Category: RTL-SDR

Building an RTL-SDR “Moto Mod”

One nice feature of modern Motorola smartphones is that some models can accept ‘mods’, which are essentially phone cases that snap onto the back of the phone and interface via some exposed data pins. Some examples include a snap on speaker, projector, battery pack and zoom lens. Currently Moto Mods and Indiegogo are running a promotional campaign that gives developers a chance to pitch new Moto Mod ideas to Motorola, and if successful be partnered with Motorola and receive funding to complete and sell the hardware.

Vaclav Bouse is one developer who has been working on an RTL-SDR based Moto Mod. The idea is to integrate RTL-SDR hardware into the Moto Mod phone case form factor and possibly even add transceiver capabilities via an AX5043 transceiver chip. The hardware is still in the very early concept and design phases, and Vaclav is seeking donations on Indiegogo to help fund the development of a prototype (note that donating will not get you the final product). As it will be an RTL-SDR, it should be compatible with all Android RTL-SDR software, such as SDR Touch.

The hardware is also related to his other Moto Mod campaign idea which is a universal remote control.

The Moto Mod RTL-SDR Concept
The Moto Mod RTL-SDR Concept

An RTL-SDR Based Wireless Backscatter Soil Moisture Sensor Network

Recently researcher Spyros Daskalakis wrote in to us and wanted to share his Masters thesis research which is titled ‘Environmental Scatter Radio Sensors with RF Energy Harvesting‘. The research involved creating a low cost, low power (200 microwatt) and yet long range (up to 250m) sensor network for monitoring soil moisture on farms. An RTL-SDR dongle is utilized to receive data from the sensors and MATLAB is used to decode the data.

One interesting innovation is that the sensors transmit data via a backscatter technique which is similar to how RFID tags are read. A carrier emitter is placed in the center of a cluster of sensors and the sensors receive RF bursts from it. The sensor antenna acts as a carrier reflector, and information is modulated onto the reflected signal by changing the antenna-load reflection coefficients according to the sensor reading. This method allows the sensors to only require extremely small amounts of power from a button battery or solar panel in order to transmit at distances of up to 250m. Spyros also proposes using wireless RF energy harvesting techniques which could harvest the electricity needed to power the circuit directly from the carrier emitters or powerful local FM stations.

Spyros’ thesis is available here, and a research paper here.

Backscatter Sensors and RTL-SDR. Received backscatter spectrum.
Backscatter Sensors and RTL-SDR (left). Received backscatter spectrum (right).
https://www.youtube.com/watch?v=_kkxNAqPGqY

Searching for giga-Jansky fast radio bursts from the Milky Way with a global array of low-cost radio receivers (RTL-SDRs)

A few days ago a University research paper titled “Searching for giga-Jansky fast radio bursts from the Milky Way with a global array of low-cost radio receivers” was uploaded to the Cornell University Library. In this paper authors Dan Maoz of Tel-Aviv University and Abraham Loeb of Harvard suggest that citizen science enabled mobile phones and RTL-SDR dongles placed around the world could be used to detect fast radio bursts (FRBs) originating from within our own galaxy. The abstract reads:

If fast radio bursts (FRBs) originate from galaxies at cosmological distances, then their all-sky rate implies that the Milky Way may host an FRB on average once every 30-1500 years. If FRBs repeat for decades or centuies, a local FRB could be active now. A typical Galactic FRB would produce a millisecond radio pulse with ~1 GHz flux density of ~3E10 Jy, comparable to the radio flux levels and frequencies of cellular communication devices (cell phones, Wi-Fi, GPS). We propose to search for Galactic FRBs using a global array of low-cost radio receivers. One possibility is to use the ~1GHz communication channel in cellular phones through a Citizens-Science downloadable application. Participating phones would continuously listen for and record candidate FRBs and would periodically upload information to a central data processing website, which correlates the incoming data from all participants, to identify the signature of a real, globe-encompassing, FRB from an astronomical distance. Triangulation of the GPS-based pulse arrival times reported from different locations will provide the FRB sky position, potentially to arc-second accuracy. Pulse arrival times from phones operating at diverse frequencies, or from an on-device de-dispersion search, will yield the dispersion measure (DM) which will indicate the FRB source distance within the Galaxy. A variant of this approach would be to use the built-in ~100 MHz FM-radio receivers present in cell phones for an FRB search at lower frequencies. Alternatively, numerous “software-defined radio” (SDR) devices, costing ~$10 US each, could be plugged into USB ports of personal computers around the world (particularly in radio quiet regions) to establish the global network of receivers.

