Category: Applications

Creating an RF Proximity Alarm (Close Call) with an RTL-SDR

“Close Call” is a feature that some radio scanners have which notifies the user when there is a radio transmitter that is in the near vicinity (such as from a police radio). It works by detecting the strength of signals from near field emissions, and it requires a strong RF signal to trigger.

Over on the ar15.com forums, user seek2 wanted something similar to the “close call” feature, but didn’t want certain transmissions like APRS signals from hams driving by to set it off. He also didn’t want to be restricted to near field emissions, rather he wanted something that acted more like a squelch that would activate for strong signals only.

To implement this seek2 used an RTL-SDR dongle, together with the rtl_power spectrum scanning software. He outputs the signal strength data generated by rtl_power to a CSV file which is then piped into a tail -f terminal command in Linux which simply outputs the latest lines of the CSV file as it updates in real time. Then he uses a simple Python script to monitor the output and to set off an alarm and report strong signals when it see’s them. His script is also used to filter out reports from strong unwanted signals like APRS.

Below is a video showing an example of Close Call working on a Uniden hardware radio scanner for reference.

Using AIS Share, OpenCPN and an RTL-SDR on a Sailboat

AIS Share is an app for Android that allows you to turn an Android device into an AIS receiver by using an RTL-SDR. AIS stands for Automatic Identification System and is used by ships to broadcast their GPS locations, to help avoid collisions and aid with rescues. An RTL-SDR with the right software can be used to receive and decode these signals, and plot ship positions on a map.

AIS Share is a dual channel decoder that outputs decoded NMEA messages via UDP, so that plotting software like OpenCPN can be used to display the ships on a map. AIS Share had been around before in another form known as rtl_ais_android which we posted before, but this version of AIS Share is a newly updated and improved version that now includes a very nice GUI. The app costs about $2 and is available on the Google Play store, but there is a demo available that will work up until 1000 messages are received. You will need an RTL-SDR and a USB OTG cable to run the app.

Recently the author of the app received word from a user called Harmen who has successfully been using his AIS Share app on his sailboat. Harmen uses the app on an Android tablet which is enclosed in a waterproof box. For an antenna he uses a coax collinear.

In the future the author writes that he’d like to update the app to support things like the ability to change more dongle settings like bandwidth/sample rate and add the possibility of using the internal phone/tablet GPS. He is also open to any community suggestions.

AIS Share Receiver on the sailboat in a waterproof case.
AIS Share Receiver on the sailboat in a waterproof case.
The back of the Android Tablet, showing the RTL-SDR and the antenna connection.
The back of the Android Tablet, showing the RTL-SDR and the antenna connection.
The AIS Share main screen GUI.
The AIS Share main screen GUI.

https://www.youtube.com/watch?v=ApGk8P82THs (Unfortunately the video has been removed)

Broadcasting Analgoue NTSC TV with a $7 ESP8266

The ESP8266 is a $7 WiFi module that can be used to give any microcontroller access to a WiFi network. It is designed for creating Internet of Things (IoT) devices and has various features such as it’s ability to host it’s own web applications. The ESP8266 also has a I2S output with DMA support. By hooking up this I2S output pin to a short wire, YouTuber CNLohr has demonstrated that he is able to use the ESP to broadcast full color NTSC TV.  This works in a similar way to how PiTX works, by using the pin to modulate a radio signal. CNLohrs code note only broadcasts color NTSC, but also provides a full web interface for controlling it.

In the first video CNLohr shows off his initial work at getting the NTSC output working and in the second video he shows color working. Later in the second video he also uses an RTL-SDR to check on the NTSC spectrum that is being output.

Bypassing Rolling Code Systems – CodeGrabbing/RollJam

A while back we posted about Samy Kamkars popular “RollJam” device, which was a $32 home made device that was able to defeat rolling code based wireless security systems such as those used on modern cars.

Wireless security researcher Andrew Macpherson became interested in RollJam and has now written up a post showing how to create a similar device using the YardStickOne and RFcat wireless tools. In his post Andrew shows how he automates the replay attack side of things using a Python script and two RFcat devices. He also fully explains how rolling codes work and how to attack them using the CodeGrabbing/RollJam technique. Andrew explains the RollJam technique as follows:

  1. Target parks their car, gets out the carAttacker launches a jammer that prevents the car from receiving the code from the remote
  2. Target presses the remote, car does NOT lock and the attacker obtains the first keypress
  3. Target presses the remote a second time and the attacker obtains the second keypress
  4. Attacker then sends the first key press to lock the car, car locks as per normal
  5. Target assumes all is well and carries on about their day
  6. Attacker then sends the second keypress to the car, unlocking it
  7. Profit.
  8. Target returns to the vehicle and remote works as per normal

In the video below Andrew uses an SDR to help demonstrate the RollJam attack.

Showing how the RollJam attack works.
Showing how the RollJam attack works.

