In the past we've posted about the Dictator Alert project a few times, as it makes use of ADS-B data contributed to ADS-B Exchange via volunteers who typically run an RTL-SDR as part of their ADS-B reception hardware. The project aims to track the movements of Dictators around the world via their use of private jets that can be tracked via ADS-B logging.
Over on Reddit the leader of the project Emmanuel has posted asking for donations. If you think this is a worthy project, please consider donating.
I'm raising some funds for our www.dictatoralert.org project which tracks aircrafts used by dictatorships all over the world (using SDR!). You can see all of the tracking for free on the website and several twitter bots (London, Paris, Geneva, EuroAirport).
You can give one-off donations or sign up to the Patreon, then I'll set you up with email alerts for your "favorite" dictators, airports, or any plane you like.
Dr. Marc Lichtman has recently released his free online PySDR guide to Digital Signal Processing (DSP) explained with the help of software defined radio and Python code. Over the years we've seen numerous SDR & DSP courses come out, some requiring payment and some free. We note that this guide is completely free, and appears to be one of the better if not the best guide in terms of explaining DSP fundamental concepts in an easy to understand way. A lot of visualizations and animations are used which really help anyone new to the subject.
While the explanations are very good, please note that this is still a technical University level guide intended for Computer Science or Engineering students, so prerequisite knowledge is required. Dr. Marc recommends it for someone who is:
Interested in using SDRs to do cool stuff
Good with Python
Relatively new to DSP, wireless communications, and SDR
A visual learner, preferring animations over equations
Better at understanding equations after learning the concepts
Looking for concise explanations, not a 1000 page textbook
The SDR hardware used in the book examples is the PlutoSDR which is a fairly low cost SDR intended for use by students. However, the PlutoSDR isn't required as most of the code examples use generated data.
To begin the investigation stdw first opened the case and looked for a serial UART port. After finding one he connected the UART up to a Raspberry Pi and was almost immediately able to connect to the device's terminal. From the information displayed during the boot process, stdw was able to determine that the modem was running the eCos operating system on a Broadcom BCM3383 SoC. Unfortunately after receiving that information the UART connection is dropped, preventing any further terminal investigation.
To get around this issue, stdw decided to dump the flash memory via an SPI memory chip he saw on the board. Again using the Raspberry Pi he was able to connect via SPI and use the flashrom tool to read the memory. Next using a tool called bcm2-utils, stdw was able to parse and actually modify the configuration information stored in the flash memory. With this he was able to modify the configuration so that the serial connection did not drop after boot.
With terminal access gained, stdw was now able to reverse engineer the firmware, and after a lot of searching eventually find a console command which would perform a bandpower measurement for a given frequency range. He found that IQ data for this scan was stored in a buffer which he could then stream out via a TCP connection. With the IQ data finally available on another PC he was then able to use Python libraries to compute an FFT and actually visualize the scanned spectrum. Some further investigation yielded actually demodulated FM audio, and the realization that the usable bandwidth is 7.5 MHz.
Unfortunately there were some limitations. There is only enough RAM to store less than a second of data at a time at max bandwidth and precision, which meant that a lot of data needed to be dropped in between captures. Further investigation yielded methods to reduce the sample rate down to 464 kHz which meant that only 12% of data was ever dropped - enough to stream a wideband FM radio signal.
If you wanted to try investigating the modem yourself, the Motorola MB7220 is available second hand on eBay for prices ranging between US$15 - US$40, and new on Amazon for $46.99. Although the usability of the modem for any real SDR applications may not be great, further investigation may yield better results. And if not, following along with the process stdw took looks to be a great reverse engineering learning experience. Other modems that use similar Broadcom chips may also be worth investigating.
The Motorola MB7220 connected to a Raspberry Pi for reverse engineering
Flipper Zero isn't an SDR, but it is an interesting RF capable pentesting tool that is currently being crowdfunded, and we think it deserves a post. Based on a TI CC1101 transceiver chip, the Flipper Zero has a sub 1-GHz radio capable of doing things like emulating a garage door remote, transmitting digital signals like OOK/ASK/FSK/GFSK/MSK at 315/433/866 MHz, analyzing and decoding popular remote control algorithms like Keeloq, and reading and emulating 125 kHz RFID tags. And as the crowd funding stretch goals have already been reached, the hardware will also include a Bluetooth and NFC module.
In addition to the RF features, it has a 1-wire iButton/TouchMemory/Dallas key reader, can function as a U2F security token, has an infrared transceiver with learning feature for emulating IR remotes and has 12 5V tolerant GPIO pins available for expansion with modules such as interfaces, sensors, wireless modules and cellular modems. It can also emulate a USB slave device like a keyboard allowing you to deploy a keyboard payload.
Flipper Zero currently costs US$119 however it will soon jump to US$129 once the early bird special runs out. At the time of this post they already have 13,000 backers and have raised in excess of 2.5 million dollars. There is still 25 days left in the campaign.
A new SDR has recently launched on the CrowdSupply crowdfunding platform. This one is called "iotSDR" and is designed to be a software defined radio to help developers and enthusiasts design custom Internet of Things (IoT) algorithms and protocols.
