Recently nullwolf (T.J. Acton) wrote in to let us know about a very useful wrapper for Inspectrum that he has created, called DSpectrum. Inspectrum is a Linux/Mac based tool that makes it very easy to extract a binary string from a digital transmission which can be recorded with any SDR like an RTL-SDR. DSpectrum builds on Inspectrum and further automates the reverse engineering process. He writes:
The wrapper [DSpectrum] assesses the amplitude measurements, or frequency shifts, that are reported by Inspectrum. The wrapper uses the average of the provided values as a threshold. When a cell’s value falls below the threshold, the wrapper determines that the value is a binary ‘0’, and when it is above the threshold, it records the value as a ‘1’. It then returns this raw binary data as output, in addition to the binary’s hex and ascii translations.
…
Another two features were included: the semi-automatic comparison of two portions of a transmission in the same file, and the semi-automatic comparison of two signals in separate files.
Nullwolf notes that with DSpectrum the time taken for him to reverse engineer signals has dropped from 1 hour down to 5 minutes in some cases.
NOTE: This tutorial is no longer valid as Outernet discontinued their L-Band service in late 2017. Please consult www.outernet.is for news on their latest delivery methods.
Outernet is a relatively new satellite service which aims to be a "library in the sky". Essentially their service is going to be constantly transmitting files and data like news and weather updates from geostationary satellites that cover almost the entire world. Geostationary means that the satellites are in a fixed position in the sky, and do not move over time. By simply pointing a small patch antenna at the sky (with LNA and RTL-SDR receiver), it is possible to download and decode this data from almost anywhere in the world. Their aim is to provide up to date information to users in locations with little to no internet (rural, third world and sea), or in countries with censored internet. It may also be of interest to disaster preppers who want an "off-grid" source of news and weather updates. It can kind of be thought as a kind of one-way download-only internet service.
Currently the L-band service is being tested, and while they are not yet sending actual Outernet files, they are already sending several daily test files like small videos, images and text documents as well as GRIB files for mariners. At a maximum you can expect to receive up to about 20 MB of data a day from their satellite. Previously they had C-band services but these required large satellite dishes. The C-band service is due to be discontinued at some point in the future.
In this guide we'll show you how to set up an Outernet L-band receiver with an RTL-SDR dongle. If you enjoy this guide then you might also enjoy our Inmarsat STD-C EGC Decoding Tutorial which has similar hardware requirements.
Recently nullwolf (T.J. Acton) wrote in to let us know about a very useful wrapper for Inspectrum that he has created, called DSpectrum. Inspectrum is a Linux/Mac based tool that makes it very easy to extract a binary string from a digital transmission which can be recorded with any SDR like an RTL-SDR. DSpectrum builds on Inspectrum and further automates the reverse engineering process. He writes:
The wrapper [DSpectrum] assesses the amplitude measurements, or frequency shifts, that are reported by Inspectrum. The wrapper uses the average of the provided values as a threshold. When a cell’s value falls below the threshold, the wrapper determines that the value is a binary ‘0’, and when it is above the threshold, it records the value as a ‘1’. It then returns this raw binary data as output, in addition to the binary’s hex and ascii translations.
…
Another two features were included: the semi-automatic comparison of two portions of a transmission in the same file, and the semi-automatic comparison of two signals in separate files.
Nullwolf notes that with DSpectrum the time taken for him to reverse engineer signals has dropped from 1 hour down to 5 minutes in some cases.
NOTE: This tutorial is no longer valid as Outernet discontinued their L-Band service in late 2017. Please consult www.outernet.is for news on their latest delivery methods.
Outernet is a relatively new satellite service which aims to be a "library in the sky". Essentially their service is going to be constantly transmitting files and data like news and weather updates from geostationary satellites that cover almost the entire world. Geostationary means that the satellites are in a fixed position in the sky, and do not move over time. By simply pointing a small patch antenna at the sky (with LNA and RTL-SDR receiver), it is possible to download and decode this data from almost anywhere in the world. Their aim is to provide up to date information to users in locations with little to no internet (rural, third world and sea), or in countries with censored internet. It may also be of interest to disaster preppers who want an "off-grid" source of news and weather updates. It can kind of be thought as a kind of one-way download-only internet service.
