Category: Digital Signals

DSD+ Updated to Version 1.101

DSD+ (Digital Speech Decoder+) is a popular decoding tool that can be used to listen to P25, DMR and other unencrypted digital speech signals. Recently DSD+ has been updated from version 1.074 to version 1.101.

The new version brings several changes, including the ability to decode Hytera Extended Pseudo Trunk (XPT) systems, Airspy compatibility, performance improvements and a TCP/IP link from FMP to DSD+ (no longer need to use a virtual audio cable). The full change log is as follows:

DSD+: Fixed AMBE tone frame audio generation.

FMA: Added Airspy-compatible FMP (FMPA.exe)

DSD+: Significant reduction in CPU usage when monitoring busy control channels. Improvement will be most noticeable on low power processors.

DSD+: Detection and decoding of Hytera Extended Pseudo Trunk (XPT) systems.

DSD+: The DSD+ -i command line parameter can contain an IPV4 address; this lets DSD+ connect to a copy of FMP that is running on a different PC in your local network or on the Internet

Example: DSDPlus -i192.168.1.150:20001

DSD+: NEXEDGE radio alias editing

DSD+ now marks auto-generated NEXEDGE radio aliases in the DSDPlus.radios file by prepending an asterisk like so:

NEXEDGE, … yyyy/mm/dd hh:mm, *”aliastext”

If you edit a NEXEDGE alias, you must remove the asterisk; this tells DSD+ that the new alias text is NOT auto-generated and DSD+ will not replace it with OTA alias text

FMP: FMP command line processing

The FMP command line format has been modified and is now similar to the DSD+ command line. A summary is listed here:

FMP rev 1.4t

Usage:
FMP [options] Normal operation
FMP -h Show help

Options:
-i<num> RTL SDR device number (1-255) [-i1]
-o<num> Output audio device (1-255) [-o1]
-o<port> Output audio TCP port (256-65535)
-P<num> PPM value (-999.9-999.9) [-P0.0]
-g<num> RF gain (dB) [max]
-f<MHz> Initial tuned frequency [-f99.9]
-b<kHz> Initial filter bandwidth (4, 7, 9.5, 12.5) [-b7]
-z<num> Show zoomed spectrum (0-1) [-z1]
-e<num> Enable/disable economy mode (0-1) [-e1]
-n<num> Select noise filter (0-2) [-n0]
-v<num> Set volume level (0-500) [-v100]
-s<num> Enable/disable scanner mode (0-1) [-s0]
-wsl<v>.<h> Spectrum window location [-wsl50.50]
-_<num> Minimize windows at startup; bitmapped
-rv Role is trunk voice channel monitor

-rv puts FMP into voice following mode (same as pressing ‘V’ in FMP)

Any shortcuts or batch files that run FMP will have to be modified to match the new command line format.

DSD+: Less processor loading (probably only noticeable on very slow processors)

DSD+: Much faster groups/radios files loading/saving

DSD+: Editing existing radio aliases

In previous versions of DSD+, editing of pre-existing radio aliases can not be done with an external text editor while DSD+ is running; only radio records with no alias text can be edited

With DSD+ 1.092, existing radio alias text can be edited in an
external text editor while DSD+ is running; DSD+ will load and display any updated radio aliases

DSD+: A DSDPlus.radios file corruption bug has been fixed

DSD+: A command line option to add system details to event log entries has been added

-E Add NAC/RAN/DCC/RAS data to event log file entries

DSD+: Decoding of more DMR and TIII messages has been added

DSD+: A symbol recovery bug has been fixed

DSD+: Con+ handling has been modified; previous versions of DSD+ would create “DMR” entries in the DSDPlus.groups and DSDPlus.radios files for traffic on monitored voice channels; DSD+ 1.090 creates “Con+” entries; if you have “DMR” entries with nonzero NID fields, you should either bulk delete them or change their protocol string from “DMR” to “Con+”; Notepad has a simple search/replace function that can be used to do this

