Back in 2016 cURLy bOi released a Windows port of the Linux based "Telive" TETRA decoder. Now the latest development in TETRA decoders is that a TETRA decoder plugin for the SDR# software has been released. This makes setting up a TETRA decoder significantly simpler than before.
The plugin doesn't seem to be officially released anywhere, but we did find it thanks to @aborgnino's tweets on Twitter, and he found it on a Russian language radio scanner forum. The plugin is available as a direct download zip from here, but we suggest browsing to the last few posts in the forum thread to find the latest version.
Installing the plugin is a little more difficult that usual, as you first need to install MSYS2 which is a compatibility layer for Linux programs. The full installation instructions are included in the README.TXT in the zip file. One clarification from us: you need to copy the files in the msys_root/usr/bin folder from the zip file into the /usr/bin folder that is in your MSYS2 installation directory.
We tested the plugin and found it to work well without any problems. With the plugin turned on you just need to simply tune to a TETRA signal in WFM mode, and you will instantly be decoding the audio.
TETRA is a type of digital voice and trunked radio communications system that stands for “Terrestrial Trunked Radio”. It is used heavily in many parts of the world, except for the USA. If you have unencrypted TETRA signals available in your area then you can listen in on them with an appropriate SDR like an RTL-SDR and decoder software like the aforementioned plugin.
Over on YouTube user Evariste Okcestbon has uploaded a video showing his simple pocket DATV system that consists of a LimeSDR running on a Raspberry Pi Zero transmitting live camera images via DATV which is received by an RTL-SDR running on a Raspberry Pi 3.
If you didn't already know, DATV stands for Digital Amateur Television and is a digital mode somewhat similar to digital over the air TV signals that can be used by hams for transmitting their own TV signals on the ham bands. The LimeSDR Mini is a $139 US transmit and receive capable SDR that is currently crowdfunding and available for pre-order on Crowdsupply. It is expected to ship at the end of February 2018.
Evariste uses a range of software packages on each Raspberry Pi. He writes the following in the video description:
Description of a minimal Digital Tv chain : Transmitter and Receiver.
Hardware used on Tx : PiZero,Picam,LimeSDR Mini
Hardware used on Rx : Raspberry Pi 2, RTL-SDR,Monitor
Software used on Tx : avc2ts,dvb2iq,limetx
Software used on Rx : rtl_sdr,leandvb,kisspectrum,ts2es,hello_video
Evariste is also the author of Rpidatv which allows you to transmit DATV directly from the GPIO pins of a Raspberry Pi without the need for any transmit capable SDR.
During the Hackaday superconference held during November 2017, Samy Kamkar presented a talk on how he reverse engineers devices, and in particular passive entry and start systems in vehicles. In the talk he also explains what tools he uses which includes SDRs like the HackRF One and RTL-SDR dongle and explains the methodology that he takes when looking at how to reverse engineer any new device. Samy is most famous for writing the Samy MySpace computer worm and also popularizing the "RollJam" wireless car door vulnerability. The talk blurb reads:
In this talk Samy Kamkar shares the exciting details on researching closed systems & creating attack tools to (demonstrate) wirelessly unlocking and starting cars with low-cost tools, home made PCBs, RFID/RF/SDR & more. He describes how to investigate an unknown system, especially when dealing with chips with no public datasheets and undisclosed protocols. Learn how vehicles communicate with keyfobs (LF & UHF), and ultimately how a device would work that can automatically detect the makes/models of keyfobs nearby. Once the keyfobs have been detected, an attacker could choose a vehicle and the device can wirelessly unlock & start the ignition. Like Tinder, but for cars.
Over on his blog "ele y ciencia" has written up two very useful blog posts - one on how to decode AFSK signals from scratch and the other on how to reverse engineer any unknown digital signal. The blog is written entirely in Spanish, but Google translate does a decent enough job at getting the message across (in Chrome right click anywhere on the page and select Translate to English or use the Google translate webpage).
The first post is about decoding an AFSK protocol and explains that you need to record the signal with an RTL-SDR or other SDR, apply a low pass filter to obtain the signal envelope and then apply thresholding with the known baud rate to obtain the demodulated digital signal. The tutorial is high level and just explains the process, but doesn't show how to do it in any software. Later on in the post he goes on to show how he reverse engineered a train-land radiotelephone system and a TCM3105 modem chip which utilizes a FSK system.
In the second post he shows how to decode any unknown digital signal using just an RTL-SDR and Audacity. He starts off with finding and recording an unknown digital signal with an RTL-SDR and then reverse engineers it in a sort of manual fashion without using any tools like Universal Radio Hacker. The post goes through the full details and steps that he took, and in the end he gets data out of the signal discovering that it is data from a Fleet Management System used in his country for monitoring data such as speed and engine data from commercial vehicles like trucks and buses.
The two posts are very detailed and could be an excellent reference for those interested in reverse engineering some unknown digital signals in your area.
