Category: RTL-SDR

Slovenian whistleblower who was convicted for reporting a flaw in Police TETRA with an RTL-SDR requests donations

Back in May 2016 we posted about Dejan Ornig, a then 26 year old student at the University of Maribor's Faculty of Criminal Justice, Slovenia who was almost imprisoned for using an RTL-SDR and finding a security flaw in Police TETRA communications. Dejan's story was one of the first of several stories we presented over the years involving a person getting into legal or political trouble from the use of SDRs like the RTL-SDR in more authoritarian countries.

TETRA is a RF digital voice and text communications protocol often used by authorities in European and other countries due to its ability to be secured via encryption. By using an RTL-SDR and an open source TETRA decoder, Dejan discovered that despite official documents specifying that all Police TETRA terminals must be authenticated (we assume this refers to encryption), none actually were.

Dejan went ahead and ethically reported his findings to the Slovenian authorities, working together with Police officers to disclose all his findings. However, in the end no action was taken, and Dejan took his findings to the press. It was then that Dejan was prosecuted by Slovenian Police, his house raided, and he discovered that Police had been collecting evidence against him for more than a year.

To complicate matters further it appears that Dejan also worked as an intelligence informant for the Police and was illegally instructed and helped by two Police detectives to hack into e-mails, Facebook profiles and other online communications of people deemed suspicious.

After seven years of court hearings, his case on the TETRA hack ended in 2022 with Dejan subjected to a seven month suspended prison sentence . Although suspension means that Dejan will not physically reside in jail, his record still records him as a criminal.

The criminal trial and conviction has led to Dejan having problems securing a job and moving forward with his life. He is currently asking for donations online in order to help get his life back on track. Dejan's full story can be read at the funding site. Alternatively you can donate via PayPal.

NOTE: As donation requests can often be scams, we have independently verified that it is indeed Dejan Ornig who submitted this story to us, and that the donation site and PayPal link is legitimate.

NOTE 2: In the past we have had issues moderating comments with stories involving transgender and female contributors. Dejan's story contains info about his sexual orientation and we will not accept derogatory comments on this site regarding this. If desired, please discuss the technical and legal nature of Dejan's situation, any other comments will be removed.

TETRA Decoding (with telive on Linux)
An Example TETRA decoding setup

ADS-B Exchange Acquired by Private Firm JETNET

Today news has come out that ADS-B Exchange (ADSBx) founder Dan Streufert has sold ADSBx to a private firm called JETNET for (an estimated) $20 million. Dan was the sole owner of ADSBx, and after the sale he remains employed by JETNET. JETNET is a firm that provides aviation market intelligence to business customers.

UTICA, NY - JETNET, a leading provider of aviation data and market intelligence, announced today that it acquired ADS-B Exchange, one of the world’s largest networks of ADS-B/Mode S/MLAT feeders and providers of real-time and historical flight data. The acquisition is the second of what the company anticipates will be several future acquisitions as JETNET expands its data-driven product offerings for the aviation industry.

Founded in 2016 by Dan Streufert, ADS-B Exchange aggregates approximately 750,000 messages per second worldwide via receivers hosted by aviation enthusiasts around the world. The acquisition of ADS-B Exchange will enable JETNET to expand its flight data solutions with real-time information.

“ADS-B Exchange was founded as the go-to resource for aviation and flight-data enthusiasts,” said Dan Streufert, President and Founder of ADS-B Exchange. “Joining forces with JETNET is the perfect match as we look to meet the business needs of our users while maintaining our enthusiast roots and unfiltered data. With a long history of providing highly valuable data to the aviation industry, JETNET offers the resources we need to accelerate our growth.”

Like JETNET, ADS-B Exchange serves numerous constituents across the aviation industry, including Maintenance, Repair, Overhaul (MRO), airport operations, and aircraft leasing. In addition, its real-time data is used by dozens of commercial customers across numerous end markets, including aerospace & defense, government, research/academic, and financial services.