DSD+: A command line option to minimize windows at startup has been added

-_<num> Minimize selected windows at startup (bitmapped, 0-15) [-_0]

value window

1 console
2 source audio
4 channel activity
8 event log

sum values to minimize multiple windows

DSD+: Several high contrast display modes have been added

-H<num> High contrast mode (bitmapped, 0-63) [-H0]

two bits are used per graphical window; pressing ‘H’ in a window will cycle it to the next display mode; pressing ‘W’ displays the current -H<num> value in the event log window

DSD+: Control of AMBE and IMBE unvoiced audio levels has been added

-UA<num> AMBE unvoiced speech level (0-100) [-UA50]
-UI<num> IMBE unvoiced speech level (0-100) [-UI50]

pressing ‘A’/’a’/’I’/’i’ will also adjust the levels;
lower levels may reduce the “underwater” sound of some comms

DSD+: DSD+ can get its raw audio source from FMP via a TCP link instead of via Virtual Audio Cable or VB-Cable

-i<TCPport> FMP TCP link port number (256-65535)

linking FMP to DSD+ via VAC or VBC is deprecated; please use the TCP
link feature instead; any port number between 10000 and 65000 should be fine

DSD+: DSD+ can record separate .wav files for each voice call

-P<wav|mp3> Also create per-call wav or mp3 files

the file names encode metadata:

time
duration
protocol
NID
site number
NAC/RAN/DCC/slot
call type (group/private)
target
source

note: per-call mp3 files are not supported at this time

FMP: A command line option to minimize windows at startup has been added

-_<num> Minimize selected windows at startup (bitmapped, 0-3) [-_0]

value window

1 console
2 spectrum display

JAERO: A new RTL-SDR compatible decoder for Inmarsat AERO signals

Back in August of this year we showed how it was possible to use an RTL-SDR dongle, satellite antenna, LNA and decoding software to receive and decode STD-C EGC signals from Inmarsat satellites. We also showed how it was possible to modify a low cost GPS antenna to use as a satellite antenna.

Now a radio hobbyist called Jonti has released a Windows decoder for the Inmarsat AERO set of signals. AERO is a system that provides a satellite based version of VHF ACARS (Aircraft Communications Addressing and Reporting System). ACARS is typically used by ground control and pilots to send short messages and is also sometimes used for telemetry.

Jonti writes:

JAERO is a program that demodulates and decodes Classic Aero ACARS (Aircraft Communications Addressing and Reporting System) messages sent from satellites to Aeroplanes (SatCom ACARS) commonly used when Aeroplanes are beyond VHF range. Demodulation is performed using the soundcard. Such signals are typically around 1.5Ghz and can be received with a simple low gain antenna that can be home brewed in a few hours in conjunction with a cheap RTL-SDR dongle.

In the advent of MH370, Classic Aero has become a well-known name. A quick search on the net using “Classic Aero MH370” will produce thousands of results. The Classic Aero signals sent from satellites to the Aeroplanes are what JAERO demodulates and decodes.

Unlike the usual VHF ACARS, with SatCom ACARS you can not receive signals from the Aeroplane only the people on the ground talking to the people in the Aeroplane. This means you do not get the airplanes reporting their position. Instead you tend to get weather reports, flight plans, and that sort of stuff. Just like VHF ACARS they usually use cryptic shorthand notation. For example “METAR YSSY 040400Z 08012KT 9999 FEW040 SCT048 23/09 Q1024 FM0500 05012KT CAVOK=” is the weather report for Sydney Airport in Australia in a format called METAR. It tells you the time, when the report was issued, the wind direction and speed, visibility, clouds, temperature, due point and air pressure. Then it says from 5 AM UTC the wind direction and speed and that the weather will be nice. There are sites such as Flight Utilities that can decode such information and display it in a more understandable format.

In his post Jonti also shows how he uses a modified GPS antenna to receive the AERO signals.