Decoding an Unknown "Fleet Management" signal from scratch.
If you didn't know already Bitcoin is the top cryptocurrency which in 2017 has begun gaining traction with the general public and skyrocketing to a value of over $19,000 US per coin at one point. In addition to providing secure digital transactions, cryptocurrencies like Bitcoin are intended to help fight and avoid censorship. But despite this there is no real protection from the Bitcoin internet protocol being simply blocked and censored by governments with firewalls or by large ISP/telecoms companies.
One idea recently discussed by Nick Szabo and Elaine Ou at the "Scaling Bitcoin 2017" conference held at Stanford University is to use the something similar to WSPR (Weak Signal Propagation Reporting Network) to broadcast the Bitcoin network, thus helping to avoid internet censorship regimes. To test their ideas they set up a HackRF One as a transmitter and RTL-SDR and used GNU Radio to create a test system.
QRadioLink is a Linux and Android compatible radio app that can run on smartphones. It can be used to receive and transmit digital radio signals with a compatible SDR such as an RTL-SDR (RX only), or a LimeSDR Mini (TX and RX). The following video by Adrian M shows QRadioLink running on an Android phone with a LimeSDR Mini connected to it. An external battery pack is also connected to maintain power levels over a longer time.
In the video Adrian shows how this combination can be used as a fully portable radio transceiver. The video first shows him receiving broadcast FM, digital amateur radio voice (Codec2 & Opus is supported), narrowband FM and SSB signals. Later in the video he transmits a digital voice signal using the microphone on his Android phone. He notes that an external amplifier would still be needed if you wanted more transmission power.
Portable SDR transceiver: LimeSDR-mini, mobile phone and QRadioLink
Over on his YouTube channel Kris Occhipinti has uploaded some videos where he shows how he is able to send text data over FM radio frequencies by using an MP3 audio file that encodes the text data, an FM transmitter connected to an Android phone or MP3 player to transmit the file and an RTL-SDR on the receiving side to receive the FM signal from the FM transmitter. The software used to encode the text into an MP3 is Minimodem, and on the receiving side Minimodem is also used which can easily decode the received audio. Minimodem is a command line program which can generate FSK modem tones from data.
These two videos are part of a series that Kris has been working on that includes many videos about using Minimodem to transfer data like text, files and images between computers via radio.
12 Minimodem an FM Transmitter and a USB SDR Dongle
HolyPager Art Installation. HackRF One, Antenna and Raspberry Pi seen under the shelf.
For a long time now it has been known that pager data is sent in the clear and in plain text over a strong and easily received RF signal. The signal can easily be intercepted with a standard scanner radio or more recently with an SDR such as the RTL-SDR. Software such as PDW can then be used to decode the signal into plain text. We have a tutorial on this available here.
In these more modern days of cell phones and secure text messaging very few people still use pagers. But one heavy user of pagers is the medical community who still prefer them as they are already widely implemented in hospitals and are very reliable. The lower frequencies and high transmission powers used by pager systems allows for better reception especially in areas prone to poor cellphone reception such as in big buildings like hospitals with many walls underground areas. They are also very reliable as they receive messages instantly, whereas text messages can be delayed in times of high network traffic which is obviously a problem when a doctor is needed urgently. Finally, another advantage is that most pagers only receive, so there are no local transmissions that could interfere with sensitive medical machines. A major downside however is that pager use means that a lot of very private patient data can be easily intercepted by anyone anywhere in the same city as the hospital.
Back in October artist and programmer Brannon Dorsey displayed an art installation at the Radical Networks conference in Brooklyn which he calls Holypager. The idea is to bring attention to the breach of privacy. The installation simply prints out the pager messages as they are sent in real time, accumulating patient data that any visitor can pick up and read. He doesn't mention it on his page, but in one of the photos we see a HackRF One, antenna and Raspberry Pi hiding underneath the installation which is how the pager messages are received. A simple RTL-SDR could also be used as the receiver. Brannon writes:
Holypager is an art installation that intercepts all POCSAG pager messages in the city it resides and forwards them to one (holy) pager. The installation anonymizes all messages and forwards them randomly to one of three pagers on display. Each message is also printed on a contiguous role of receipt paper amassing a large pile of captured pages for gallery goers to peruse.
Pagers use an outdated protocol that requires all messages to be broadcast unencrypted to each pager in the area. It is the role of the individual pager to filter and display only the messages intended for its specific address. The pagers below have been reprogrammed to ignore this filter and receive every message in the city in real time. Today, these devices are primarily used in hospitals to communicate highly sensitive information between doctors and hospital staff.
Given the severity of the HIPPA Privacy Act, one would assume that appropriate measures would be taken to prevent this information from being publicly accessible to the general public. This project serves as a reminder that as the complexity and proliferation of digital systems increase the cultural and technological literacy needed to understand the safe and appropriate use of these systems often do not.