“We are committed to providing our customers with innovative product offerings which provide the information and intelligence they rely on to make critical business decisions,” said JETNET CEO Derek Swaim. “We’ve long admired ADS-B Exchange and know how strategic the company’s real-time data offerings are to the aviation industry. Dan has done an incredible job building a fast-growing business that customers love. We believe he, and the ADS-B Exchange platform, will bring significant value to our customers.”

About JETNET

As a leading provider of aviation market information, JETNET delivers comprehensive and reliable business aircraft research to its exclusive clientele of aviation professionals worldwide. JETNET is the ultimate source of information and intelligence on the worldwide business, commercial, and helicopter aircraft fleet and marketplace, comprising more than 110,000 airframes. Headquartered in its state-of-the-art facility in Utica, NY, JETNET offers comprehensive, user-friendly aircraft data via real-time internet access or regular updates. JETNET is a portfolio company of Silversmith Capital Partners.

ADSBExchange.com is an open source aggregator of ADS-B aircraft tracking data, contributed by volunteers who are all mostly running RTL-SDR radio dongles and Raspberry Pi based feeders. ADS-B data is transmitted at 1090 MHz and can be used to track aircraft movements.

Outrage over the sale has been expressed on Discord by various ADSBx open source co-developers who objected to the sale and appear to have received no compensation from the deal. The outrage has resulted in some co-developers actively encouraging that volunteer feeders remove their station from the ADSBx network. Several hundred of the over 9000 feeders have already disconnected their feeding stations, and the count is dropping (at the time of this post there were 9234 feeders).

Unlike similar ADS-B aggregators like FlightAware, FlightRadar24 and RadarBox, ADSBx is open source and promises to never censor the ADS-B data of billionaires, political leaders, military, police or other sensitive private aircraft. This has caused discussion over whether this free speech absolutist stance is either less or more moral. At the moment it is unclear if the acquisition will result in any ADSBx censorship policies changing.

Famously the @elonjet account (now @ElonJetNextDay) on Twitter used data from ADSBx. This account was used to automatically tweet out the location of Twitter owner Elon Musk's private jet in real time. The @elonjet account along with the @adsbexchange account was banned from Twitter shortly after Elon Musk's child had an altercation with a stalker. Legal action was threatened against @elonjet and "organizations who supported harm to [Elon Musk's] family" which could imply that ADSBx is in the legal action firing line.

While the sale may be discouraging to some, the project is still entirely open source, so it seems that only the branding and rights to the data collected have been sold. The following is entirely speculation on our behalf, but given that ADSBx was likely not very profitable and struggling to cover operating costs from donations only, and the threat of substantial legal action being taken against it's sole owner, the sale seems like the smart decision for the founder. We hope that the co-developers will receive some fair compensation as well.

ADS-B Exchange has been key to projects like "Dictator Alert" which tracks the real time location of the private jets of known dictators.

The Organized Crime and Corruption Reporting Project (OCCRP) has also made use of ADS-B Exchange data in the past to uncover the role that US civilian aircraft contractors are playing in the East African "kill chain".

Media have also used ADS-B Exchange to track the movements of the military aircraft like Black Hawk Helicopters and CBP Predator drones that were used to monitor crowds during the George Floyd protests.  

On Twitter John Wiseman @lemonodor has also been using ADS-B Exchange data for various projects like "Advisory Circular Bots" which automatically detects circling aircraft (which may be of interest, as a circling aircraft may indicate an incident in the area), and for highlighting areas of the globe with possible GPS jamming which can be inferred from the GPS location data transmitted by aircraft. He also uncovered a massive, secret FBI operation involving the use of 'spy planes' operating over American cities.

Unrelated to ADS-B Exchange, live ADSB tracking is also used by hedge fund investors to gain an edge by tracking the movement of company aircraft in order to try and predict deals and by UN investigators investigating arms embargo violations.