Currently the L-band service is being tested, and while they are not yet sending actual Outernet files, they are already sending several daily test files like small videos, images and text documents as well as GRIB files for mariners. At a maximum you can expect to receive up to about 20 MB of data a day from their satellite. Previously they had C-band services but these required large satellite dishes. The C-band service is due to be discontinued at some point in the future.
In this guide we'll show you how to set up an Outernet L-band receiver with an RTL-SDR dongle. If you enjoy this guide then you might also enjoy our Inmarsat STD-C EGC Decoding Tutorial which has similar hardware requirements.
The attack works by first infecting a computer with their malware software. The malware then utilizes the USB data bus to create electromagnetic emissions on a connected USB device. In these tests they use a USB flash drive and write a file to the device in such a way that the emissions produced are transmitting decodable data. They write that any binary data can be modulated and transmitted to a nearby receiver, such as an RTL-SDR dongle. Data rates can reach up to 80 bytes/s. The data is modulated with binary frequency shift keying, and their receiver code is implemented in GNU Radio.
This story has also been featured on arstechnica and threatpost. The video below demonstrates the attack.
Recently we posted news that Outernet had released their 1.5 GHz LNA, Patch Antenna and E4000 Elonics RTL-SDR + E4000/LNA Bundle. When used together, the products can be used to receive the Outernet L-band satellite signal, as well as other decodable L-band satellite signals like AERO and Inmarsat STD-C EGC. Outernet is a new satellite service that aims to be a free “library in the sky”. They continuously broadcast services such as news, weather, videos and other files from satellites.
EDIT: For international buyers the Outernet store has now started selling these products at http://store.outernet.is.
A few days ago we received the LNA and patch antenna for review. The patch antenna is similar to the one we received a while ago when writing our STD-C EGC tutorial, although this one is now slightly larger. It is roughly 12 x 12 cm in size, 100g heavy and comes with about 13 cm of high quality RG316 coax cable with a right angled SMA male connector on the end. The coax cable is clamped on the back for effective strain relief.
The Outernet patch antenna and LNA
The LNA is manufactured by NooElec for Outernet. It amplifies with 34 dB gain from 1525 – 1559 MHz, with its center frequency at 1542 MHz. It must be powered via a 3 – 5.5V bias tee and draws 25 mA. The package consists of a 5 x 2.5 cm PCB board with one female and one male SMA connector. The components are protected by a shielding can. Inside the shielding can we see a MAX12000 LNA chip along with a TA1405A SAW filter. The MAX12000 (datasheet here) is an LNA designed for GPS applications and has a NF of 1 dB. It has a design where there are two amplifiers embedded within the chip, and it allows you to connect a SAW filter in between them. The TA1405A SAW filter appears to be produced by Golledge (datasheet here), and it has about a 3 dB insertion loss.
The Outernet L-Band LNAInside the Outernet LNA
We tested the patch and LNA together with one of our V3 RTL-SDR Blog dongles, with the bias tee turned on. The LNA was connected directly to the dongle, with no coax in between. The patch antenna was angled to point towards the Inmarsat satellite. A 5 meter USB extension cord was then used to interface with a PC. The images below demonstrate the performance we were able to get.
The Outernet team writes that a SNR level of only 2 dB is needed for decoding to work on their signal. With the patch and LNA we were able to get at least 12 dB so this is more than good enough. Other signals such as AERO and STD-C EGC also came in very strongly. Even when not angled at the satellite and placed flat on a table it was able to receive the signal with about 5 dB’s of SNR.