It has a 2-channel AT86RF215 transceiver chip which is capable of tuning to all major IoT frequencies as well as a 13-bit ADC with sample rate of up to 4 MSPS. In addition is a MAX2769B chip which is used for the GNSS reception of GPS, GLONASS, Galileo and Beidou positioning satellites. An onboard ZYNQ XC7Z010 / XC7Z020 FPGA can be used for any hardware computing required.
iotSDR currently costs US$399 for the Zync XC7Z010 FPGA version, and US$599 for the Zynq XC7Z020 FPGA version. At the time of this post there are 37 days left in the campaign.
Embedding SDR in IoT
iotSDR provides a platform that allows SDR developers and enthusiasts to design innovative algorithms and cutting-edge products. While wide-band SDRs are more versatile, narrow-band transceivers perform better for many IoT-related applications. Accordingly, iotSDR hosts two narrow-band Microchip AT86RF215 transceivers that provide their own base-band cores and have the ability to handle their own I/Q signal streaming. The result is an extremely powerful tool for anyone who is looking to simplify the task of developing, testing, and deploying high-complexity frameworks.
A Powerful FPGA and a GNSS Chip to Round It Out
iotSDR’s Microchip transceivers are backed by a Zynq SoC—which provides an FPGA and a processing system in a single package—as well as a MAX2769 GNSS chip capable of streaming live signal records. That GNSS chip can be used for custom GPS, Galileo, BieDou, and GLONASS receiver development, and is perfect for projects in the location-based services (LBS) domain such as those related to navigation and surveying.
Use Existing Software, Design a Protocol, or Build a Gateway
You can drive the hardware described above using a wide variety of popular open source software, including the Xilinx PYNQ Python framework, Jupyter Notebooks, and GNU Radio.
And if your work is further down the stack, don’t worry. iotSDR still has you covered. If you want to design and implement a physical layer IoT protocol, for example—a protocol like LoRa, SigFox, WightLess, Bluetooth, BLE, 802.15.4, ZigBee, or something of your own design—this board is for you. It’s also a great place to start if you want to build a custom IoT gateway along the lines of The Things Network, LPWAN, or Google’s Thread.
Radio has long been a pillar of modernization and technology, and this remains true in the era of software-defined radio. The Internet of Things, in particular, stands to benefit from the latest advancements in SDR technology. With iotSDR, you can be part of the community that makes that happen.
Thanks to Thomas' SWLing Blog for bringing to attention the Silphase R1 SDR receiver. This is an upcoming high performance HF SDR receiver being manufactured in the EU by a Polish company called Silphase. The R1 appears to be targeting premium SWLer customers with a price of US$1199. However, they note that by the end of 2020 they will have a 25W transceiver option, and later a 100W transceiver option. The SDR is currently available for preorder only and the sign up form can be found at the bottom of their website.
The Silphase R1 comes with a 5" touch screen that shows a spectrum display, has dual VFO's, four speakers and a metal alloy enclosure. It also comes with a built in telescopic antenna, but external antennas can be connected with the F connector. The tuning range is just the HF bands from 0.1 - 30 MHz and the ADC resolution is 16 bits.
Rendering of the upcoming Silphase R1 HF SWLing SDR
SignalsEverywhere is back this week and in her latest video Sarah talks about using a combination of Audacity, Minimodem and Multimon-ng to decode digital data that could be obtained from an SDR or other signal source.
Sarah was interested in the 2020 Hackasat space security challenge and specifically in completing the 56k Flex Magic challenge which consists of an emulated signal from an old 56k modem. Within the 56k modem signal is secret information required to complete the challenge.
Sarah first shows how to use Multimon-ng to decode the DTMF tone section of the signal. These are the tones heard when dialling on a landline phone. She then goes on to show how to use Audacity in spectrogram mode to take a closer look and analyze the next chunk of the signal. Then by using the information gained about the signal from the spectrogram analysis she is able to decode the data via minimodem.
Audacity Decoding Data?! Using Audacity Multimon-ng and Minimodem to Decode Digital Audio Data!
The Software Defined Radio Academy is an organization that holds a conference within the yearly HAMRADIO fair in Friedrichshafen, Germany. This year due to the pandemic the conference was held online, and recently videos from the various talks have begun to slowly get uploaded to their YouTube channel.
The talks are typically very technical in nature, but if you're interested in cutting edge SDR research and applications then these are good talks to get caught up on. Currently there are seven videos that have been uploaded, but we are expecting that there are more to come since there are more talks listed in their programme. They appear to be uploading one video per day at the moment so get subscribed to their YouTube channel for the upcoming videos.
The currently uploaded talks include:
A Keynote interview with N1UL Dr. Ulrich Rohde
Laurence Barker G8NJJ: Using Xilinx Vivado for SDR Development
Edwin Richter DC9OE, Crt Valentincic S56GYK: Usage of higher order Nyquist Zones with Direct Sampling Devices
Prof. Dr. Michael Hartje DK5HH: Signalprocessing in the man made noise measurement system ENAMS
Bart Somers PE1RIK: Long term spectrum monitoring using GNUradio and Python
We are looking forward to the upcoming talks like the one by Dr. Bastian Bloessl DF1BBL that discusses the GNU Radio on Android implementation.