ADSBExchange.com interface
ADSBExchange.com interface
Viewing the tracks of 1-day of police helicopter activity in the new ADSBExchange tar1090 interface.
Viewing the tracks of 1-day of police helicopter activity in the new ADSBExchange tar1090 interface.

The Meteor M2 LRPT Weather Satellite has Failed

Meteor M2 is a Russian meteorological satellite whose LRPT transmissions at 137 MHz were relatively easily received by anyone with a simple satellite antenna and an RTL-SDR and computer. Meteor M2 was launched in July 2014, and it should not be confused with Meteor M2-1 which failed on launch in 2017 due to an upper stage deployment issue, or Meteor M2-2 which suffered a micrometeorite strike in 2019.

Unfortunately it appears that Meteor M2 has permanently failed on 24 December 2022. Problems with the Meteor M2 satellite losing orientation stability have occurred several times in the past, and have always been fixed within a few days after the event. There was initially hope that after the holidays when the engineers returned to work that the problem would be fixed. However @Serge, a Russian radio amateur who talks with Meteor engineers on Russian amateur radio forums has recently mentioned on Twitter that recovery seems unlikely.

As well as @Serge's twitter, Happysat keeps track of Meteor M2 satellites on his Meteor M2 status page so keep an eye there for any updates. At the moment all LRPT transmissions have been turned off.

In 2019 the Meteor M2-2 (the third M2 satellite) also failed in December due to a micrometeorite strike. Meteor M N2-2 was partially recovered, and while it can no longer transmit LRPT, it can still transmit HRPT in the L-band, when in sunlight.

The good news is that Meteor M2-3 is due to be launched in 2023, and this will hopefully bring back LRPT reception. Currently the only weather image satellites transmitting at 137 MHz are NOAA-15, NOAA-18 and NOAA-19. NOAA-15 still lives, but may be slowly failing. NOAA-18 and NOAA-19 are also aging satellites but show no signs of wear so far.

If you are interested in satellite reception and want to future proof your setup against more 137 MHz band satellite failures, we recommend looking in LRIT/HRIT or HRPT satellite reception which is a little more complex, but has become significantly easier to get started with in recent times.

Meteor M2 Failure: One of the last LRPT images received by Happysat before it was turned off.

rtl_433 ported to ESP32 microcontrollers with CC1101 or SX127X Transceiver Chips

Receiving wireless sensors operating in the unlicensed ISM band has been made almost universal with rtl_433 and RTL-SDRs. However, recently rtl_433 has been ported over for use on ESP32 microcontrollers that are combined with CC1101 or SC127X transceiver chips.

PCB boards that combine these two chips can be found cheaply on Aliexpress as LoRa boards, under the name "LILYGO LoRa 32". If you are unaware, ESP32 chips cheaply combine a WiFi and Bluetooth modem with a microcontroller that is capable of hosting a webserver. CC1101 and SC127X are low cost low power hardware transceiver chips made for IOT devices. We've posted about LILYGO boards in the past as they've been used with interesting projects such as Meshtastic, and for weather balloon tracking.

This project could be useful for home automation as a module has been made available for openMQTTGateway. Instead of dedicating a more powerful Raspberry Pi and RTL-SDR, you can now dedicate a much cheaper and much lower power device to the task. 

[Also seen on Hackaday.]

RTL_433 running on a LILYGO LoRa V2 Board
RTL_433 running on a LILYGO LoRa V2 Board

YouTube Satellite Decoding Series

Over on YouTube @dereksgc has been putting together a comprehensive video series on weather, amateur and other satellite reception. His series starts with receiving images from NOAA APT satellites, then Meteor M2, as then goes on to talk about low cost V-Dipole satellite antennas, how satellite dishes work, and recently how to use Ku-band LNBs with a satellite dish.

If you're getting started with RTL-SDR and satellite reception, this video series may be a good introduction for you.