‘Fast radio bursts’ or FRBs are very brief pulses of extremely strong radio waves which have the transmit power of 500 million suns, though by the time they reach the earth they can only be picked up by radio telescopes. Radio astronomers have so far been mystified by the cause of these FRBs, and research has been hampered by the fact that the source of FRBs is notoriously difficult to pinpoint because they are unpredictable, and their energy appears to originate from all over the sky and not from a single point. Many scientists think that most FRBs must originate from outside of our galaxy, and in 2016 one was finally pinpointed as coming from a dwarf galaxy 2.5 billion light years away from earth. But the authors of the paper speculate from the rate of how often FRBs are seen, that our Milky Way galaxy could host its own local FRB event once every 30 – 1500 years.

If an FRB occurs within our own galaxy then they speculate that the received power could be strong enough to be detected by consumer level mobile phones or RTL-SDR radios, meaning that no large radio telescope dish is required for detection. By continuously monitoring for FRBs on mobile phones and/or RTL-SDRs spread around the world, a local FRB source could one day be pinpointed thanks to the high resolving power of multiple detectors spread apart.

[Also discussed at cfa.harvard.edu/news/2017-07]
The Very Large Array in Mexico was used to pinpoint an FRB in 2016.
The Very Large Array in Mexico was used to pinpoint an FRB in 2016.
Illustration of an FRB. Certain frequencies arrive faster than others.
Illustration of an FRB. Certain frequencies arrive faster than others.

Soft66IP: Network Connected RTL-SDR with rtl_tcp

Previously from JA7TDO who is a RTL-SDR builder in Japan we’d seen the Soft66RTL and Soft66Q which are both modified RTL-SDR units that are capable of receiving HF as well. To receive HF the Soft66RTL used an upconverter circuit and the newer Soft66Q uses an implementation of the direct sampling mod. Both units come with a preselection filter for the HF bands.

Now JA7TDO has managed to come out with a new modified RTL-SDR which he calls the Soft66IP. The Soft66IP appears to have the same specifications at the Soft66Q except without the additional preselection filter. Instead, its defining feature is that it is built together which what we assume is a Linux enabled wireless router, or some other networked single board PC. This allows you to easily get set up with rtl_tcp for streaming the radio over your network, or the internet. It seems that the unit comes preloaded with the rtl_tcp software installed, making it almost plug and play. JA7TDO advertises the features as:

  • RTL-SDR based
  • 3kHz to 1.7GHz (15MHz to 24MHz is over sampling)
  • 10/100Mbps Ethernet
  • DHCP
  • Wifi(option)
  • cheap price

Streaming the radio over a network might be advantageous as it allows you to place the unit near the antenna, avoiding long coax or USB cable runs. But rtl_tcp is quite bandwidth heavy, so it can have trouble streaming at higher sample rates. However, whatever single board PC is used on the Soft66IP may also be capable of running other more efficient streaming software such as OpenWebRX, or more specialized applications such as networked ADS-B decoders as well.

JA7TDO is selling the Soft66IP for a pre-order price of $80 USD which includes worldwide shipping. Shipping starts on March 1. After the pre-order phase the price may rise to $96 USD.

The Soft66IP, networked RTL-SDR.
The Soft66IP, networked RTL-SDR.

