APCO P25 is a digital voice signal and is commonly used like public safety departments such as police and fire. With an RTL-SDR and the open source Linux based OP25 decoder these signals can be decoded, assuming they are unencrypted. Software like DSD+ can also be used, but OP25 can supposedly decode more systems. Before the RTL-SDR, hardware scanners like the $~360 USD Uniden BCD996T digital scanner radio were typically used.
Over on YouTube user Rob Fissel has uploaded a video showing a comparison between an RTL-SDR using the OP25 decoder and a Uniden BCD996T. Both radios are used to decode a weak P25 Phase 1 LSM signal. He uses a Scantenna antenna with an antenna splitter to run both radios at the same time. His results show that even though the constellation is poor, OP25 does a good job at decoding the signal and producing voice, whereas the BCD996T doesn’t even manage to hear the control channel.
An updated set of windows binaries and build scripts have been posted. Quick summary:
1- Added gqrx to package 2- Patched 2 x issues which would cause the generic version to crash on non-AVX systems (one in volk, one in FFTW) 3- Added gr-newmod to package
Plus a number of improvements to make the scripts more robust.
To run GNU Radio for Windows you will need a 64-bit version of Windows 7/8/10. It appears that the installation is as easy as running the installer and waiting for it to download and install the 1.7 GB worth of files.
Also, over on his blog author designing on a juicy cup posted about how he’d been able to get the GNU Radio Windows binaries to run a ATSC HDTV decoder from a file recorded using an SDRplay RSP (ATSC is too wideband for an RTL-SDR to decode). ATSC is the digital TV standard used in North America, some parts of Central America and South Korea. He writes that one advantage to using GNU Radio on Windows is the ability to use a RAM drive for faster file processing.
Back in November 2015 we posted about Disney Research’s EM-Sense which was an RTL-SDR based smart watch that was able to actually sense and detect the exact (electronic) object the wearer was touching. It worked by using the RTL-SDR to detect the specific electromagnetic emission signature given off by various different electronic devices.
The Disney research team have put forward the idea that a low cost SDR like the RTL-SDR can be used in place of RFID tags when they would have been used to identify electronic devices. The idea is that the SDR can be used to read the electromagnetic emissions of the electronic device, which can then be used to identify the item, thus eliminating the need for an RFID tag or barcode. Their abstract reads:
Radio Frequency Identification technology has greatly improved asset management and inventory tracking. However, for many applications RFID tags are considered too expensive compared to the alternative of a printed bar code, which has hampered widespread adoption of RFID technology.
To overcome this price barrier, our work leverages the unique electromagnetic emissions generated by nearly all electronic and electromechanical devices as a means to individually identify them. This tag-less method of radio frequency identification leverages previous work showing that it is possible to classify objects by type (i.e. phone vs. TV vs. kitchen appliance, etc). A core question is whether or not the electromagnetic emissions from a given model of device, is sufficiently unique to robustly distinguish it from its peers.
We present a low cost method for extracting the EM-ID from a device along with a new classification and ranking algorithm that is capable of identifying minute differences in the EM signatures. Results show that devices as divers as electronic toys, cellphones and laptops can all be individually identified with an accuracy between 72% and 100% depending on device type.
While not all electronics are unique enough for individual identifying, we present a probability estimation model that accurately predicts the performance of identifying a given device out of a population of both similar and dissimilar devices. Ultimately, EM-ID provides a zero cost method of uniquely identifying, potentially billions of electronic devices using their unique electromagnetic emissions.
An EM-ID use case: Identifying difference laptop assets.
In the paper we can see that the EM-ID hardware is essentially just a direct sampling modified RTL-SDR and antenna. The RTL-SDR is modified to use direct sampling as this allows it to receive 0 – 28 MHz, and thus 0 – 500 kHz where the most useful EM emissions exist. The system process is to basically scan the device using the antenna and RTL-SDR, extract features such as power peaks from the recorded EMI spectrum and then turn this data into a device signature which can then be used to compare against a database of previously recorded and known device signatures. (e.g. light bulb, iPhone).
The EM-ID Hardware: Essentially an RTL-SDR and antenna.The EM-ID Process.
F5OEO writes that the software is capable of generating a symbol rate from 64k symbols to 1M symbols, which is enough to transmit one video with good H264 encoded quality. He also writes that using a low symbol rate may be useful for long distance transmissions as the signal will take up a smaller bandwidth. For example a 250K symbol transmission would only need 300kHz of bandwidth. He writes that this type of transmission could easily be used in the ISM band to replace WiFi video for FPV, but that at the moment video latency is about 1 – 2 seconds and is still being improved.
