Category: News

Smart Meter Hacking Hack Chat to be held April 14 Noon Pacific Time

In the last post from a couple of days ago we posted about RECESSIM's YouTube series about smart meter hacking. Hackaday have noted that Hash, the security researcher behind the RECESSIM channel will be hosting a Hack Chat on April 14 noon pacific time. If you're unfamiliar with them, hack chats are live chat events where you can chat directly with an expert on a particular topic.

That electrical meter on the side of your house might not look like it, but it's pretty packed with technology. What was once a simple electromechanical device that a human would have to read in person is now a node on a far-flung network. Not only does your meter tote up the amount of electricity you use, but it also talks to other meters in the neighborhood, sending data skipping across town to routers that you might never have noticed as it makes its way back to the utility. And the smartest of smart meters not only know how much electricity you're using, but they can also tease information about which appliances are being used simply by monitoring patterns of usage.

While all this sounds great for utility companies, what does it mean for the customers? What are the implications of having a network of smart meters all talking to each other wirelessly? Are these devices vulnerable to attack? Have they been engineered to be as difficult to exploit as something should be when it's designed to be in service for 15 years or more?

These questions and more burn within Hash, a hardware hacker and security researcher who runs the RECESSIM reverse-engineering wiki. He's been inside a smart meter or two and has shared a lot of what he has learned on the wiki and with some in-depth Smart Meter Hacking videos. He'll stop by the Hack Chat to discuss what he's learned about the internals of smart meters, how they work, and where they may be vulnerable to attack.

Preorder Sale: Active L-Band 1525-1660 Inmarsat and Iridium Patch Back In Stock for $44.95

We have just received stock of our new L-band active patch antenna design. The antenna is designed for receiving L-band satellites such as Inmarsat, Iridium, GPS and other satellites that transmit between 1525 - 1660 MHz (please note that you cannot use it for weak signals that require a dish like HRPT or GOES). The antenna comes as a set with a large suction cup, 3M RG174 extension cable and bendable tripod to help with mounting. Preorder pricing is US$44.95 including free worldwide shipping to most countries shipped from our warehouse in Shanghai. At the end of this week (extended for one more week!) pricing will rise to the standard cost of US$49.95. Amazon stock will require time, and won't be in for at least 6+ weeks.

Please see our store to order the unit

Like our previous patch design, this is an actively amplified antenna as it contains a built in low noise amplifier which takes power from a 3.3 - 5V bias tee. This power is available from from our RTL-SDR Blog V3 dongles, and other SDRs like the Airspy, HackRF and SDRplay. It also has a built in SAW filter after the LNA to help reduce terrestrial interference.

Compared to the previous design the new patch is larger (175 x 175 mm) with higher gain and wider radiation pattern. This allows for much easier pointing of the antenna and for much stronger signals. The upper frequency range has also been extended to 1660 MHz from 1625 MHz. The included suction cup is also much larger allowing for the patch to point at more angles without being restricted by the window. The patch is enclosed within a new weatherproof plastic enclosure. 

L-Band Patch with Accessories
L-Band Patch Mounting Examples

The screenshots below show the patch receiving various signals like AERO, STD-C and Iridium

Inmarsat Reception
Inmarsat Reception
Airspy Showing Patch Bandwidth
GPS "hump" visible

Usage Tips

  • The antenna should be used with one meter or more of coax cable. It may perform poorly if the RTL-SDR is placed right at the antenna due to interference. If you want to run very long cable, then low loss coax should be used. 
  • The patch can be used flat, or angled towards the satellite. Angling it towards the satellite will yield significantly higher gain.
  • If you have very strong cell phone interference in your area, try using the patch a bit lower to the ground, and use buildings to block the interfering signal.
  • If you want to mount this on a car roof, you can use a standard mag-mount camera adapter.
  • When using the suction cup, ensure you wipe down the cup and the window surface before sticking it on. Have a backup plan in case the suction fails.

What can you do with this antenna?

The R860 will replace the R820T2 – Same chip different name

We have recently received samples and tested the new R860 tuner chip from Rafael Micro. However, to be clear there is no change in terms of silicon or performance between the R820T2 and the R860. It is just a change in name signifying a minor change in the manufacturing chain which has allowed production of this chip to continue. In the future all R820T2 RTL-SDRs will transition to the R860 and we are just noting this now so that customers are not surprised if they see R860 markings on future dongles. We warn that some sellers of RTL-SDRs may attempt to market the R860 as an improvement, but we want to make clear that they are indeed identical to the R820T2.

Thank you to Rafael for continuing to support the SDR community, and thanks to all our customers!

The R860 tuner chip from Rafael

We note that Airspy will also be using the R860 in their products as per their latest tweet.