Reverse Engineering Signals with the Universal Radio Hacker Software

Thanks to RTL-SDR.com reader M Kizan who notified us about a Python based digital signal reverse engineering software program called ‘Universal Radio Hacker’ which is developed by Johannes Pohl. The software supports hardware interfaces for SDRs such as the RTL-SDR and HackRF and can be run on Windows, MacOS and Linux.

The Universal Radio Hacker is a software for investigating unknown wireless protocols. Features include

  • hardware interfaces for common Software Defined Radios
  • easy demodulation of signals
  • assigning participants to keep overview of your data
  • customizable decodings to crack even sophisticated
  • encodings like CC1101 data whitening
  • assign labels to reveal the logic of the protocol
  • fuzzing component to find security leaks
  • modulation support to inject the data back into the system

Inspectrum and Waveconverter are two similar programs for analyzing digital signals, however Universal Radio Hacker seems to be the most advanced.

Johannes has also uploaded four tutorial videos to YouTube which show the software in action. In the videos he uses Universal Radio Hacker to reverse engineer a wirelessly controlled power socket, and then in the last video he uses the software to transmit the reverse engineered signals via a HackRF.

https://www.youtube.com/watch?v=kuubkTDAxwA&list=PLlKjreY6G-1EKKBs9sucMdk8PwzcFuIPB

Listening to February 2017 HAARP Experiments with an HF Capable SDR

This year at the end of February HAARP (High Frequency Active Auroral Research Program) scientists are planning to run several experiments that involve transmission. HAARP is a high power ionospheric research radio transmitter in Alaska, which typically transmits in the 2.7 – 10 MHz frequency region. The transmissions are powerful enough to create artificial auroras in the sky. Due to a lack of funding HAARP research was shut down in May 2013, and then later given to the University of Alaska Fairbanks (UAF) in 2015.

UAF plans to activate HAARP again at the end of Feburary, so it seems that it would be interesting to receive the waveforms with an HF capable SDR such as the RTL-SDR v3, or with an upconverter like the SpyVerter. Under some conditions the signal could propagate all over the world. It seems that the researchers are also interested in reception reports from listeners and they plan to post updates closer to the dates of transmission. The full press release reads:

The University of Alaska Fairbanks Geophysical Institute is planning its first research campaign at the High Frequency Active Auroral Research Program facility in Gakona.

The High Frequency Active Auroral Research Program facility near Gakona includes a 40-acre grid of towers to conduct research on the ionosphere. The facility was built and operated by the U.S. Air Force until August 2015, when ownership was transferred to UAF’s Geophysical Institute.

At the end of February, scientists will use the HAARP research instrument to conduct multiple experiments, including a study of atmospheric effects on satellite-to-ground communications, optical measurements of artificial airglow and over-the-horizon radar experiments.

Members of the public can follow one of the experiments in real time. Chris Fallen, assistant research professor in space physics, will be conducting National Science Foundation-funded research to create an “artificial aurora” that can be photographed with a sensitive camera. Observers throughout Alaska will have an opportunity to photograph the phenomenon, which is sometimes created over HAARP during certain types of transmissions.

Under the right conditions, people can also listen to HAARP radio transmissions from virtually anywhere in the world using an inexpensive shortwave radio. Exact frequencies of the transmission will not be known until shortly before the experiment begins, so follow @UAFGI on Twitter for an announcement.

For more details on the dates and times of Fallen’s experiments, as well as information on how to observe, visit https://sites.google.com/alaska.edu/gakonahaarpoon/. Information is also available at the HAARP website, the UAF http://gi.alaska.edu/haarp-0 and the official UAF HAARP Facebook page, https://www.facebook.com/UAFHAARP/.

Operation of the HAARP research facility, including the world’s most capable high-power, high-frequency transmitter for study of the ionosphere, was transferred from the U.S. Air Force to UAF in August 2015.

On their Google sites page they write how to participate:

Anybody who wants to participate and follow HAARP experiments should follow the official and unofficial announcements linked at the top of this page. There are two main ways to participate in the campaign: by listening to the radio transmissions from HAARP itself or by photographing artificial auroras created by HAARP. Amateur (Ham) radio operators can also use temporary ionosphere irregularities created by HAARP to open new propagation modes for their own transmissions.

