Category: LimeSDR

The Taylorator: Flooding the Broadcast FM Band with Taylor Swift Songs using a LimeSDR

Over on Hackaday and creator Stephen's blog, we've seen an article about the 'Taylorator,' open source software for the LimeSDR that floods the broadcast FM band with Taylor Swift music. In his blog post, Stephen explains how he wrote this software, explaining the concepts behind audio preparation, FM modulation, and what computing hardware was required to implement it.

The advertised use case of the Taylorator is obviously a bit of a joke; however, as the video on Stephen's blog shows, his software can play a different song on every broadcast FM channel. So, there could be some use cases where you might want people to be able to tune an FM radio to custom music on each channel. Of course, you could also just use it to play a practical joke on someone.

In terms of legality, in his blog post, Stephen notes that blasting the broadcast FM band on every channel is probably not legal and may go against the spirit of low-power FM transmitter laws in most countries. However, he notes that spreading a few mW over 20 MHz of bandwidth results in a weak signal that is unlikely to travel very far. Regardless, we would advise potential users of the software to check their local laws before going ahead and playing around with something like this.

The software is open source and available on Stephen's GitLab.

The Taylorator: Broadcasting Taylor Swift songs on every broadcast FM channel
The Taylorator: Broadcasting Taylor Swift songs on every broadcast FM channel

Guglielmo FM and DAB Receiver Software Updated to Version 0.6

Thank you to Marco, Guglielmo's programmer, for letting us know that his software has recently been updated to Version 0.6.

Guglielmo is Linux, Windows (and, in this recent update, x86 MacOS) based RTL-SDR FM and DAB tuner software that supports SDRs, including the RTL-SDR, Airspy, SDRplay, HackRF, and LimeSDR. It is designed to be easy to use for media users rather than hobbyist technical users.

Version 0.6 fixes bugs and adds the following features:

  • Software automatic gain control
  • Support for multiple devices for RTL-SDR and SDRplay
  • Support for RTL-SDR V4
  • New RTL-SDR and SDRPlay device drivers
  • New Portaudio sound driver
Guglielmo: Screenshot of the DAB Interface

Monitoring Aircraft Distance Measuring Equipment (DME) with LimeSDR

Daniel Estévez has recently posted on his blog about how he uses a LimeSDR to record and analyze the DME signal used by aircraft. DME or Distance Monitoring Equipment is a radio navigation technique sometimes used by aircraft.

The concept behind DME is simple: the aircraft broadcasts a signal pulse, and a ground station receives and repeats the pulse back at another frequency. The aircraft receives the return pulse, and from the time it has taken to receive that return pulse, the distance to the ground station can be determined. The frequencies used are between 960 MHz and 1215 MHz, and the aircraft and ground station pulses are always spaced apart by 63 MHz.

In his post, Daniel explains how he records the two signals spaced 63 MHz apart using his LimeSDR. Recording this large bandwidth has some challenges since typically the LimeSDR only supports a bandwidth of 61.44 MHz, which is too small for the 63 MHz spacing. However, Daniel explains in his post how he got around this limitation by using the two RX channels on the LimeSDR, sampling at a higher 80 MSPS sample rate, and then using the LimeSDR DSP to downconvert and decimate each DME channel to 2.5 MSPS, making the final sample rate small enough to be sent over USB.

The rest of the post details his experiments, analysis, and results when receiving the two DME channels through GNU Radio.

Daniel's LimeSDR DME Receiver Setup
Daniel's LimeSDR DME Receiver Setup

[Also seen on Hackaday]

Using a LimeNET Micro to Implement an Amateur Radio DMR Tier III Trunked Radio Base Station

Thank you to Adrian Musceac (author of QRadioLink) for submitting his article about how he implemented an amateur radio DMR Tier III Trunked Radio Base Station with a LimeNet-Micro software-defined radio. DMR Tier III is a digital voice trunked radio system that employs Time Division Multiple Access (TDMA) technology. Tier III is largely based on Tier II, but adds trunking abilities which enable efficient channel access and resource allocation.

The LimeNET Micro is a software defined radio based on the LimeSDR, but it has some upgraded specifications such as an embedded Raspberry Pi Compute Module 3+ that make it easier to deploy as a base station.

Adrian writes:

The Tier III extension (trunked radio) to the DMR standard is defined and specified by the European Telecommunications Standards Insititute (ETSI) in the TS 102 361-4 document.

The project uses LimeNet-Micro, LimeSDR-mini or Ettus USRP hardware to set up  such a base station for experimental and amateur radio digital voice communications purposes. The core components of this project are MMDVM, MMDVMHost (both under the form of forks supporting communication via ZeroMQ and pseudo-TTY), GNU Radio, DMRGateway, QRadioLink and the DMR trunked radio controller GUI.

Since DMR trunked radio is not very well known and used in the amateur radio world, I hope this will bring some new information to amateurs interested in these digital voice communication technologies. All code used is available as free and open source software (FOSS). A demo of the project used with real world amateur radio communications can be found on the page.

