Category: News

LimeSDR CrowdFunding Closing in Four Days: 80% Funded

The LimeSDR is a new transmit capable software defined radio with a 100 kHz – 3.8 GHz frequency range, 12-bit ADC and 61.44 MHz bandwidth which is currently seeking crowdfunding. At the time of this post there is about four days left to reach the $500k goal, and it is only 80% funded. To try and reach their funding goal they have released another batch of discounted units which cost only $249 USD. After the crowd funding campaign the price will rise to $289/$299 USD. If the LimeSDR is not funded in time, they write that the project will unfortunately be put on hold and it’s future may be uncertain. We believe that this product is shaping up to be a very good TX/RX capable SDR, like the HackRF and bladeRF, but much better overall and for the same or even lower price.

Recently they also released some new updates that show off some LimeSDR features. In a post previously featured on our blog beta tester Alexandru showed how he was able to get the LimeSDR to transmit DVB-S2 HDTV. In later updates they showed how the LimeSDR can be used to:

The LimeSDR Board
The LimeSDR Board

Slovenian University Student & Security Researcher Almost Jailed for Researching TETRA with an RTL-SDR

Dejan Ornig, a 26 year old student at the University of Maribor’s Faculty of Criminal Justice and Security was recently almost jailed for finding a security flaw in Police TETRA communications in his home country of Slovenia. Back in 2013 his University Computer Science class of 25 was assigned a task to research security vulnerabilities in TETRA. TETRA is a RF digital communications protocol often used by authorities due to its ability to be secured via encryption. During his research he used an RTL-SDR and the open source Osmocom TETRA decoder, and discovered a flaw in the Slovenian Police’s TETRA configuration which meant that encrypted communications were often being broadcast in the clear. Translated, Ornig said:

For $20 I bought a DVB-T receiver (RTL-SDR), on the Internet, I have found also freely available and open-source software OsmoCOM. Free access solution for decoding the signal Tetra eighth-tetra is already prepared in advance programming framework based on the platform GNU.

He goes on to say (translated):

I was even more surprised when I found that most users do not have authentication turned on the radio terminal, even though the Ministry of the Interior in the documents and tenders repeatedly wrote to all the radio terminals to access networks using authentication.

Shortly after discovering the flaw, Dejan privately contacted the authorities with his findings. But after two years of repeatedly contacting them and waiting for a fix, Dejan decided to take his story to a local news agency in February 2015. At this point the Slovenian Police became interested in Dejan, and instead of fixing the problem, decided to conduct a search on his house, seizing his computer and RTL-SDR. After the search the Police made life harder for Ornig by trying to lump on other problems. During the search they found a “counterfeit police badge” in his house and apparently accused him of impersonating a police officer, and after a search of his PC they also decided to charge him after finding out that he covertly recorded his ex-employer calling him an “idiot”.

Ornig has now been given a 15 month suspended jail sentence for attempting to “hack” the TETRA network. Fortunately the suspended part means that in order to not go to jail Ornig simply must not repeat his crime again within 3 years. While SDR’s and radios are not illegal in most countries this is a reminder to professional and amateur security researchers to check that what you are doing is legal in your country. Even if it is for the overall good, Police often do not have the technical competence to understand security researchers and may react illogically to findings. The good news about Ornig’s story is that apart from the suspended jail sentence the authorities appear to have now worked with him to fix the problems.

TETRA Decoding
TETRA Decoding

Story Sources:
[http://www.ibtimes.co.uk/researcher-jailed-finding-security-flaws-police-communications-1561600]
[http://siol.net/novice/slovenija/kako-za-20-evrov-prisluskovati-slovenskim-varnostnim-organom-video-44923]
[https://podcrto.si/odziv-na-trditve-policije-glede-varnosti-komunikacijskega-sistema-tetra]

Testing a Prototype of the Outernet L-Band Downconverter

Outernet are a startup company that hope to revolutionize the way people in regions with no, poor or censored internet connectivity receive information. Their service is downlink only, and runs on C and L-band satellite signals, beaming up to date news as well as other information like books, educational videos and files daily. To receive it you will need one of their official or homemade versions of the Lighthouse or Lantern receivers (the latter of which is still to be released), or an RTL-SDR or similar SDR. Recently they began test broadcasts of their new 5 kHz 1539.8725 MHz L-band signal on Inmarsat I4F3 located at 98W (covers the Americas), and they hope to begin broadcasts in more regions soon too.