Jonti's modified GPS antenna for receiving AERO
Jonti’s modified GPS antenna for receiving Inmarsat AERO

We gave JAERO a test and found that it decoded AERO signals easily, even with low signal strength. To use JAERO tune to an Inmarsat AERO signal in SDR# or a similar program using USB mode. JAERO will listen to the audio from the sound card or from a virtual audio pipe. We recommend setting the AFC (Automatic Frequency Control) setting on on if you find that your RTL-SDR drifts too much. 

AERO signals can be found at around 1545 MHz. They only use about 800 Hz in bandwidth. See UHF satcoms page for a list of AERO frequencies.

The JAERO decoder.
The JAERO decoder.
Some AERO signals.
Some AERO signals.

Remember that some R820T/2 RTL-SDR dongles can have problems when receiving this high, especially when they heat up. If you find that your dongle gets deaf at these L-band frequencies try cooling the R820T/2 chip with a heatsink or fan. The Airspy or SDRplay RSP software defined radios are better choices for decoding signals this high, but the RTL-SDR will work fine if your signal strength is decent and the R820T/2 chip is kept cool.

If you are interested in VHF ACARS as well, then we have a tutorial about decoding that here.

Hak5: Reverse Engineering Radio Protocols with SDR and the Yardstick One

Over on YouTube the popular security and hacking themed channel Hak5 have created two videos together with Mike Ossmann (creator of the HackRF and Yardstick One) that give a good introduction and overview on reverse engineering unknown radio protocols. In the video they show how to use a SDR like the RTL-SDR or HackRF to initially capture the radio signal, and then how to use the Yardstick One to reverse engineer and recreate the signal. Using this process they reverse engineer the radio protocol for a wireless liquor cabinet lock.

The Yardstick One is a computer controlled wireless transceiver (but it is not an SDR). The Yardstick One understands many radio protocols by default and can be programmed in Python, lowering the learning barrier for reverse engineering signals.

Mike Ossmann has also been slowly releasing very detailed video tutorials about DSP and radio related topics. If you are interested in reverse engineering radio signals it is a very helpful series to watch.

Radio Hacking: Reverse Engineering Protocols Part 1 - Hak5 1913

Radio Hacking: Reverse Engineering Protocols Part 2 - Hak5 1914

Using an RTL-SDR and Broadcast FM Radio RDS Signals to improve WiFi Networking

The performance of WiFi networks can depend heavily on how crowded the WiFi channels are in your area. For example when your neighbours start streaming a movie over their own separate WiFi network, it can cause your own WiFi connection to slow down. This happens because generally separate WiFi networks do not collaborate with one another, and when two packets are sent on the same channel at the same time, they collide causing no packets to get through.

There are several methods that attempt to stop collisions, but none are very efficient because WiFi nodes are not synchronized to one another. If each WiFi node could be synchronized to a common reference time, then avoiding collisions is made easier.

Marcel Flores, Uri Klarman, and Aleksandar Kuzmanovic from Northwestern University have been working on this idea and have come up with a system they have termed Wi-FM which is based on FM RDS signals. Many FM radio stations transmit a digital Radio Data System (RDS) subcarrier on their broadcast frequency. This RDS signal is often used to simply display information on the radio such as the station name and current song playing.

Since each nearby WiFi node should be able to receive the same RDS signal at the exact same time, it can be used as a common synchronization signal. Then once synchronized each WiFi node can listen to the other nodes and work out what their transmit scheduling is like and then optimize their own transmit schedule.

In their prototyping they used an RTL-SDR dongle connected to a PC running GNU Radio. The GNU Radio program decodes the RDS signal and the resulting information is sent to the Linux kernel which handles the WiFi transmit schedule processing.

This story was also covered on Hackaday.

WiFM radio processing path.
WiFM radio processing path.

