Over on YouTube, RootKid, who specializes in creating engineering-based art projects, has developed an interesting wall-mounted art display panel that visualizes Wi-Fi activity by using a HackRF as the monitoring software-defined radio. The display uses a Raspberry Pi, a HackRF, and a custom-made LED light bar. The HackRF receives a 5 GHz Wi-Fi channel, and the Pi translates this into activity on the LED display, creating a visual piece that lets those around know when Wi-Fi activity is high.
The idea is to show that "we live surrounded by ghosts of our own making", which refers to the invisible storm of electromagnetic signals that we created to serve us in our modern lives.
Over on the YouTube channel "Nostalgia For Simplicity," the creator has uploaded a video where he revisits the original 1G analog cellular system, AMPS, to finally understand a mysterious phenomenon he experienced over 20 years ago as a kid, where he was able to unintentionally intercept other people's calls with his 1G phone. Using vintage hardware like the Ericsson DH668, he recreates a small AMPS network and confirms that the system is fully analog, instant, and surprisingly good-sounding.
AMPS worked by dividing the spectrum into numbered voice channels, with each call occupying one channel at a time. In busy cities, simply tuning to an active channel could let you hear someone else’s call. In this revival setup, there is only one active call, making the effect easy to demonstrate. This is essentially wideband analog FM voice on fixed channels, something easily observable and demodulated with modern SDR hardware.
Investigating this ancient 1G tech has highlighted why 1G systems were fundamentally insecure and why the world moved on to digital standards. If you're interested, the other videos on his channel continue to explore early cell phones and their quirks.
ADSBee is an open-source project that has implemented a 1090 MHz ADS-B decoder on a Raspberry Pi RP2040 microcontroller using a programmable I/O (PIO) pin.
PIO pins cannot handle RF signals, so the ADSBee front end is a critical analog circuit that enables this to work. It consists of a 1090 MHz SAW filter to remove other signals, a low-noise amplifier, and, critically, a log-power detector, which essentially converts the pulse-position-modulated 1090 MHz ADS-B signal to baseband, which the PIO can handle.
However, this same trick does not work for 978 MHz UAT, as UAT signals are not pulse position modulation like ADS-B. Instead, for UAT support, the ADSBee design takes a more traditional approach, using a CC1312 sub-GHz transceiver chip connected to the RP2040.
Finally, an ESP32 S3 is added to the stack to enable networking via WiFi, allowing for received and decoded data to be used.
The project is entirely open source on their GitHub, apart from some of their commercial PCB designs. They also have a store, where they sell pre-made kits. A kit consisting of the ADSBee, 1090 MHz Antenna, and 978 MHz costs US$152in total. They are also selling an industrial model for $995, which includes PoE power.
Thank you to Edwin Temporal for writing in and showing how his proprietary neuromorphic engine, GhostHunter (Anti-LIF), is being used to recover satellite data buried in the noise floor, which typical DSP methods would fail to do.
To recover the signals, Edwin uses trained Spiking Neural Networks (SNN). SNNs are artificial neural networks that draw further inspiration from nature by incorporating the 'spiking' on/off behavior of real neurons. Edwin writes:
My engine has successfully extracted and decoded structured data from high-complexity targets by mimicking biological signal processing:
Technosat: Successful decoding of GFSK modulations under extreme frequency drift and low SNR conditions.
MIT RF-Challenge: Advanced recovery of QPSK signals where traditional digital signal processing (DSP) often fails to maintain synchronization.
These missions are fully documented in the https://temporaledwin58-creator.github.io/ghosthunter-database/, which serves as a public ledger for my signal recovery operations. Furthermore, the underlying Anti-LIF architecture is academically backed by my publication on TechRxiv, proving its efficiency in processing signals buried deep within the noise floor.
Although the engine remains proprietary, I provide comprehensive statistical reports and validation metrics for each mission. I believe your audience would be thrilled to see how Neuromorphic AI (SNN) is solving real-world SIGINT challenges.
In the database, Edwin shows how his Anti-LIF system has recovered CW Morse code telemetry and QPSK data from noisy satellite signals.