In conclusion the patch and LNA worked very well at receiving the Outernet signal as well as AERO and STD-C EGC. We think these products are great value for money if you are interested in these L-Band signals, and they make it very easy to receive. The only minor problem with the patch antenna is that there is no stand for it, which makes it difficult to mount in a way that faces the satellite. However this issue can easily be fixed with some sellotape and your own mount.
In the future once the Outernet Rpi3 OS and decoder image is released we hope to show a demonstration and tutorial on receiving Outernet data.
RTL-SDR.com reader Mike wrote in to us today to let us know that he has released his AIS decoder for MATLAB and the RTL-SDR. MATLAB is a technical computing language used by many scientists and engineers in the world. Mike writes the following about his work:
Automatic Identification System (AIS) is a communication standard that is used by commercial and recreational maritime vessels to report a ship’s ID, position, course and other information. This data is used for collision avoidance, search and rescue and many other applications. AIS has the following characteristics:
Access protocol: Self-organizing Time Division Multiple Access (SOTDMA)
Transmission frequencies: 161.975 MHz and 162.025 MHz
Transmit Power: 2 W or 12.5 W
Modulation: Gaussian Minimum Shift Keying (GMSK)
Data Rate: 9600 bits per second
An AIS decoder that uses the RTL-SDR and MATLAB to capture AIS transmissions is posted on MATLAB Central, the MathWorks file sharing exchange. The decoder has three main components
The MATLAB Central post includes MATLAB source code for the AIS decoder, captured data files from Boston and San Francisco, an app for easy configuration and operation of the decoder, and instructions for installing the RTL-SDR Hardware Support Package and AIS Decoder app.
If you want to learn how AIS works, and how to write a decoder, then a MATLAB example like this is an excellent resource.
Over on his YouTube channel user Gareth has uploaded a video that shows a full tutorial on quickly decoding an On Off Keyed (OOK) signal with a HackRF (or RTL-SDR) and the Inspectrum software. Once decoded he then shows how to use a Yardstick One to duplicate the signal.
Inspectrum is a Linux based program that allows you to easily determine various parameters of a digital modulated signal by positioning an overlay over the waveform of a signal recorded with an SDR. Basically Gareth’s process is to first extract signal level values using Inspectrum, then secondly use a simple Python program to turn these values into binary bits, which gives him the data packet. He is then finally able to write another quick Python program to interface with the Yardstick One and retransmit the string.
The Yardstick One is a multipurpose radio (not a SDR) for transmitting modulated signals like OOK.
My quickest and easiest method for OOK signal decoding & replication in 2016
Over on his blog Michael Carden has produced a tutorial showing us how to use SDR-J on the Raspberry Pi 3 for receiving Digital Audio Broadcast (DAB) radio. DAB is a type of digital broadcast radio used in several countries outside of the USA for general broadcast radio programs. It usually provides clearer digital audio compared to FM broadcast.
His post starts from scratch, showing how to create a Raspberry Pi image file and configure the Pi, then shows how to install and use SDR-J.
SDR-J is also available for Windows and is compatible with the RTL-SDR and other radios such as the Airspy and SDRplay.
Mario Filippi, a regular contributor to our blog and to the SDR community recently wrote in with an article showing how he built an S-Band (2 – 4 GHz) antenna for use with the HackRF. Of course the antenna can be used with any other SDR that can receive in this range, or with an RTL-SDR and downconverter. We post his article below.
S -Band Antenna for use with the HackRF One Author: Mario Filippi, N2HUN
Ever since purchasing a HackRF One, which receives from 1 MHz – 6.0 GHz I’ve always wanted to explore the world above 1 Gig, specifically the 2.0 – 2.7 GHz portion of the S-band. This portion of the band is populated with satellite communications, ISM, amateur radio, and wireless networks. A good, homebrew antenna for S-band was needed, so with parts mostly from the junk box, a 2250 MHz S-band right hand circularly polarized omni-directional antenna was built. Below is a step by step tutorial on building this antenna. Plans were from UHF-Satcom’s site.
