Category: News

CyberSpectrum Special: DEF CON Wireless Village Talks now Live

Cyberspectrum #23 is now live and can be viewed via the YouTube live stream below. It should be available for delayed viewing after the event as well. The talks include SDR and radio related topics on subjects such as:

  • HAARP ionosphere research
  • An open source implementation of DVB-S2 and DVB-S2X for both satellite and terrestrial amateur radio use
  • An open source SpyServer based tool for automatically demodulating/recording and parsing RF data
  • Reverse engineering X-Band satellites
  • An RTL-SDR powered web based trunking scanner with timeshifting capabilities.
Cyberspectrum Special: DEF CON Wireless Village

Since out last post previewing the event, some new talks have been added, and we've posted the line up and info below.

At this years DEFCON conference SDR evangelist Balint Seeber will be hosting Cyberspectrum #23. DEFCON is a yearly conference with a focus on hacker topics, which often include SDRs and other radio topics too. This years conference will be help on August 9 - 12 a Caesars Palace & Flamingo in Las Vegas. Cyberspectrum is an almost monthly meetup of SDR enthusiasts and researchers that is normally held in the San Francisco Bay Area, but often hosts remote speakers via teleconference. This months meetup will be held at DEFCON on August 9, hosted by the Wireless Village.

Chris Fallen, Ph.D. (@ctfallen): "Opportunities for radio enthusiasts and heaters of the ionosphere: HAARP is just another instrument, or is it?"

Preview of a future #cyberspectrum talk: Background of passive and active ways to get involved with HAARP experiments (and perhaps with other natural natural ionosphere events) based on prior and ongoing work.

Michelle Thompson (@abraxas3d): "ORI and Phase 4 Ground" (https://phase4ground.github.io/)

Open Research Institute (ORI) is a new non-profit research and development organization which provides all of its work to the general public under the principles of Open Source and Open Access to Research.

One of our projects is called Phase 4 Ground. Our mission is to provide an open source implementation of DVB-S2 and DVB-S2X for both satellite and terrestrial amateur radio use. Phase 4 Ground radio system has a 5GHz uplink and a 10GHz downlink. We are developing SDR software that heavily leverages IP multicast and RTP protocols to set up and tear down distributed remote radio functions.

The reference designs are in GNU Radio and we will provide recipes for as many SDRs as possible.

Phase 4 Ground radios are intended to be reusable and reconfigurable, supporting payloads at GEO (AMSAT Phase 4B), HEO (AMSAT Phase 3E), and beyond (such as NASA's Cube Quest Challenge). Additionally, our radios will work as terrestrial microwave stations. These 'Groundsats' on mountaintops or towers establish a fun and flexible digital microwave experience. If you want to build up your radio from SDRs, you can. If you want to build it entirely from scratch, then you can. Our manufacturing partner for an off-the-shelf design is Flex Radio.

Lucas Teske (@lucasteske): SegDSP SpyServer Segment Digital Signal Processor

SegDSP is a WIP "Segment Digital Signal Processor" that is tuned for connecting into a SPY Server and do automatically demodulation/recording/parsing of RF data. This talk will be about what it does today, how was the development, how it works, how it will work and what are the uses for it. Tired of losing the pass of a LEO satellite? Want to hear the recording from last week? SegDSP is a Open Source tool made in Go for both learning and monitoring Satcom and Terrestrial Com.

Luigi Freitas (@luigifcruz): "Reverse Engineering X-Band Satellites Datalink And The Worst Software Defined Radio Ever"

This talk will be about the reverse engineering process of the next generation X-Band datalink signal on-board of Sun Synchronous Satellites like Suomi (NPP) and NOAA-20 (NPOESS/JPSS-1). From the RAW I/Q recording to the decompressed high-resolution Earth pictures. This is the latest addition to the Open Satellite Project, a non-profit organization that is committed to develop and publish software tools and hardware projects that enable the Open-Source Community to access spacecraft non-sensitive data.