While Edwin's Anti-LIF is proprietary, he is offering proof of concept decoding. If you have a 250MB or less IQ/SigMF/Wav recording of a signal that is buried in the noise floor, you can submit it to him via his website, and he will run Anti-LIF on it for analysis.
Advanced readers interested in AI/neural network techniques for signal recovery can also check out his white paper on TechRxiv, where he shows signal recovery from signals buried in WiFi noise, as well as results from use in ECG and Healthcare applications.
An Example Signal Recovery with the Anti-LIF Spiking Neural Network
The program is written in Python, and allows a user to visualize Touchstone S-parameter graphs in a terminal, using simple ASCII character-based plotting techniques. Touchstone files are created by Vector Network Analyzers (VNAs), which are used to measure and tune antennas and RF components, or by RF simulation software.
Over on YouTube, the "Spy Collection" channel has recently uploaded a video detailing the US National Security Agency's (NSA) GENESIS spy gadget. GENSIS was a modified Motorola cell phone that contained a full software-defined radio system within. This system allowed NSA agents to discreetly record the local RF spectrum for later analysis. For example, an agent may have been able to record the frequencies and RF protocols used at particular facilities of interest for use in later operations.
Details about the NSA GENESIS were revealed when the NSA's Advanced Network Technologies (ANT) catalogue was publicly leaked back in 2013. Originally, project GENESIS was due to be declassified in 2032.
Spy Collection also notes that the leaked documents indicate it is possible the phone was also used, or intended to be used, as a "finishing tool". In other words, a remotely detonated explosive phone, that could be given to persons on the US terrorist list.
Recently, SunFounder sent us a free review unit of their latest "Pironman 5 MAX" enclosure for Raspberry Pi 5 devices. While not directly related to SDR, we thought we'd accept the unit and review this product, as RTL-SDRs are often used together with Raspberry Pi 5 single-board computers. Depending on the number of SDRs connected and the software used, SDR applications can consume a significant amount of CPU, causing heat and throttling down of CPU speeds; therefore, adequate cooling may be necessary.
The Pironman 5 costs US$94.99 if purchased directly from the SunFounder website, and they advertise that US duties and EU VAT are included in the pricing. There is also the slightly lower Pironman 5 model available for US$79.99. The main difference between the 5 and 5 MAX is that there is only one SSD expansion slot vs two on the 5 MAX, and no tap-to-wake OLED functionality.
Overview
The Pironman 5 is what we would consider a high-end enclosure for the Raspberry Pi. It includes a large CPU tower cooling heatsink with a fan, along with two case fans to keep the internal temperatures down.
It also adds a dual slot NVME M.2 expansion board to the Pi 5, so that you can install two SSDs or one SSD and a Hailo AI accelerator module. SSDs might be useful for RTL-SDR users who are recording large amounts of IQ data, or saving many weather satellite images, for example. The Hailo AI accelerator module could turn a Raspberry Pi and RTL-SDR into an RF intelligence powerhouse. One advanced AI use-case might involve running local Whisper speech recognition to log voice communications to text, followed by using a local LLM to summarize daily received data (noting that you'll need to wait for the Hailo-10H model to run local LLMs).
Finally, it also adds an OLED status display, which shows current CPU temperature and fan speeds, as well as an on off button.
Another plus is that the GPIO header remains accessible on the outside of the enclosure, thanks to an extender included in the design.
Pironman 5 Fully Assembled
Assembly
Assembly of the Pironman 5 took just over 30 minutes. It involves screwing in standoffs, seating the heatsink/fans, connecting jumpers and ribbon cables, and screwing down the panels. A nice color paper assembly manual is provided, making the installation easy to follow. Anyone who is mildly familiar with installing connectorized PC components should have no trouble.
All parts included with the Pironman 5.Pironman 5 Assembly ManualPironman 5 Built (Acrylic side panels off)
Software Installation and Usage
After assembly, you can simply insert a freshly burned Raspbian image into the SD card slot and power on the unit.
At this stage, you now need to install some software to properly control the OLED, CPU fans, and case fans. This involves installing some software from their GitHub, but you can simply copy and paste the commands in the terminal one by one.
Once the software is installed a web UI is exposed at <IP_ADDR>:34001. Here you can monitor various stats including CPU temps, and make changes to the OLED, RGB and fan behaviour.
