Category: Digital Signals

Decoding a Garage Door Opener with an RTL-SDR

After listening to dock workers with his RTL-SDR for a few days, RTL-SDR.com reader Eoin decided that he wanted to try a more practical experiment. He decided to see if he could reverse engineering the wireless protocol on his garage door opener. Upon opening his remote he discovered a bunch of DIP switches, which are presumably used to program the remote to a particular garage door. Eoin’s next step was to determine at what frequency the garage door opener was transmitting at. He made an assumption that it would be in the 433 MHz unlicenced ISM band as this is where many handheld remotes transmit at. He was right, and found the signal.

The garage door remote showing the DIP switches.
The garage door remote showing the DIP switches.

His next step was then to record the signal audio in Audacity. From the audio waveform he could see a square wave which looked just like binary bits. By manually eyballing the waveform and translating the high/low squarewave into bits he was able to get the binary data. He then confirmed this data with the dipswitch positions and discovered that a 010 binary code matched with the UP position on the dip switch and 011 matched with the DOWN position.

Having decoded the signal manually fairly easily, Eoin decided his next challenge would be to automate the whole decoding in GNU Radio. In the end he was successful and managed to create a program that automatically determines the position of the DIP switches from the signal. His post goes into detail about his algorithm and GNU Radio program.

Showing the decoded DIP switch positions from his GNU Radio program.
Showing the decoded DIP switch positions from his GNU Radio program.

LuaRadio: New Flowgraph Based Digital Signal Processing Framework for SDR

LuaRadio is a new Digital Signal Processing (DSP) framework for software defined radios such as the RTL-SDR. It is similar to GNU Radio in that the flowgraph is composed of graphical blocks that can be visually connected to one another in an editor. However compared to GNURadio it aims to be very lightweight in terms of disk space used (1 MB footprint) and the number of dependencies required (zero dependencies required unless you need real time highly optimized libraries). It is also written purely in the Lua programming language. The authors of LuaRadio write “LuaRadio is more inclined towards scripting and prototyping than GNU Radio, and emphasizes fast block development.”

On their website there are already several example application flowgraphs uploaded, such as decoders for WBFM Mono/Stereo, NBFM, AX.25, POCSAG, RDS, AM and SSB. Looking and building such flowgraphs is extremely helpful for learning DSP, and DSP languages like this are excellent for prototyping new signal decoders. In addition, if you are new to SDR they also have a very useful page that explains basic SDR and radio concepts.

A LuaRadio based POCSAG decoder flowgraph.
A LuaRadio based POCSAG decoder flowgraph.

Sniffing ANT-FS with an RTL-SDR and MMDS Downconverter in Pothos

ANT-FS is a wireless file transfer protocol that is designed specifically for transferring files wireless between two devices. It is designed for ultra low power devices and typically runs on devices operated by a coin sized battery. It is commonly used in applications like fitness tracker devices, which store data to later be downloaded to a PC.

Over on YouTube user sghctoma has uploaded a video showing a teaser of him receiving and decoding ANT-FS packets with blocks developed for the POTHOS graphical language. As ANT-FS is usually transmitted at 2.4 GHz, he had to use a MMDS downconverter which allowed his RTL-SDR to receive the packets. Sghctoma writes that the video is simply a teaser, and that a live demo with real deivce, and the full code + details will be released during his talk at DEFCON titled “Help, I’ve got ANTs!!!”.

ANT-FS sniffing with RTL-SDR, an MMDS downconverter and Pothosware

Broadcasting DVB-S2 with the LimeSDR

The LimeSDR is a $299 USD software defined radio that has RX and TX capabilities, a tuning range of 100 kHz – 3.8 GHz, a 12 bit ADC and up to 61.44 MHz worth of bandwidth. It is currently seeking crowdfunding over at CrowdSupply.com, and there are still 170 early bird units available at a lower price of $249 USD. The funding campaign ends in 14 days at the time of this post.

In a recent blog post on the myriadrf website, beta tester Alexandru shows how the LimeSDR can be used to transmit DVB-S2 video using GNU Radio.  Alexandru used bladeRF dvbs2_tx.grc gr-dtv example which is provided with GNU Radio and modified it for the LimeSDR. He then transmitted the video stream and used an off the shelf satellite TV receiver to display the video, and an Airspy to monitor the spectrum. The gr-dtv library can also be used to transmit other video standards such as ATSC, DVB-T, DVB-T2, DVB-C and DVB-S2.

LimeSDR DVB-S2 GNU Radio Flowgraph
LimeSDR DVB-S2 GNU Radio Flowgraph

LimeSDR demo: High Definition Video Transmission using GNU Radio

A Demonstration of the RTL-SDR Receiving WiFi and 2.4 GHz ISM with a Modded SUP-2400 Downconverter

Back in April we posted about how KD0CQ found that he could receive signals up to 4.5 GHz with an RTL-SDR by using a $5 downconverter for DirecTV called the SUP-2400. The RTL-SDR can only receive up to a maximum frequency of about 1.7 GHz, but the SUP-2400 downconverter can be modified to convert frequencies at around 2.4 GHz down into a range receivable by the RTL-SDR.

