“Close Call” is a feature that some radio scanners have which notifies the user when there is a radio transmitter that is in the near vicinity (such as from a police radio). It works by detecting the strength of signals from near field emissions, and it requires a strong RF signal to trigger.
Over on the ar15.com forums, user seek2 wanted something similar to the “close call” feature, but didn’t want certain transmissions like APRS signals from hams driving by to set it off. He also didn’t want to be restricted to near field emissions, rather he wanted something that acted more like a squelch that would activate for strong signals only.
To implement this seek2 used an RTL-SDR dongle, together with the rtl_power spectrum scanning software. He outputs the signal strength data generated by rtl_power to a CSV file which is then piped into a tail -f terminal command in Linux which simply outputs the latest lines of the CSV file as it updates in real time. Then he uses a simple Python script to monitor the output and to set off an alarm and report strong signals when it see’s them. His script is also used to filter out reports from strong unwanted signals like APRS.
Below is a video showing an example of Close Call working on a Uniden hardware radio scanner for reference.
AIS Share is a dual channel decoder that outputs decoded NMEA messages via UDP, so that plotting software like OpenCPN can be used to display the ships on a map. AIS Share had been around before in another form known as rtl_ais_android which we posted before, but this version of AIS Share is a newly updated and improved version that now includes a very nice GUI. The app costs about $2 and is available on the Google Play store, but there is a demo available that will work up until 1000 messages are received. You will need an RTL-SDR and a USB OTG cable to run the app.
In the future the author writes that he’d like to update the app to support things like the ability to change more dongle settings like bandwidth/sample rate and add the possibility of using the internal phone/tablet GPS. He is also open to any community suggestions.
https://www.youtube.com/watch?v=ApGk8P82THs (Unfortunately the video has been removed)
The ESP8266 is a $7 WiFi module that can be used to give any microcontroller access to a WiFi network. It is designed for creating Internet of Things (IoT) devices and has various features such as it’s ability to host it’s own web applications. The ESP8266 also has a I2S output with DMA support. By hooking up this I2S output pin to a short wire, YouTuber CNLohr has demonstrated that he is able to use the ESP to broadcast full color NTSC TV. This works in a similar way to how PiTX works, by using the pin to modulate a radio signal. CNLohrs code note only broadcasts color NTSC, but also provides a full web interface for controlling it.
In the first video CNLohr shows off his initial work at getting the NTSC output working and in the second video he shows color working. Later in the second video he also uses an RTL-SDR to check on the NTSC spectrum that is being output.
A while back we posted about Samy Kamkars popular “RollJam” device, which was a $32 home made device that was able to defeat rolling code based wireless security systems such as those used on modern cars.
Wireless security researcher Andrew Macpherson became interested in RollJam and has now written up a post showing how to create a similar device using the YardStickOne and RFcat wireless tools. In his post Andrew shows how he automates the replay attack side of things using a Python script and two RFcat devices. He also fully explains how rolling codes work and how to attack them using the CodeGrabbing/RollJam technique. Andrew explains the RollJam technique as follows:
Target parks their car, gets out the carAttacker launches a jammer that prevents the car from receiving the code from the remote
Target presses the remote, car does NOT lock and the attacker obtains the first keypress
Target presses the remote a second time and the attacker obtains the second keypress
Attacker then sends the first key press to lock the car, car locks as per normal
Target assumes all is well and carries on about their day
Attacker then sends the second keypress to the car, unlocking it
Target returns to the vehicle and remote works as per normal
In the video below Andrew uses an SDR to help demonstrate the RollJam attack.
DSD+ (Digital Speech Decoder+) is a popular Windows tool that can be used together with an RTL-SDR to decode digital speech signals such as P25 and DMR. There is unfortunately no version for OSX.
However, recently on YouTube user Matthew Miller has uploaded a video showing DSD+ running with CubicSDR on OSX. To do this he used a utility called “Wine Skin” which creates a wrapper that allows Windows software to run on a MAC computer running OSX. This means that DSD+ can be run on directly OSX without the need to use a virtual machine with Windows installed on it.
Jupiter and its satellites like Io sometimes interact to create “radio storms” which can be heard from earth at frequencies between 3 to 30 MHz. The radio storms can be predicted and Mario uses the Windows software Radio Jupiter Pro to do this. This helps to predict when are the best times to listen for emissions. On his Raspberry Pi Mario has also written a python script that can do the predictions too.
To make the radio emissions measurements, Mario uses an RTL-SDR dongle and upconverter together with rtl_power to gather FFT frequency power results and waterfall plots. To measure the emissions Mario writes that he keeps the frequency scan running for at least several hours a night with a Raspberry Pi as the receiving computer. For his antenna the low Jupiter frequencies necessitate a large 7 meter dipole tuned for receiving at 20.1 MHz.
For the Internet of Things side of the project, Mario envisions that several amateur radio astronomers around the world could run a similar setup, with all sharing the data to an Amazon AWS data storage server. Mario has already written software that will do the scan and automatically upload the results to the server. To participate you just need to write to him to receive the AWS IoT authentication certificate files.
The internet of things is set to become the next big thing in technology. The IoT consists of multiple networked devices such as sensors and computers connected in various ways such as via wireless communication protocols. LoRa is an abbreviation of “Long Range” and is one such wireless protocol that is being used in IoT devices.
[LoRa] is a radio modulation format that gives longer range than straight FSK modulation. This is achieved by a combination of methods: it uses a spread spectrum technique called Chirp Spread Spectrum (CSS) and it uses forward error coding (in combination with whitening and interleaving).
Over at the RevSpace hackerspace, a hardware hacker called bertrik has been working with his RTL-SDR to try and reverse engineer the LoRa protocol. His goal is to make it so that anyone can receive and decode LoRa signals without needing to purchase specific hardware that supports the modulation. The reverse engineering work is not yet finished, but bertrik has already determined many parts of the protocol by looking at the signals in Audacity. He also writes that there is currently a ready made LoRa decoder available for sdrangelove, a Linux based SDR receiver application similar to GQRX and SDR#.
You might also be interested in this previous article we posted about the Z-Wave wireless networking protocol being hacked with a HackRF.
We went to all this trouble because there is perennial fascination with the flying habits of the 2,800 Davos delegates. Use of private aircraft, though often wildly overstated, highlights the vast wealth and power that descends upon this small skiing town in the Swiss Alps each year. And their transportation choices are frequently criticized for their environmental impact at a conference that seeks solutions to reducing carbon emissions, among other topics.
Using an RTL-SDR dongle, Raspberry Pi and ADS-B collinear antenna they monitored the flights over Davos. From the data they were able to determine the flight paths that many helicopters took, the types of helicopters used and the most popular flight times. They were able to identify 16 private helicopters that were used, although they write that some may not have had their ADS-B transponders turned on.