Modern cell phones in the USA are all required to support the Wireless Emergency Alert (WEA) program, which allows citizens to receive urgent messages like AMBER (child abduction) alerts, severe weather warnings and Presidential Alerts.
In January 2018 an incoming missile alert was accidentally issued to residents in Hawaii, resulting in panic and disruption. More recently an unblockable Presidential Alert test message was sent to all US phones. These events have prompted researchers at the University of Colorado Boulder to investigate concerns over how this alert system could be hacked, potentially allowing bad actors to cause mass panic on demand (SciHub Paper).
Their research showed that four low cost USRP or bladeRF TX capable software defined radios with 1 watt output power each, combined with open source LTE base station software could be used to send a fake Presidential Alert to a stadium of 50,000 people. The attack works by creating a fake and malicious LTE cell tower on the SDR that nearby cell phones connect to. Once connected an alert can easily be crafted and sent to all connected phones. There is no way to verify that an alert is legitimate.
Spoofed Presidential Alerts Received on a Galaxy S8 and iPhone X.
The Raspberry Pi is the most popular credit sized computing board in the world. It is commonly used as a low cost and portable computing platform for SDRs like the RTL-SDR. Today the Raspberry Pi 4 was released, bringing us a new US$35 single board computer with many improvements. Some of the main improvements that make the Pi 4 great for software defined radios are listed below:
CPU: The Pi 4 uses a Quad-Core Broadcom ARM A72 clocked at 1.5 GHz. This chip should be significantly faster compared to the older chip used on the Pi3B+ with performance now being similar to that of the Tinkerboard. This will be especially useful for CPU intensive SDR applications like the direction finding and passive radar software for our coherent 4-tuner RTL-SDR known as the KerberosSDR. It should also help allow OpenWebRX servers to serve more simultaneous users, allow graphical programs like GQRX to run smoother, and allow for higher sample rates on higher end SDRs.
GPU: The new faster GPU should help graphical SDR programs run smoother.
RAM: The Pi 4 comes with three RAM options, either 1GB, 2GB or 4GB of RAM. The versions with more RAM will be great for memory intensive applications such as GNU Radio (and compiling GNU Radio). It will also allow more programs to run in the background, and perhaps combined with the improved CPU speed allow for multiple SDRs to be used on demanding tasks.
Networking: The Pi 4 finally support Gigabit Ethernet which will be very useful to people using the board as an SDR server over the internet.
USB: There are now two USB 3.0 ports available which means that USB 3.0 SDRs like the LimeSDR could in theory be used at higher sample rates on the Pi 4.
There are also many other improvements such as dual 4K HDMI ports, a USB-C power supply port and faster SD card transfers.
Raspberry Pi 4 Improvements
It is not yet known if the very useful Raspberry Pi specific software known as RPiTX will continue to function on the new Pi 4. RPiTX is software that turns Raspberry Pi units into fully functional RF transmitters without the need for any additional transmitting hardware - just attach an antenna wire to a GPIO pin. It works by modulating the GPIO pin in such a way to create almost any type of RF transmission. RPiTX only functions on the specific proprietary Broadcom CPU chips that the Raspberry Pi's use. The Pi 4 does continue to use a Broadcom CPU, so we are hopeful.
The new changes bring the Raspberry Pi up to speed with rivals like the Tinkerboard, but at a lower price and with a much better amount of software and OS support provided. The boards currently cost $35 for the 1GB version, $45 for the 2GB version and $55 for the 4GB version. They are sold via local resellers which can be found on the official Pi 4 product page.
A while back we posted about flight tracking company RadarBox.com who had launched their 1090 MHz ADS-B optimized RTL-SDR. Like other ADS-B optimized RTL-SDR's, the dongle contains a 1090 MHz filter and a low noise amplifier that reduces the noise figure, resulting in better SNR, and thus more planes spotted at further distances.
We spoke with RadarBox and asked if they could provide a low cost RTL-SDR + Antenna bundle for us. That bundle is now available in our store for $49.95 + shipping. Shipping takes about 2-3 weeks and costs between $10 - $25 depending on your country. Shipping costs will automatically added to the cart on checkout (please ignore other shipping options and choose free shipping unless you have other items in the cart). Please note that due to the larger size this will be shipped in a cylindrical package from a separate Chinese warehouse, and tracking info will come a few days later in a separate email.
The bundle includes:
1x RadarBox ADS-B 1090 MHz SMA Outdoor Antenna with mounting brackets
1x RadarBox ADS-B Optimized 1090 MHz RTL-SDR
The antenna has 7 dBi gain, 50 (+-5) Ohm impedance, and is made from fiberglass and aluminum. It is fully waterproof and outdoor rated. This is a great set at a great price to get started tracking planes with ADS-B.
To purchase, please click the Add to Cart button below or visit our store at www.rtl-sdr.com/store. Please note we only have limited stock of this product! NOTE: The first shipment of this product will be on July 2nd.
