Tagged: heatmap

Detecting Car Keyfob Jamming With a Raspberry Pi and RTL-SDR

It’s been known for a while now that it is possible to break into cars using simple wireless attacks that involve jamming of the car keyfob frequency. Sammy Kamkars “rolljam” is one such example that can be built with a cheap Arduino and RF transceiver chip. One way to secure yourself against wireless attacks like this is to run a jammer detector.

A jammer detector is quite simple in theory – just continuously measure the signal strength at the car keyfob frequency and notify the user if a strong continuous signal is detected. Over on his blog author mikeh69 has posted about his work in creating a wireless jammer detector out of a Raspberry Pi and RTL-SDR dongle. He uses a Python script and some C code that he developed to create a tool that displays the signal strength on an onscreen bar graph and also conveys signal strength information via audio tones. He writes that with a pair of earphones and battery pack you can use the system while walking around searching for the source of a jammer.

Mikeh69’s post goes into further detail about installing the software and required dependencies. He also writes that in the future he wants to experiment with creating large area surveys by logging signal strength data against GPS locations to generate a heatmap. If you are interested in that idea, then it is similar to Tim Haven’s driveby noise detector system which also used RTL-SDR dongles, or the heatmap feature in RTLSDR Scanner.

[Also seen on Hackaday]
RTL-SDR + Raspberry Pi Jammer Detector.
RTL-SDR + Raspberry Pi Jammer Detector.

A modified dump1090 with ADS-B Heatmap and Range Alititude View

Dump1090 is one of the most popular ADS-B decoders that is used together with the RTL-SDR dongle. ADS-B stands for Automatic Dependant Surveillance Broadcast and is a system used by aircraft that broadcasts their GPS positions. It is a replacement for traditional reflection based radar systems. We have a tutorial on using the RTL-SDR to decode ADS-B here.

There is now a forked version of dump1090 by tedsluis that incorporates heatmap generation and range/altitude view. A heatmap will allow you to visualize where the most active aircraft paths in your area are and the range/altitude view allows you to see at what altitudes aircraft typically fly at in different locations. The software logs aircraft data in a CSV file, and then after collecting enough data a second program can be used to generate the heatmap. The full explanation of the software and instructions for installing and using it on a Raspberry Pi Linux system together with PiAware are posted on the flightaware.com forums.

A heatmap of aircraft flight paths.
A heatmap of aircraft flight paths.

RTL-gopow: New heat map tool

Rtl_power is a tool that allows you to create wide band signal strength heat maps over a long length of time. It works by very quickly hopping across the spectrum, capturing the RTL-SDR bandwidth of about 2 MHz at a time, and then displaying it on a heat map. This is useful for seeing what frequencies are active and at what times. 

Usually to obtain a heat map with rtl_power you need to record the data first, and then pass it through a Python program called heatmap.py which creates the heat map image file. Now there is rtl_gopow which is a new program that directly creates a PNG heat map file from an rtl_power sweep. It is currently available for OSX, Linux, Linux ARM, and Windows.

You can download the binary releases here.

2.5 hour long heat map generated by RTL_GOPOW
2.5 hour long heat map generated by RTL_GOPOW

New software rtl_heatmap: Web based waterfall plotter for rtl_power

Over on GitHub a new heatmap plotter for rtl_power has been released. The software is called rtl_heatmap and is software that can be used to create a heatmap from the csv data produced by rtl_power. The software creates the heatmap and also adds frequency marker information to the plot. Rtl_heatmap is written in JS and HTML5 and is a web browser based app.

Rtl_power is a tool that can scan a large chunk of bandwidth with an RTL-SDR dongle and record signal power levels over time.

A demo of the software in action can be found at http://heat.wq.lc/.

rtl_heatmap is a web based heatmap plotter for rtl_power
rtl_heatmap is a web based heatmap plotter for rtl_power

Creating a Signal Strength Heatmap with an RTL-SDR

Over on Reddit, user tautology2 has linked to his project which is software that can create a heatmap of signal strengths. His software uses the data that is output from RTLSDR Scanner which is a program that will collect signal strength data over any desired bandwidth and at the same time also record GPS coordinates using an external GPS receiver. RTLSDR Scanner can also create a heatmap by itself, but tautology2’s heatmap is much clearer and has good web controls for choosing the heatmap signal frequency.

Tautology2 writes about his program:

Eartoearoak’s rtl-sdr scanner can save GPS location data along with spectrum samples, I had put USB GPS unit and SDR’s antenna on the top of my car, put my notebook with running scanner on the front seat and driven it around.

Then I saved results both as an image sequence (which you can see at the bottom of the map) and as the raw data in json format. My script (scan2web.rb[3] ) parses raw data, filters out redundant samples (which were captured standing at the traffic lights etc) and computes normalized spectrum power for eight 300-KHz bands for each spatial sample. Results are saved in heatmap.json[4] , which is rendered using Google maps v.3 heatmap API.

The Reddit thread discussing his project can be found here.

Tools used for making the heatmap: Laptop, RTL-SDR with stock antenna and a GPS.
Tools used for making the heatmap: Laptop, RTL-SDR with stock antenna and a GPS.
Heatmap of GSM Signal Strengths
Heatmap of GSM Signal Strengths

RTL_POWER Heatmap Viewer

Back in June we posted about DE8MSH’s rtl_power based heatmap viewer which was automatically generated every day from a Raspberry Pi. The browser based heatmap display provides a way to view the frequency and time of where the mouse pointer is allowing you to easily identify signals.

Back then the code was unavailable but now DE8MSH has released his code on GitHub. An example heatmap generated by the code can be found here.

RTL_POWER Heatmap Viewer
RTL_POWER Heatmap Viewer

Automatic Heatmap Logging on a Raspberry Pi using an RTL-SDR and RTL_POWER

Amateur radio hobbyist DE8MSH recently wrote in to let us know about a project he has been working on. His project involves using a Raspberry Pi B and RTL-SDR to automatically log a wide band heatmap using rtl_power. Rtl_power is a command line tool that will log signal strengths to a csv file using the RTL-SDR over a very large definable bandwidth.

To do the automatic logging the Raspberry Pi runs rtl_power for 23 hours constantly writing data to a mounted hard drive. After 23 hours the heatmap image is calculated and then uploaded to a webpage at http://qth.at/de8msh/listheatmaps.php. The scheduling is performed by a cron job.

DE8MSH has also been working on a second related project over at http://www.qth.at/de8msh/hm/pic.html. The heatmap on this page shows various transmissions from weather balloons. As you mouse over those transmissions, the QTH (location) of those weather balloon transmissions is shown as well as the frequency and time of where the mouse pointer currently is.

Raspberry Pi Automatic Heatmap Logging with rtl_power
Raspberry Pi Automatic Heatmap Logging with rtl_power