The other half (or so) of this talk will be about the “Worst SDR Ever” that is made entirely of dirty cheap parts readily available from China. This project is intended to demonstrate how a Software Defined Radio works utilizing real hardware and comprehensive modular software.

Gavin Rozzi (@gavroz): "OC Radio Live" (https://ocradio.live)

An online trunking scanner website with time shifting capabilities covering New Jersey powered by the RTLSDR and open source software.

Upcoming DEFCON Cyberspectrum Wireless Village SDR Talks

At this years DEFCON conference SDR evangelist Balint Seeber will be hosting Cyberspectrum #23. DEFCON is a yearly conference with a focus on hacker topics, which often include SDRs and other radio topics too. This years conference will be help on August 9 - 12 a Caesars Palace & Flamingo in Las Vegas. Cyberspectrum is an almost monthly meetup of SDR enthusiasts and researchers that is normally held in the San Francisco Bay Area, but often hosts remote speakers via teleconference. This months meetup will be held at DEFCON on August 9, hosted by the Wireless Village.

The planned talk overviews are listed below, and Balint would like to note that any physical attendees are welcome to get in contact with him and submit more talks. Previous Cyberspectrum talks can be viewed on this YouTube playlist.

Michelle Thompson (@abraxas3d): "ORI and Phase 4 Ground" (https://phase4ground.github.io/)

Open Research Institute (ORI) is a new non-profit research and development organization which provides all of its work to the general public under the principles of Open Source and Open Access to Research.

One of our projects is called Phase 4 Ground. Our mission is to provide an open source implementation of DVB-S2 and DVB-S2X for both satellite and terrestrial amateur radio use. Phase 4 Ground radio system has a 5GHz uplink and a 10GHz downlink. We are developing SDR software that heavily leverages IP multicast and RTP protocols to set up and tear down distributed remote radio functions.

The reference designs are in GNU Radio and we will provide recipes for as many SDRs as possible.

Phase 4 Ground radios are intended to be reusable and reconfigurable, supporting payloads at GEO (AMSAT Phase 4B), HEO (AMSAT Phase 3E), and beyond (such as NASA's Cube Quest Challenge). Additionally, our radios will work as terrestrial microwave stations. These 'Groundsats' on mountaintops or towers establish a fun and flexible digital microwave experience. If you want to build up your radio from SDRs, you can. If you want to build it entirely from scratch, then you can. Our manufacturing partner for an off-the-shelf design is Flex Radio.

Lucas Teske (@lucasteske): SegDSP SpyServer Segment Digital Signal Processor

SegDSP is a WIP "Segment Digital Signal Processor" that is tuned for connecting into a SPY Server and do automatically demodulation/recording/parsing of RF data. This talk will be about what it does today, how was the development, how it works, how it will work and what are the uses for it. Tired of losing the pass of a LEO satellite? Want to hear the recording from last week? SegDSP is a Open Source tool made in Go for both learning and monitoring Satcom and Terrestrial Com.

Luigi Freitas (@luigifcruz): "Reverse Engineering X-Band Satellites Datalink And The Worst Software Defined Radio Ever"

This talk will be about the reverse engineering process of the next generation X-Band datalink signal on-board of Sun Synchronous Satellites like Suomi (NPP) and NOAA-20 (NPOESS/JPSS-1). From the RAW I/Q recording to the decompressed high-resolution Earth pictures. This is the latest addition to the Open Satellite Project, a non-profit organization that is committed to develop and publish software tools and hardware projects that enable the Open-Source Community to access spacecraft non-sensitive data.

The other half (or so) of this talk will be about the “Worst SDR Ever” that is made entirely of dirty cheap parts readily available from China. This project is intended to demonstrate how a Software Defined Radio works utilizing real hardware and comprehensive modular software.

Gavin Rozzi (@gavroz): "OC Radio Live" (https://ocradio.live)

An online trunking scanner website with time shifting capabilities covering New Jersey powered by the RTLSDR and open source software.

