Paul Rascagneres, an RF experimenter has recently uploaded a document detailing his efforts at reverse engineering a wireless doorbell (pdf file) with a 433 MHz Amplitude Shift Keyed (ASK) signal with his HackRF software defined radio. The HackRF is a SDR similar to the RTL-SDR, but with a wider available bandwidth and transmit capabilities.
To reverse engineer the doorbell, Paul used GNU Radio with the Complex to Mag decoder block to receive and demodulate the ASK signal. Once demodulated he was able to visually see the binary modulated waveform, and manually obtain the serial bit stream. From there he went on to create a GNU Radio program that can automatically obtain the binary strings from the ASK waveform.
In order to replay the signal, Paul found that the simplest way was to use the hackrf_transfer program, which simply records a signal, and then replays it via the HackRF transmitter on demand. With this method Paul was able to ring his doorbell via the HackRF.
Paul also confirmed his SDR results with an Arduino and 433 MHz transceiver. He then took it a step further and used the Arduino to create a system that could automatically receive and replay signals at 433 MHz and 315 MHz.
Radio pirates often make use of the Fleetsatcom satellites to send and receive slow scan television (SSTV) pictures over a wide distance. Fleetsatcom is a satellite communications system used by the US Navy for radio communications. Since these satellites are simply radio repeaters with no authentication mechanisms, pirates soon discovered that they could take over the satellites for their own use.
Over on YouTube user LEGION ELMELENAS has uploaded a video showing his reception of some pirates transmitting a SSTV image at a Fleetsatcom frequency of 252 MHz. To receive the image he used a home made turnstile antenna, an RTL-SDR dongle, SDR# and the RX-SSTV decoder. The image appears to be a photo of a pirates son.
We previously posted more information about Fleetsatcom SSTV pirates in this post.
SSTV from Satcom satellites. RTL-SDR SDRSharp FLTSATCOM pirates
Back in September last year we posted a tutorial written by RTL-SDR.com reader Happysat which showed how to receive and decode high resolution Meteor-M2 LRPT satellite images. The tutorial required several offline manual processing steps to be performed and therefore could not decode the image in real time.
At the same time Vasili has also released another plugin called DDE Tracker which allows a satellite tracking program such as Orbitron to interface with and control SDR#. The plugin can be downloaded on the same page as the QPSK plugin. This is similar to the already existing DDE plugins, but now also comes with a scheduler which allows users to automatically schedule recordings of Meteor-M2 and NOAA satellite passings.
NOTE:Meteor M1 has come alive again, so the frequency of Meteor M2 was changed from 137.1 MHz to 137.9 MHz. Meteor M1 is now at 137.1 MHz and can be received using the same steps as in this tutorial, though please note that images from Meteor M1 are not perfect since the satellite is tumbling. Meteor M1 is gone again.
Tutorial
To help users get set up with this new method, Happysat has again come forth with another tutorial which can be downloaded here (.pdf) (.docx) (.txt w/ images in .rar). At first glance the tutorial may seem more complicated than the old method, but in the end it is a much faster and more efficient way at decoding LRPT images. The basic steps involve setting up Orbitron and the DDE plugin to automatically track the Meteor-M2 LRPT satellite and signal, and then setting up the QPSK plugin and the new version of Lrptdecoder (if that link is down, try this mirror) to talk to one another in real time via a local TCP connection.
Real time decoding of Meteor-M2 with two new SDR# Plugins.QPSK Demodulator SDR# PluginDDE Orbitron Interface SDR# Plugin.
AMIGOS
One more Meteor-M2 related thing to look forward to in the future is the AMIGOS project which stands for Amateur Meteor Images Global Observation System. This will be a system where users around the world can contribute LRPT images through the internet to create a worldwide LRPT receiver. Oleg of LrptDecoder writes:
There is an idea to merge LRPT receive amateur radio stations in a network through the Internet and create a super LRPT receiver.
I see the benefit of professionals from the control center in the operational monitoring of the condition of the equipment MSU-MR, and for fans of the fullest reception of images from Meteor-M.
All is in testing phase and need some setup for the servers, data is beeing shared thru a VPN connection to a central server which will have a continous flow of images from all over the world.
If you don't understand what all this is about: The Meteor-M N2 is a polar orbiting Russian weather satellite that was launched on July 8, 2014. Its main missions are weather forecasting, climate change monitoring, sea water monitoring/forecasting and space weather analysis/prediction.