DMR Tier III system software architecture
DMR Tier III system software architecture

Creating a Multicarrier Base Station Transceiver For DMR, YSF, M17 and more with MMDVM and LimeSDR

Thank you to Adrian, creator of the QRadioLink software for writing in and sharing with us his post about how he uses a LimeSDR as an Multi Mode Digital Voice Modem (MMDVM) for various modes including DMR, YSF and M17. 

A MMDVM is usually a computing device running multiple radios, each of which is used for a separate channel with it's own filters and power amplifier hardware. Each channel can run a separate protocol if desired. 

However in order to save on radio hardware, Adrian wanted to use his LimeSDR as the radio hardware in his MMDVM system. The LimeSDR is a transceiver which has enough bandwidth to implement several channels just by itself. To do this Adrian uses his MMDVM-SDR software.

His implementation runs multiple instances of MMDVM-SDR, one instance for each channel. Then a GNU Radio flowgraph with LimeSDR block connects to each of these instances, transferring data between GNU Radio and MMDVM-SDR via ZeroMQ or TCP sockets. The bulk of Adrian's post explains the architecture in detail. Adrian writes:

The setup can transmit 7 digital carriers in 200 kHz occupied spectrum, and each radio channel can be assigned to a different mode or digital voice network as configured in MMDVMHost.

This is based on the work of Jonathan Naylor G4KLX and Rakesh Peter (r4d10n).

Adrian also notes that this is still a work in progress and there are still several limitations including high latency and issues with filtering, overload and poor channel rejection. 

Multi-Channel MMVDM LimeSDR Architecture Overview

Guglielmo FM and DAB Receiver Software Updated to Version 0.5

Thank you to Marco, the programmer of Guglielmo for letting us know that his software has recently been updated to Version 0.5.

Guglielmo is a Linux, Windows (and in this recent update x86 MacOS) based RTL-SDR FM and DAB tuner software that supports SDRs including the RTL-SDR, Airspy, SDRplay, HackRF and LimeSDR. It is designed to be an easy to use program designed for media users, rather than hobbyist technical users.

Regarding the release of Version 0.5, Marco writes:

This release sports full mac (x86 only, sorry) and windows installers, DAB and FM scans and a preset editor.

Guglielmo: Screenshot of the DAB Interface

SDRangel Now Available on Android: Mobile ADS-B, AIS, APT, Digital Voice, POCSAG, APRS, RS41 Radiosonde Decoders

SDRangel is a free open source software defined radio program that is compatible with many SDRs, including RTL-SDRs. SDRAngel is set apart from other programs because of it's huge swath of built in demodulators and decoders.

Thank you to reader Jon for writing in and noting that SDRangel has recently been released for Android as a free Google Play download. This is an amazing development that could open up many doors into portable decoding setups as the Android version supports almost every decoder implemented on the desktop version. Jon writes:

It includes most of the functionality of the desktop version of SDRangel, including:

  • AM, FM, SSB, Broadcast FM and DAB, AIS, ADS-B, Digital Voice (DMR, dPMR, D-Star, FreeDV), Video (DVB-S, DVB-S2, NTSC, PAL), VOR, LoRa, M17, Packet (AX.25), Pager (POCSAG), Radiosonde (RS41), Time signal (MSF, DCF77, TDF and WWVB) modems.
  • RTL SDR, Airspy, Airspy HF, LimeSDR, HackRF and SDRplay support via USB OTG as well as networked SDRs
  • 2D and 3D signal analysis in both time and frequency domain with statistical measurements of SNR, THD, THD+N, SINAD, SFDR and channel power
  • Satellite tracker, star tracker, maps and rotator controller

It should work on Android 6 and up. It’s a straight port of the desktop application, so although it will run on a phone, probably best used on a large tablet with a stylus or mouse.

SDRangel on Android
SDRangel on Android
SDRangel

Fissure: An Open Source RF Reverse Engineering Framework

FISSURE (Frequency Independent SDR-Based Signal Understanding and Reverse Engineering) is a recently released open source framework that runs on Linux, and includes a whole suite of previously existing software that is useful for analyzing and reverse engineering RF signals. On top of that it includes a custom GUI with a bunch of custom software that ties everything together in a full reverse engineering process.

Recently the developers spoke at this years Defcon conference, and the talk video is supplied at the end of this post. In their talk they explain the purpose of FISSURE, before going on to demonstrate it being used to reverse engineer a wireless X10 doorbell. FISSURE makes analyzing the signal easy, starting with spectrum analysis to find the signal, then signal recording, signal cropping, signal replay, crafting packets and crafting attacks.

News and developments about FISSURE can also be seen on their Twitter.

FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions.

The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. FISSURE contains a growing library of protocol and signal information to assist in identification, packet crafting, and fuzzing. Online archive capabilities exist to download signal files and build playlists to simulate traffic and test systems.

The friendly Python codebase and user interface allows beginners to quickly learn about popular tools and techniques involving RF and reverse engineering. Educators in cybersecurity and engineering can take advantage of the built-in material or utilize the framework to demonstrate their own real-world applications. Developers and researchers can use FISSURE for their daily tasks or to expose their cutting-edge solutions to a wider audience. As awareness and usage of FISSURE grows in the community, so will the extent of its capabilities and the breadth of the technology it encompasses.

FISSURE RF Framework - Griffiss Institute & AIS Monthly Lecture + Education Series