Category: Applications

Unlocking a Car with an RTL-SDR and Yardstick One

Over on his YouTube channel Kalle Hallden has uploaded a video demonstrating how to perform a replay and "rolljam" attack on a wireless car key with an RTL-SDR and Yardstick One. His first experiment is a simple replay attack which involves recording the unlock signal from the car key with the Yardstick One in a place far away from the car so that it is not received, then replaying it close by.

This works well, but Kalle then explains rolling code security and how this would easily thwart any replay attack in the real world. However, he then goes on to explain and demonstrate the "rolljam" technique, which is one known way to get around rolling code security. The demonstrations are obviously not full tutorials, but are just high level overviews of how wireless security can be defeated.

TechMinds: Decoding GPS with an RTL-SDR

Over on his YouTube channel Tech Minds has uploaded a video showing how it's possible to receive and decode GPS signals with an RTL-SDR. To do this he uses one of our RTL-SDR Blog V3 dongles and a GPS patch antenna which is powered via the bias tee on the dongle.

On the software side he uses GNSS-SDRLIB and RTKLIB to decode the GPS signal. The result of the two programs is your current GPS coordinates which can be plotted on a map. Unfortunately in the video Tech Minds was unable to get the Google Maps display to work, but you can easily type the coordinates into Google maps yourself.

Decoding GPS using an RTL SDR Receiver

 

New ExtIO For rtl_tcp: Control R820T Bandwidth, Decimation, Auto Reconnect

A few days ago we posted about Hayati and others' work in creating a new release of the librtlsdr drivers which implemented some new interesting features. However, at the time of the post there was no GUI for actually making use of the features easily. Now Hayati has released a new rtl_tcp ExtIO interface

The interface exposes the ability to manually adjust the filtering within the R820T tuner. This is quite useful for managing out of band interference and raising overall dynamic range especially when trying to listen to a narrowband signal. It also exposes decimation controls, tcp connection features like auto reconnect and persistent connection, manual IF gain control, the ability to choose USB vs LSB tuning, and the ability to choose the highest stable sample rate of 2.56 MSPS.

The ExtIO interface is only available for SDR programs that support ExtIO, such as HDSDR. To test the ExtIO, first download and extract the latest librtlsdr release then run rtl_tcp from the command line. Extract and run the new ExtIO dll into the HDSDR folder, then run HDSDR, making sure to select the new dll when it asks on startup. You can then set the desired bandwidth and the matching decimation settings for that bandwidth.

The new ExtIO exposing new features

Automatically Starting rtl_tcp on a Remote PC via Android

Over on his YouTube channel M Khanfar has put together a tutorial for an interesting idea. The idea is to use an automatic SSH connection to tell your Windows PC to run rtl_tcp whenever you open SDRTouch or RFAnalyzer on your Android device. SDRTouch and RFAnalyzer are both Android based SDR applications and rtl_tcp is a server which allows both apps to connect to a remote RTL-SDR over a network connection.

To set this up, Khanfar first sets up OpenSSH on his Windows PC which allows a secure remote connection to the PC. On his Android device he then installs MacroDroid and RaspController. MacroDroid is an app that help you automate tasks on your Android device, and RaspController is an app designed for remotely controlling a Raspberry Pi, but also works on Windows via the SSH connection. These apps are then setup so that an SSH connection to the Windows PC is automatically opened whenever SDRTouch is run. From within the SSH connection rtl_tcp is then started.

Full text instructions are available in the video description.

Automate MacroDroid with RTL_TCP through OpenSSH under Windows 10

KerberosSDR Tracking a Drone Carrying an FM Beacon

KerberosSDR is our 4-channel phase coherent capable RTL-SDR unit that we previously successfully crowdfunded back in 2018.  With a 4-channel phase coherent RTL-SDR interesting applications like radio direction findingpassive radar and beam forming become possible. It can also be used as 4 separate RTL-SDRs for multichannel monitoring. KerberosSDR is currently in stock and available on the Othernet store.

Recently Zuokun Li et al from the University of East China Normal University published an open access conference paper that documents their results at using a KerberosSDR to track a drone. As typical drone control frequencies at 2.4 GHz are outside the range of the RTL-SDRs used on the KerberosSDR, they carried a 446 MHz FM beacon on the drone.

In their experiment they set up both circular and linear antenna arrays for the KerberosSDR, then flew the drone in front of the antenna array while recording the bearings calculated by the KerberosSDR system. The results showed that the KerberosSDR was able to successfully track the drone's bearing with either antenna array, however the linear array produced more accurate results as expected.

We note that a linear array cannot differentiate if an object is in front or behind the array. However, if this knowledge is known it can be used instead of a circular array to get more accurate bearings that are less affected by multipath.

If you're interested in this, you might also like our articles on using a KerberosSDR to track a weather balloon, to locate a P25 transmitter, or our Android app in car demos

The KerberosSDR + Drone Setup
Results from the drones at three locations.

Using a PlutoSDR and Mixer to Transmit 70cm DATV to a 23cm Satellite Receiver

Over on her YouTube channel, SignalsEverywhere, Sarah has uploaded a new video showing how she uses a PlutoSDR, HackRF and mixer to transmit DVB-S digital amateur TV to a standard satellite set top box. In this video the idea is to get a little more range by using the PlutoSDR to transmit in the 70cm band, then upconverting that to the 23cm band right at the satellite receiver. Transmitting at the lower frequency yields a higher power output from the PlutoSDR and less cable loss. The mixer consists of a passive mixer chip and a HackRF is used as the mixer LO signal source as a temporary test solution.

Digital TV Transmitter 70cm ATV to 23cm Satellite Receiver Using a Mixer/Upconverter

OpenWiFi: Open Source FPGA and SDR Based WiFi Implementation

OpenWiFi is a Linux mac80211 compatible full-stack IEEE802.11/Wi-Fi design based on an FPGA and SDR (Software Defined Radio). It aims to be the first full open source implementation of the entire WiFi stack. While the current design does not provide any feature benefits over commercial closed source chips, it is beneficial from an education standpoint, and also from a security view as any open source FPGA code can be verified to not have backdoors. The SDRs used in the project are typically not ones seen on this blog as they mostly exist on research dev boards optimized for the 2.4 GHz band.

Recently the FOSDEM 2020 conference talks from February 2020 have been released on YouTube and a talk titled Opensource "Wi-Fi chip design" and Linux drivers by Xianjun Jiao was uploaded. The talk explains OpenWiFi in detail, and why or why not you might want to use it. 

Individuals, SMEs, opensource communities and big companies have shown big interests on the openwifi project. They also asked many questions, such as MIMO support, CSI information support, roadmap and opensource license consideration. One new interesting message, which is not expected before, is that: People are willing to pay more for a WiFi chip not because the chip’s performance is better but just because they can check the chip silicon source code (Verilog/VHDL/C) on github if they have privacy/security concern. So far, not any commercial WiFi chip discloses their silicon source code. After the FOSDEM, the project has reached 545 stars on github.

Openwifi talk at FOSDEM 2020

YouTube Guide to Setting up and Running RTLion

RTLion is a software framework for RTL-SDR dongles that currently supports various features such as a power spectrum plot and frequency scanning. The software can run on a Raspberry Pi 3 and all features are intended to be accessed via an easy to use web browser interface, or via an Android app. The software can also be run with Docker, making it useful for IoT applications.

Over on YouTube M Khanfar has uploaded a comprehensive tutorial video explaining how to setup and run the RTLion server software on a Linux computer. He goes on to demonstrate and explain how to use the server via the web interface and also via the RTLion Android app.

 

RTLion Setup and Running Guide