The popular YouTube electronics channel Hak5 has uploaded a video showing how they analyzed GSM signals using an RTL-SDR, Wireshark and Airprobe. In their video they use parts of our analyzing GSM tutorial and explain and show visually how to set up all the software.
Using these methods they were able to receive GSM data from a base tower and see various system information.
At Tel-Aviv University in Israel, two students undertook a class project where they were able to use an RTL-SDR to record a garage door opener signal and then use a Texas Instruments (TI) Chronos watch to retransmit a copy of the signal. Their report can be found here (pdf). The TI Chronos is a wrist watch with a built in programmable ISM band RF transmitter.
The students report contains an analysis of the signal which may be of use to anyone interested in decoding their own ISM band signals and they also describe a method used to automatically obtain the required parameters for programming the TI Chronos with the signal to be copied. The abstract of their report is as follows
We present a simple and affordable way of copying remote controls widely used for parking lot gates, garage doors and other simple systems. These simple remote controls usually use a fixed code (as opposed to the more secured rolling code used for car keys remote controls) and a simple On-Off Keying (OOK) modulation, over 433.92MHz in the ISM band. We suggest the use of the TI-Chronos wrist-watch platform for the emulation of the remote control, as this platform transmits in the same band, and can be programmed to emulate different modulations and to send user pre-defined signals.
In this report we show the complete process for copying a remote control into the Chronos platform. This process utilizes only a standard PC and low-cost hardware (less than $75 all together), alongside free software, and additional software developed by us. The process starts with recording the original remote control RF signal. It continues with automatic analysis of the recording, extracting the needed parameters of the signal. Finishing the process, we set the Chronos with those parameters. We demonstrate the copy process using a 4-channel remote control and its receiver board.
Xastir is a Linux based program that is used for plotting Automatic Packet Reporting System (APRS) data on a map. APRS is is type of packet radio system used by ham radio for real time local area digital communications. It is often used for sending messages, plotting positions on a map or providing weather station data.
Over on his blog, KJ6VVZ’s has uploaded a post showing how he was able to get the RTL-SDR working with Xastir. He uses rtl_fm piped into MultimonNG for the APRS decoding and then sends the decoded APRS information to Xastir via a FIFO buffer.
Over on his blog, Yashin has written a post showing how to analyze 433 MHz transmitters using several methods. Devices that transmit using low power 433 MHz are common and often include devices such as weather monitors, power monitors and alarm sensors.
To show his analysis methods Yashin used an ASK modulated FS1000A 433 MHz transmitter connected to an Arduino Teensy microcontroller. He first uses GQRX and baudline together with an RTL-SDR in Kali Linux to test that the transmitter is working and to visually inspect the RF spectrum. Then he shows how to use GNU Radio to receive the 433 MHz transmitter and how to record an audio file. The final tool he shows how to use is rtl_433 which will automatically decode the data into binary strings using the analysis option.
Over on his blog, OZ9AEC has uploaded a post showing how he was able to create a live HDTV transmitter out of a Raspberry Pi, a Raspi Cam module and a UTC DVB-T Modulator adaptor. As he does not want to interfere with commercial DVB-T broadcasts, he sets the module to transmit at 1.28 GHz, aka the 23 cm licenced ham radio band.
On the RTL2832U dongle side, he modified the RTL2832U Linux DVB-T drivers (not the SDR drivers) to work on the 1.3 GHz band. The intention of this camera is for it to fly on a rocket mission. In the YouTube video below he has uploaded some sample footage with the RTL2832U dongle receiving the stream from 300 meters away.
Back in March we showed a beta version of Tyler Watts ScanEyes trunked call log recorder software. Now Tyler has released a more complete version of his ScanEyes software. A live version of the software can be found at sdrscan.com. ScanEyes works by using a software defined radio such as the RTL-SDR combined with trunking following software Unitrunker and optional P25 decoder DSD/DSD+ to archive all calls made on a trunked radio system. A user can then later go into the web interface and view and listen to archived calls.
A new Digital Audio Broadcast (DAB) player has been released for RTL2832U dongles (Link text is in German use Google Translate to translate). This player uses the official drivers and not the RTL-SDR drivers, although we believe the DAB demodulation is still done in software. You will need to install the drivers provided on the download page to run this DAB player. For R820T models, the Treiber2.zip file should be used and for E4000 Treiber.zip should be used. You will also need have installed the Visual C++ Redistributable package to run the program.
The software UI is written in German, but its controls are easy to figure out for non speakers.
An alternative DAB player that uses the RTL-SDR drivers is SDR-J.
In Boulder, Colorado (and possibly other US cities) there is a radio based weather monitoring system known as ‘Urban Drainage and Flood Control’. This is a system that monitors rainfall and other weather information and transmits data using the ALERT protocol.
Over at scalaeveryday.com, blogger cparker has posted how he was able to receive and decode the RF signals sent by these stations using an RTL-SDR. Using radioreference.com cparker was able to determine that these stations transmit at 169.5 MHz using frequency shift keying (FSK).
Using his RTL-SDR and GQRX, he made a recording of some of the weather station packets on that frequency. Next he used a command line utility called minimodem to convert the recorded packets into binary data. After looking up the protocol online, he was then able to understand the binary string and extract the station ID information from it. Cparker then went on to write code that would plot the received stations on a map by cross referencing the station ID with a website containing location information about these sensors. Finally, he managed to get the whole system running live on a Raspberry Pi.