Add to cartRadarBox Bundle: Includes 1x Outdoor ADS-B Antenna, 1x ADS-B Optimized RTL-SDR
On his latest video Corrosive from the SignalsEverywhere YouTube channel discusses Inmarsat LES EGC and AERO ACARS decoding. Inmarsat is a satellite provider that has multiple geosynchronous satellites that can be received from almost anywhere in the world at around 1.5 GHz with an RTL-SDR and appropriate antenna + LNA. Inmarsat EGC and AERO are two channels on Inmarsat satellites that can easily be decoded.
The Enhanced Group Call (EGC) messages typically contain text information such as search and rescue (SAR) and coast guard messages as well as news, weather and incident reports. AERO messages on the other hand are a form of satellite ACARS, and typically contain short messages from aircraft. More interestingly with a bit of work compiling audio decoders, it is also possible to listen in to AERO C-Channel conversations, which is an emergency phone call service available on some aircraft.
In his video Corrosive gives an overview and demonstration of EGC and AERO reception.
The Es'Hail-2 satellite is positioned at 25.5°E which is over Africa. It's reception footprint covers Africa, Europe, the Middle East, India, eastern Brazil and the west half of Russia/Asia. There are two amateur transponders on the satellite. One is a narrow band linear transponder which uplinks from 2400.050 - 2400.300 MHz and downlinks from 10489.550 - 10489.800 MHz. Another is a wide band digital transponder for digital amateur TV (DATV) which uplinks from 2401.500 - 2409.500 MHz and downlinks from 10491.000 - 10499.000 MHz.
Daniel's ground station uses a LimeSDR Mini running on a Beaglebone Black. A 2.4 GHz WiFi parabolic grid antenna is used to transmit to the satellites digital amateur TV uplink. In order to generate enough power for the uplink transmission a GALI-84 amplifier chip is cascaded with a 100W power amplifier. All the electronics are enclosed in a watertight box and placed outside.
A LimeSDR Mini Based Es'Hail-2 DATV Uplink Ground Station
Over on YouTube Curious Droid has uploaded an interesting video that attempts to explain the purpose of the HAARP transmitter project. The High Frequency Active Auroral Research Program (HAARP) is an ionospheric research program based in Alaska. It consists of a high power transmitter and antenna array which is used to excite a portion of the atmosphere in order to study the ionosphere and investigate methods of affecting radio communications. Recently HAARP was also used in an art project called "Ghosts in the Air Glow" which saw HAARP used to transmit several audio art pieces.
HAARP has also been a popular target of conspiracy theorists who believe that the transmitter must have some sort of sinister purpose. Curious Droid's video explains the purpose and science behind HAARP elegantly, hopefully dispelling any conspiracy theories.
He also explains where some of the conspiracy theories may have originated from. The original idea that HAARP was based on was a patent claiming the ability of Ionospheric heating to disrupt communications, take down missiles & satellites, affect weather, scan the earth and even affect brains. However, a project with such abilities would require ridiculous levels of electrical power and land space for the antennas, making it very unrealistic.
Thank you to Shreyas Ubale for submitting his blog post about reverse engineering a wireless doorbell, and then performing a replay attack. Shreyas had purchased a wireless doorbell set containing one button transmitter and two bell receivers. However, his situation required two transmitters, one for visitors at the door, and one to be used by family within his house.
In order to create a second transmitter he decided to reverse engineer the doorbells wireless signal, and use that information to create an Arduino based transmitter. His process involves first using an RTL-SDR to determine the transmission frequency, then using the rtl_433 software to capture the raw waveform which he then analyzes manually using Audacity. Once the binary string, length and pulse width is known he is able to program an Arduino connected to a 433 MHz transmitter to replicate the signal.
In future posts Shreyas hopes to explore other ways to transmit the signal, and eventually design a simple but configurable 433 MHz push button that supports RF, WiFi, and can support the IFTTT web service.
If you're interested, check out some of our previous posts that highlight many other successful reverse engineering experiments with RF devices and SDR.
Doorbell Signal Analysis in Audacity. Captured with an RTL-SDR.
Over on our forums user qrp has released a modified ExtIO that allows the direct sampling mode to work correctly in SDRUno. SDRUno is SDRplay's official software for their RSP line of software defined radios, but SDRUno can also work with ExtIO input dlls which allow other SDRs like the RTL-SDR to be used.
The commonly found RTL-SDR ExtIO however doesn't seem to work properly with direct sampling mode in SDRUno, so HF on RTL-SDR Blog V3 or other direct sampling modified RTL-SDR dongles is inaccessible. The new ExtIO fixes the direct sampling problem, and also enables a Remove DC algorithm to remove that center spike, which isn't an option in SDRUno.
To use the ExtIO simply extract the ExtIO_RTLSDR_u8.dll and rtlsdr.dll files from the zip file into a folder on your PC. Then from the Start Menu find the SDRUno (EXTIO) shortcut and run it. When it asks you, select the ExtIO_RTLSDR_u8.dll file. Note that you will probably need to use the older v1.22 SDRUno version as V1.31 doesn't appear to have an ExtIO version.
