Category: Applications

Passive Radar Sensing via Ambient Radio Noise from the Sun and Jupiter

Recently Dr. Sean Peters from the Naval Postgraduate School, in Monterey, CA presented an interesting webinar titled "Leveraging Ambient Radio Noise for Passive Radar Sensing of the Terrestrial and Space Environment".

In passive radar, the radio source is typically an existing powerful terrestrial broadcast station, such as FM, DAB, TV or cellular. However, Dr. Peters makes use of more ambient radio noise sources, such as sun noise, and even noise from Jupiter.

By using Sun noise as the source and an Ettus USRP SDR as the receiver, he's been able to measure the ice sheet thickness at the Store glacier in Greenland. Furthermore he's also been able to utilize sun radio noise and radio noise from Jupiter for passive synthetic aperture radar, with the application being planetary remote sensing.

Traditional active radars transmit a powerful electromagnetic pulse and record the echo’s delay time and power to measure target properties of interest, such as range, velocity, and reflectivity. Such observations are critical for investigating current and evolving conditions in extreme environments (i.e., polar regions and planetary missions); however, existing radar systems are resource-intensive in terms of cost, power, mass, and spectrum usage when continuously monitoring large areas of interest. I address this challenge by presenting a novel implementation of passive radar that leverages ambient radio noise sources (instead of transmitting a powerful radio signal) as a low-resource approach for echo detection, ranging, and imaging. Starting from theory, simulation, and lab-bench testing, I first present the results of our passive radar sounding demonstration using the Sun to measure ice sheet thickness at Store Glacier, Greenland. I then project the passive radar’s performance and ability to provide valuable glaciological observations (such as melt rates, bed reflectivity changes, and englacial water storage) across Greenland and Antarctica.

In the second part of my presentation, I then extend this technique to enable passive synthetic aperture radar (SAR) imaging using radio-astronomical noise sources (e.g., the Sun and Jupiter’s radio emissions). I conclude by highlighting applications of this technique to planetary remote sensing, such as (1) using Jupiter’s HF radio emissions alongside an active VHF radar to characterize and correct for Europa’s ionospheric dispersion during a flyby mission and (2) using the Mars Reconnaissance Orbiter (MRO) Shallow Radar (SHARAD) to analyze solar radio burst candidates for Martian passive sounding.

Leveraging Ambient Radio Noise for Passive Radar Sensing of the Terrestrial and Space Environment

A Video Demonstration on Cracking a GSM Capture File

Over on YouTube Rob VK8FOES has been uploading some fairly comprehensive demonstrations and tutorials showing how to crack a GSM capture file which can be recorded with any SDR.

It's well known now that GSM aka 2G communications are insecure, with the encryption having been breakable on a standard PC for a long time now. It is for this reason that GSM is now mostly phased out, however in many regions the GSM system is still operational in reduced capacity due to some legacy users who are mostly industrial.

In his video Rob makes use of the opensource Airpobe GSM decoder tool, as well as the opensource Kraken tool (not to be confused with KrakenSDR) which is a brute force password cracking tool.

We want to note that doing this is only legal if it is your own communication that has been recorded, or you have permission from the communicating parties.

My GSM cracking content has been getting quite a lot of attention lately. Previous videos of mine relating to this topic were only boring screen recordings with no real explanation on what steps are required to crack the A5/1 stream cipher and decrypt GSM traffic by obtaining the Kc value.

I was bored one day and decided to present a live-style workflow of how hackers and security researchers 'crack' 2G cellular communications in real-time. Be warned that if you don't have an interest in cryptography or cellular network security, you might find this video rather boring.

The GSM capture file used in this video, to my knowledge, has never been publicly cracked before. 'capture_941.8M_112.cfile' was recorded and uploaded with permission by the owner of the data themselves as a decoding example for testing Airprobe.

I make a few mistakes in the video that I can't be bothered editing out. But they are not critical, just myself misreading a number at the 10 minute mark somewhere, and saying the wrong name of a software tool at 17 minutes.

Additionally, l am not a GSM technology engineer, nor a cryptography expert. I do my best to explain these concepts in a simple and easy to understand way. But due to my limited knowledge of these subjects, it's possible that some of this information may be incorrect or lacking context.

