Category: Applications

Archiving Shortwave History with Software Defined Radio

Broadcast shortwave radio is not always archived for long at the station, so finding sound bites from interesting historical events can be difficult. We know that songs are of course recorded, but talk back radio, discussions in between music, news readings, weather updates, ads and pirate radio are all lost over time. Although these things may seem mundane now, future historians may be interested in listening in on this little slice of life.

At this years HOPE XIII conference, Thomas Witherspoon, owner of the popular SWLing Blog gave a talk titled "Creating a Radio Time Machine: Software-Defined Radios and Time-Shifted Recordings". Currently the talk is available as a full recording of all talks at the conference over on Livestream. Thomas' talk begins at about 9h03m45s (thanks to Aaron Kuhn from the comments for finding the talk. Hackaday also recently ran an article on the content of his talk.

Thomas' idea is to create a database of shortwave radio IQ recordings so that they can be archived for historical purposes. The project is called "The Radio Spectrum Archive" and has a website set up at spectrumarchive.org. To do this modern software defined radios like the RTL-SDR can be used to record a large bandwidth, however the problem is with data storage as IQ recordings can take up extremely large amounts of disk space. 

Interestingly, it turns out that people have actually been making IQ recordings since the 1980's by connecting their shortwave radios to VCR tape recorders. In the modern day these VCR recordings can be digitized into an IQ file, and played back in software like HDSDR. In the video below Thomas demonstrates the playback of a digitized VCR radio recording from May 1 1986. You can hear some interesting news tidbits on the soviet cover-up of Chernobyl, the Challenger disaster and the launch of a new hurricane tracking satellite. If recording was more popular it would have been interesting to hear soviet radio during this time too.

In addition to archiving IQ files, Thomas has been releasing a podcast of curated historical audio recordings from VCR tapes, as well as modern recordings that may be of interest over at shortwavearchive.com.

We envision a future where one day these recordings could be automatically turned into text logs via advanced speech to text software, so they could easily be searched through.

[Also seen on Hackaday]

Radio Spectrum Recordings: A short demonstration

Video Tutorial on Receiving ISS Astronaut Amateur Radio Conversations with RTL-SDR

Over on his YouTube channel Crazy Danish Hacker has posted a new video that shows how to pick up amateur radio voice signals from the International Space Station (ISS).

Often astronauts on the ISS will schedule times to chat with schools via amateur radio frequencies. This provides an opportunity to learn about radio whilst at the same time allowing kids to talk directly to an astronaut.

If you live in an area that can 'see' the ISS at the same time as the school then you can easily pick up the downlink (astronaut to ground) portion of the conversation while the ISS passes over. The downlink signal is fairly strong, so only a simple antenna is required. In his video Crazy Danish Hacker uses a telescopic whip attached directly to his RTL-SDR which is placed outside with a view of the sky.

International Space Station - Software Defined Radio Series #29

Tutorial on Setting up OP25 for P25 Phase 2 Digital Voice Decoding

Most police departments is the USA have now upgraded or are in the process of upgrading their radio systems to P25 Phase 2 digital radio. The frequencies can easily be received with an RTL-SDR, but a decoder is required to be able to actually listen to the voice. Software like SDRTrunk and DSDPlus can decode P25 Phase 1, but at the moment the only software that is capable of decoding P25 Phase 1 AND 2 is a program called OP25. However, OP25 has a reputation of being fairly difficult to set up as it does not have a simple to use GUI, and requires Linux.

Over on John's Tech Blog, John has uploaded a very helpful step by step tutorial that should help with those trying to get OP25 to work. The tutorial assumes that you have Ubuntu 18.04 already installed, and then starts from downloading and installing OP25. The next steps involve setting up OP25 for the particular system in your area, which mostly involves just editing a spreadsheet to input frequency data from radioreference.com. John also mentions that he's been able to get OP25 running perfectly on a Raspberry Pi 3 B+ as well, with less than 40% CPU usage.

OP25 Running
OP25 Running

In the video below John reviews some of the steps, and shows OP25 running and decoding voice.

OP25 Tracking 2 Control Channels

Detecting The Sound of Bats with a Piezo Speaker and SDRplay RSP1A

Over on YouTube user Jan de Jong has uploaded a few screenshots and sounds on a video which shows that he was able to receive the ultrasonic sound of bats by connecting a small piezo speaker to an SDRplay RSP1A.

The piezo speaker used in reverse as a microphone appears to pickup bat echolocation sound waves which are typically between 20 to 200 kHz. The piezo is resonant in the 40 - 55 kHz range and converts sounds from that range into electric pulses that can be received directly by the RSP1A.