A shortwave radio and knowledge of the time and frequency of the HAARP transmissions provides opportunities to “listen in” since the radio wave energy often (but not always) propagates very large distances, sometimes worldwide! Shortwave radios capable of receiving frequencies in the same range that HAARP can transmit, between approximately 2.7 and 10 MHz (2700 and 10,000 kHz) allow anyone to hear HAARP transmissions provided long-distance radio propagation conditions are sufficient and the radio is tuned to one of the frequencies where HAARP is transmitting. Ham radio operators also have an opportunity to reflect (or “bounce”) their own transmissions, typically in the HF, VHF or UHF bands, off ionosphere irregularities created above HAARP during high-power experiments. This creates propagation modes that would normally only be possible during certain space weather events such as aurora.

The video below shows one of the last scheduled HAARP transmissions from when it was still under the control of the US Air Force.

https://www.youtube.com/watch?v=49xDfGPYvVY
[First seen on swling.com]

 

Building a DIY Carbon Fibre Yagi Antenna with 3D Printed Parts for 20€

Over on his blog author Manuel a.k.a ‘Tysonpower’ has written about a DIY Carbon Fibre Yagi antenna that he’s built for only 20€. The antenna is very lightweight thanks to a 12mm diameter carbon fibre pipe which is used as the main boom. It also uses 3D printed parts that clamp onto the carbon fibre pipe and hold the metal elements in place. The advantage of the carbon fibre pipe over a PVC one is not only is it lightweight and much easier to hold, but it also stronger, and much less bendy and floppy. The metal elements are welding rods which he found on eBay, and the carbon fibre pipe was sourced cheaply from China with Aliexpress. 

A Yagi is a directional antenna with high gain towards the direction it is pointing. You’ll need to hand point the Yagi in the general direction of the satellite as it passes over, but you can expect much higher SNR readings compared to something like a QFH or Turnstile.

Manuel designed his antenna for 2M satellites (NOAA, Meteor M2, ISS etc), and was able to achieve over 36 dB SNR with an RTL-SDR.com V3 receiver, FM Trap and LNA4ALL on NOAA 18 at a 34° max. pass. He writes that the design is easily modifiable for other frequencies too.

To show off the design, construction and performance of his antenna he’s uploaded two videos to YouTube which we show below. The speech is in German, but even for non-German speakers the video is easily followed

http://www.youtube.com/watch?v=bNsvUdHIliI
http://www.youtube.com/watch?v=UGdVRhsNFJU

First Steps Towards Decoding HD Radio

Programmer Phil Burr wrote in and wanted to share his newest code which is a partial implementation (no audio) of the iBiquity IBOC HD Radio standard. HD Radio is a proprietary broadcast radio protocol and is used only in North America. You may have noticed it before as the rectangular sidebands on the spectrum which surround standard analogue broadcast FM signals.

The audio codec specifications are not public and is thus not implemented here, so this code has very little use outside of being a good learning tool. But Phil does write that if anyone if able to figure out how to decode the codec, then this code may be a good starting point.

Phil writes:

I wrote this because I wanted to learn about digital broadcasts. Despite the fact that the audio codec used is iBiquity’s proprietary HDC codec, I decided that writing a receiver that could decode the air interface would be a great learning experience.

iBiquity’s HDC codec is supposedly based upon some of the same technologies as HE-AAC codec so it may be possible for some audio codec gurus, given access to the raw HDC audio packets, to write a decoder for the codec.

The receiver is somewhat limited. It only decodes FM MP1 profile transmissions (which happens to includes every IBOC FM transmitter in my area). It is also somewhat limited in the Layer2 packet demultiplexing. It likely needs a strong signal in order to decode signals reasonably well. However it is just enough to get access to the main program stream.

HD Radio Sidebands Visible on the Spectrum
HD Radio Sidebands Visible on the Spectrum