Tagged: drone

Tech Minds: Video on DJI Drone Detection on the AntSDR E200

Just recently we posted about the release of some firmware for the AntSDR E200 which allows it to decode DJI DroneID. DroneID is a protocol designed to transmit the position of the drone and operator to authorized entities such as law enforcements and operators of critical infrastructure.

In his latest video Matt from the Tech Minds YouTube channel shows this firmware in action. In the video he first shows how to install the firmware, and how to connect to its serial output. He goes on to test it with his DJI Mini 4 Pro and show some live DroneID frames being decoded.

DJI Drone Hacking Using Software Defined Radio ANTSDR E200

DJI DroneID Detection Running on the AntSDR E200 CPU

DJI is a major manufacturer of consumer drones and their drones implement an RF protocol called DroneID which is designed to transmit the position of the drone and operator to authorized entities such as law enforcements and operators of critical infrastructure. 

Recently the AntSDR team have managed to get DJI DroneID decoding working on the AntSDR's onboard ARM processor. The decoding software runs on board the AntSDR E200 and outputs decoded data via the serial or network port. The AntSDR E200 is an SDR that is based on the AD9361 chip and has a 70 MHz to 6 GHz tuning range, 56 MHz of bandwidth and 12-bit ADC. It has 2x2 full duplex TX/RX channels and has an onboard FPGA with ARM CPU core.

They make use of existing code on GitHub from  https://github.com/proto17/dji_droneid and https://github.com/RUB-SysSec/DroneSecurity, both of which implement reverse engineered decoders for DroneID.

The update from AntSDR shows how to install the firmware onto the device and get it up an running. They note that drones that use Occusync 2 or 3 like the Mini2 or Mini3Pro work best, because other models may be encrypted or have a slightly different protocol which doesn't work with these decoders.

Aaron, creator of DragonOS has also uploaded a video showing the decoder in action.

DragonOS FocalX Decoding DJI DroneID w/ AntSDR E200 (MicroPhase)

KerberosSDR Tracking a Drone Carrying an FM Beacon

KerberosSDR is our 4-channel phase coherent capable RTL-SDR unit that we previously successfully crowdfunded back in 2018.  With a 4-channel phase coherent RTL-SDR interesting applications like radio direction findingpassive radar and beam forming become possible. It can also be used as 4 separate RTL-SDRs for multichannel monitoring. KerberosSDR is currently in stock and available on the Othernet store.

Recently Zuokun Li et al from the University of East China Normal University published an open access conference paper that documents their results at using a KerberosSDR to track a drone. As typical drone control frequencies at 2.4 GHz are outside the range of the RTL-SDRs used on the KerberosSDR, they carried a 446 MHz FM beacon on the drone.

In their experiment they set up both circular and linear antenna arrays for the KerberosSDR, then flew the drone in front of the antenna array while recording the bearings calculated by the KerberosSDR system. The results showed that the KerberosSDR was able to successfully track the drone's bearing with either antenna array, however the linear array produced more accurate results as expected.

We note that a linear array cannot differentiate if an object is in front or behind the array. However, if this knowledge is known it can be used instead of a circular array to get more accurate bearings that are less affected by multipath.

If you're interested in this, you might also like our articles on using a KerberosSDR to track a weather balloon, to locate a P25 transmitter, or our Android app in car demos

The KerberosSDR + Drone Setup
Results from the drones at three locations.

Dronesense: A LimeSDR Based Drone Detector and Jammer

Over on the LimeSDR CrowdSupply blog, Ogün Levent has submitted a short article about his "Dronesense" project. Dronsense is a spectrum-scanning and jamming system based on the LimeSDR. The LimeSDR is a US$299 12-bit TX/RX capable SDR that can tune between 100 kHz – 3.8 GHz, with a maximum bandwidth of up to 61.44 MHz.

Drone defense is a problem that is plaguing airports, cities, sensitive buildings and the military. These days anyone with a low cost off the shelf drone can cause havoc. Solutions so far have included net guns, drone deployed nets, wideband jammers, GPS spoofers, traditional and passive radar systems, visual camera detection, propeller noise detection, microwave lasers and SDR based point and shoot drone jamming guns like the IXI Dronekiller.

Both the expensive made for military IXI Dronekiller SDR gun, and the LimeSDR Dronesense work in a similar way. They begin by initially using their scanning feature to detect and find potential drone signals. If a drone signal is detected, it will emit a jamming signal on that particular frequency, resulting in the drone entering a fail-safe mode and either returning to base or immediately landing. Specifically targeting the drone's frequency should help make the jammers compliant with radio regulations as they won't jam other legitimate users at the same time. We note that this method might not stop drones using custom RF communications, or fully autonomous drones.

