Category: Digital Signals

Saveitforparts: Snooping on the SatGus Selfie Satellite

SatGus is a recently launched cubesat owned by CrunchLabs/Mark Rober, an extremely popular science and engineering YouTuber. The satellite is designed to take selfies of CrunchLabs customers' own photos in space, using a screen and a selfie camera mounted on the satellite. It then broadcasts the selfie image back down to a CrunchLabs ground station, where it is eventually emailed to the customer. Customers then claim that they've had their selfie taken in space.

Over on the saveitforparts YouTube channel, Gabe has been attempting to listen in on the SatGus downlink using a HackRF and a motorized satellite dish setup. SatGus transmits telemetry at 400.2 MHz and the payload dump at 2,262.5 MHz. While he is able to receive the signal, Gabe notes that it is encrypted, so not much can be done with it.

Snooping On SatGus Again

TechMinds: Building an Automated NavTex Receiver using a Raspberry Pi and SDRplay

Over on the TechMinds YouTube channel, Matt has uploaded a video tutorial showing how to create an automated NavTex receiver using a Raspberry Pi and an SDRplay software- defined radio.

NavTex is a safety and navigational information radio text broadcast system for mariners, typically broadcast at 518 kHz and 490 kHz. On ships, it is typically received by dedicated hardware that prints out information on a piece of paper as it comes in. However, with an appropriate antenna and an SDR, it is possible to receive and decode NavTex signals at home. 

In his video, Matt shows how a Raspberry Pi loaded with a piece of software created by "boat-comm" can be combined with an SDRplay RSPdx to create a homemade automated NavTex receiver. Matt shows how to install the software and goes on to demonstrate it in action.

Currently, only SDRplay receivers are supported by boat-comms software, but it's possible that in the future, other SDRs may be supported, too.

Automated NavTex Receiver Using A Raspberry Pi & SDRPlay SDR

If you're interested, boat-comm also has a video about his software available on his YouTube channel and we've embedded his video below.

NAVTEX on raspberrypi for sailors

CCC Conference Talk: Investigating the Iridium Satellite Network

Over the years, we've posted numerous times about the work of “Sec” and “Schneider,” two information security researchers who have been investigating the Iridium satellite phone network using SDRs. Iridium is a constellation of 66 satellites in low Earth orbit that supports global voice, data, and messaging services.

In a talk at the Chaos Computer Club (CCC) 2024 conference, they provided updates on their work. The recorded video of their talk has recently been uploaded to YouTube.

The Iridium satellite (phone) network is evolving and so is our understanding of it. Hardware and software tools have improved massively since our last update at 32C3. New services have been discovered and analyzed. Let's dive into the technical details of having a lot of fun with listening to satellites.

We'll cover a whole range of topics related to listening to Iridium satellites and making sense of the (meta) data that can be collected that way:

  • Overview of new antenna options for reception. From commercial offerings (thanks to Iridium Time and Location) to home grown active antennas.
  • How we made it possible to run the data extraction from an SDR on just a Raspberry Pi.
  • Running experiments on the Allen Telescope Array.
  • Analyzing the beam patterns of Iridium satellites.
  • Lessons learned in trying to accurately timestamp Iridium transmissions for future TDOA analysis.
  • What ACARS and Iridium have in common and how a community made use of this.
  • Experiments in using Iridium as a GPS alternative.
  • Discoveries in how the network handles handset location updates and the consequences for privacy.
  • Frame format and demodulation of the Iridium Time and Location service.
38C3 - Investigating the Iridium Satellite Network

DragonBridge: Streaming IQ Data Over 802.11ah HaLow via Two Relay Drones

Aaron, creator of DragonOS, has uploaded a video on his YouTube channel showing him testing out long-range communications via 802.11ah Wireless Networking and a T-HaLow bridge on two drones. 802.11ah (aka HaLow) is a WiFi protocol designed for long range IoT communications of up to 1 km (without obstructions).

In the video, Aaron attempts to stream IQ data with SDR++ over 802.11ah HaLow from a Pi + KrakenSDR operating over 1.6km away. The communication is established via two drones in the air that act as a relay bridge between the two ground stations. Although there are issues with keeping the connection stable, these experiments serve as a great first test of this capability.

Join me on an exciting month long+ journey as I push the boundaries of wireless communication using the Lilygo T-HaLow 802.11ah devices in bridge mode! In this video, I demonstrate how I successfully established an SSH connection from my laptop, across six T-HaLow units—some mounted on two drones and others on the ground—to a Raspberry Pi ground station equipped with DragonOS pi64 and a KrakenSDR.

What You'll See:

Innovative Network Setup: I configured three pairs of T-HaLow units, each pair consisting of an access point and a client. The first pair connected my laptop to the first drone. On each drone, I bridged two T-HaLow units via Ethernet, effectively creating a relay system. The second pair connected the two drones, and the third pair linked the second drone to the ground station Raspberry Pi.