An RTL-SDR Based Smartwatch for Detecting Objects Touched by the Wearer

Disney Research have just released a paper describing an RTL-SDR based smart watch that they've developed a proof of concept for. The smart watch is unique in that it can be used to actually detect the exact object that the wearer is touching. 

The prototype watch does this by using the RTL-SDR to detect the electromagnetic (EM) noise emitted by particular objects and compare it against a stored database. They call this technology EM-Sense. In the paper the authors summarize:

Most everyday electrical and electromechanical objects emit small amounts of electromagnetic (EM) noise during regular operation. When a user makes physical contact with such an object, this EM signal propagates through the user, owing to the conductivity of the human body. By modifying a small, low-cost, software-defined radio, we can detect and classify these signals in real-time, enabling robust on-touch object detection. Unlike prior work, our approach requires no instrumentation of objects or the environment; our sensor is self-contained and can be worn unobtrusively on the body. We call our technique EM-Sense and built a proof-of concept smartwatch implementation. Our studies show that discrimination between dozens of objects is feasible, independent of wearer, time and local environment.

The frequencies required for EM detection are around 0 - 1 MHz which falls outside the range of the RTL-SDR's lowest frequency of 24 MHz. To get around this, they ran the RTL-SDR in direct sampling mode. The RTL-SDR is connected to the watch, but a Nexus 5 smartphone is used to handle the USB processing which streams the signal data over WiFi to a laptop that handles the signal processing and live classification. In the future they hope to use a more advanced SDR solution, but the RTL-SDR has given them the proof of concept needed at a very low cost.

An example use scenario of the watch that Disney suggests is as follows:

Home – At home, Julia wakes up and gets ready for another productive day at work. Her EM-Sense-capable smartwatch informs and augments her activities throughout the day. For instance, when Julia grabs her electric toothbrush, EMSense automatically starts a timer. When she steps on a scale, a scrollable history of her weight is displayed on her smartwatch automatically. Down in the kitchen, EM-Sense detects patterns of appliance touches, such as the refrigerator and the stove. From this and the time of day, EM-Sense infers that Julia is cooking breakfast and fetches the morning news, which can be played from her smartwatch. 

Fixed Structures – When Julia arrives at the office, EMSense detects when she grasps the handle of her office door. She is then notified about imminent calendar events and waiting messages: "You have 12 messages and a meeting in 8 minutes". Julia then leaves a reminder – tagged to the door handle – to be played at the end of the day: “Don’t forget to pick up milk on the way home.” 

Workshop – In the workshop, EM-Sense assists Julia in her fabrication project. First, Julia checks the remaining time of a 3D print by touching anywhere on the print bed – “five minutes left” – perfect timing to finish a complementary wood base. Next, Julia uses a Dremel to cut a piece of wood. EM Sense detects the tool and displays its rotatory speed on the smartwatch screen. If it knows the task, it can even recommend the ideal speed. Similarly, as Julia uses other tools in the workshop, a tutorial displayed on the smartwatch automatically advances. Finally, the 3D print is done and the finished pieces are fitted together.

Office – Back at her desk, Julia continues work on her laptop. By simply touching the trackpad, EM-Sense automatically authenticates Julia without needing a password. Later in the day, Julia meets with a colleague to work on a collaborative task. They use a large multitouch screen to brainstorm ideas. Their EM-Sense-capable smartwatches make it possible to know when each user makes contact with the screen. This information is then transmitted to the large touchscreen, allowing it to differentiate their touch inputs. With this, both Julia and her colleague can use distinct tools (e.g., pens with different colors); their smartwatches provide personal color selection, tools, and settings. 

Transportation – At the end of the day, Julia closes her office door and the reminder she left earlier is played back: “Don’t forget to pick up milk on the way home.” In the parking lot, Julia starts her motorcycle. EM-Sense detects her mode of transportation automatically (e.g., bus, car, bicycle) and provides her with a route overview: “You are 10 minutes from home, with light traffic”.