New Alternative WxToImg Website with Most Files

Last month we posted that the website for the popular NOAA APT weather satellite decoding software known as WxtoImg went down. Since then we've been in contact with the developer of the software, and he did indicate that he may restore the site at some time in the future, but is currently busy with other projects so doesn't have much time to devote to his old software at the moment.

In the meantime (or perhaps permanently) a WXtoImg fan has created a clone of the original website which he's called "WXtoImg Restored". The site contains most of the downloads as well as a professional edition update key, which was released for free by the original author before. If you don't trust the third party site, some downloads are also still available from the internet archival project's copies of the original WXtoImg website.

There are still some files missing on WXtoImg Restored, and these are outlined on the new website's homepage, so if you have them please contribute them to the site email.

GQRX and gr-osmosdr now with support for SpyServer

Thanks to the work of Lucas Teske, GQRX is now able to connect to SpyServer servers. SpyServer is the IQ streaming server software solution developed by the Airspy SDR developers. It can support Airspy and RTL-SDR devices, and can be used to access these SDRs remotely over a network connection. It is similar to rtl_tcp, but a lot more efficient in terms of network usage, meaning that it performs well over an internet connection. On a previous post we have a tutorial about setting up a SpyServer with an RTL-SDR.

The code modified by Lucas is the gr-osmosdr module, and Lucas' code can be downloaded from his GitHub at github.com/racerxdl/gr-osmosdr. It doesn't yet appear to have been merged into the official osmocom branch. The gr-osmosdr module is a generic block used to access various SDR hardware, so any software that utilizes it (such as GNU Radio) should be able to connect to a SpyServer connection too.

moRFeus Half Price Sale: $99 Signal Generator and Frequency Mixer

moRFeus is a low cost wideband signal generator and frequency mixer. It can be used to generate a tone anywhere from 85 MHz to 5400 MHz, and can also be used as a frequency mixer, allowing you to implement upconverters and downconverters. In past posts we've reviewed and seen it being used as a PC based signal generator with open source GUI's, downconverter, CW generator, and most recently as a tracking generator for measuring filters and antenna VSWR.

Currently Outernet are having a half price sale on the moRFeus. Normally it's US $199, but now with the coupon code "rtlsdrblog" it's only US $99. The sale only lasts until Saturday 09 June 2018, so get in fast if you want one.

moRFeus can be purchased from the Outernet store.

Update: Please note that the sale has now concluded.

moRFeus coupon "rtlsdrblog"
moRFeus coupon "rtlsdrblog"

Osmo-FL2K: A TX-Only SDR Hacked From Commodity $5 USB to VGA Adapters – Demos Available for Transmitting WBFM, GSM, UMTS, GPS

Osmocom are some of the people behind the original discovery and development of the RTL-SDR (in particular Steve M), and today it looks like they have done it again by releasing exciting news of a way to turn a commodity $5 USB to VGA adapter into a TX-only capable SDR. They call their discovery 'osmo-fl2k', as the magic chip that makes it all happen is a Fresco Logic FL2000.

Examples of compatible Osmo-FL2K USB to VGA Adapters.
Examples of compatible Osmo-FL2K USB to VGA Adapters.

The discovery is based on the fact that the VGA specific HYSYC/VSYNC synchronizations on the FL2000 chip can be disabled, allowing for a continuous stream of samples to be sent to the VGA digital to analog converter (DAC). The FL2000 also implements a cheaper method of streaming data compared to other devices which allows these to be $5 devices.

The supported hardware appears to be any USB to VGA adapter that uses the FL2000 chip. They note that these are often advertised as "USB 3.0 to VGA" adapters with a maximum resolution of 1920 x 1080 for USB 3.0 and 800 x 600 for USB 2.0. Over on Amazon the cheapest one we've found (note not yet confirmed to be compatible) that meets the Osmocom description appears to be going for $7.49 and is fulfilled by Amazon.  We've seen prices of $5.11 on Aliexpress and $5.99 on eBay too. There appears to be no difference between the brands of these units, as the 'brands' are just private labelled from the same factory, as anyone can add a brand to a generic product.