Testing Sharp Slicer: Multiple Spectrum Slices via SDR# with an Airspy SDR

Youssef the author of SDR# has recently released an update which adds a feature called "Sharp Slicer". This feature allows Airspy SDR users to open multiple instances of SDR#, each able to tune to a seperate signal within the currently tuned frequency range of the SDR. This is somewhat similar to the old multi-VFO plugin from rtl-sdr.ru, however the advantage of Slicer is that you can have seperate spectrum and waterfall graphs for each signal. This could be especially useful for monitoring multiple narrowband HF modes with an Airspy HF+ Discovery. 

To use Sharp Slicer you must have an Airspy SDR, be it an Airspy Mini/R2 or HF+/Discovery. Unfortunately it will not work with RTL-SDR or other SDRs. Once the SDR is running in SDR#, simply press the "+" button on the top left to open a new Slicer instance. It seems possible to open as many instances as you want, and probably the only limitation is your CPU. On our Intel i7-6700 we tested up to 8 instances running at the maximum bandwidth of an Airspy Mini, and the SDR# CPU utilization was only at 50%.

A nice touch is that you can also see the location of each VFO on the master SDR# instance, and the color can be changed on each Slicer instance.

Over on Twitter @ea3ibc has also been testing:

ARRL/TAPR Digital Communications Conference: Held Online for Free from September 11-12

Just a few days prior to the 2020 GNU Radio conference, ARRL and TAPR will hold their yearly Digital Communications Conference (DCC) online. DCC is a yearly conference with many SDR and RF related talks, with a focus on ham radio science. The talks will be live streamed on YouTube for free, however you can register for $30. Registration will grant you the ability to ask questions or chat via Zoom, and includes access to the papers. The YouTube live link has not been provided yet, so keep an eye on the DCC web page for the announcement.

The schedule of talks can be viewed here, and below we're listing the talk titles.

  • HamSCI PSWS Overview/Status
  • HF Propagation Measurement Techniques and Analyses
  • Early Results of Festival of Frequency Measurement Experiment & June 21, 2020 Asian Eclipse
  • Frequency Estimation Techniques
  • LC-PSWS Engineering Status
  • PSWS Control Software and Database
  • Evaluation of uBlox GPS Receivers Performance
  • TangerineSDR Hardware Update
  • TangerineSDR VLF Module (A new module!)
  • Characterizing and Optimizing the behavior of a Ground-based Magnetometer for Ionospheric Space Weather Observations
  • Mobile Mesh Tower Fleet
  • Design Tips for QSD Down Conversion SDR Designs
  • Packet Compressed Sensing Imaging (PCSI: Robust Image Transmission over Noisy Channels
  • Continued Lessons from the RF-Seismograph
  • Current Status Report of FX.25 KISS TNC Development
  • APRS Performance and Limits
  • Digital Signal Processing: I2S in ESP32
  • Aids to the Presentation and Analysis of WSPR Spots: TimescaleDB Database and Grafana
  • QMesh: A Synchronized, Flooded Mesh Network Protocol for Voice
  • GaN based RF Power Amplifier Design
  • The AERO/VISTA Twin Small Satellite Project
  • ENAMS (Electromagnetic Noise Area Monitoring System)
  • PSWS Antenna Designs
  • RF Machine Learning Applied to doing Cognitive Radio on HF
  • Improved Layer 2 Protocol
  • FreeDV 700D and 202
  • Forward Error Correction and Pictures from Mars

Reminder: Register for the GNU Radio Online Conference on September 14-18

This is just a reminder that the 2020 GNU Radio Conference will be held online in a few days time starting on September 14 and ending September 18 2020. Viewing the live talks and participation in the discussion forums is free for everyone around the world, however you must register first via their site. The paid $50 workshops are all currently booked however you can go on the waiting list in case more spaces are opened.

GNU Radio Conference (GRCon) is the annual conference for the GNU Radio project & community, and has established itself as one of the premier industry events for Software Radio. It is a week-long conference that includes high-quality technical content and valuable networking opportunities. GRCon is a venue that highlights design, implementation, and theory that has been practically applied in a useful way. GRCon attendees come from a large variety of backgrounds, including industry, academia, government, and hobbyists.

GRCon20 will be held starting September 14, 2020 online as a virtual event. The organizing team is hard at work to create a fun and interactive experience.

Our keynote speakers include: Becky Schoenfeld W1BXY, managing editor of QST magazine, Oona Räisänen [ windytan ] hacker of signals and computer programmer, and Jim St. Leger, Director Open Source, Intel.

With an annual program that has broad appeal, GRCon attracts people new to Software Radio just looking to learn more, experts that want to keep their finger on the pulse & direction of the industry, and seasoned developers ready to show off their latest work.

