Over on YouTube channel RECESSIM has uploaded a three part series on reverse engineering smart utility meters. In many locations wireless mesh smart electricity meters are installed in houses allowing for completely wireless monitoring. These mesh network devices pass the wireless data from meter to meter until the data reaches a router that is typically placed on a neighborhood power pole.
In the first video Recessim explains how a smart meter mesh network works, and demonstrates signal reception in the 900 MHz band with a USRP B200 software defined radio.
In the second video he demonstrates how he can see meter ID and power outage information from Oncor meters, explains his GNU Radio flowgraph setup and goes on to explain how he reverse engineered the data packets.
Finally in the third video he performs a few teardowns of smart meters he found on eBay, and shows his reverse engineering setup with a faraday cage. More videos are likely to be on the way, so you might want to consider subscribing to his channel for updates. Recessim is also diligently recording all the information he's discovered about the meters on his Wiki.
Back in early and mid March we posted about how several amateur radio hobbyists worked together to receive and figure out how to decode text telemetry as well as live video from SpaceX Falcon 9 rockets using low cost antennas and SDRs.
Unfortunately the fun has abruptly come to an end, with listeners discovering that the latest launch is now fully encrypted. Given the fact that the data stream was undiscovered and likely unencrypted for the last decade, it seems reasonable to assume that SpaceX added encryption in response to media publicity from the decoding discovery. There is also speculation that it may be due to NOAA space camera laws which caused livestream censorship back in 2018.
Back at the end of 2018 we successfully crowdfunded KerberosSDR on Indiegogo which was our first coherent capable RTL-SDR that consisted of four RTL-SDRs on a common clock, with built in noise source and phase synchronization hardware. KerberosSDR enabled interesting experiments such as radio direction finding and passive radar to be implemented at a much lower cost.
KerberosSDR has taught us many things, and we're now working on the next iteration which will be a significantly refined version known as "KrakenSDR". KrakenSDR will be a five channel common clocked RTL-SDR, with built in noise source and automatic phase synchronization hardware.
Please sign up to the CrowdSupply KrakenSDR email list on the CrowdSupply page to be notified once crowdfunding is launched so that you will be sure to catch the early bird pricing discounts. We expect to be able to launch sometime within the next two months.
Unlike KerberosSDR, KrakenSDR has built in switching hardware that when combined with the new software, will automatically achieve sample and phase calibration without needing to manually disconnect the antennas each time the unit is powered up, or each time the frequency is changed. This allows for much easier mobile and remote use scenarios.
The addition of the fifth tuner also allows us to use a five element antenna array, which results in much improved direction finding accuracy and better multipath rejection. USB-C is also now used on both ports for greater port reliability, the PCB has been redesigned for lower noise, software controlled bias tees are present on each port, and it comes in a tough CNC milled enclosure that doubles as a heat sink.
Finally there is a new open source software base which uses the new synchronization hardware to perform auto phase calibration, allows for intermittent signals to be squelched and tracked, enables long term phase synchronization monitoring, and enables new possibilities for future code expansion especially for passive radar which we will be testing in the upcoming months.
Over on YouTube Rob from Frugal Radio has uploaded a video reviewing our new L-Band Patch antenna which we released for sale late last month. The patch is currently on a release sale for US$44.95 including free standard airmail shipping to most countries. We will be ending the sale this Wednesday at which point the price will go to US$49.95, still with free standard airmail shipping to most countries. The patch can be purchased from our web store at www.rtl-sdr.com/store.
In the video Rob demonstrates the patch receiving Inmarsat signals strongly, and decodes a few AERO signals using JAERO. He shows that the patch works on any RTL-SDR with bias tee capability as well as an Airspy Mini. Lastly he compares the unit against the SDR-Kits patch.
We note that we are also supplying a kit for a giveaway to Frugal Radio subscribers that we will announce in an upcoming video coming out a few days time.
RTL-SDR updated L-band patch antenna review - perfect for your SDR radio!
UPDATE: Giveaway information now available in the latest video below.
