Over on YouTube user HackedExistence has uploaded a video explaining how POCSAG pager signals work, and he also shows some experiments that he's been performing with his HackRF PortaPack and an old pager.
The Portapack is an add on for the HackRF SDR that allows the HackRF to be used without the need for a PC. If you're interested in the past we reviewed the PortaPack with the Havok Firmware, which enables many TX features such as POCSAG transmissions.
POCSAG is a common RF protocol used by pagers. Pagers have been under the scrutiny of information security experts for some time now as it is common for hospital pagers to spew out unencrypted patient data  into the air for anyone with a radio and computer to decode.
In the video HackedExistence first shows that he can easily transmit to his pager with the HackRF PortaPack and view the signals on the spectrum with an RTL-SDR. Later in the video he explains the different types of pager signals that you might encounter on the spectrum, and goes on to dissect and explain how the POCSAG protocol works.
Corrosive (KR0SIV) from the SignalsEverywhere YouTube channel has uploaded a new video that explains and shows HD radio being decoded with an RTL-SDR.
If you are in the USA, you might recognize HD (Hybrid Digital) Radio (aka NRSC-5) signals as the rectangular looking bars on the frequency spectrum that surround common broadcast FM radio signals. These signals only exist in the USA and they carry digital audio data which can be received by special HD Radio receivers. Back in June 2017 we posted about how [Theori] was able to piece together a full HD Radio software audio decoder that works in real time. Later developments saw additional data such as traffic data and weather info extracted from HD Radio too.
Corrosive's video also shows a comparison between analog and HD Radio audio. We note that the "HD" doesn't stand for high definition, so audio quality is not really better than the analog stream. He also notes that the HD Radio data stream can contain multiple audio channels, and often they are not the same as the analog station it surrounds. One example he shows is a Simulcast AM radio station being rebroadcast via HD Radio.
Over on YouTube user JellyImages has uploaded a video demonstrating his Windows based ARESrcvr software. ARES is a railway control communications protocol used by some trains in the USA. His code connects to an RTL-SDR dongle, and demodulates the ARES protocol, providing decoded packets to ATSCMon via UDP on localhost.
ATSCMon allows you to view train telemetry data, and see on a rail map where that control indication came from. It appears that ATSCMon actually already supports ARES decoding via audio piping, but the decoder by JellyImages is a cleaner solution that doesn't require audio piping. In the past we've posted about one other YouTube user whose uploaded videos on using ATSCMon to monitor trains [Post 1][Post 2].
JellyImages also notes that his software only supports the ARES protocol which is used mostly around former Burlington Northern (BN) territory in the USA.
Over on YouTube Black Hills Information Security (aka Paul Clark) has uploaded a one hour long presentation that shows how to use a software defined radio to reverse engineer digital signals using GNU Radio.
One of the most common uses of Software Defined Radio in the InfoSec world is to take apart a radio signal and extract its underlying digital data. The resulting information is often used to build a transmitter that can compromise the original system. In this webcast, you'll walk through a live demo that illustrates the basic steps in the RF reverse engineering process, including:
- tuning - demodulation - decoding - determining bit function - building your own transmitter - and much, much more!
Starting from Monday September 16th and continuing through to October 1st, both WWV and WWVH shortwave time signal transmission stations will broadcast a special message from the Department of Defense to mark the centennial of WWV. These messages will be heard on 2.5, 5, 10, and 15 MHz. In addition from September 28 to October 2 a special WWV event will occur:
The world’s oldest radio station, WWV, turns 100 years on October 1, 2019, and we are celebrating!
From September 28 through October 2, 2019, the Northern Colorado ARC and WWV ARC, along with help from RMHam, FCCW, and operators from across the country, are planning 24-hour operations of special event station WW0WWV on CW, SSB and digital modes. Operations will shift between HF bands following normal propagation changes and will include 160m and 6m meteor scatter. We will be operating right at the WWV site and face a challenging RF environment.
WWV is a [NIST] operated HF station based in Fort Collins, Colorado. It continuously broadcasts a continuous Universal Coordinated Time signal in addition to occasional voice announcements. It has been on the air since 1919 but began continuous broadcasts in 1945 from it’s final site in Fort Collins, Colorado. WWVH is a similar time signal, but based in Hawaii.