Once sellers catch on to the fact that these devices are going to be popular we expect them to most likely start raising prices.

The Fresco Logic FL2000 Chip
The Fresco Logic FL2000 Chip

In terms of TX performance and functionality, osmo-fl2k should be better than RPiTX as it uses an actual DAC, instead of just PWMing a pin. It appears that the device can transmit on a fundamental frequency anywhere from HF up to about 157 MHz, and then signal harmonics can be used to extend the range all the way up to around 1.7 GHz or maybe even higher. Having harmonics does mean that like other cheap TX methods, the signal is not clean and so proper filtering would be required before any sort of higher power transmission would be legal.

The highest fundamental frequency available also appears to be related to the performance of your PC's USB 3.0 controller. The worst USB 3.0 controller that they tested maxed out at 115 MS/s, whereas the best was 157 MS/s (theoretical max should be 160 MS/s). A USB 2.0 controller only gets a maximum sample rate of 14 MS/s.

So far the team have released software examples for transmitting DVB-T, GSM, UMTS (3G) and GPS, and have mentioned that they have also successfully transmitted LTE and DAB too. There is also an example for transmitting WBFM audio with RDS via the pacat Linux command and sox. The image below shows the FL2K-SDR working as a GSM base station. 

Osmo-FL2K being used as a GSM Basestation
Osmo-FL2K being used as a GSM Basestation

If you're interested in more information, Osmocom have released the slides from a presentation that they made at a OsmoDevCon presentation on April 22. The video presentation is also expected to be released soon at media.ccc.de.

Testing the Airspy with the New And Improved Version of ADSBSpy

Airspy have recently released an update to their ADSBspy decoder, which is an Airspy One/R2 compatible decoder for 1090 MHZ ADS-B signals. According to 'prog', the software developer of ADSBSpy, his setup can see almost double the number of aircraft and with fewer false positives when using the updated software. Prog writes that the secret to the improvement is some reworked DSP code that aims to exploit oversampling in the Airspy to the maximum.

We compared the new (1.0.0.38/39) decoder against the old decoder (1.0.0.37) which used to get similar performance to dump1090. The test setup was two Airspy dongles connected to a dipole antenna via a splitter, with our Triple Filtered ADS-B LNA used by the antenna. One Airspy was used to power the LNA via it's bias tee, and both units received the same amplified signal. We found indeed that the new version of ADSBSpy receives a good number more aircraft in our set up, and an increased number of ADS-B messages too.

It seems that most of the additionally received aircraft must be from extremely weak signals, because when looking in Virtual Radar Server the extra aircraft usually only show their ICAO and maybe altitude and speed until they get closer.

So far this software appears to provide the best performance on ADS-B that we've seen so far, so if you are using an Airspy for ADS-B tracking we'd like to hear results from anyone who upgrades.

The New ADS-B Spy Receives More Aircraft and Messages
The New ADS-B Spy Receives More Aircraft and Messages

Nexmon SDR: Using the WiFi Chip on a Raspberry Pi 3B+ as a TX Capable SDR

Back in March of this year we posted about Nexmon SDR which is code that you can use to turn a Broadcom BCM4339 802.11ac WiFi chip into a TX capable SDR that is capable of transmitting any arbitrary signal from IQ data within the 2.4 GHz and 5 GHz WiFi bands. In commercial devices the BCM4339 was most commonly found in the Nexus 5 smartphone.

Recently Nexmon have tweeted that their code now supports the BCM43455c0 which is the WiFi chip used in the recently released Raspberry Pi 3B+. They write that the previous Raspberry Pi 3B (non-plus) cannot be used with Nexmon as it only has 802.11n, but since the 3B+ has 802.11ac Nexmon is compatible. 

Combined with RPiTX which is a Raspberry Pi tool for transmitting arbitrary RF signals using a GPIO pin between 5 kHz to 1500 MHz, the Raspberry Pi 3B+ may end up becoming a versatile low cost TX SDR just on it's own.