Category: Mobile

RTL-SDR 433: A New Android App for Decoding 433 MHz Sensors with rtl_433

Thank you to Christian Ebner from ebcTech, who has submitted news about his newly released Android app RTL-SDR 433, which lets you run the rtl_433 decoder directly on your phone using an RTL-SDR dongle connected via a USB OTG cable.

The app bundles rtl_433 as a native Android library and supports all 258 device protocols out of the box, including weather stations, TPMS, wireless doorbells, PIR motion sensors, energy meters, door/window contacts, and remote sockets. Decoding runs entirely on-device with no internet connection required, no root, and no special drivers. It uses the standard Android USB Host API together with a libusb Android port.

The UI is built with Jetpack Compose and Material 3, and shows a live list of unique sensors with expandable cards (temperature, pressure, RSSI, raw JSON) plus a full history log. The app is free to try with a decreasing per-session reading limit, and a one-time purchase for a few dollars removes the limit permanently.

We note that the GPL-licensed native layer (rtl_433, rtl-sdr, libusb Android port and EBC's integration glue) is published openly at github.com/ebc81/rtlsdr433-native-gpl in compliance with GPL-2.0, while the UI layer remains closed-source. 

More information about the app is available on the ebcTech page at https://ebctech.eu/rtl-sdr-433-android.

RTL SDR 433 for Android

Tactical_FSK_Modem: An Open Software MFSK Image & Text Modem for PC and Android

Thanks to Ibrahim (YD1RUH), who wrote in to share his open-source open-software project Tactical_FSK_Modem, which turns a standard PC or Android device into an audio-based MFSK transceiver for sending images and text over a radio link. Conceptually similar to SSTV or HF FAX, it adds Hamming (7,4) Forward Error Correction that wraps every 4 data bits into a 7-bit block and repairs single-bit errors in real time, significantly lowering BER in low-SNR conditions. The system forces a hardened 720p vertical resolution for noise resistance, and a 1400 Hz → 1000 Hz → 1400 Hz VIS-like "start melody" handles automatic RX canvas reset and sync with no manual alignment.

Pre-built Windows and Android binaries are available in the repo, and the Android port is probably the most interesting part. Operators can connect a smartphone to HT, ham radio, or an SDR to send tactical images directly from the field. 

We note that while the code is Apache 2.0 licensed, we don't appear to see any source code in the repo, but the .exe and .apk files are available to download. Ibrahim notes that he is actively looking for feedback and collaboration to further improve the system's robustness for tactical and emergency communication use cases.

Licensing Update: Ibrahim has clarified that he mistakenly referred to the project as open-source, but his intention was to actually refer to it as 'open-software'. The software is free, but the source code is not provided.

Tactical FSK Modem UI
Tactical FSK Modem UI

SPECTRAL-GSM: A Web-Based GSM Interception Platform Built on OsmocomBB

OsmocomBB is an open-source project that replaces the stock baseband firmware on old Motorola phones (C118, C139, etc.) that use the Texas Instruments Calypso chipset. By flashing custom "layer23" firmware over serial, these cheap legacy handsets become capable of accessing raw GSM radio data at the baseband level, enabling cell scanning, burst capture, and passive subscriber identity harvesting.

SPECTRAL-GSM builds on this by wrapping OsmocomBB into a full GSM intelligence suite controlled from a single browser tab. The system supports up to five phones simultaneously and provides a structured pipeline: scan local GSM cells, capture raw bursts on a target channel, crack the A5/1 encryption using rainbow tables on a 2 TB SSD, and then use the recovered session key for real-time voice and SMS decryption. Additional modules handle passive IMSI catching, targeted single-IMSI surveillance, silent SMS location probing via a USB modem, and OpenCellID cell tower mapping.

The developer notes that the platform is intended for authorized research, law enforcement, and educational use. At the moment, Mini0com has not provided a link or website to the software, only providing a PDF file, and video demonstrations of the system on their YouTube channel. Contact details for Mini0com can be found in the description on the YouTube videos below.

Spectral-GSM OsmocomBB

OTP Capture Demonstration Using Spectral-GSM OsmocomBB



 
 

CoronaSDR for iOS – A Free Native RTL_TCP Client

Thank you to Silviu YO6SAY for writing in and sharing with us news about the release of his iOS App called "CoronaSDR" which is a native client for receiving from rtl_tcp servers. rtl_tcp is a server program for RTL-SDRs that streams raw IQ data over a network connection.

Unlike Android, iOS does not allow third-party USB devices like the RTL-SDR to run on its devices. But you can set up an rtl_tcp server on a networked PC or Raspberry Pi in your home, and connect to the data stream with an iOS app like CoronaSDR.

Silviu writes:

CoronaSDR is a free, native iOS app that connects to an rtl_tcp server on your local network (no cloud, no subscription).

