Hacking a Ceiling Fan Radio Control Signal with an RTL-SDR

Over on YouTube "River's Educational Channel" has uploaded a video showing how he was able to reverse engineer the wireless control signal from his ceiling fan remote, and use that information to create a new transmitter controlled via his smart home's Raspberry Pi.

In the video River uses an RTL-SDR and the Spektrum software to initially identify the remotes frequency, before moving on to record the signal in Universal Radio Hacker (URH). He then goes on to reverse engineer the signal and determine the binary control string for each button on the ceiling fan's remote control.

In part 2 which is yet to be released River will show how to transmit this signal via his Raspberry Pi 3B in order to integrate it with his smart home.

Hacking My Ceiling Fan Radio Signal With a $15 USB TV Tuner (RTL2832U)

Tweet
Share2
Reddit
Vote
Email
2 Shares

FengYun-2G Confirmed to be Receivable with a WiFi Grid Dish

Back in November 2020 we posted about the release of a decoder for the FengYun line of geostationary weather satellites which provide full disk images of the Earth and are positioned to cover parts of Europe, Africa, the Middle East, Asia, Russia, and Australia. Back then only a few people had attempted decoding this, and it was believed that a 120cm satellite dish or larger would be required.

However, today on Reddit user u/Harrison_Clark55 has shown that it is possible to receive FengYun-2G with a typical 90-100cm WiFi grid dish. These WiFi grid dish's have proven to work well for other geostationary weather satellites such as GOES and GK-2A.

We do note that u/Harrison_Clark55's image appears to be missing a few lines of data, and they are based in Australia where the elevation of FY-2G could be quite high depending on what side of the continent they are on. So it's possible that receivers in lower elevations may still require a larger dish size to work.

Full Disk FY-2G image received by u/Harrison_Clark55 (see the Reddit post for full resolution image)
Tweet
Share26
Reddit
Vote
Email
26 Shares

SATRAN: An Affordable Motorized Satellite Antenna Rotator

Recently we came across the SATRAN project by Daniel Nikolajsen, which is an attempt to design, build and sell low cost kits of an automatic motorized satellite antenna rotator for less than US$200. A motorized satellite antenna rotator is useful for pointing high gain directional antennas such as a Yagi or satellite dish at low earth orbit satellites which can move across the sky quickly. This is also an idea used by the well known SATNOGS project which also provides a design for a 3D printed antenna rotator, and runs servers that archive received satellite data.

Compared to the SATNOGS design, the SATRAN design appears to be much simpler and easier to build. Although being a smaller unit it's only design to handle small compact antennas such as a 70cm Yagi. SATRAN is also controllable via a web interface and there is an Android App. The design is capable of rotating 360 degrees, and 110 degrees from zenith, which allows a user to cover the entire sky.

Daniel notes that SATRAN kits should be available for sale from Feburary/March 2021. He also notes that it is possible to 3D print most of the parts and to just purchase the electronics for a lower price.

More technical information about the project is available on it's Hackaday.io blog.

SATRAN 3D render and actual prototype
Tweet
Share15
Reddit
Vote
Email
15 Shares

Using SDR to Investigate Telemetry Still Broadcasting from 1960’s Satellite Transit-5B5

Thank you to Derek @ok9sgc for pointing us to some work Reddit user u/Xerbot has been doing on receiving telemetry coming down from a "dead" 1960's satellite called Transit-5B5. The fleet of Transit satellites was used for military navigation with the first launch in 1959 and the last in 1988. All in the fleet have since died apart from Transit-5B5 which continues to transmit telemetry at 137 MHz when receiving power from in the sun. Derek writes:

Turns out that the TRANSIT 5B-5 satellite's telemetry still has signs of some of the satellite's systems operating (albeit with a questionable reliability). The satellite represents an amazing legacy for all the people that worked on it in the 1950s and 60s, but due to its age it is also very difficult to find technical documentation about the telemetry (or I should rather say impossible), so to make sense of the data that's being broadcast by the satellite would require many people receiving, decoding, and comparing their results, mainly to identify any patterns in the satellite's behavior and the resulting demodulated data.

Derek and u/Xerbot are asking the SDR community to help collect more sample data, which might help in finding a way to decode some of the telemetry. If you have data to contribute, you can contact @ok9sgc on Twitter, and u/Xerbot on Reddit.