Decoding DMR on OSX using a RTL SDR and DSD Plus

DSD+ (Digital Speech Decoder+) is a popular Windows tool that can be used together with an RTL-SDR to decode digital speech signals such as P25 and DMR. There is unfortunately no version for OSX.

However, recently on YouTube user Matthew Miller has uploaded a video showing DSD+ running with CubicSDR on OSX. To do this he used a utility called “Wine Skin” which creates a wrapper that allows Windows software to run on a MAC computer running OSX. This means that DSD+ can be run on directly OSX without the need to use a virtual machine with Windows installed on it.

Radio Astronomy with an RTL-SDR, Raspberry PI and Amazon AWS IoT

Recently amateur radio astronomer Mario Cannistrà wrote in and showed us a link to his project. Mario has been doing some interesting experiments with an RTL-SDR that involve receiving emissions originating from the Sun, the planet Jupiter, and one of its moons Io.

Jupiter and its satellites like Io sometimes interact to create “radio storms” which can be heard from earth at frequencies between 3 to 30 MHz. The radio storms can be predicted and Mario uses the Windows software Radio Jupiter Pro to do this. This helps to predict when are the best times to listen for emissions. On his Raspberry Pi Mario has also written a python script that can do the predictions too. 

To make the radio emissions measurements, Mario uses an RTL-SDR dongle and upconverter together with rtl_power to gather FFT frequency power results and waterfall plots. To measure the emissions Mario writes that he keeps the frequency scan running for at least several hours a night with a Raspberry Pi as the receiving computer. For his antenna the low Jupiter frequencies necessitate a large 7 meter dipole tuned for receiving at 20.1 MHz.

For the Internet of Things side of the project, Mario envisions that several amateur radio astronomers around the world could run a similar setup, with all sharing the data to an Amazon AWS data storage server. Mario has already written software that will do the scan and automatically upload the results to the server. To participate you just need to write to him to receive the AWS IoT authentication certificate files.

Some example Jupiter spectographs stored on the AWS server can be found at http://jupiter-spectrograms.s3-website.eu-central-1.amazonaws.com/?prefix=Jupiter/20160130/.

Mario's setup including RTL-SDR dongle, upconverter and Raspberry Pi.
Mario’s setup including RTL-SDR dongle, upconverter and Raspberry Pi.
Overall design of the receiver and IoT side.
Overall design of the receiver and IoT side.

Decoding the LoRa IoT Protocol with an RTL-SDR

The internet of things is set to become the next big thing in technology. The IoT consists of multiple networked devices such as sensors and computers connected in various ways such as via wireless communication protocols. LoRa is an abbreviation of “Long Range” and is one such wireless protocol that is being used in IoT devices. 

[LoRa] is a radio modulation format that gives longer range than straight FSK modulation. This is achieved by a combination of methods: it uses a spread spectrum technique called Chirp Spread Spectrum (CSS) and it uses forward error coding (in combination with whitening and interleaving).

Over at the RevSpace hackerspace, a hardware hacker called bertrik has been working with his RTL-SDR to try and reverse engineer the LoRa protocol. His goal is to make it so that anyone can receive and decode LoRa signals without needing to purchase specific hardware that supports the modulation. The reverse engineering work is not yet finished, but bertrik has already determined many parts of the protocol by looking at the signals in Audacity. He also writes that there is currently a ready made LoRa decoder available for sdrangelove, a Linux based SDR receiver application similar to GQRX and SDR#.

You might also be interested in this previous article we posted about the Z-Wave wireless networking protocol being hacked with a HackRF.

LoRa signals received in the frequency spectrum.
LoRa signals received in the frequency spectrum.

Collecting private flight data on the World Economic Forum Atendees with an RTL-SDR

Every year politicians and business men meet at the “World Economic Forum” in the small mountain town of Davos, Switzerland to discuss various topics and create business deals. This year Quartz, an online newspaper/magazine sent a journalist to the forum. However, the journalist wasn’t tasked with writing a conventional story about the forum topics – instead he was asked to use an RTL-SDR to monitor the private helicopter traffic coming in and out of Davos using ADS-B data. They write that their reasoning for doing this as follows:

We went to all this trouble because there is perennial fascination with the flying habits of the 2,800 Davos delegates. Use of private aircraft, though often wildly overstated, highlights the vast wealth and power that descends upon this small skiing town in the Swiss Alps each year. And their transportation choices are frequently criticized for their environmental impact at a conference that seeks solutions to reducing carbon emissions, among other topics.

Using an RTL-SDR dongle, Raspberry Pi and ADS-B collinear antenna they monitored the flights over Davos. From the data they were able to determine the flight paths that many helicopters took, the types of helicopters used and the most popular flight times. They were able to identify 16 private helicopters that were used, although they write that some may not have had their ADS-B transponders turned on.

The RTL-SDR and various other components used to track the helicopters.
The RTL-SDR and various other components used to track the helicopters.
The flight path taken by the private helicopters.
The flight path taken by the private helicopters.