Current features
• Live spectrum + waterfall (Metal / GPU-accelerated)
• Demod modes: AM / NFM / WFM / USB / LSB / CW
• RF controls: gain, PPM, direct sampling, offset tuning, bias-tee
• Stations with tags + CSV/TSV import/export
• List/range scanning with squelch hold/skip
• Background audio + lock screen controls

Known limitations (early build)
• Built solo so far — no external testers yet
• Most real-world testing to date has been NFM and WFM
• Other modes are implemented, but I’d consider them early until more field feedback comes in

Tested with an RTL-SDR Blog V4 (R828D) on a Raspberry Pi running rtl_tcp.

I’d really appreciate detailed feedback (device + iOS version, tuner type, rtl_tcp command, mode/frequency, and steps to reproduce any issues).
 
CoronaSDR - RTL_TCP Client for iOS Devices.
CoronaSDR - RTL_TCP Client for iOS Devices.

Multimon Pager Decoding on Android

Sarah (aka SignalsEverywhere) has recently released another open-source Android app that enables the multi-signal decoder Multimon-ng to be used on Android. Multimon-ng is a commonly used decoding app, that supports various protocols such as POCSAG/FLEX pagers, as well as DTMF, ZVEI, EAS and more.

The app requires the SDR++ Android app to be running in the background with an SDR like an RTL-SDR connected. The role of SDR++ is to receive the signal and send the demodulated audio over a network connection to the Multimon-NG app, which performs the final decoding.

The app APK can be downloaded from Sarah's website via a minimum $0 donation, or alternatively, built and installed from source.

Multimon-ng on Android!

Pocket 25: An Android P25 Phase 1 Digital Voice Radio Decoder

Thank you to reader "EN53" for submitting news about a newly released open source Android app called Pocket 25. Pocket 25 is an Android-based APCO Project 25 (P25) phase 1 digital voice decoder based on the DSD-Neo decoder engine. It was developed by Sarah Rose (aka SignalsEverywhere), whose other software we have posted about in the past.

APCO P25 phase 1 trunked digital voice systems are commonly used in the United States, Canada, Australia, and other countries by emergency services. As long as the P25 network is unencrypted, it is commonly decoded to audio with an RTL-SDR and decoding software such as DSDPlus or SDRTrunk.

Pocket 25 allows users to now decode P25 signals on portable Android devices. An RTL-SDR can be connected to an Android device via a USB-OTG cable, or a remote networked RTL-SDR can be used via an rtl_tcp connection. The app also supports RadioReference accounts, automatic GPS site hopping, smart filtering, and logging.

In the readme, Sarah also notes that, because Pocket 25 is based on the DSD-Neo engine, it supports additional digital voice protocols, including DMR, NXDN, and others. However, the interface is designed around P25, so non-P25 systems may show incorrect metadata.

The software is open source and code can be found on the GitHub. There is also an active discussion about the app on RadioReference.

Pocket25 | Running DSD-Neo on Android!

Reviving Old 1G Analog Cellphones and Demonstrating Their Security Flaws

Over on the YouTube channel "Nostalgia For Simplicity," the creator has uploaded a video where he revisits the original 1G analog cellular system, AMPS, to finally understand a mysterious phenomenon he experienced over 20 years ago as a kid, where he was able to unintentionally intercept other people's calls with his 1G phone. Using vintage hardware like the Ericsson DH668, he recreates a small AMPS network and confirms that the system is fully analog, instant, and surprisingly good-sounding. 

AMPS worked by dividing the spectrum into numbered voice channels, with each call occupying one channel at a time. In busy cities, simply tuning to an active channel could let you hear someone else’s call. In this revival setup, there is only one active call, making the effect easy to demonstrate. This is essentially wideband analog FM voice on fixed channels, something easily observable and demodulated with modern SDR hardware.

Investigating this ancient 1G tech has highlighted why 1G systems were fundamentally insecure and why the world moved on to digital standards. If you're interested, the other videos on his channel continue to explore early cell phones and their quirks.

I Revived 1G and Recreated a Childhood Mystery

[Also seen on Hackaday]

NSA GENESIS: How NSA Spies Snooped on Local RF Bands using Modified Cell Phones with a Built-in SDR

Over on YouTube, the "Spy Collection" channel has recently uploaded a video detailing the US National Security Agency's (NSA) GENESIS spy gadget. GENSIS was a modified Motorola cell phone that contained a full software-defined radio system within. This system allowed NSA agents to discreetly record the local RF spectrum for later analysis. For example, an agent may have been able to record the frequencies and RF protocols used at particular facilities of interest for use in later operations. 

Details about the NSA GENESIS were revealed when the NSA's Advanced Network Technologies (ANT) catalogue was publicly leaked back in 2013. Originally, project GENESIS was due to be declassified in 2032.

Spy Collection also notes that the leaked documents indicate it is possible the phone was also used, or intended to be used, as a "finishing tool". In other words, a remotely detonated explosive phone, that could be given to persons on the US terrorist list. 

NSA's Leaked Secret GENESIS Cell Phone