Once again we remind you that if you intend to transmit using these methods where a GPIO pin is modulated, then you MUST use a bandpass filter at the frequency you are transmitting at, and that you must be licensed to transmit on those frequencies.
A DATV transmission received from a Raspberry Pi transmitter.
Recently Marek Sebera of ITDS Consulting wrote in to let us know about two new TETRA decoders that they have released. TETRA is a trunked radio communications system that stands for “Terrestrial Trunked Radio”. It is used heavily in many parts of the world, except for the USA.
The first piece of software released is called TETRA Listener and is from the Brmlab hackerspace in Prague. They write that Tetra-Listener is a new program (based on osmo-tetra) that can decode unencrypted voice and data traffic. They also write that it is very easy to set up and install since it uses Vagrant, which is a system that can be used to automatically set up a VMWare or VirtualBox Virtual Machine that has everything set up and ready to go. The instructions for using the software can then be found in the readme of the main tetra-listener page on GitHub.
The second software they have written is what they believe is the world’s first open source TETRA Multiframe SDS decoder. SDS stands for short data service and is the TETRA equivalent to SMS text messages used on a GSM network. They write that their solution can assemble long multiframe SDS messages.
Previously we showed how unencrypted TETRA messages could be listened to using telive in our tutorial. It is good to see alternative solutions now coming out, and in the future we hope to test this new software out.
JAERO is a program by Jonti that was released late last year which allows us to use a SDR such as an RTL-SDR to receive L-band and C-Band AERO messages. AERO is essentially the satellite based version of ACARS, and the L-band signals contains short ground to air messages with things like weather reports and flight plans intended to be transmitted to aircraft. The C-band signals are the air to ground portion of AERO and more difficult to receive as they require an LNB and large dish. However they are much more interesting as they contain flight position data, like ADS-B.
If you enjoy JAERO, please remember consider donating to Jonti.
Plotting flight positions that are out of regular ADS-B range. Demodulated from C-Band AERO signals with JAERO.Monitoring two C-Band channels in SDR# with the AUX VFO plugin.
Unsurprisingly the results clearly show that the Airspy receives ADS-B signals significantly better than the RTL-SDR. However, what comes as a surprise is that it is actually appears to be outperforming the dedicated Beast receiver. In the tests with the outside vertical antenna, the Airspy running on a Raspberry Pi appears to receive a significant higher number of messages and also sees planes out to a further range.
Not too long ago the Airspy team released their ADS-B software for the Raspberry Pi 2. They write that this software uses the full 10 MHz bandwidth and can even decode messages that are overlapping one another. We’ve also been told by the Airspy team that the Airspy is already in professional use as an ADS-B receiver amongst several small airports.
In the future we hope to compare the Airspy against the RTL-SDR on ADS-B reception ourselves, and also compare it against the 8 MHz bandwidth SDRplay whose development team have also recently released a new ADS-B decoder, as well as the recently released FlightAware ADS-B Prostick RTL-SDR.
In most parts of the world the DVB-T standard is used to air digital HDTV. In the USA the ATSC standard is used, and in China DTMB is used instead. In other countries such as Brazil, Peru, Argentina, Chile, Honduras, Venezuela, Ecuador, Costa Rica, Paraguay, Philippines, Bolivia, Nicaragua and Uruguay a third standard called “ISDB-T International” is used which is based on the Japanese ISDB-T standard.
Digital broadcast standards used in each country.
Recently a team from Uruguay has been working on creating a ISDB-T receiver in GNU Radio. With this decoder ISDB-T signals can be received with a wide bandwidth SDR (needs to be 6MHz or larger) and then decoded into a video file. Because ISDB-T is so similar to DVB-T they have based much of their code on gr-dvbt which is a GNU Radio based DVB-T decoder.
In addition to the ISDB-T decoder, they have also implemented a 1-seg decoder. 1-seg is a mobile HDTV service that exists in Japan, Argentina, Brazil, Chile, Uruguay and Peru. It runs on the ISDB-T system, and is called “1-seg” because it’s data occupies 1-segment of the 13-segment based ISDB-T bandwidth. It is used in small mobile TV receivers, many of which are now built directly into mobile phones sold in countries that use ISDB-T. Due to it’s much lower bandwidth requirement the 1-seg decoder can be used with an RTL-SDR dongle, and has already been tested to work.
A typical 1-seg capable Japanese mobile phone receiving digital mobile TV. With the GNU Radio 1-seg decoder these transmissions can be received with an RTL-SDR.