Titles of the talks scheduled are shown below. The full list of talks, workshops and descriptions can be found here

  • Oona Räisänen - Video Decoding Adventure
  • Introducing OpenCPI as an Infrastructure for GNU Radio and GNU Radio Companion
  • How Strong is my SDR Signal?
  • Introducing the Radio Resiliency Competition
  • Are We Alone? How GNU Radio Can Help Us Find ET
  • A Conversation with the Ettus Research / NI SDR R&D Team
  • Enabling Performance Portability of GnuRadio on Heterogeneous Systems
  • Architecture Update - Marcus Mueller
  • Becky Schoenfeld - Keeping Ham Radio Alive and Well: ARRL’s Education Initiatives
  • ESA's OPS-SAT Mission: Powered by GNU Radio
  • Designing a Narrowband Radar using GNU Radio and Software Defined Radio for Tomography and Indoor Sensing
  • The De-Swiggification of GNU Radio
  • Exploring RFNoC with the UHD Python API
  • Teaching the Principles of Time Delay Spectrometry Ultrasound with GNU Radio
  • Ultra-cheap SDR Digital Television Transmission: ISDB-T with an osmo-fl2k and an RTL-SDR
  • Software defined radio based Synthetic Aperture noise and OFDM (WiFi) RADAR mapping
  • Community Continuous Integration (CI) for GNU Radio
  • RadEOT: The Radio Education Outreach Tool
  • Software defined radio based Global Navigation Satellite System real time spoofing detection and cancellation
  • SDR to GPU Peer-to-Peer Data Streaming for Cognitive Radar and EW Use-Case
  • Security Analysis of Zigbee Networks with Zigator and GNU Radio
  • Using GNU Radio in Amateur Radio
  • GR Wiki Block Docs: What's Important?

Nils Reviews the RX-888: A Sub $200 16-Bit 32 MHz Bandwidth SDR

A lot of affordable Chinese clone SDRs have been coming onto the market recently, and the RX-888 is one of the most interesting. The RX-888 appears to be an improved clone of the RX-666 which in turn is a clone derived from Oscar Steila (IK1XPV)'s BBRF103 original open source design.

The RX-888 is based on the LTC2208 16-bit ADC chip which is capable of streaming the entire 1 kHz to 32 MHz frequency range to the PC over USB 3.0 with direct sampling. Frequencies from 32 MHz to 1.8 GHz can also be received via an R820T2 tuner which is on the board (the same tuner used in most RTL-SDRs). Due to the bandwidth restrictions of the R820T2 silicon, the bandwidth above 32 MHz is restricted to 8 - 10 MHz. The main change when compared to the RX-666 appears to be that there is an LNA which improves medium wave and small antenna performance which was a problem on the RX-666. The RX-888 also adds several heat sinks to the enclosure, as excessive heat generation of the LTC2208 ADC appears to also be an issue.

The RX-888 Software Defined Radio

Recently Nils Shiffhauer (DK80K) wrote up a great review of the RX-888. In the review he covers the specs, shows a few screenshots of some signals he's received and also provides multiple audio samples of signals received.

The RX-888 is currently available on marketplace sites like Aliexpress and eBay priced at around US$180. In the past SDRs that could receive the entire HF band at once were rare, with the only affordable SDR with this capability being the KiwiSDR. So it is good to see that we may now be entering a stage of new advancement in affordable SDRs.

One thing to note is that this design can be considered a clone. However the original design by Oscar is open source and from this post on his blog he seems happy and accepting of the clones.

We note that we have ordered a unit and will be uploading a review once we test it.

The RX-888 PCB

The NEWSDR 2020 Conference will be held Online on 12 August

The 10th New England Workshop on Software Defined Radio (NEWSDR 2020) will be held online this year due to the ongoing pandemic. It is due to be held on 12 August 2020, 9:00 AM (US Eastern) – 5:00 PM (US Eastern). Registration is free, however you do need to register before 9 August 2020 in order to receive login details.

The 2020 New England Workshop on Software-Defined Radio (NEWSDR’20) is the tenth installment of an annual workshop series organized by the Boston SDR User Group (SDR-Boston). Given the continued global health emergency of the COVID-19 pandemic, this year’s event will be safely hosted online using a variety of Internet technologies such as Zoom, YouTube Live, and Slack. Although this will be a virtual event, the NEWSDR 2020 organizers are committed to achieving the primary goal of this workshop by providing a forum that enables individuals working on SDR-related projects within the New England area to get together, collaborate, and introduce SDR concepts to those interested in furthering their knowledge of SDR capabilities and available resources. NEWSDR 2020 welcomes both experienced SDR enthusiasts as well as individuals who are interested in getting started with SDR.

This years talks include a Keynote by Dr. Tom Rondeau of DARPA, “Spectral Coexistence: What is its future in the US?”, “A Software-Defined Wireless Communications Network Research Infrastructure for the Internet of Things (IoT)”, “Open-Source Software in Software-Defined Radio” as well as several community and poster talks.

Videos of previous NEWSDR conference talks can be found listed on their website.

NEWSDR 2020 to be held online
NEWSDR 2020 to be held online