The EM-Sense watch detecting a door. The RTL-SDR dongle is the small square box under the watch.
The EM-Sense watch detecting a door. The RTL-SDR dongle is the small square box under the watch.
EM-Sense: Touch Recognition of Uninstrumented Electrical and Electromechanical Objects

Meteor M-N1 Satellite Wakes up from the Dead

RTL-SDR.com reader Happysat recently wrote in with some news. A few days ago a weather satellite image decoding enthusiast from Argentina was waiting for a pass of the Russian Meteor M-N2 satellite when he discovered a strong LRPT signal at 137.1 MHz, even though the Meteor M-N2 satellite was not in sight yet. It turns out that the signal was coming from the old Meteor M-N1 satellite which was supposed to have been shut down in September 2014 due to several problems it had. The received signal is strong enough to produce a good black and white weather image, but because the satellite is not longer physically stable, sometimes the Earth’s curve can be seen in the images.

Recent images received from the resurrected Meteor M-N1 weather satellite.
Recent images received from the resurrected Meteor M-N1 weather satellite.
Recent images received from the resurrected Meteor M-N1 weather satellite.
Recent images received from the resurrected Meteor M-N1 weather satellite. The stabilization system has failed so the earth’s curve can be seen.

The exact reason as to why it is transmitting again is unknown, but it is speculated that it is due to a breakdown of the chemicals in the batteries. Last year we posted about how sometimes satellites which have been decommissioned and shut down can spontaneously begin transmitting again when their batteries undergo a chemical change due to thousands of failed recharge cycles. The chemical change allows the batteries to conduct electricity from the solar panels directly to the electronics, which on Meteor M-N1 could be reactivating the transmitters and imaging sensors. If this is what happened then the satellite will only be able to transmit during the day.

The Meteor M-N2 satellite is the currently official active satellite. It transmits weather satellite images with the LRPT protocol which can be received and decoded with an RTL-SDR dongle. We have a previous post on this showing an offline LRPT decoding tutorial and more recently a tutorial showing how to decode LRPT in real time. The same processes can now be adapted to the resurrected Meteor M-N1 satellite by choosing the 80K symbol rate option in the LRPT decoder.

Happysat who submitted this news originally writes:

A few days ago some guy in Argentina was waiting for the pass of Meteor M-N2 and on SDRSharp waterfall he did see LRPT Digital signals on 137.100MHz, but Meteor M-N2 was not in sight yet…

This relatively strong signal was coming from the defunct Meteor M-N1 satellite left out of control in September 2014 last year and was shutdown, although LRPT Transmissions in the past where very limited and sporadic.

Meteor M-N1 did suffer from many problems at this was the first Russian digital weather satellite in the M-series onboard many hardware in experimental stages.

After this report I tried also to capture some signals from Meteor M-N1 (some other amateurs already got small portions of images) but the satellite only transmits in direct sunlight, batteries are not charging any more.

Indicating maybe like the other older ‘deadsat’ some chemical reaction did occur inside the batteries so the power goes from the solar panels directly to the transmission parts.
It did happen before, mostly on older satellite’s only a unmodulated carrier is present when the sunlight conditions are optimal.

Surprisingly after I did record and process the 80K symbol rate QPSK signal from Meteor M-N1 with Vasili’s excellent QPSK Plugin a very nice image was generated!

Not only the sunlight provides power to the transmission part but also there is enough power to activate the imaging system which is quite amazing!

Visible channels 1-2-3 are fully working but the image is only Black and White Calibaration of the sensor are not okay so no color images can be created.

Nevertheless its a very nice addition for current LRPT weather amateurs and a big surprise its even working better when nobody controls it 😉

Because the stabilisation system failed there is no proper correction to orientate the camera and on some passes one can see the earths curve!