Downloading images directly from weather satellites || Satellite reception pt.1

Conference Presentation on SDR Radio for Hackers and Nosy Nellies

At last years F-Con Jim Gatwood presented a talk titled "SDR Radio for Hackers and Nosy Nellies". The two hour talk has recently been uploaded to YouTube and covers the basics of software defined radio theory, RTL-SDRs and their installation, use of common software, GNU Radio basics, and a broad overview of various other applications including rtl_433, ADS-B and more.

If you're looking for a broad overview of the software defined radio field, and what you can do with SDRs then this may be an interesting talk for you. 

SDR Radio for Hackers and Nosy Nellies

SIGpi: A Signal Intelligence Focused Linux “Go-Kit”

Thank you to Joe NE2Z for sharing his Linux distribution called SIGpi. SIGpi is an installable Linux distribution for Ubuntu and Raspberry Pi 3/4 that focuses on providing multiple open source SDR programs that can be used for signal intelligence. Support for RTL-SDR and other SDRs is included.

The distro is actually created via a bash script that installs all the programs automatically on a fresh OS install. It also provides a system for easily upgrading software as developers work on them.

For a full list of the software that comes with SIGpi check out their Wiki.

SIGpi is a "go-kit" for Signal Intelligence (SIGINT) enthusiasts with emphasis on capabilities in the VHF, UHF, and SHF spectrum. For completeness, HF spectrum related software is included for optional install. This (bash) shell script builds SIGINT tools on the following platforms:

  • Raspberry Pi4 4GB RAM or Raspberry Pi 400 with 32GB microSD card running Raspberry Pi OS Full (64-bit)
  • Ubuntu 22.04 LTS on arm64 and amd64

A headless server only install (Node Install) can be performed on Raspberry Pi3 B+ with 32GB microSD card running Raspberry Pi OS Full (64-bit)

A possible hardware setup with SIGpi
A possible hardware setup with SIGpi

RTL-SDR Blog V3 with Dipole Antenna Set back in stock at Amazon USA (New Black Design) + Chinese New Year Holiday International Shipping Note

Just a quick note to say that our RTL-SDR Blog V3 with Dipole Antenna Set is now back in stock at Amazon USA! This set includes the new black dongle enclosure design.

The RTL-SDR Blog V3 dongle by itself is also in stock at Amazon USA in both the older silver and newer black design.

Pricing remains the same as usual, $29.95 for the dongle by itself, and $39.95 for the dongle + antenna kit. We are doing our best to hold inflation costs down and keep the same pricing, but we can't guarantee that these prices won't need to increase later in the year.

The new RTL-SDR Blog V3 dongle design.
The new RTL-SDR Blog V3 dongle design.

Regarding the new black design, we are currently in the process of transitioning our silver enclosures over to the newer black enclosures. The reason is mostly for regulatory compliance reasons. We're required to have a clearly printed FCC compliance statement on the product. In order to get clear small font text we have to laser etch the text, but laser etching only shows up on dark surfaces. Most black surface coatings tend to be electrically insulating, however we wanted to assure customers that we have managed to find a black plating process that retains the excellent conductivity of the bare silver. Keeping the enclosure electrically conductive ensures excellent shielding of the PCB.

Secondly the black design with our branded logo clearly displayed will help set us apart from the fake products that have now copied our silver enclosure design almost exactly. Those clones generally have a poor quality RTL-SDR dongle circuit inside, but are made to look like our official dongles in order to mislead customers. The clearer branding will also give us more authority to take down listings of any fake dongles that copy our branding in the future.

Note that there are no changes to the circuit design, this is purely a cosmetic change.

As a second note, we wanted to inform potential customers that it is currently the Chinese New Year holidays, which means that our Chinese warehouse that we use for international shipping will be closed until Feb 1st. This only affects orders directly from our international webstore, eBay or Aliexpress. It does not affect orders from Amazon USA.

We expect our international store to transition over to the black dongles around February as well. 

Thanks to all our customers and blog readers for your support over the years! We have a few new exciting products currently being prototyped, so if you are not already, please remember to follow us on Twitter and/or Facebook for product updates, as well as for our weekly blog posts.