This reminds us of an old post from reader happysat where he demonstrated with an RTL-SDR that many "dead" satellites are actually still transmitting telemetry. Due to suspected chemical breakdown of the onboard batteries, the satellites tend to turn themselves on again when the solar panels receive sunlight.

The Transit-5B5 Satellite Telemetry Signal at 137 MHz
Tweet
Share58
Reddit
Vote
Email
58 Shares

Etherify Talk from The rC3 Online Conference

The "Chaos Computer Club (CCC)" have recently been uploading videos to YouTube from their "Remote Chaos Experience rC3" online conference. One talk is by Jacek Lipkowski (SQ5BPF) who presents his Etherify project which we have posted about a few times on this blog already. Etherify is a program that allows users to exploit unintentional RF leakage from Ethernet hardware in order to transmit data over the air, essentially creating a primitive software defined radio. In particular the Raspberry Pi 4 was found to have extreme unintentional leakage, with the signal being receivable from over 50m away.

Primitive soft tempest demos: exfiltrating data via leakage from ethernet and more :)

In this talk i will describe shortly the concept of soft tempest, and show a demo of etherify and sonify. Etherify uses radio frequency leakage from ethernet to exfiltrate data. Sonify uses ultrasound.
Both demos by design use very primitive tools and hardware, and are easy to replicate.

#rC3 Etherify - bringing the ether back to ethernet

Tweet
Share2
Reddit
Vote
Email
2 Shares

NanoVNA V2 Enclosure and Carry Case Now Available on our Store with Release Discount

We have just release for sale our latest product which is an enclosure and carry case for the NanoVNA V2. It is currently on sale until the end of this week for US$14.95 including free shipping from China to most countries. At the end of the sale the price will rise to US$19.95. Amazon will be stocked in 2-4 weeks, but will not be on sale. Please visit our store at:

www.rtl-sdr.com/store

The enclosure is made from rugged plastic (plastic was chosen as the NanoVNA designers note that a metal case may actually degrade performance). There is space included for a standard sized (non-protected) 18650 battery, and battery terminals are included for optional use (battery not included). The enclosure also has a holder for the NanoVNA V2's stylus, and as a bonus we're including a matte antiglare screen protector as we found the NanoVNA V2's screen to be quite reflective. Finally, a protective semi-hardshell carry case is also included in the set. If you are installing a battery, please consult the installation instructions PDF file.

 

Tweet
Share4
Reddit
Vote
Email
4 Shares

The R860 will replace the R820T2 – Same chip different name

We have recently received samples and tested the new R860 tuner chip from Rafael Micro. However, to be clear there is no change in terms of silicon or performance between the R820T2 and the R860. It is just a change in name signifying a minor change in the manufacturing chain which has allowed production of this chip to continue. In the future all R820T2 RTL-SDRs will transition to the R860 and we are just noting this now so that customers are not surprised if they see R860 markings on future dongles. We warn that some sellers of RTL-SDRs may attempt to market the R860 as an improvement, but we want to make clear that they are indeed identical to the R820T2.

Thank you to Rafael for continuing to support the SDR community, and thanks to all our customers!

The R860 tuner chip from Rafael

We note that Airspy will also be using the R860 in their products as per their latest tweet.

Tweet
Share61
Reddit
Vote
Email
61 Shares

SignalsEverywhere: A Front End GUI Control Head for OP25

Sarah from the SignalsEverywhere YouTube channel is back and this time showing off a new program she has created called "Pi25" or "OP25 Mobile Control Head". The program is a Python GUI for OP25 which runs on almost any platform including Android and Windows. OP25 is an advanced open source digital voice P25 Phase 2 capable decoder which can be used with an RTL-SDR and run on a Raspberry Pi.

Sarah's GUI software allows information from the OP25 software to be displayed on a nice large Android tablet screen, as well as having scanner forward/back buttons, and talkgroup skip and hold controls. This is very useful for in-car control on a mobile setup.

Sarah notes that she is also considering running a Kickstarter for a physical hardware OP25 head unit controller so please let her know in the YouTube video comments if you are interested.

P25 Police Scanner Control Head OP25 SDR Raspberry Pi or Android GUI Front-End

Tweet
Share7
Reddit
Vote
Email
7 Shares