However, this video will still allow you to crack a real GSM capture file if you are able to follow along with my flip-flopping style of presentation. Haha. But please, only replicate this tutorial on GSM data that originated from YOUR OWN mobile phone. Do not attempt to decrypt private telecommunications from any other cellular subscriber, EVER.

Video Demonstrating Hydrogen Line Detection with an RTL-SDR and WiFi Dish

Back in January 2020 we posted a tutorial showing how it's possible to detect and measure the galactic Hydrogen line using a simple 2.4 GHz WiFi dish, RTL-SDR Blog V3 and a filtered LNA. Since then many people have used the same setup with great results.

Over on YouTube user stoppi who is one such person who is using the same steps from our tutorial, and he has uploaded a video showing his setup and results. If you're thinking of getting started with Hydrogen Line reception, his video slide show tutorial would be a good complimentary overview to go along with our text tutorial.

Detection of the galactic hydrogen - the 21 cm radiation - Wasserstoffstrahlung der Milchstrasse

TechMinds: Receiving and Decoding Packets from the GreenCube Cubesat Digipeater

GreenCube is a CubeSat by the Sapienza University of Rome, and it is designed to demonstrate an autonomous biological laboratory for cultivating plants onboard a CubeSat.

While this is an interesting mission in itself, for amateur radio operators there is another interesting facet to the satellite. Unlike most CubeSats which are launched in Low Earth Orbit (LEO), GreenCube was launched higher in Medium Earth Orbit (MEO) which provides a larger radio reception footprint over the earth. The satellite also contains a digital repeater (digipeater) at 435.310 MHz, which allows amateur radio operators to transmit digital radio packets up, and have the satellite repeat the packet back over a wide area footprint on earth. 

Over on his latest video, Matt, from the TechMinds YouTube channel shows us how to receive and decode the packets from the GreenCube digipeater. In his demonstration Matt uses an SDRPlay RSPdx as the receiver, SDR++ as the receiver software, SoundModem as the packet decoder, GreenCube Terminal for displaying the messages, and GPredict for tracking the satellite and compensating for the doppler effect. He also notes that while a directional antenna on a motorized tracker is recommended, he was able to still receive packets with his omnidirectional terrestrial antennas without much issue.

RECEIVING AND DECODING GREENCUBE CUBESAT

Building an OpenWebRX Server with an RTL-SDR Blog V3 for HF Monitoring

Thank you to Ramadhan (YD1RUH) who has put together a brief set of commands showing how to quickly get setup with OpenWebRX and an RTL-SDR Blog V3. OpenWebRX is a web based SDR program that allows users to use their SDR over a network or internet connector. It is compatible with several SDRs including the RTL-SDR.

 The installation is based on Ubuntu, and uses docker for the install. He also shows how to set up the OpenWebRX configuration file so that it will use the Q-branch direct sampling mode in RTL-SDR Blog V3 dongles for HF reception.

A demonstration of the result can be seen on Ramadhan's public OpenWebRX page. You can select between the various enabled HF bands in the lower left.

OpenWebRX HF reception running on an RTL-SDR Blog V3 dongle.

Bouncing LoRa Signals off the Moon with a HackRF

One part of the amateur radio hobby is 'EME', or Earth-Moon-Earth. The idea is to bounce radio signals off the surface of the moon, and have them received over a vast distance. Typically weak signal amateur radio modulation schemes such as JT65 are used due to their ability to be decoded even with the very weak signals that come back from the moon bounce.

Recently a group of students from the College of New Jersey are attempting to bounce signals off the moon using the LoRa modulation scheme. LoRa is a modulation scheme designed to be used with IoT devices, however it also has great performance when signals are weak so it's a good candidate for moon bounce.

The students are using a HackRF and the SDR-Angel software with the signal being transmitted in the amateur radio bands at 1296 MHz. The antenna hardware consists of an 1296 MHz feedhorn attached to an 8-meter dish. They hope that the use of LoRa modulation can reduce the power requirements for EME.

The main goal of this project is to establish Earth-Moon-Earth communication with LoRa modulated signals. There are three main goals that this project is trying to accomplish. The three goals of our project are to reflect a signal off the Moon and receive it back here in New Jersey, transmit a signal from here in New Jersey, bounce it off of the Moon, and then receive the signal on a dish located in Alaska, and our final goal for this project is to establish two way communication between New Jersey and Alaska.

Our initial approach to this project is to use SDRAngel to modulate and demodulate our signal. SDRAngel is a free, open-source software that we can use to transmit and receive signals via SDR (Software Defined Radio).