Pironman 5 Web UI
OLED QC Problems?
Unfortunately, our unit had a problem where the OLED screen wouldn't work. We attempted fresh software installs and reseated all cables and connectors, but had no luck. Upon contacting SunFounder, they immediately sent us a new OLED screen to try. But the replacement also did not work.
However, when trying the new screen, we noticed that the screen would briefly light up when we pressed on the FPC connector. Upon inspecting the FPC connector, we noticed that some pins on the PCB looked suspiciously low on solder compared to the others, so we applied flux and used a hot soldering iron to refresh them. After doing this, the OLED screen began working again.
Based on our dealings with SunFounder, we believe that they're support is good, and any customer facing similar issues would be supplied with replacement parts if required.
Pironman OLED Screen Working
Usage and Performance with RTL-SDR
As expected, with the great cooling in place, the Raspberry Pi 5 never throttled down when running an RTL-SDR with SDR++. We also tested it with our KrakenSDR system, which requires more CPU, and found great performance too.
The rear GPIO fans are quiet enough, and the CPU fan makes almost no noise inside the enclosure. We ran a stress test using the 'stress' Linux package, which can push all four CPU cores to 100%. With the fans running in a room with an ambient temperature of 22 degrees, we saw that the CPU temperature never went above 55 degrees C.
While still running 'stress', we manually disabled the two GPIO fans, and the temperature stabilized at around 66 degrees C. So the rear fans may only be required to be on when you have an SSD or AI module installed.
Conclusion
If you're looking for a high-quality enclosure and cooling solution for the Raspberry Pi 5, the Pironman 5 MAX is probably the best high-end solution available. Not only does the enclosure protect the Raspberry Pi 5 completely, but the cooling performance is excellent, and the ability to add SSDs and AI modules is great too.
Disclaimer: We were given a unit for free in exchange for an honest review. We received no other compensation.
The researchers used a simple off-the-shelf 100cm Ku-band satellite dish and a TBS-5927 DVB-S/S2 USB Tuner Card as the core hardware, noting that the total hardware cost was about $800.
Simple COTS hardware used to snoop on unencrypted satellite communications.
After receiving data from various satellites, they found that a lot of the data being sent was unencrypted, and they were able to obtain sensitive data such as plaintext SMS and voice call contents from T-Mobile cellular backhaul and user internet traffic. The researchers notified T-Mobile about the vulnerability, and to their credit, turned on encryption quickly.
They were similarly able to observe uncrypted data from various other companies and organizations, too, including the US Military, the Mexican Government and Military, Walmart-Mexico, a Mexican financial institution, a Mexican bank, a Mexican electricity utility, other utilities, maritime vessels, and offshore oil and gas platforms. They were also able to snoop on users' in-flight WiFi data.
Cellular Backhaul We observed unencrypted cellular backhaul data sent from the core network of multiple telecom providers and destined for specific cell towers in remote areas. This traffic included unencrypted calls, SMS, end user Internet traffic, hardware IDs (e.g. IMSI), and cellular communication encryption keys.
Military and Government We observed unencrypted VoIP and internet traffic and encrypted internal communications from ships, unencrypted traffic for military systems with detailed tracking data for coastal vessel surveillance, and operations of a police force.
In‑flight Wi‑Fi We observed unprotected passenger Internet traffic destined for in-flight Wi-Fi users on airplanes. Visible traffic included passenger web browsing (DNS lookups and HTTPS traffic), encrypted pilot flight‑information systems, and in‑flight entertainment.
VoIP Multiple VoIP providers were using unencrypted satellite backhaul, exposing unencrypted call audio and metadata from end users.
Internal Commercial Networks Retail, financial, and banking companies all used unencrypted satellite communications for their internal networks. We observed unencrypted login credentials, corporate emails, inventory records, and ATM networking information.
Critical Infrastructure Power utility companies and oil and gas pipelines used GEO satellite links to support remotely operated SCADA infrastructure and power grid repair tickets.
The technical paper goes in depth into how they set up their hardware, what services and organizations they were able to eavesdrop on, and how they decoded the signals. The team notes that they have notified affected parties, and most have now implemented encryption. However, it seems that several services are still broadcasting in the clear.