When we first posted the story the instructions for modifying the SUP-2400 to use as a downconverter weren’t uploaded yet, but they are now. The modification requires decent soldering skills as it involves desoldering a few small SMD components and bridging some points with wires.

Over on YouTube user T3CHNOTURK has uploaded a video showing the downconverter in action. With the SUP-2400 downconverter and RTL-SDR he is able to receive some WiFi at 2.447 GHz as well as signals from a wireless keyboard at 2.465 GHz

RTLSDR Receiveing wifi & 2.4 ghz ism band with moded SUP-2400 Downconverter

Comparing Home Made Inmarsat Antennas

Over on his blog “coolsdrstuff”, the author has uploaded a new post showing his comparisons of various home made Inmarsat antennas. In his post he tests a tin can helix antenna, a 10-turn helix antenna, and a LHCP helix feed on a 81cm DirecTV dish.

His results show that the dish outperforms the helix antennas by a significant amount, but only once he took it outdoors. The 10-turn helix antenna also worked better than the tin can helix, although he found that it required very accurate pointing.

Inmarsat are geostaionary satellites that transmit signals on L-band at around 1.5 GHz. They transmit signals that can be decoded with an RTL-SDR, such as STD-C EGC (weather, messaging and safety messages for boats), as well as AERO (the satellite version of ACARS for aircraft).

Good Inmarsat reception with the dish.
Good Inmarsat reception with the dish.

Receiving Inmarsat L-Band AERO with a DVB-T Antenna, Amplifier and Airspy Mini

To show that a specialized antenna is not required to receive L-band Inmarsat AERO satellite signals, YouTube user SkyWatcher has uploaded a video showing how he was able to receive these signals with a cheap DVB-T antenna. SkyWatcher writes:

I’ve recently upgraded from my RTL-SDR sticks (E4000, R820T2) to an Airspy Mini.

I did some testing during the last week and found it very interesting that I was able to receive Inmarsat L-Band signals indoors, with just a DVB-T antenna and amplifier behind the window, no downconverter, no special antenna, no super low-noise amplifier. The window is facing south, with a few degrees to the east and the satellite I’ve received was Inmarsat 15.43W. So, angle antenna to satellite should be estimated 20 degrees.

I’ve used a 18dB DVB-T/Satellite-TV inline amplifier as a ‘LNA’ (noise < 5dB) and a VHF/UHF DVB-T antenna which seems to be a stacked dipole, and therefore should be quite wideband and should make a reasonable general purpose antenna. Anyway, I did not expect it to work on 1.5GHZ at all. Also, I want to mention that the inline amplifier is rated 5 to 18V, but it works just fine with the 4.5V from the Airspy Mini.

It seems that with 10dB S/N, Aero reception is possible and with about 12dB S/N, it is getting reliable.

In general, I am very satisfied with the upgrade to the Airspy Mini. It has a much lower noisfloor and a much cleaner spectrum, compared to my old RTL SDRs. Also, I am very happy with the CPU-usage which is only about 12% on my i5-3210M when using 2.4MHz bandwith, and 18-20% with a bandwith of 4.8MHz.

Together with the ability to use SpectrumSpy and the very useful decimation-feature, the Airspy Mini is the best option to upgrade from a RTL-SDR for me at the moment. Anyway, of course this is just my very personal opinion… 😉

AERO is essentially the satellite based version of ACARS, and the L-band signals contains short ground to air messages with things like weather reports and flight plans intended to be transmitted to aircraft. To decode it with an SDR, the JAERO software can be used.

Using Aisdecoder to decode both AIS channels simultaneously

Recently SV3EXP wrote in to let us know that he has been documenting his experiences with trying to get aisdecoder to decode both AIS channels simultaneously. AIS stands for Automatic Identification System, and is a system used to track the locations of marine vessels. With an RTL-SDR or other SDR radio, and appropriate decoder software you can plot ship positions on a map. As the AIS system uses two separate channels for redundancy, you can get a faster and more reliable update rate if you monitor and decode both channels.

On his blog SV3EXP shows how he uses Linux and the "demod" and "csdr" tools to demodulate multiple channels at the same time from IQ data generated by rtl_fm. The demodulated data is then fed to the aisdecoder software for decoding, and then fed to aisdispatcher for feeding the AISHub.net AIS data aggregation website.

Of course the easier solution to decode both AIS channels at once is to use decoding software that already supports this, such as AISdeco2 or AISrec which can be downloaded at http://xdeco.org, and https://sites.google.com/site/feverlaysoft respectively. But regardless SV3EXP's method does show an interesting way to demodulate multiple streams using only command line tools.

SV3EXP also wanted to point out that he is selling a bias tee powered PSA4-5043+ based LNA on eBay which is compatible with the bias tee on our RTL-SDR Blog SDR units.

AISHub Coverage Areas
AISHub Coverage Areas