the second video he shows color working. Later in the second video he also uses an RTL-SDR to check on the NTSC spectrum that is being output.

Testing a frequency synthesizer with an RTL-SDR

Harris Butler is designing his own software defined radio out of a Cypress PSOC5 (processor and ADC), an RF mixer, LNA and a frequency synthesizer (for use as a local oscillator) all purchased from eBay. Recently he wrote in to let us know that he had been testing the Frequency Synthesizer that he purchased and wanted to share his results.

When testing the frequency synthesizer Harris found that it could be fairly well calibrated to sit on a desired local oscillator frequency. Originally he had been testing the generator with it directly connected to the RTL-SDR, however later he added some attenuation to prevent the RTL-SDR from overloading. Despite this even with the attenuation he found that the frequency generator seemed to be fairly noisy and poor in terms of the strength of the harmonics produced. He notes that to use in a real application it will probably require good filtering.

In the video shown below Harris demonstrates the frequency generator output and harmonics using the RTL-SDR.


How to use DSD+ with WineSkin on OSX

Last week we posted about how Matthew Miller deomnstrated that he was able to get the Windows digital speech decoder (DSD+) software running under OSX with WineSkin. DSD+ allows you to decode digital voice signals such as P25 and Motorola DMR. A few users asked how to actually use WineSkin to create a wrapper, so now Matthew has uploaded a new tutorial video showing how to use WineSkin to get DSD+ running on OSX.

In the video he shows how to download and install WineSkin, and how to create a wrapper that allows DSD+ to run on OSX. The process is relatively simple and only involves using GUI based tools.

New L-Band Filters from Adam Available

Adam (9A4QV) is well known in the RTL-SDR community for producing the LNA4ALL low noise amplifier as well as various RF filters that work well with the RTL-SDR. Adam is now selling some L-Band filters designed for improving reception with Inmarsat, Thuraya, Iridium, GPS satellites. It can be used for example when trying to received STD-C EGC or AERO data from Inmarsat satellites.

Adam writes that the filter will be most useful for those living in urban areas that are close to radio and TV towers. The filter is built on his standard filter PCB which also has the ability to add a simple bias tee circuit for powering externally positioned LNA’s such as his LNA4ALL which are necessary for good reception at L-band with an RTL-SDR.

He is currently selling it fully assembled for 20 euros, plus 5 euros for worldwide shipping.

Adam's L-Band Filter Characteristics.
Adam’s L-Band Filter Characteristics.

KiwiSDR: 30 MHz Bandwidth SDR for VLF/LF/MF/HF

The KiwiSDR is an up and coming VLF/LF/MF/HF capable SDR that has a large 30 MHz of instantaneous bandwidth and coverage from 10 kHz to 30 MHz. It is designed to be low cost and used as an online internet based SDR in a similar way to how WebSDR is used, however KiwiSDR is designed to be used with the OpenWebRX software from András Retzler, HA7ILM. It uses a LTC 14-bit 65 MHz ADC and Xilinx Artix-7 A35 FPGA, and also has an integrated SDR based GPS receiver which is used to automatically compensate for any frequency drift from the main 66.6 MHz oscillator. The features of the KiwiSDR include:

  • 100% Open Source / Open Hardware.
  • Includes VLF-HF active antenna and associated power injector PCBs.
  • Browser-based interface allowing multiple simultaneous user web connections (currently 4).
  • Each connection tunes an independent receiver channel over the entire spectrum.
  • Waterfall tunes independently of audio and includes zooming and panning.
  • Multi-channel, parallel DDC design using bit-width optimized CIC filters.
  • Good performance at VLF/LF since I personally spend time monitoring those frequencies.
  • Automatic frequency calibration via received GPS timing.
  • Easy hardware and software setup. Browser-based configuration interface.

The KiwiSDR is currently in beta testing and has released two OpenWebRX beta test sites which can be used at:

The KiwiSDR
The KiwiSDR
KiwiSDR running on OpenWebRX.
KiwiSDR running on OpenWebRX.

Bypassing Rolling Code Systems – CodeGrabbing/RollJam

A while back we posted about Samy Kamkars popular “RollJam” device, which was a $32 home made device that was able to defeat rolling code based wireless security systems such as those used on modern cars.

Wireless security researcher Andrew Macpherson became interested in RollJam and has now written up a post showing how to create a similar device using the YardStickOne and RFcat wireless tools. In his post Andrew shows how he automates the replay attack side of things using a Python script and two RFcat devices. He also fully explains how rolling codes work and how to attack them using the CodeGrabbing/RollJam technique. Andrew explains the RollJam technique as follows:

  1. Target parks their car, gets out the carAttacker launches a jammer that prevents the car from receiving the code from the remote
  2. Target presses the remote, car does NOT lock and the attacker obtains the first keypress
  3. Target presses the remote a second time and the attacker obtains the second keypress
  4. Attacker then sends the first key press to lock the car, car locks as per normal
  5. Target assumes all is well and carries on about their day
  6. Attacker then sends the second keypress to the car, unlocking it
  7. Profit.
  8. Target returns to the vehicle and remote works as per normal

In the video below Andrew uses an SDR to help demonstrate the RollJam attack.

Showing how the RollJam attack works.
Showing how the RollJam attack works.

Decoding DMR on OSX using a RTL SDR and DSD Plus

DSD+ (Digital Speech Decoder+) is a popular Windows tool that can be used together with an RTL-SDR to decode digital speech signals such as P25 and DMR. There is unfortunately no version for OSX.

However, recently on YouTube user Matthew Miller has uploaded a video showing DSD+ running with CubicSDR on OSX. To do this he used a utility called “Wine Skin” which creates a wrapper that allows Windows software to run on a MAC computer running OSX. This means that DSD+ can be run on directly OSX without the need to use a virtual machine with Windows installed on it.

Radio Astronomy with an RTL-SDR, Raspberry PI and Amazon AWS IoT

Recently amateur radio astronomer Mario Cannistrà wrote in and showed us a link to his project. Mario has been doing some interesting experiments with an RTL-SDR that involve receiving emissions originating from the Sun, the planet Jupiter, and one of its moons Io.

Jupiter and its satellites like Io sometimes interact to create “radio storms” which can be heard from earth at frequencies between 3 to 30 MHz. The radio storms can be predicted and Mario uses the Windows software Radio Jupiter Pro to do this. This helps to predict when are the best times to listen for emissions. On his Raspberry Pi Mario has also written a python script that can do the predictions too. 

To make the radio emissions measurements, Mario uses an RTL-SDR dongle and upconverter together with rtl_power to gather FFT frequency power results and waterfall plots. To measure the emissions Mario writes that he keeps the frequency scan running for at least several hours a night with a Raspberry Pi as the receiving computer. For his antenna the low Jupiter frequencies necessitate a large 7 meter dipole tuned for receiving at 20.1 MHz.

For the Internet of Things side of the project, Mario envisions that several amateur radio astronomers around the world could run a similar setup, with all sharing the data to an Amazon AWS data storage server. Mario has already written software that will do the scan and automatically upload the results to the server. To participate you just need to write to him to receive the AWS IoT authentication certificate files.

Some example Jupiter spectographs stored on the AWS server can be found at

Mario's setup including RTL-SDR dongle, upconverter and Raspberry Pi.
Mario’s setup including RTL-SDR dongle, upconverter and Raspberry Pi.
Overall design of the receiver and IoT side.
Overall design of the receiver and IoT side.