BaseStation is an old ADS-B visualization program that was originally made to be used with BaseStation SBS receivers which were commonly used for ADS-B reception before the discovery of the RTL-SDR. Many old time ADS-B enthusiasts may already be set up with this software and would like to continue using it, however may have a dead SBS unit, or simply want to use a more modern receiver.
In his latest video Tech Minds demonstrates how you can use the ModeSMixer software to translate ADS-B data coming from an RTL-SDR compatible program like dump1090 into the BaseStation data format.
How To Use BaseStation With ANY ADSB Hardware - Software ModeSMixer
Tech Minds has also released an earlier video demonstrating the AirNav RadarBox XRange2. This appears to be essentially an ADS-B optimized RTL-SDR and Raspberry Pi in a plastic box, with custom SD Card set up and ready to go. At a price of US$299 it is quite an expensive premium to pay, but it may be of use to aviation enthusiasts who have poor technical computer skills that still want to set up a home aircraft tracking station.
Over the course of 2020 Tomaž Šolc from Avian's Blog has been slowly working on an RTL-SDR based vector network analyzer system. The system currently consists of an ERASync Micro signal generator, a custom time multiplexing board, an RF bridge, an RTL-SDR with E4000 tuner and some custom software.
A vector network analyzer allows the measurement of antenna or coax parameters such as SWR, impedance, phase and loss. It can also be used to characterize and tune filters. In his last post Tomaž copmares his RTL-SDR based system with a NanoVNA-H and shows similar results, confirming that the system is working.
Recently he's also swapped out the RTL-SDR for a HackRF which allows him to make measurements up to 6 GHz. Although he notes that the dynamic range quickly degrades after 3.5 GHz presumably due to connector and phase noise issues.
The entire post chain is a good read to see how he ended up designing the system, and we link to each post below for easier reading:
Rob from Frugal Radio has recently uploaded part three in his airband monitoring series. The the last video Rob discussed what communications can be received from the airport. In this weeks video Rob explains how air traffic control is handled over large areas, and also shows examples of what you might hear when an aircraft communicates with it's parent company.
Air Traffic Control Centres provide ATC coverage across most of the globe. This video gives an overview of how you can listen to pilots and Air Traffic Controllers as along their routes.
This video talks about the en route Air Traffic Control systems in the USA (ARTCC managed by the FAA), UK (managed by NATS) and Canada (managed by Nav Canada).
Company frequencies are also covered in this video, along with examples of conversations received at my location in the last few days.
Monitoring En Route Air Traffic Control, Oceanic Clearances, and Company Frequencies
Over on YouTube channel Privacy & Tech Tips has uploaded a video showing how he used an RTL-SDR to pick up RF emissions coming from some speakers that were unintentionally acting as wireless microphones. He goes on to show how you can clean up the noisy received audio in Audacity using the noise reduction filter.
I show how electromagnetic emissions from personal devices many times turn our devices into (potential) remote listening + transmitting devices when active (as demonstrated). I discovered my speakers unintentionally transmitting audio (speaker acting as microphone) to a few different frequencies via GQRX recording (computer/Pinetab microphones completely disabled).
There are a few frequencies you can tune into to listen in remotely. This includes listening in to conversations in the room as the speaker also acts as a microphone when playing sound (***tested only on my own devices***).
When the speaker volume is turned down, the signal goes down and the broadcast goes away. When the speaker volume is down, it no longer functions as a remote microphone + transmitter.
We use Audacity to clean up the audio. GQRX is used to record the signals which are filtered on the Pinetab with internal RTL-SDR. Audio processing/noise reduction done running Parrot Linux using Audacity.
We touch on the fact all electronic devices give off their very own unique electromagnetic emissions which can act as device signatures (strength depends on shielding).
Sometimes speaker wire not properly shielded (as is found in most PC's) can act as a radio transmitter antenna without user knowledge. Here I discovered a few frequencies broadcasting the audio live (.25 second delay for SDR modulation).
Demo: Speakers Become Unintentional Listening Device Broadcasting Mult Frequencies (GQRX/Pinetab)