SDR RSP1A for Bat detection !

Using a HackRF to Spoof GPS Navigation in Cars and Divert Drivers

Researchers at Virginia Tech, the University of Electronic Science and Technology of China and Microsoft recently released a paper discussing how they were able to perform a GPS spoofing attack that was able to divert drivers to a wrong destination (pdf) without being noticed. The hardware they used to perform the attack was low cost and made from off the shelf hardware. It consisted of a Raspberry Pi 3, HackRF SDR, small whip antenna and a mobile battery pack, together forming a total cost of only $225. The HackRF is a transmit capable SDR.

The idea is to use the HackRF to create a fake GPS signal that causes Google Maps running on an Android phone to believe that it's current location is different. They use a clever algorithm that ensures that the spoofed GPS location remains consistent with the actual physical road networks, to avoid the driver noticing that anything is wrong.

The attack is limited in that it relies on the driver paying attention only to the turn by turn directions, and not looking closely at the map, or having knowledge of the roads already. For example, spoofing to a nearby location on another road can make the GPS give the wrong 'left/right' audio direction. However, in their real world tests they were able to show that 95% of test subjects followed the spoofed navigation to an incorrect destination.

In past posts we've seen the HackRF and other transmit capable SDRs used to spoof GPS in other situations too. For example some players of the once popular Pokemon Go augmented reality game were cheating by using a HackRF to spoof GPS. Others have used GPS spoofing to bypass drone no-fly restrictions, and divert a superyacht. It is also believed that the Iranian government used GPS spoofing to safely divert and capture an American stealth drone back in 2011.

Other researchers are working on making GPS more robust. Aerospace Corp. are using a HackRF to try and fuse GPS together with other localization methods, such as by using localizing signals from radio towers and other satellites.

[Also seen on Arstechnica]

Hardware and Method used to Spoof Car GPS Navigation.
Hardware and Method used to Spoof Car GPS Navigation.

Video Tutorial About Decoding 433 MHz ISM Devices with rtl_433

Over on his YouTube channel Tech Minds has recently uploaded a video that demonstrates and shows how to use the rtl_433 software with an RTL-SDR to decode 433 MHz ISM band low power devices. Typically these devices include things like home wireless temperature and weather sensors, tire pressure sensors, remote controls, and other various sensors.

In the video he sets up an RTL-SDR and magmount antenna by his window and is able to receive data from several of his neighbors weather stations, and some car key remotes. He shows how to run the software on both Linux and on Windows.

How To Decode 433Mhz Low Power Devices Using RTL433 And A RTL-SDR Receiver

RS41 RadioSonde Tracking Software

A radiosonde is a small weather sensor package that is typically attached to a weather balloon. As it rises into the atmosphere it measures parameters such as temperature, humidity, pressure, GPS location etc, and transmits this data back down to a receiver base station using a radio signal. The RS41 is one of the newer radiosonde modules sold by  radiosonde manufacturer Vaisala, and is currently one of the most popular radiosondes in use by meteorological agencies. The signal is typically found at around 400 MHz and can be received with an RTL-SDR and an antenna tuned for 400 MHz. We have a general tutorial on radiosonde decoding available here.

There are several software packages that can decode RS41 data, such as the multi-radiosonde decoder Windows program called SondeMonitor (25 euros), or the free Linux command line software called RS. Recently a new free Windows GUI based RS41 decoder has been released by IW1GIS. The software can display on Google maps the current location and previous path of the radiosonde, as well as it's weather data telemetry.

Main features are:

  • Directly decoding of GFSK signal received by the FM radio receiver (the use of a Software Defined Radio is recommended).
  • Capability to connect and command SDRSharp software by mean of Net Remote Control plugin.
  • Advanced frequencies scan and decode: RS41 Tracker is able to look for RS41 radiosonde signal in a given list of frequencies, starting the radiosonde decoding when a valid signal is detected.
  • Real time showing radiosonde position on google map (internet connection is required)
  • Map auto centered on radiosonde position
  • Map type selectable by user (road, satellite, hybrid, terrain).
  • Burst killer detailed information and launch time estimation.
  • Radiosonde RAW data save
  • Post processing of RS41 RAW data file
  • Tracking information (elevation, bearing, slant range)
  • Radiosonde track saved on kml file
  • Ghost track shown on map (loading from kml file)
  • Shortcut for google maps in browser
RS41 Tracker Software
RS41 Tracker Software

New TETRA Trunk Tracker for use with SDR# and the TETRA Demodulator Plugin

Over on our forums user thewraith2008 has just released news about his new software called TETRA Trunk Tracker. The software works in conjunction with the TETRA demodulator plugin for SDR#. It works by using two dongles, one to monitor a TETRA trunking channel, and the other to decode voice audio, although a single receiver mode is also available which works with a reduced and fixed bandwidth.

