Category: Applications

SignalsEverywhere: Setting Up Priority and Groups in DSDPlus Fastlane

In his last video, Corrosive from the SignalsEverywhere YouTube channel showed us a quick guide on setting up a Phase 1 P25 digital voice decoder with two RTL-SDR dongles and the DSDPlus Fastlane decoder.

Now in his latest video Corrosive continues with the DSDPlus tutorial and this time explains how to set up priority and groups. On a trunked radio system there may be many different agencies using the same system simultaneously. Without priorities and groups, you would be listening to all communications in the system, and following a conversation within a particular agency would be difficult. Setting up priorities and groups allows you to filter out the conversations that you are not interested in, allowing you to focus on listening in to a particular agency only.

RTL SDR Digital Radio Scanning Priority and Groups With DSDPlus Fastlane Setup Tutorial

Replicating A Rolljam Wireless Vehicle Entry Attack with a Yardstick One and RTL-SDR

Over on his hackaday.io blog, Gonçalo Nespral has written about his experiences in recreating Samy Kamkars now famous low cost rolljam attack. A rolljam attack allows an attacker break into a car by defeating the rolling code security offered by wireless keyfobs. Back at Defcon 2015, an information security conference, Samy Kamkar presented a method for creating a $32 Rolljam device that consisted of two 433 MHz transceiver modules controlled by an Arduino.

In his version, Gonçalo was able to recreate the attack using a Yardstick One and an RTL-SDR. The RTL-SDR receives the signal, whilst the Yardstick One performs the jamming and retransmit functions.

Actually using this attack in a real scenario would be difficult due to the need to properly jam and receive the keyfob signal, which could prove tricky in an uncontrolled environment. However, there have been reports of criminals entering high end cars with wireless devices before and this could be one such attack method in use.

The important thing to learn is to be suspicious if your car key fob doesn't work on the first press while you are definitely in range of the car. To mitigate the possibility of wireless keyfob attacks, always use a manual key and if you must use the wireless keyfob, only unlock the car when standing right next to it, so that the keyfob signal is strong enough to overcome the jammer. Although it is still plausible that an attacker could attach the rolljam device to the car itself for greater jamming power, and then retrieve it later.

[First seen on Hackaday]

How RollJam Works
How RollJam Works

SignalsEverywhere: Using DSDPlus Fastlane for Listening to Phase 1 P25 Trunking

DSDPlus is a popular piece of software often used with RTL-SDR dongles to listen to unencrypted digital voice signals such as P25 and DMR. Digital voice is now commonly used by many Police and emergency services as well as business radio. DSDPlus fastlane is DSD's paid upgrade which allows subscribers to access to the latest releases of DSDPlus early.

Over on the SignalsEverywhere YouTube channel, Corrosive has uploaded a quick video guide that shows how to use DSDPlus Fastlane and two RTL-SDR dongles to set up a Phase 1 P25 voice decoder that automatically follows a P25 trunking channel. The basic process involves running two FMP instances which is a program in the DSDPlus suite that connects to the RTL-SDR's and receives the signal. One DSDPlus instance monitors the trunking channel, and this tunes the second FMP+DSD instance to the frequency currently active in the trunking system.

Corrosive also explains how people who are subscribed to RadioReference can download pre-populated data files that will allow the DSDPlus event log to display talkgroup information so that you can see who is talking to who.

RTL SDR Digital Radio Scanning With DSDPlus Setup FastlaneTutorial

SigintOS: A Linux Distro for Signal Intelligence

Recently we've heard of a new Linux distribution called SigintOS becoming available for download. SigintOS is an Ubuntu based distribution with a number of built in signal intelligence applications for software defined radios such as RTL-SDRs and other TX capable SDRs like the HackRF, bladeRF and USRP radios.

The distro appears to be very well executed, with a built in GUI that grants easy access to the some common sigint tools like an FM and GPS transmitter, a jammer, a GSM base station search tool and an IMSI catcher. SigintOS also has various other preinstalled programs such as GNU Radio, gr-gsm, YatesBTS, wireshark and GQRX.

The OS also teases an LTE search and LTE decoder which to access requires that you get in contact with the creators, presumably for a licencing fee. Regarding an LTE IMSI catcher they write:

LTE IMSI Catcher is not myth!

Due to the nature of LTE base stations, the capture of IMSI numbers seems impossible. LTE stations use GUTI to communicate with users instead of IMSI. The GUTI contains the temporary IMSI number called T-IMSI. This allows the operator to find out who is at the corresponding LTE station who is authorized to query T-IMSI information.

Can the GUTI number be found?
Answer Yes!