Our modulation technique, LoRa, uses Chirp Spread Spectrum modulation that allows for low power, long range transmissions at the cost of a low data rate.

The peripheral of choice for this project is the HackRF One, a SDR peripheral that allows us to send and receive signals.

This story was also presented on Hackaday.

Bouncing LoRa Signals Off the Moon - TCF 2023, track 5, TCNJ student presentations

Decoding the Mexican Seismic Alert System (SASMEX Alerta sísmica)

Back in 2015 we posted about the dsame software, which is a decoder for the American Emergency Alert System (EAS) which is encoded with the SAME (Specific Area Message Encoding) protocol. EAS transmits on the NOAA weather frequency. 

Recently programmer Sam submitted news about his fork of dsame which adds the ability to decode the Mexican SASMEX (Sistema de Alerta Sísmica Mexicano) alert system. SASMEX is a system developed by the Mexican Government which can detect earthquakes and rapidly activate a warning siren across the country, allowing an early warning for people to prepare for an incoming earthquake.

The sirens appear to be activated wirelessly through the same frequencies that weather and EAS use, and so the signal can be monitored with an RTL-SDR or other SDR. When an active signal is present, the forked dsame software will decode the alert. The alert could then be used to activate a local siren or display.

How the SASMEX System Works (Credit: http://www.cires.org.mx/sasmex_n.php)

DeFli: A Decentralized Network of RTL-SDRs on the Blockchain for UAV and Satellite Operators

Recently we came across a new project called DeFli and DeSky, which appears to be plans for a decentralized network of RTL-SDRs. The goal of the project is to provide decentralized access to ADS-B and satellite data through the use of RTL-SDR ground stations. The RTL-SDR ground stations upload their data to the DeFli servers and in return ground station hosts receive compensation in DEFLI tokens via the DeFli blockchain.

From the website it appears they are focusing on selling the data to UAV and satellite operators, but there seems to be no reason why it couldn't be used for other purposes too.

The use of crowd sourced RTL-SDR data is nothing new, with successful ADS-B aggregators like FlightRadar24.com and adsbexchange.com already in operation. Projects like SatNOGs also exist which crowd source satellite data. Not to mention other RTL-SDR and radio data aggregators like marinetraffic.com for Marine AIS, amateur.sondehub.org for Amateur Radio Balloons, aprs.fi for APRS, and airframes.io for ACARS, VDL, HDFL and SATCOM data. However, this is probably the first radio data aggregator to incorporate blockchain concepts for host rewards.

In a Reddit Post (now removed but cached on Google), the creators wrote:

There is clearly an appetite from a large number of Helium Hotspot owners to utilize their hotspots for other projects with a view to getting a better ROI on their investment. That being said, I believe it is absolutely just and fair for Nova & the Foundation to take steps to prohibit the LoRa specific hardware from being used by competing projects both from a commercial perspective and also regulatory. Our personal belief is that Nova/Foundation should operate Helium Network as a NaaS and allow these newer "players" to piggyback on the equipment without compromising the regulatory side of things.

From an industry perspective there is of course a frustration at an awful lot of under-used/under-utilized hardware, specifically the CPU modules that remain in short supply, thus limiting the expansion capabilities of a hardware based network.

Likewise whilst Helium IoT paved the way for decentralized networks to become a "thing" there is also the counter-argument now that actually it is incredibly difficult to build a hardware based network because of the growing disdain. Now obviously part of that is linked to failed projects like MXC, Planetwatch and WeatherXM as well as dubious projects like RevoFi.

That brings me on to our project- DeFli (defli.org). I am not going to extol the virtues of the project, all I am going to give is a very brief "blurb". We are building a decentralized network of ground stations for unmanned aircraft to communicate with (to satisfy new legislation) and which will form the basis of an advanced traffic management system.

A "ground station" can be built from any Helium Hotspot without affecting the performance, nor do we utilize the LoRa Concentrator (ADS-B is broadcast over the 1090MHz frequency). To achieve dual "mining" it is simply a case of running DeFli in a Docker Container (can be viewed on our Github) and adding a USB RTL-SDR receiver.

WARNING: As with anything cryptocurrency related, do your own research first before putting any of your own money in. This project could very well be a scam, or it could just be a project in the early stages of getting started.

DeFli Network Homepage