Successful Long-Distance Communication: By the third attempt, I achieved a stable ping across the entire bridge and streamed IQ data from the SDR++ server on the Raspberry Pi to the SDR++ client on my laptop—over a distance of 1.6 km between drones!

Challenges and Triumphs: Experience the hurdles I faced, from connectivity issues to environmental obstacles, and how perseverance led to a successful connection.

Stunning Aerial Footage: Enjoy breathtaking drone shots that not only showcase the technology but also add a visual treat to the technical journey.

Why This Matters:

This project highlights the potential of increasing the standoff distance between equipment using 802.11ah technology, also known as Wi-Fi HaLow. Operating in the sub-1 GHz unlicensed bands, 802.11ah offers extended range and improved propagation through obstacles compared to traditional Wi-Fi frequencies. It's designed for low-power, long-range connectivity with lower power consumption—ideal for IoT applications, remote deployments, and innovative projects like this DragonBridge.

Equipment Used:

Building the DragonBridge: Long-Range 802.11ah Wireless Networking with Drones and T-HaLow Devices

mmng-ui: A Text User Interface for Multimon-NG

Thank you to Jason for writing in and sharing with his his recently released software "mmng-ui" which is a TUI (text user interface) for Multimon-NG. If you were unaware, Multimon-NG is multipurpose decoder software for the RTL-SDR and other SDRs which is capable of decoding pager protocols like POCSAG and FLEX, as well as other common protocols like EAS, AFSK, FSK9600 DTMF, CW and more.

mmng-ui is a front end for Multimon-NG that allows you to view pager messages in a clean-looking text interface. mmng-ui listens on a chosen UDP port for raw streams from software like SDR++, passes that to Multimon-NG, and then displays the results.

The mmg-ui Text User Interface
The mmg-ui Text User Interface

Exploring HD Radio and Other Signals While on Holiday

Over on his YouTube channel, Simon has uploaded a video showing how while on holiday he was able to explore the various HD Radio stations available around the USA. 

If you are in the USA, you might recognize HD Radio (aka NRSC-5) signals as the rectangular looking bars on the frequency spectrum that surround common broadcast FM radio signals. These signals only exist in the USA and they carry digital audio data which can be received by special HD Radio receivers. Earlier in 2017 a breakthrough in HD Radio decoding for SDRs like the RTL-SDR was achieved by Theori when he was able to piece together a full HD Radio software audio decoder that works in real-time. Nowadays you can use software like HDFM - HD Radio GUI to easily receive HD Radio with an RTL-SDR.

In his video Simon shows the various HD Radio signals he found while on holiday, and also shows some of their secondary features, including traffic data, and weather radar maps. Interestingly he also spots HD Radio in the AM bands, but finds his signal is not strong enough to decode.

The rest of the video explores other signals he finds such as a studio link, and TV audio signals.

I Found Some CRAZY Radio Technology while Traveling!

SignalsEverywhere: Decoding the QO-100 Mid-Beacon with WebSDR and IZ8BLY’s Decoder

In one of her latest videos on YouTube, Sarah from the SignalsEverywhere channel shows how we can use a program called "IZ8BLY Phase 3D (AO-4) Satellite Decoder" to decode the 'Mid-Beacon' on the QO-100 satellite. QO-100 is a commercial geostationary communications satellite that also contains a popular transponder for amateur radio.

However, there is also an interesting beacon called the mid-beacon that can be decoded, which provides some information about the satellite. In the video, Sarah shows how this beacon can be decoded with the software from IZ8BLY. As QO-100 is only visible from Europe, the Middle East and Africa, Sarah uses a WebSDR to receive the signal from the USA, then pipes the audio into the IZ8BLY decoder via Virtual Audio Cable.

Decode QO-100's Mid-Beacon with Virtual Audio Cables and WebSDR

Reading Electric Meters with RTL-SDR and HomeAssistant

Over on his blog Jeff Sandberg has posted a writeup detailing how he combined RTL-SDR, rtl_amr, and HomeAssistant to decode wireless data from his Itron power meter, and create useful graphs showing his US home's power usage.

In the post, Jeff explains how he uses an RTL-SDR Blog V4, HomeAssistant, EMQX, and rtl_amr to receive and plot the data. The RTL-SDR and rtl_amr software receives and decodes the wireless Itron electricity meter data packets, and then EQTT passes the data to HomeAssistant for logging and plotting. Jeff also notes how he used NodeRed to correctly automate the summer and winter tariff price changes.

Finally, in an update to the post Jeff mentions that he was also able to receive and log data from his gas meter.

HomeAssistant energy dashboard with data received from an RTL-SDR and rtl_amr decoder.