The WWV time signal can be used to automatically set RF enabled clocks to the correct time. [Andreas Spiess] on YouTube recently uploaded a video where he emulates this signal in order to control clocks within his home. This is a great watch if you’d like to learn more about how these time signals work.
The time format itself is actually pretty simple and it’s possible to emulate with a number of devices from an Arduino to Raspberry Pi and of course Software Defined Radio.
Remote Controller for Clocks (IKEA and others, DCF77, WWVB, MSF, JJY)
SDR-Kits.net have begun selling low cost GPS antennas that are modified to receive the Inmarsat satellite frequencies between 1535 MHz to 1550 MHz. They also have a version for Iridium satellites that receives 1610 MHz to 1630 MHz. The antennas are powered by a 3-5V bias tee, so they should work fine with SDRplay, Airspy and RTL-SDR Blog V3 units.
AERO messages are a form of satellite ACARS, and typically contain short messages from aircraft. It is also possible to receive AERO audio calls. STD-C aka FleetNET and SafetyNET is a marine service that broadcasts messages that typically contain text information such as search and rescue (SAR) and coast guard messages as well as news, weather and incident reports. Some private messages are also seen. To decode AERO Mike uses JAERO, and for STD-C he uses the Tekmanoid STD-C decoder.
Mike has also created a very handy bank of frequencies for the SDRUno frequency manager which can be downloaded from here.
We note that if you're interested in waiting, at the end of September we will have an L-band patch antenna set available too. Our antenna will work from 1525 up to 1637 MHz. Prototypes have shown have shown good Inmarsat, Iridium and GPS reception. More details coming next month when manufacturing gets closer to finishing up.
Oona (also known as [Windytan] and @windyoona) was recently looking for a way to capture PAL composite video from her old 1980’s Nintendo Entertainment System (NES) without spending a bunch of money on what are often poor video capture cards. As she already owned an Airspy SDR she decided to receive the PAL signal with the Airspy and modify some software to act as a PAL decoder.
SDR-based PAL decoder is still black & white, but after a notch filter on the audio the picture quality is getting a lot better. pic.twitter.com/SUoBlnBZF3
PAL decoding was handled via some modifications to her private Tempest software. Normally Tempest type programs like TempestSDR that we covered in a [previous article] are used to spy on computer/TV monitors from signals that are unintentionally emitted in the surrounding area.
Oona has made the connection from the composite output directly to the SDR antenna input so it’s not unexpected that you’d have a strong signal. However, I have to admit that’s an incredibly clear image for a video being demodulated via a software radio.
What makes this an even more amazing feat is that the latency is low enough that it’s nearly playable using a computer and SDR in place of a television set.
I’ve been looking for ways to capture NES video on my Mac. No easy+cheap solutions, but with some changes to my Tempest tool I can use the Airspy to receive the analog video carrier. The latency is almost good enough for playing, though it’s not my goal 🙂 pic.twitter.com/B6x44NEuvK
A few days ago we posted about [dj0abr / Radio Electronics'] WebSDR software for QO-100. Having looked through his GitHub we've seen that he also has an a similar browser based server tool called WebWSPR for WSPR decoding and visualization (click with WebWSPR link) which was released earlier this year.
WSPR is an amateur radio digital HF mode designed to be decodable even if the signal is transmitted with very low power and is very weak. It can be used to help determine HF radio propagation conditions as WSPR reception reports are typically automatically uploaded to wsprnet. In the past we have been able to receive WSPR and similar modes like FT8 with our RTL-SDR V3 running in direct sampling mode.
Like his QO-100 WebSDR software, WebWSPR is designed to run on a single board computer like a Raspberry Pi or any Linux machine. It serves a web page that shows the WSPR waterfall, decoded data and has various WSPR related control options. The web page can be accessed remotely from any machine on the same network as the server, or could be put on the internet with port forwarding and a hostname service like noip.
A ready to use Raspberry Pi image for WebWSPR is available here (does not seem to support the latest Pi4 or 3B+ however). Manual installation instructions can be found here. The code is all open source and available on GitHub.
The software appears to take input from the soundcard for standard hardware receivers, but it should be possible to pipe audio from an RTL-SDR into pulseaudio, which the software can then use. The instructions from our RTL-SDR V3 WSJT-X tutorial may help.