In his latest video out on YouTube, Matt from the Tech Minds channel gives us an overview of GNU Radio, and shows a few examples of how it can be used to receive, transmit and decode digital data.
GNU Radio is a popular open source DSP framework for software defined radios. With it you can graphically implement any sort of digital signal processing chain that you like, which can be used for decoding/encoding and demodulating/modulating signals.
GNU Radio can be extremely complex and powerful, but in the video Matt shows some simple starter example flowgraphs like an LSB demodulator, and a simple wav file source transmitter for the HackRF.
How To Make Your Own SDR Software With GNU Radio Companion
With polar orbiting weather satellite reception we as amateur ground station operators with SDR receivers typically download images via "Direct Broadcast", which provides imagery of what the satellite is currently seeing live. However, the main way satellites such as the NOAA POES (NOAA 15, 18 & 19) satellites downlink is via "Global Area Coverage" (GAC) broadcast which provides the full stored imagery data of the entire global pass. However, GAC is only broadcast in locations where the satellite operator operates ground stations.
Over on YouTube dereksgc has uploaded a video showing how to receive GAC data from the NOAA POES satellites. He notes that GAC is now broadcast at 2247.5 MHz in the S-band, and the ground station it now downlinks to is likely in Svalbard, rather than in the USA. This means that amateur satellite stations close to the North Pole can receive the GAC signal, including dereksgc's station which (we believe) is in the Czech Republic.
Dereksgc uses a large 250cm offset dish with S-band feed connecting to a HackRF. In the video he demonstrates him receiving the signal, and then decoding it using SatDump. Finally he shows all the images from various locations around the earth that he was able to receive from one satellite pass.
Over on the Lab401 YouTube channel, 'RocketGod' has uploaded three videos that are various tutorials for the HackRF on Windows. The first video covers the basics like installing software and shows how to decode pager signals with PDW.
The second video shows how to decode police transmissions, car key fobs, use rtl_433, and how to use Universal Radio Hacker to capture and analyze signals.
The third video is not yet released, but is due to premier on YouTube in 10 hours from the time of this post. In that video RocketGod will show how to install and use DragonOS, and how to install and use SDR Trunk which turns the HackRF into a police scanner. Finally, he will demonstrate SDR Angel and show it decoding ADS-B signals from aircraft to show you live flight tracking data.
Over on dereksgc's YouTube channel another recent video from his satellite decoding series shows how to download images from the Coriolis satellite, a US Department of Defense satellite launched in 2003, that is among other uses designed to measure wind speed and direction from space using a radiometer.
The entire history of an orbit is only downlinked in the S-band when over an official ground station, however it also has a 'tactical' downlink for live data that the US Navy uses. As the data is unencrypted, with a satellite dish, 2.2 GHz feed, LNA and a software defined radio like the HackRF, anyone can receive the data.
In his video dereksgc explains the satellite, shows his hardware, and demonstrates reception. He then passes the recording into SatDump which results in the images. The images themselves are nothing interesting to look at, as they are produced by a sensor designed to measure wind. But dereksgc shows how multiple images can be composited into something a little more interesting.
Over on dereksgc's YouTube channel we've discovered a few more recent interesting videos from his satellite decoding series that people may be interested in. One from two weeks ago shows how it's possible to receive voice transmissions on navigation satellites such as GPS.
Many navigational and meteorological satellites carry a search and rescue (SAR) repeater which is intended to receive UHF emergency locator beacons and rebroadcast them in the L-band or higher. However the repeaters appear to be picking up all sorts of other signals from the ground, including voice transmissions. Dereksgc notes that the theory is that there are some land based communications systems in some countries that are sharing frequencies that emergency locator beacons use, or that malicious pirates may be actively using these SAR repeaters for their own communications.