The satellite is currently active with a Low Resolution Picture Transmission (LRPT) signal which broadcasts live weather satellite images, similar to the APT images produced by the NOAA satellites. LRPT images are however much better as they are transmitted as a digital signal with an image resolution 12 times greater than the aging analog NOAA APT signals. Some example Meteor weather images can be found on this page and the satellite can be tracked in Orbitron or online.
A software defined radio such as the low cost RTL-SDR, or the higher end Airspy and Funcube dongles can be used to receive these signals.
An Example LRPT Image Received with an RTL-SDR from the Meteor-2 M2.
Updates
The DDE plugin can also be used for tracking NOAA satellites. Some people have been having trouble with set up. Happysat writes a solution:
Over on YouTube user kpappa has uploaded a video showing his reception of the J43VHF radio amateur stratosphere balloon with an RTL-SDR dongle and discone antenna. On the 10th of May radio amateurs in Greece launched a high altitude balloon. The balloon carried a transceiver payload which allowed amateurs to talk to each other via the balloon at a frequency of 144.200 MHz. The video shows good reception of the balloon and also shows it’s tracking via APRS.fi.
The author’s tutorial goes over setting up ModeSDeco2 to broadcast data over the network, setting up ModeSMixer2 to receive data, and also setting up the basestation.sqb file to add airline logos and silhouettes to the web based GUI of ModeSMixer2.
The latest version of Digital Speech Decoder+ (DSD+) has just been released, bringing it up to version 1.071. There appears to be no changelog, so we are unsure as to what is new, but one obvious change is that they now include a new program called FMP which is a simple NFM demodulator, similar to rtl_fm, although it does have a GUI with point and click tuning. FMP can be used as a replacement for SDR# or similar software, and is especially useful to use on low end devices such as netbooks.
An active discussion on the latest release of this software can be found in this thread on the RadioReference.com forums.
The FMP NFM demodulator tuned to a MotoTRBO signal.
DSD+ is a Windows program which can be used to decode and listen to digital voice protocols such as D-STAR, NXDN4800, NXDN9600, DMR/MotoTRBO, P25 Phase 1, X2-TDMA and ProVoice with an RTL-SDR or other radio. On some DMR systems you may also be able to use the included LRRP software, which allows you to view the GPS locations of broadcasting radios. The last major release was version 1.05.
DSD+ GUI
The DSD+ team are now also offering a “fast lane” early access program, which for a small donation will allow you to have early access to new and upcoming DSD+ features. They aim to release a new update to donators every 7 to 30 days, while stable public releases will continue to be released every 4 to 6 months. The donation costs $10 for one year of early access, and $25 for lifetime updates. Some features they are currently working on include:
On his blog Josef Gajdysek has posted about his experience with using an RTL-SDR to reverse engineer the radio protocol used by his home weather station. Josef’s weather station is an ISM band device and transmits at 433 MHz. First he opened up GQRX and tuned to his weather station’s transmit frequency of 433.6 MHz and recorded some audio in AM mode. Josef initially assumed that the device would use on-off-keying (OOK) to encode the data. However, when he opened the sound file in Audacity and looked at it’s waveform he found that the weather station instead used Differential Pulse Position Modulation. In this modulation scheme the distance between pulses determines whether or not the binary bit is high or low.
Differential Pulse Position Modulation in Audacity
To decode this Josef then wrote a python script to measure the distance between pulses and thus convert the pulses into a binary string. Then by decoding and analyzing the captured packets he was able to isolate the checksum, temperature, channel, and status flags. Knowing all this information finally allowed him to create a real time decoder that uses rtl_fm. The python script can be downloaded from his post.
Previously we posted about BigWhoop which is a project entry into the NASA International Space Apps Challenge. The BigWhoop team aim to create a networked system where RTL-SDR’s are used around the world to continually monitor the global radio spectrum.
Now BigWhoop have won the Stuttgart chapter of Global NASA Space Apps Challenge and have been chosen as one of the 15 finalists in the competition. You can help the BigWhoop team by voting daily so that they can get into the top 5 finalists. Voting lasts until May 3.
Ultimately BigWhoop is intended to run on the Constellation computation grid with 60,000 computers. However, we started a pre-alpha test. So we asked for your help during the hackathon weekend to plug in your software defined radio devices and start a sensor node for us. Our BigWhoop software was already able to send this to our server at shackspace and we received data from nice people in Virginia, US and Bremen, Germany. With this help, we were able to show you a first live demo at the end of the hackathon. Since then, we received further data and are really overwhelmed by everyone’s support and want to say a big THANK YOU!
bigwhoop global spectrum monitoring spaceapps2015 stuttgart local winner airtraffic