There are some conflicting reports about the status of Meteor M-N1 found on the internet:

Status Inactive
Details on Status (as available)

  • MSU-MR was functional with limitations (calibration issues and higher noise level in the IR channels).
  • MTVZA-GY instrument was functional with limitations due to failures of on-board memory and atmospheric sounding channels.
  • Severjanin instrument non-operational.
  • DCS was functional with limitations due to interferences to signals from ground sources.
  • GGAK-M was operational with significant limitations.
  • LRPT was functional with limitations due to information compression errors.
  • Finally, the stabilisation system failed on 23 September 2014 and the instruments could longer be operated.

On October 1, 2014 Meteor-M No 1 was withdrawn from operational use and transferred to the study of the chief designer. The decision on further operation of the spacecraft will be taken upon completion of the research program.

Its not clear the problems did got solved, and I ‘think’ M-N1 started a second life on his own. Time will tell how long the satelitte will function.

Some details:

https://directory.eoportal.org/web/eoportal/satellite-missions/m/meteor-m-1

http://planet.iitp.ru/english/spacecraft/meteor-m-n1_eng.htm

The Meteor M-N1 Satellite.
The Meteor M-N1 Satellite.
A color image received on Meteor M-N1. Colors may not be perfect. Submitted by Jan.
A color image received on Meteor M-N1. Colors may not be perfect. Submitted by Jan.

Watching ATSC TV with an SDRplay SDR and GNU Radio

ATSC is the digital HD TV standard used within the United States and Canada. It is 6 MHz wide so the RTL-SDR with its maximum bandwidth of about 2.8 MHz cannot decode this signal. However, higher end SDR’s such as the SDRplay, Airspy and HackRF have larger bandwidths that can easy cover 6 MHz.

One SDRplay owner was able to figure out a way to decode ATSC by using a decoder written in GNU Radio. With the process the author used we note that other wide band SDR’s such as the Airspy and HackRF should also be capable of achieving the same results.

The process the author used was to first record a RAW IQ WAV file in HDSDR in Windows, making sure that any DC spike correction is applied. The WAV file is then opened in a premade GNU Radio flow graph in Linux and processed into an MPEG file. The process is not real time. The authors article shows a step by step tutorial on how its done.

In an update post to his results the author also notes that to successfully do a recording at the maximum SDRplay bandwidth of 8 MHz a RAM disk or perhaps SSD is required so that samples are not dropped.

An ATSC signal shown in HDSDR received with an SDRplay
An ATSC signal shown in HDSDR received with an SDRplay

SDR-J Now Compatible with the Raspberry Pi 2

The popular software DAB (Digital Audio Broadcast) decoder SDR-J has recently been updated and can now run on the Raspberry Pi 2. In addition the author has also added experimental DRM decoding capabilities to his shortwave receiving software. The author writes about the Raspberry Pi 2:

The Raspberry PI 2 has a processor chip with 4 computing cores. By carefully spreading the computational load of the handling of DAB over these cores it is possible to run the DAB software on the Raspberry PI 2.

In my home situation the – headless – Raspberry PI 2 is located on the attic and remotely controlled through an SSH connection using the home WiFi on my laptop in my “lazy chair”. To accomodate listening remotely, the DAB software on the Raspberry PI 2 sends – if so configured – the generated PCI samples (rate 48000) also to an internet port (port 100240). On the laptop then runs a very simple piece of program reading the stream and sending it to the soundcard

DAB is a digital audio protocol that is used in some countries as a digital alternative to broadcast FM (music stations). SDR-J is a suite of programs that includes the ability to decode DAB, FM, and several shortwave modes such as AM, USB, LSB, PSK, RTTY, WeatherFax, SSTV, BPSK, QPSK, CW, NavTex (Amtor-B), MFSK, Domino, Olivia, Hell, Throb and now DRM. It can directly connect to RTL-SDR receivers as well as other hardware such as the Airspy and SDRplay.

Screenshot of SDR-J running on the Raspberry Pi 2.
Screenshot of SDR-J running on the Raspberry Pi 2.