The typical RTL-SDR is known to often have poor or failing performance above 1.5 GHz (though this can be fixed to some extent), so Outernet have been working on an L-band downconverter. A downconverter works by receiving signals, and shifting them down to a lower frequency. This is advantageous because the RTL-SDR is more sensitive and does not fail at lower frequencies, and if used close to the antenna, the lower frequency allows longer runs of cheap coax cable to be used without significant signal loss.

Earlier this week we received in the mail a prototype of their downconverter. The downconverter uses a 1.750 GHz LO signal, so any signal input into it will be subtracted from this frequency. For example the STD-C frequency of 1.541450 GHz will be reduced to 1750 MHz – 1541.450 MHz = 208.55 MHz. This also means that the spectrum will appear reversed, but this can be corrected by selecting “Swap I & Q” in SDR#. The downconverter also amplifies the signal with an LNA, and has a filter to remove interfering out of band signals.

The Outernet downconverter circuit board.
The prototype Outernet downconverter circuit board.
Specsheet for the downconverter.
Specsheet for the downconverter.

We tested the downconverter using their patch antenna which they had sent to us at an earlier date (the patch antenna is used and shown in this Inmarsat STD-C reception tutorial). Our testing found that overall the downconverter works extremely well, giving us much better signal levels. Previously, we had used the patch + LNA4ALL and were able to get reception good enough to decode STD-C and AERO signals, but with the requirement that the patch be carefully pointed at the satellite for maximum signal. With the downconverter the signals come in much stronger, and accurate pointing of the patch is no longer required to get a signal strong enough to decode STD-C or AERO.

The downconverter can be powered by a bias tee connection, and this works well with our bias tee enabled RTL-SDR dongles. We also tested with the bias tee on the Airspy R2 and Mini and had no problems. It can also be powered with a direct 5V connection to a header, and they note that the header will be replaced by a USB connector in the production version.

The release date and exact price that these will be sold at is not confirmed, but we believe that it will be priced similarly to upconverters at around $50 USD or less. A good low cost downconverter should help RTL-SDR and other SDR users receive not only the Outernet signal better, but also other satellite signals such as STD-C and AERO. Although the input is filtered and the RF frequency is specified at 1525 to 1559 MHz, we had no trouble receiving signals up to GPS frequencies of 1575 MHz, and even up to Iridium signals at 1.626 GHz, though reception was much weaker up that high.

Below are some screenshots of reception. Here we used the Outernet patch antenna sitting in a windowsill with the downconverter directly after the antenna, and then 10 meters of RG6 coax cable to the PC and bias tee enabled RTL-SDR. We found that with the downconverted ~200 MHz signal the loss in the RG6 coax was negligible. Better reception could be obtained by putting the patch outdoors. In some screenshots we used Vasilli’s R820T driver with the decimation feature, which allows you to zoom into narrowband signals much more clearly.

Some AERO Signals Zoomed in with the Decimation feature in SDR#.
Some AERO Signals Zoomed in with the Decimation feature in SDR#. Received with the Outernet downconverter and patch antenna.
Some AERO and other Signals Zoomed in with the Decimation feature in SDR#.
Some AERO and other Signals Zoomed in with the Decimation feature in SDR#. Received with the Outernet downconverter and patch antenna.
Signals zoomed out.
Signals zoomed out. Received with the Outernet downconverter and patch antenna.

Multi-RTL: A GNU Radio Block for Combining and Time Synchronizing Multiple RTL-SDR Dongles

The RTL-SDR has a maximum available stable bandwidth of about 2.4 MHz. Many people have had the idea to combine multiple RTL-SDR dongles together to implement a wider band or multi channel RX device, but very few successful implementations have been seen. The biggest challenge is time synchronization between the multiple RTL-SDR units. Even if a common clock is used, there is no guarantee that the samples streams are synchronized, which can cause problems for the decoding of many signals. The most successful implementations so far have used a common clock, and an external synchronization signal from a generator in addition to other hardware like switches.

However, now Piotr Krysik has come up with a very good and simpler solution for the synchronization of RTL-SDR dongles. Piotr wanted to be able to capture both GSM uplink and downlink channels at the same time. As these channels are not close to each other in the frequency spectrum, he needed two synchronized RTL-SDR dongles to be able to monitor the two channels at once. In order to achieve synchronization he created a GNU Radio block called Multi-RTL, and connected two RTL-SDR dongles to a common clock source.

In his Multi-RTL block he implemented a method of a discovery he made that allows a way to time synchronize the dongles by using a signal that is already being broadcast over the air. He writes that his method is the following:

  • tuning the RTL-SDR dongles to the same frequency where some transmission is present,
  • recording a short signals with all of the dongles,
  • computing cross-correlation of the signals (i.e. with respect to a one selected channel),
  • finding position of maximums of cross-correlations in order to estimate relative delays of the channels,
  • correcting the delays so the channels are time-synchronized,
  • switching the dongles to their target frequencies,
  • changing other parameters of the channels (like gains) to target values.

