Tim Havens is an avid CW operator on the ham bands and primarily uses his Yaesu FTDX-5000 transceiver for this purpose. At the same time he also uses a software defined radio coupled with an upconverter as a panadapter by connecting the SDR to the 9 MHz IF output of the Yaesu.
To get around this Tim decided to use the Airspy in a special configuration. First he used the external clock input of the Airspy to connect to his Jackson Labs “Fury” GPSDO. This device uses GPS satellites to generate a very accurate 10 MHz clock, with almost zero drift. Secondly, to get around the need for an upconverter with it’s own frequency drift he used the ADC1 direct sampling input ports on the Airspy to connect to the 9MHz IF output of his FTDX-5000 through an extra band pass filter and LNA.
Tim writes that he will soon update his post with more images and a video.
Airspy with external GPS clock and ADC1 output connected.
So in order to optimize VLF reception, Martin built an external frequency equalisation network which has the following components and functions:
2MHz Low pass Filter – to minimise alias signals originating at 30MHz
20dB Variable attenuator – to set the overall signal level fed into the dongle
Switched LF roll-off – to optimise the performance at frequencies around 10KHz in the presence of strong lightning surges
-10dB notch at 198KHz – to reduce level of BBC R4 broadcast station in the LF band
-10dB notch at 800KHz – to reduce level of local broadcast stations in the MF band
His screenshot results show that his filters work well and significantly reduce the effect of lightning pulse noise at 9 kHz. With the filters in place and properly optimized with the attenuator and various switches, he is able to receive Russian Alpha navigation signals at frequencies around 12 and 14 kHz and the 300 to 500 kHz aeronautical and maritime navigation bands.
Over on cruisersforum.com we’ve seen news of a user who has worked to combine rtl_fm and aisdecoder into a single command line program called rtl_ais. AIS stands for Automatic Identification System, and is used in the marine industry to broadcast vessel GPS coordinates to one another to work as a collision avoidance radar system. With the correct software and an RTL-SDR, nearby boat AIS broadcasts can be received and the boat GPS coordinates plotted on a map.
Until recently, to decode AIS you had to pipe the AIS audio from software like rtl_fm or SDR# into a decoder. rtl_ais is a decoder which allows you to directly connect to the RTL-SDR and decode AIS without the need to pipe audio. The software is compatible on Linux and Windows and the current source code and Windows binary release is available at https://github.com/dgiardini/rtl-sdr-misc/releases/tag/v0.1.
The first one is Passive Radar which bases on the signal from only one dongle. The ambiguity function is the same as in advanced projects with the difference that I implemented self-correlate function instead of cross-correlate one which is used in 2 dongles projects. Such solution theoretically should works as can be found in internet. It should be noticed that for proper work of such passive radar the direct signal should be comparable in strength to the reflected one. This plugin is still under development.
In the future he hopes to be able to support two dongle passive radar as well.
The Passive Radar plugin by Dr. Kaminski in SDR#.The Passive Radar window.
The second plugin is called "IF Average". This plugin allows the IF signal (the entire active bandwidth is what he seems to be referring to) to be averaged which is useful for many applications including radio astronomy projects such as detecting the Hydrogen line. He writes:
The second plugin which is finished is for IF signal averaging. It is important in case of radio-astronomical observations. It allows to cumulate signals (up to 10000 samples in real time), present them in friendly way and save for further work.
Back in July of last year we posted about a video from oh2ftg where he showed how he was able to get his RTL-SDR to act as a crude transmitter by using the RTL-SDR’s leaky oscillator.
Oscar decided to take a standard RTL-SDR dongle and modify it so that it outputs a signal from the mixer output of the R820T tuner chip. To do this he removes some unneeded components from the PCB, and wires pin 5 of the R820T to the MCX antenna port through a 100pF capacitor. Pin 5 is connected to the mixer output from inside the R820T chip.
TX mod for the RTL-SDR.
After performing the hack the RTL-SDR is able to output a signal anywhere between 500 MHz to 1500 MHz 1.8 GHz to 3 GHz (see why). To control the output frequency you simply need to tune to the frequency you want to transmit at in SDR# (after setting an offset to account for the R820T’s IF offset). This tunes the mixer in the R820T and causes the output frequency to change.
In the future Oscar hopes to take this idea further by creating a specific tuning application for the generator and finding a way to possibly FM modulate the output.
Using SDR# to tune the TX RTL-SDR to 1 GHz, and using another instance of SDR# and another RTL-SDR to receive the transmitted 1 GHz signal.
Update: Oscar has revised the frequency range from 500 – 1500 MHz to 1.8 GHz – 3 GHz. More information about his new tests can be found at http://www.steila.com/SDR/RFgenmod/index.html.
Over on YouTube user kugellagers has uploaded a video showing how he designs and builds a 520 kHz high pass filter for his RTL-SDR dongle + upconverter. In the video he explains how to design the filter with the free Elsie software which is an electrical filter design and analysis program. He then shows how he builds and selects the filter inductors and capacitors and how he assembles the components on a PCB. Finally he demonstrates how his 520 kHz high pass filter is useful for filtering out atmospheric noise from lightning strikes.
The theory behind the RNG is by taking advantage of atmospheric noise, which is caused by natural occurrences, such as weak galactic radiation from the center of our Milky Way Galaxy to the stronger local and remote lightning strikes. It’s estimated that roughly 40 lightning strikes are hitting the Earth every second, which equates to about 3.5 million strikes per 24 hour period. Interestingly enough, this provides a great deal of entropy for a random number generator.
In the post Aaron also shows how to put the rtl_entropy generated data through some standardized randomness tests, how to visualize the random output and also shows how to use rtl_entropy to generate 80-bit entropy passwords.
Visualizing the random noise output of rtl_entropy.
They write about the performance of their results:
Using GnuPG as our study case, we can, on some machines:
distinguish between the spectral signatures of different RSA secret keys (signing or decryption), and
fully extract decryption keys, by measuring the laptop’s electromagnetic emanations during decryption of a chosen ciphertext.
In their experiments they used a Funcube Dongle Pro+ to measure the unintentional RF emissions coming out of a laptop computer at around 1.6-1.75 MHz, but they also mention that a low cost RTL-SDR with upconverter could also work.
Every time the CPU on a target PC performs a new operation the unintentional frequency signature that is emitted changes. From these emissions they are able to use the unique RF signature to determine what operations are being performed by the CPU, and from that they can work out the operations GnuPG is performing when decrypting data. They write:
Different CPU operations have different power requirements. As different computations are performed during the decryption process, different electrical loads are placed on the voltage regulator that provides the processor with power. The regulator reacts to these varying loads, inadvertently producing electromagnetic radiation that propagates away from the laptop and can be picked up by a nearby observer. This radiation contains information regarding the CPU operations used in the decryption, which we use in our attack.
Recovering CPU assembly code operations from its unintentional RF emissions.
In addition to the above they were also able to create portable attack hardware by connecting the Funcube Dongle Pro+ with a small Android based embedded computer called the Rikomagic MK802 IV. They also show that they were even able to perform the portable attack with a standard AM radio with the output audio being recorded with a smart phone.
A portable version of their attack set up with the Funcube Dongle Pro+ and microcontroller.
The researchers write that they will present their work at the CHES 2015 conference in September 2015.