Dronesense: Drone Detection and Jammer Mounted on another Drone, running on a LimeSDR.
Dronesense: Drone Detection and Jammer Mounted on another Drone, running on a LimeSDR.

However, unlike the IXI Dronekiller gun, Dronesense requires no pointing and aiming of a gun like device. Instead it appears to be mounted on another drone, with an omnidirectional jamming antenna. It runs with a GNU Radio based flowgraph which decides if a detected signal is from a drone, and if so activates the jammer. Unfortunately the software and further details don't appear to be available due to non-disclosure agreements.

DroneSense Second Jamming Test (Software Defined Aerial Platform)

Remote Spectrum Monitoring Drone with OpenWebRX, Raspberry Pi and an RTL-SDR

Recently Zoltan of rfsparkling.com wrote in to us to show us how he combined efforts with András (programmer of the OpenWebRX software) to create a proof of concept remote spectrum monitoring drone. The drone uses an RTL-SDR connected to a Raspberry Pi, and the Raspberry Pi runs an OpenWebRX server which broadcasts the radio data via 4G mobile internet. The full connection flow chart goes as follows:

[Drone] Antenna –> RTL-SDR –> RPi 2 –> OpenWebRX Server –> 4G mobile net –> … Internet … [Notebook] –> 4G mobile net –> Browser with OpenWebRX client

Zoltan writes that some possible applications include emergency communications, ham radio, 3D spectrum mapping, etc. In the future he also hopes to add TX capabilities, so that the drone can also work a a makeshift transceiver tower. The biggest limitation that Zoltan noted is the flight time of only about 10 minutes. However, a solution he suggests for future experiments is using wire powered drones.

In previous posts we showed Hak5’s remote RTL-SDR ADS-B drone. Their results were not particularly great, however Zoltan and András’ results seem to be much better.

The video below shows an example of Zoltan and András’ drone experiments.

Remote Spectrum Analyzer Drone With OpenWebRX using RTL-SDR and Raspberry Pi

Monitoring Drone FPV Frequency Usage with a USRP Software Defined Radio

Over on YouTube balint256 (Balint), a researcher at Ettus (creators of the USRP line of software defined radios) has uploaded a video showing how he is using his USRP to help with frequency management at FPV time trial racing events. FPV a.k.a First Person View is a term used to describe the act of flying a remote controlled aircraft such as a quadcopter with an onboard camera that transmits live video down to the pilot. FPV racing is a new sport where pilots race FPV controlled drones around a track.

One important technical challenge at these events is frequency management. FPV drones use many frequencies at around 2.4 GHz for control and 5.8/2.4/1.3 GHz for video. With many drones in the air it is important that frequencies are managed appropriately so as to not jam each others signals.

To try and solve this problem Balint has been using GNU Radio coupled with a USRP X310 software defined radio to get very wide band RF spectrum waterfall views of the 2.4 and 5.8 GHz bands. In the waterfalls he is able to see when control signals and video signals are transmitted and at what frequency, and is able to tell if any are overlapping and jamming each other.

SDR Wideband Spectrum Monitoring for Drone FPV Frequency Management

In addition to this, Balint has also been working on his custom software defined radio based digital video downlink. Back in March we posted about his earlier work on this concept. In the video Balint demonstrates his drone with an on board USRP E310 which is used to send a custom 4.2 Mbps video downlink.

SDR digital video downlink (custom drone FPV) with E310 + webcam

Using a USRP E310 for Digital Video Downlink and Scanning on a Drone

Balint, one of the researchers at Ettus Research (the company behind the USRP range of software defined radios) has recently uploaded a video to YouTube showing one of his projects where he is prototyping the use of a digital signal for transmitting digital FPV video on a drone. The drone carries a USRP E310 SDR and transmits a QPSK video down developed in GNU Radio to a receiver on the ground.

FPV strands for “first person view” and is a growing hobby where remote controlled aircraft such as quadcopter drones are flown in first person view using live video from an on board camera.

Drone + SDR: USRP E310 real-time digital video downlink (teaser)

In another video balint also shows how the on board E310 can be used to transmit frequency scan FFT data via a WiFi link. This can be very useful for getting an antenna up high enough to get good reception for a scan.

Drone + SDR: USRP E310 airborne spectrum monitoring (teaser)