With his Multi-RTL GNU Radio block Piotr was able to successfully monitor a GSM uplink and downlink channel pair that were spaced 45 MHz apart. Whilst monitoring the signals he sent an SMS to his phone, and then using his recovered encryption key was able to use gr-gsm to decode his message.

The successful implementation of this tool opens the door for many more RTL-SDR based projects, such as the reception of GSM uplink and downlink channels simultaneously, reception of frequency hopping signals, passive radar, and the receiving and decoding of signals with a bandwidth wider than 2.4 MHz.

Two dongles with a common clock.
Two dongles with a common clock.
Synchronizing two dongles by using an external signal.
Synchronizing two dongles by using an external signal.

GNU Radio for Windows + Decoding ATSC HDTV on GNU Radio for Windows

Recently an updated set of binaries and build scripts were posted for GNU Radio for Windows. GNU Radio is a graphical digital signal processing language that is compatible with many software defined radios such as the RTL-SDR. Normally it is used on Linux as the Windows builds have been known to be very buggy and difficult  to install. However the latest update appears to make it easier to install. The changes were announced on the GNU Radio mailing list by Geof Nieboer, and he writes:

An updated set of windows binaries and build scripts have been posted. Quick summary:

1- Added gqrx to package
2- Patched 2 x issues which would cause the generic version to crash on non-AVX systems (one in volk, one in FFTW)
3- Added gr-newmod to package

Plus a number of improvements to make the scripts more robust.

Binaries at http://www.gcndevelopment.com/gnuradio/downloads.htm
Scripts at https://github.com/gnieboer/GNURadio_Windows_Build_Scripts

To run GNU Radio for Windows you will need a 64-bit version of Windows 7/8/10. It appears that the installation is as easy as running the installer and waiting for it to download and install the 1.7 GB worth of files.

Also, over on his blog author designing on a juicy cup posted about how he’d been able to get the GNU Radio Windows binaries to run a ATSC HDTV decoder from a file recorded using an SDRplay RSP (ATSC is too wideband for an RTL-SDR to decode). ATSC is the digital TV standard used in North America, some parts of Central America and South Korea. He writes that one advantage to using GNU Radio on Windows is the ability to use a RAM drive for faster file processing.

GNU Radio ATSC Decoder Running on Windows.
GNU Radio ATSC Decoder Running on Windows.

Second Flock of Early Bird LimeSDR’s for Sale: $249 USD

The LimeSDR is a new transmit capable software defined radio with a 100 kHz – 3.8 GHz frequency range, 12-bit ADC and 61.44 MHz bandwidth which is currently seeking crowdfunding.

A few days ago the LimeSDR crowdfunding campaign went live, and within the first 32 hours all 500 of the $199 USD discounted early bird LimeSDR’s were grabbed up. Since then the crowfunding momentum has unfortunately slowed considerably. However, in an attempt to possibly revitalise the campaign LimeSDR has released a second batch of early bird units which are selling for the $50 discounted price $249 USD. They also write that people who already backed at the higher regular price of $299 USD have automatically been converted to the $249 USD price. At the time of this post there are still 427 early bird units remaining.

We think the LimeSDR has the potential to be a significantly better version of the HackRF and bladeRF which would sell for the same price or even less in the future, so please consider backing the project if an SDR like this interests you. 

Their press release reads:

First, a big thank you to all our backers. With your support, we hit 20% of our campaign target in just over 24 hours and all 500 of the first flock of early bird boards were pledged within 32 hours. This is phenomenal! We have been blown away by the support and excitement from you, our community. Thank you!

Our mission is to democratise wireless innovation. Anybody should have access to this technology and be able to create innovative, game changing solutions. The level of support we have received from all of you has gone a long way to reassure us that we have made a great start in achieving our mission.

We are now confident that the LimeSDR campaign can jump start this democratisation. When we successfully reach our target and have delivered on our commitment, the work doesn’t stop there either. We will continue to work on the LimeSDR platform to improve it, together with the help of the community.

We are also working with the key players in the wireless industry and have been partnering with innovators and organizations, including EE/British Telecom, who share our vision to bring the power of open source innovation to wireless communications in a way that has never been done before.

As a result of the early success of our campaign, we are gathering further support from our manufacturers and suppliers and are now able to offer new pledge levels, including an additional flock of 500 early bird LimeSDR boards boards at a reduced price of $249. This is a significant reduction from the retail price of $299. Those who have already signed up for the $299 LimeSDR will instead pay the reduced price – your order will be amended and an updated order confirmation email will be sent to you within the next 24 hours.

