Category: Digital Signals

Listening to EPIRB Distress Beacons with the RTL-SDR

Over on YouTube user Tom Mladenov has recently been using his RTL-SDR to listen to EPIRB distress beacons transmitted by the SARSAT payload carried by the NOAA 18 satellite. To do this he uses a 6.5 turn helix antenna that is resonant on 1.5 GHz.

An EPIRB is a maritime device that is used to send out a distress beacon for vessels in serious trouble. The EPIRB beacon transmits data that contains GPS coordinates of the vessel at 403 MHz to the satellite. The data is then retransmitted to a mission control centre at 1.5 GHz.

Note that the professional version of MultiPSK can be used to decode EPIRB signals.

(YouTube Videos Removed)


Chaos Communications Congress Talks – Iridium Pager Hacking

A few days ago the Chaos Communications Congress (a technology and hacking focused conference) commenced. Among the talks there was one about reverse engineering the Iridium satellite paging system using software defined radio. Iridium satellites provide global communications via special satellite phones, pagers and other transceivers.

In the talk the speaker shows how they used a USRP radio together with a cheap active iridium antenna, a bandpass filter and an LNA to receive the Iridium satellite signals. They also mention that an E4000 RTL-SDR together with an LNA and appropriate home made antenna for frequencies in the ~1.6 GHz region can also be sufficient. Once they were able to receive signals they were then able to reverse engineer the signal and create several pieces of software to decode the pager messages. The code is available on their GitHub at https://github.com/muccc/iridium-toolkit.

Sec, schneider: Iridium Pager Hacking

Digital Ding Dong Ditch – Hacking wireless doorbells with Arduino and RTL-SDR

Over on YouTube user Samy Kamkar has uploaded a video showing how he was able to use an RTL-SDR to copy his friends wireless doorbell signal and prank him by replaying it using an Arduino and 433 MHz transmitter. His video goes through the entire reverse engineering process he used from recording the wireless doorbell signal with the RTL-SDR, to analyzing and understanding the signal and finally to programming the Arduino with the code to replicate the doorbell signal. If you don’t like video explanations, Samy has also done a write up of the same material on his website. 

Digital Ding Dong Ditch Prank - hacking wireless doorbells w/Arduino and RTL-SDR

SDR on TV: Using SDR to Break into Homes with Wireless Alarms

Earlier this year the American TV show Good Morning America featured a segment on software defined radios being used to break into houses with wireless alarm sensors. The story is based on a Defcon 2014 paper “Home Insecurity: No Alarms, False Alarms, and SIGINT” by Logan Lamb. In the TV segment Logan shows how he uses a USRP software defined radio to send a false alarm signal, jam a wireless sensor and finally to record sensor activation data from the alarm system.

Although Logan used a USRP, the same attack could be done with the cheaper HackRF.

SDR HackRf: Home Insecurity: No Alarms, False Alarms, and SIGINT

Receiving WSPR with the RTL-SDR

Recently RTL-SDR.com reader DE8MSH wrote in to let us know about his experiments with receiving WSPR with his RTL-SDR. WSPR is an acronym for “weak signal propagation reporter” and is a software program and RF protocol designed for very weak signal radio communications between ham radio users. With less than 5W of transmitting power, a WSPR signal could potentially be copied all over the world.

To receive WSPR, DE8MSH used a direct sampling modified RTL-SDR dongle together with a 9:1 unun, 10m RG58 coax cable from RTL-SDR to unun and a 12m wire antenna outside his house. Then by using SDR# together with the WSPR software he is able to copy signals from all over Europe and Canada/USA from his home in Germany.

Some Received WSPR Locations
Some Received WSPR Locations
WSPR Report Information Including Distance
WSPR Report Information
The WSPR Software
The WSPR Software

Listening to FreeDV Digital Speech with an RTL-SDR

Over on YouTube user BSoD Badgers has uploaded a video showing his reception of FreeDV digital speech at 14 MHz. He uses SDR# combined with the FreeDV software to decode the signal.

FreeDV is a open source software application that allows digital speech to be sent at HF frequencies in a 1.25 kHz wide signal. The same software can be used on the receiving end to decode the signal into speech.

Monitoring House Power Usage using an RTL-SDR

Home automation enthusiast Bruce Winter has recently posted on his blog about how he uses the RTL-SDR as part of his home automation system to automatically monitor his power (and solar power generation) usage. Many home power meters are now wireless which allows meter readers to gather power usage data from afar.

To gather the power usage data he used an RTL-SDR connected to a PC running rtlamr, which is software that can read data from ERT compatible power meters that transmit in the 900 MHz ISM band. He also uses some custom code he wrote that automatically plots the data over time and allows him to integrate it with his home automation system. In addition to his post he also uploaded a video shown below that shows his system in action.

Monitoring house power using a $20 RF RTLSDR USB stick

New Windows AIS Decoder For the RTL-SDR: AISRec

Over on YouTube user Jane feverlay has uploaded a video showing a new AIS decoder called AISRec for Windows that he has developed.

AIS is an acronym for Automatic Identification System and is a system used by ships to broadcast position and vessel information. By monitoring AIS transmissions with the RTL-SDR we can build a boat radar system. We have a tutorial on this here.

The new software is not free, but he offers a trial version that limits the run time to 20 minutes and 5000 max messages. The paid version removes these limits and also decodes both AIS channels simultaneously. The program monitors data from the RTL-SDR and sends decoded data out via UDP. Software such as OpenCPN can then be used to display the AIS data on a map.

We tested the trial version on our machine and found that it worked well at decoding AIS messages. To download the trial go to http://pan.baidu.com/s/1pJiEzEV and enter the code kn44. The download site is in Chinese, but it is obvious where to enter the code. We found the software to be virus free, but remember to always scan unknown software like this yourself. The full price of the software is unknown, but purchasing instructions are given in the trial download readme. The author also writes that his software now supports the Airspy, but not in the trial version.

Note that we discovered that the software doesn’t use a PPM correction setting as expected. Instead it uses a frequency shift setting. To set the shift in the AISRec.ini file, we had to calculate freqshift = 162.025 MHz – frequency of the second AIS channel as shown in SDR# with no PPM correction set.

Another similar software program that was released earlier is PNAis.