TETRA Trunk Tracker
TETRA Trunk Tracker

The post reads:

TETRA Trunk Tracker will follow calls on a TETRA network.

TETRA Trunk Tracker reads DATA that is output from the SDR# plug-in TETRA Demodulator (by TSSDR) via the 'Network Info' calls log window.

It interprets this DATA to determine when a call is set-up, then instructs SDR# (VC) to move to the carrier (frequency) that the call will be on.

It will also watch out for other PDUs to determine when a SSI starts or completes transmissions and when calls are complete (Released).

Features:

  • A basic call recording (All or Selective call recording).
  • Display current call details with list of seen SSIs for that call. (SSI populate as they TX).
  • GSSI holding - will only allow calls with selected GSSI to be heard.
  • Call lockout based on GSSI. Can be unchecked in list to lockout GSSI.
  • Call Priority. (Only normal version)
  • GSSI weighted 0-9, 9 is highest. If on active call and other call event occurs, if new call has higher
  • priority then will switch to it.
  • Collect/Save all seen GSSIs with Labels and Priority, By Network.
  • Collect/Save seen SSIs with Labels and Last seen Date/Time, By Network.
  • Set a call time-out. Returns to idle state if call does not see a release PDU
    after X time in seconds.
  • Log call events to screen and file, if enabled.
  • Log raw CC and VC PDU messages as seen by the 'TETRA Demodulator' plug-in, if enabled.
  • Log GSSI daily call activity. (Simple version does not play calls when this is selected)
  • Set base frequency via UI.
  • Set CC park carrier # via UI.
  • Set VC park carrier # via UI.
  • Suppress some PDUs. (unchecked is mainly for testing only)
  • Suppress lockout messages.
  • Sort SSI and GSSIs/Lockouts (by GSSI). This only occurs on start-up.
  • Country Code label, defined via file (shown as menu item)
  • Network label, defined via file (shown in tool tip where MNC,LA is in 'Call Details' panel)
  • Location Area label, defined via file (shown in tool tip where MNC,LA is in 'Call Details' panel)
    Only shown when Network label used.
  • Ignores Encrypted PDUs (with no reference to them)
  • Set a seen GSSI priority via UI.
  • Update a seen GSSI/SSI label via UI.
  • Call active indicator.
  • Restore SDR# windows to a defined position.

If the TETRA Demodulator does not work for you this program will do nothing to change that.

This is the third release of this program. (TETRA Trunk Tracker v0.99.6)
And 2nd release for (TETRA Trunk Tracker v0.99.6s - Simple)

Two versions are available:

  • Normal (Uses 2 SDR# and 2 Dongles) with TETRA Demodulator and Net Remote plug-ins
  • Simple (Uses 1 SDR# and 1 Dongles with some features not available) with TETRA Demodulator and Net Remote plug-ins

Backup your "Tetra-trunk-tracker.dat" settings file.
Then delete "Tetra-trunk-tracker.dat" as it has changed and old one will cause error on load.

Some work as gone into trying to make TETRA Trunk Tracker easier to run once the initial setup has been done.

A MCC (Country Code) label file is included for your convenience "TETRA_mcc.txt".

It has only been tested on Windows 7 - Professional SP1 (32 bit), English

You MUST have a PC that is capable of running SDR# x 2 with the TETRA plug-in. (Not overloaded CPU usage.)

It is in alpha stage. This means is may contain errors that may cause issues with the other programs it
works with. i.e. crashing them or itself.

The TETRA plug-in currently been developed by TSSDR is also in early development. Because of this
any changes made in plug-in releases most likely will break this program.

I have created it to suit my needs. And it currently works for me with the TETRA network I monitor.

I make no claim that it will work for other networks.

Please read the provided files for set-up and usage:

  • TTT_set-up_manual.pdf
  • TTT_Features_and_Usage.pdf

I have tried to be as thorough as possible with the documentation to explain usage and features.
I believe any questions can be answered by reading these files.
These files most likely are not complete and contain errors and are not laid out as good as they could be.

It only works with the provided TETRA plug-in supplied in zip. (2018-June-06).
This version uses a custom compiled version of 'Net Remote' supplied in zip

It is only meant to be a temporary solution until something better comes along.

Hopefully all goes well for you setting it up.

Download link

MD5 HASH 6f33fcf9662573b77e177e899793b9f9

Video showing starting it and it running
Video showing starting it and it running - Simple version