We have big announcements in the pipeline, and our plan is to send you regular updates throughout the campaign. These will include exciting partnerships and new pledge levels as we see the growth of our supporters. Stay tuned!

Cheers,
Jessica and the LimeSDR Team

LimeSDR also recently released a second update that explains their driver architecture.

The LimeSDR with four antennas attached.
The LimeSDR with four antennas attached.

Airspy Mini: $99 USD, 24 – 1800 MHz, 12-Bit RX SDR Now Available for Preorder

Over the last few months we’d constantly heard hints that the Airspy team was working on a miniaturized version of their popular Airspy SDR. Today the Airspy Mini has been released for preorder.

The Airspy Mini has similar high performance specifications to the Airspy R2, but comes in a USB dongle sized enclosure and only costs $99 USD – half the price of the $199 USD Airspy R2. The only difference in specification appears to be that the Airspy Mini has 6 MHz of spurious free bandwidth, versus 9 MHz in the Airspy R2, and that it lacks the external clock input and some of the expansion headers which are mainly useful only for advanced experimenters. The other features including its 24 – 1800 MHz operation, 12-bit ADC and 0.5 PPM TCXO all remain the same. The Airspy team also write that the Mini still supports a 20 MSPS mode for ADS-B decoding with the ADSBSpy decoder, which should place its ADS-B decoding performance at an identical level to the Airspy R2, which is very good.

The Airspy Mini SDR Dongle
The Airspy Mini SDR Dongle

To receive the HF frequencies the Airspy team are also releasing an Airspy Mini + SpyVerter bundle which will cost $149 USD. The SpyVerter is an upconverter designed to work with Airspy products, but has also been found to work well with the RTL-SDR. 

At these prices the Airspy Mini competes heavily with the $149 USD SDRplay RSP which is a similarly specced SDR. In a previous review on this blog that compared the SDRplay RSP and Airspy R2 we found that the Airspy generally performed better in the presence of strong signals.

In the future we hope to review the Airspy Mini and check to see if its performance is similar to the Airspy R2. If its RX performance is at least the same as the R2, then it probably will be the best value SDR for those wanting to upgrade from an RTL-SDR.

The inside of the Airspy Mini.
The inside of the Airspy Mini.

LimeSDR (Previously Sodera) Now Crowdfunding: $299 100 kHz – 3.8 GHz 12-Bit TX/RX SDR

Previously we posted news about the upcoming release of SoDeRa/LimeSDR, a low cost 100 kHz – 3.8 GHz range RX/TX capable software defined radio. Due to copyright reasons SoDeRa have renamed the product to LimeSDR.

The LimeSDR is now seeking crowdfunding and is looking for a $500,000 funding goal. At the time of this post on the first day of funding the total is already at $65,000, with 53 days left to go, so it appears that there is a high chance of it being funded. The description reads:

LimeSDR is a low cost, open source, apps-enabled (more on that later) software defined radio (SDR) platform that can be used to support just about any type of wireless communication standard. LimeSDR can send and receive UMTS, LTE, GSM, LoRa, Bluetooth, Zigbee, RFID, and Digital Broadcasting, to name but a few.

While most SDRs have remained in the domain of RF and protocol experts, LimeSDR is usable by anyone familiar with the idea of an app store – it’s the first SDR to integrate with Snappy Ubuntu Core. This means you can easily download new LimeSDR apps from developers around the world. If you’re a developer yourself, you can share and/or sell your LimeSDR apps through Snappy Ubuntu Core as well.

The LimeSDR platform gives students, inventors, and developers an intelligent and flexible device for manipulating wireless signals, so they can learn, experiment, and develop with freedom from limited functionality and expensive proprietary devices.

The price for a single board is $299 USD for regular backers, but there is an early bird price of $199 USD. At the time of this post there are still over 200 boards left to go at the lower price. There are also higher end options such that add turn-key support and acrylic and aluminium enclosures as well as a PCIe interface option.

The LimeSDR can tune from 100 kHz – 3.8 GHz, can have a bandwidth of up to 61.44 MHz, uses a 12-bit ADC, has two transmit channels, two receive channels, is full duplex and comes with a 4 PPM stable oscillator. To achieve such a high bandwidth the board requires a USB 3.0 connection, and will likely require a modern PC to reach a high bandwidth. From its pricing and specs it looks like it can be thought of a next generation HackRF, or lower cost version of the high end Ettus SDR’s.

The LimeSDR with four antennas attached.
The LimeSDR with four antennas attached.