Dereksgc shows examples of retransmitted signals on the Beidou, GLONASS and Elektro-L satellite downlinks at 1.5442 GHz and at 2.226 MHz for the GPS satellites. He also shows what sort of satellite dish and feed setup you need. In the video he uses a HackRF as the SDR, but you could also use an RTL-SDR for the satellites that transmit at 1.5442 GHz.
Receiving voice transmissions from GPS satellites || Satellite reception pt.10
Back in March of this year we posted about an OpenWebRX fork called OpenWebRX+, which adds multiple built-in and ready to use decoders such as SSTV, AIS, CW and RTTY. OpenWebRX+ is a fork of the OpenWebRX project which is now officially maintained by DD5JFK.
Since our last post OpenWebRX+ has progressed in development further, and now includes a HFDL decoder via dumphfdl, various ISM band equipment decoders via rtl_433, FLEX pager decoding via multimon-ng, and a SELCALL decoder has also been added. Many other improvements and changes to the software have also been added, and the full changelog can be viewed here.
OpenWebRX+ is software for Linux. If you want to install OpenWebRX+, an easy path is to use the ready to use Raspberry Pi 4 image available on the releases page, or to use their PPA.
SSTV Image received by the luarvique fork of OpenWebRX. Credit: Neil Howard
In May we posted about how Great Scott Gadgets (GSG), the team behind the HackRF SDR and several other popular products, are in the early stages of developing a new type of SDR product called the "Universal Radio Test Instrument" or URTI for short.
Thank you to a few blog readers for pointing out that earlier this month the URTI GitHub lab-notes were updated with a progress report, and some further information about the architecture. The URTI will be split into a mainboard PCB, and a user interface PCB. The former will contain the USB interface, FPGA computing, and radio, and the latter will run a display and tactile controls.
For the radio components, the team appear to be using similar components to what is used in the HackRF. They have selected the MAX5865 as their analog to digital converter (ADC) chip which is a faster sampling version of the MAX5864 which is used in the HackRF. They've also chosen either the MAX2831 or MAX2830 as their quadrature transmitter, and the MAX2120 as their quadrature receiver. They are also using the RFFC5072 chip as their mixer. These are again similar or the same as parts used in the HackRF.
In the update they also make notes on their SMA connector selection, PCB trace width selection, and their selection of Unun, RF switch, clock generator and RF limiter parts. They also note progress on their software which will provide a DSP library for the FPGA, and their tests of a display via a hand held game console.
In the next stage of development the team will be designing and assembling the mainboard to try and quickly make a platform available for software developers to get started on.
Testing the MAX2830 Chips with a GreatFETURTI Overall ArchitectureURTI Mainboard Architecture
Over on his blog Chris Laplante has written up a post showing how he was able to reverse engineer his wirelessly controlled adjustable "TEMPUR-Contour Elite Breeze" bed. Originally the bed did have an Android App for smartphone control, however it was never updated since 2014 and so it no longer works on his modern Google Pixel device. So in order to have it controllable by his home automation system Chris decided to reverse engineer the wireless signal used by the bed's remote control.
He first searched the FCC filing, finding that it transmitted in the ISM band at 433.050 to 434.790 MHz. Then using his HackRF he was able to capture the signal and determine that it used Gaussian frequency shift keying (GFSK) modulation.
The GFSK signal from the Tempur Pedic wireless remote control.
While the HackRF got him this far, he decided to follow a new line of investigation next, instead now using a logic analyzer to probe the SPI bus which talks to an Si4431 RF transceiver on the remote control. From this he was able to determine the important properties of the signal such as the frequency, data rate, frequency deviation, channel mapping and packet structure.
With all this information Chris was in the end able to create a product called "Tempur Bridge" that he is now selling on Tindie. It consists of an ESP32 WiFi connected microcontroller and a Si4463 RF transceiver chip. With his product Chris is now able to control his bed through a WiFi connection in Home Assistant.
Chris's TemperBridge product for WiFi control of a Tempur Pedic adjustable bed.