How to find GUTI and T-IMSI numbers?
Can be found with the help of SigintOS …

For detailed information [email protected]

The image comes as a 2GB ISO file, and it's possible to run it in WMWare or VirtualBox.

SIGINTOS IMSI Catcher
SigintOS IMSI Catcher

QIRX SDR Beta 2.0.1.0 Released: Improvements to DAB Scanner, Recorder and Spectra Display

QIRX SDR is a multimode SDR program compatible with the RTL-SDR. One of its defining features is that it has a built in DAB+ decoder. Recently beta version 2.01 of QIRX SDR was released which has some scanner, recording and spectra display improvements. We note that the beta version appears to be a DAB decoder only, with no multi-mode features. The new features and improvements include:

Scanner:

  • Configurable w/r to the Muxes to be scanned and/or included in the usual set of Muxes being used.
  • New algo, considerably faster
  • "Scan forever" feature, interesting for DX-ers wishing to observe Muxes over a longer time, particularly together with TII logging.
  • Selectable waiting time after recognition of a Mux, for TII logging.

Recorders:

  • TII Recorder: File structure improved, now directly importable into Excel, with TAB as separator.
  • Audio Recorder (DAB+ only): Format selectable between WAV (as usual) and pure AAC (with ADTS headers). The latter allows for high-quality recordings compressed by at least a factor of 10 compared to WAV. The popular Foobar2000 app is able to play these files. Not seekable yet though, because embedding in a suitable container is not yet implemented.

Spectra:

  • CIR with different scales (Samples, Distance, Time)
  • Indication of the correlation peaks used for the "FFT Window" determination in the CIR spectrum.
QIRX SDR Beta 2.0.1.0
QIRX SDR Beta 2.0.1.0
 

Receiving Voice Communications From the Soyuz MS-12 Expedition to the ISS

On March 14 the Soyuz MS-12 spacecraft mission was launched and this carried three astronauts to the International Space Station (ISS). Back on the ground, YouTube creator Tysonpower was able to receive the voice communications of Russian cosmonaut Alexey Ovchinin while the Soyuz spacecraft was approaching the ISS. To do this he used an Airspy SDR and home made QFH antenna, and he notes that reception could just have easily been achieved with an RTL-SDR.

Tysonpower has uploaded a video explaining what he received along with a subtitled and translated recording of the communication. More information also available on his blog post.

[EN subs] Empfang von Cosmonaut Alexey Ovchinin im Soyuz MS-12

Conference Talk: Linux, Raspberry Pi, RTLSDR, LAME and Open Source (A Recipe For Responding to Natural Disasters)

The SCaLE conference on open source and free software was recently held on March 10 in Pasadena, California. One of the talks by Ben Kuo AI6YR was titled "Linux, Raspberry Pi, RTLSDR, LAME and Open Source (A Recipe For Responding to Natural Disasters)". This talk was streamed live, and is archived on YouTube.

In the talk Ben discusses how RTL-SDR's can be useful in disaster response by putting radio communications onto online audio streaming sites like Broadcastify. He notes how difficult it was for residents affected by the California wildfires to get up to date information on how close the fire was to their house from news stations and authorities. In contrast information on the internet came in much faster and more accurately. He notes in particular how listening in to firefighter radio communications via online streams uploaded by RTL-SDR users can give the fastest and most up to date information to concerned residents.

Ben also mentions how it can also useful to track the movement of fires via the ADS-B flight tracking data transmitted by fire fighting aircraft. By watching the aircraft movements the spread of the fire can be determined.

In the YouTube video stream, Ben's talk starts at about 3:31:00 and the video below should start at that time. The three other talks recorded in this stream are all ham radio related and may also be of interest to you.

Room 212 Sunday Mar. 10 - SCaLE 17x

Demonstration of Two SatNOGS Rotators

Thank you to IZ5RZR for writing in and sharing his two SatNOGS rotator builds with usSatNOGS is an open source project that aims to make it easy for volunteers to build and run RTL-SDR or other SDR based RF ground stations that automatically monitor satellites, and upload that data to the internet for public access.

IZ5RZR writes that he's now made two rotators and one was modified to use a 5:18 stepper motor (which is upgradable to 50:1) to give more torque so that heavier antennas can be turned smoothly. His rotators are powered by a 12V battery charged by solar, and they can be controlled over WiFi with a PC/tablet/phone. He's also tested the rotators with a 24 dB parabolic grid antenna and found that the rotator could handle it even without a counterweight. He also notes that together with IK5XWA they've fixed a "Meridian Flip" bug in the firmware.

The video below shows the two rotators in action.

IZ5RZR Two SatNOGS Satellite Rotators