Category: RTL-SDR

RTL-SDR.com Presentation Slides from Hamvention

During this years 2017 Hamvention convention I was invented by TAPR to present three talks about the RTL-SDR. Several people who watched the talks have requested the slides, so they are uploaded here in PDF format.

The World Of Low Cost Software Defined Radio – Presented at the TAPR Banquet. An introduction to the RTL-SDR and many of the interesting applications that it has been used for.

An Introduction to RTL-SDR – Presented at the TAPR Digital Forum. A brief introduction to the RTL-SDR and a selection of some of the most popular applications.

Introduction to Cheap SDRs for Radio Monitoring – Presented at the Digital Modes Now and In the Future Forum. A brief introduction to the RTL-SDR and a selection of some interesting digital modes that can be monitored.

The talks may be on YouTube in the future. If and when they are they will be posted here too.

A big thanks to all that came to the talks, and all the people who I met at Hamvention. It was a great event and really nice to meet everyone interested in RTL-SDRs and SDRs in general.

Radio For Everyone: An Easy ADS-B Antenna, ADS-B Advice, and Long Term Results

Over on his blog Akos has uploaded several new posts all relating to ADS-B reception. His first post shows how to build a very simple yet effective “Coketenna” ADS-B antenna which can be built with an empty coke can and some coax cable. This antenna is essentially a 1/4 wave ground plane antenna with the ground plane being a coke can cut in half and mounted upside down. The whip sticking up is simply the coax inner wire. In his post Akos shows exactly how to construct one.

Cantenna and Coketenna
Cantenna and Coketenna

In his second post Akos offers some advice on mounting and positioning ADS-B antennas, discusses the ‘range myth’, talks a bit about LNA’s and filters and shows the differences between a stock RTL-SDR dongle, and one optimized for ADS-B reception like a FlightAware Protstick.

In his third post Akos shows his results from long term ADS-B reception comparisons between a generic RTL-SDR dongle, an RTL-SDR.com V3 dongle with 1090 MHz LNA powered by bias tee, a FlightAware Prostick and a FlightAware Prostick Plus. The V3 dongle with bias tee powered LNA is used as the benchmark receiver and the results show that it received the most signals. The next best was the Prostick Plus, followed by the Prostick and finally the generic dongle.

ADS-B Comparisons between 4 different RTL-SDR setups.
ADS-B Comparisons between 4 different RTL-SDR setups.

XRIT Decoder for GOES Satellites: Supports Airspy R2/Mini and SDRplay RSP2

Over on his blog USA-Satcom has released his XRIT (LRIT/HRIT) decoder for GOES satellites. The software requires a licence and costs $100 USD. GOES-13 (East), GOES-15 (West) and the new GOES-16 are geosynchronous orbiting satellites that broadcast very nice high resolution weather images of the entire visible disk of the earth. The transmit their LRIT/HRIT signals at about 1.7 GHz at fairly weak power, which means that a good LNA and dish set up is critical to be able to receive them. A dish size of about 1 meter, or an equivalent grid or Yagi is recommended as the lowest starting point.

GOES Full Disk Image of the Earth
GOES Full Disk Image of the Earth

USA-Satcom’s decoder is Windows based and comes with a nice GUI. Some portions of the code are based on the Open Satellite Project created by Lucas Teske. It currently supports the Airspy R2/Mini and the SDRplay RSP2 software defined radios.

The software is not free, it costs $100 USD for the licence. To help curb illegal distribution of his software which has been rampant in the past, USA-Satcom also requests that you show some proof of a working setup which is capable of receiving the GOES signal before inquiring about the software.

If you are also interested, USA-Satcom did an interesting talk at Cyberspectrum a few months ago, and he has also recently uploaded his slides.

Screenshot of USA-Satcoms GOES XRIT decoder.
Screenshot of USA-Satcoms GOES XRIT decoder.

QIRX SDR: A New MultiMode RTL-SDR Program with Built-In DAB+ Decoder

Recently Clem from softsyst.com wrote in and let us know about their new SDR software called ‘QIRX SDR’. This is a multimode receiver currently capable of receiving AM/NFM/WFM and also DAB Plus. It supports the RTL-SDR via an rtl_tcp connection, so it can be used on a local machine, or a remote networked one. The main differentiating features that QIRX has against other multimode receivers like SDR#, HDSDR and SDR-Console etc is:

  • Dual Receiver, within the bandwidth of the frontend. This is most useful e.g. for watching two stations simultaneously in busy airband regions.
  • DAB+ Demodulator, to our knowledge the first one written in C#, allowing for recordings in very good quality (some samples provided for download).

The full list of features are quoted below:

QIRX is an Open Source Software Defined Radio, written in C#, downloadable on this site as a Visual Studio 2013 Solution, offering the following features:

  • TCP/IP Based: QIRX accepts 8-bit I/Q-Data either from TCP/IP sources or from pre-recorded files containing the I/Q-data. It is designed to cooperate with RTL-SDR dongles and the widely available rtl-tcp.exe as I/Q-data server. Both QIRX and rtl-tcp may run on the same machine or on separate ones. The rtl-tcp.exe might be started automatically without additional user actions, also when used remote via a LAN.
  • Dual Receiver: Within the selected bandwidth, e.g. 2.56MHz QIRX is able to operate two independent receivers simultaneously.
  • Squelch: For each receiver, QIRX provides a digital squelch, enabling to monitor the selected stations – when not transmitting – without annoying background noise.
  • Simplest Operating Principle: QIRX – using its AM, NFM or WFM demodulators – is purely FFT-based, with a NF lowpass filter only. This might change in a future version.
  • Scanner: QIRX provides for Receiver 1 a simple scanner, being able to scan large frequency areas. This is still in an experimental state.
  • HF and NF Spectrum: For each receiver, QIRX provides a spectrum viewer being able to show the HF and the NF spectrum. No waterfall spectrum yet. For DAB+, it shows the constellation.
  • DAB+ Receiver: QIRX provides a comfortable DAB+ receiver ( Transmission Mode I ). It is -to the best of our knowledge- the first C# based SDR providing this facility. Some standard libraries like the Viterbi decoder are used as C/C++ packages, accessed via P/Invoke.
  • File Recorder: For all demodulators, the audio output can be saved to .wav files, independently for each of the both receivers. For DAB+ this allows for high-quality audio recordings.

    Additionally, the I/Q raw data can be saved to a file. It is possible to replay recorded I/Q-data files.

QIRX SDR: A new multimode receiver with DAB+ decoding
QIRX SDR: A new multimode receiver with DAB+ decoding

A 3D Printed Case for the DIY Outernet Kit

Thanks to Manuel (aka Tysonpower) for writing in and sharing his 3D printed ‘Universal Outernet Case’. Outernet is a satellite file casting service that uses an RTL-SDR based solution for reception. With an Outernet set up you can receive things like daily news, weather updates, books, Wikipedia pages and more all for free. About 20 MB of data can be transmitted in one day.

The DIY Outernet kit consists of an RTL-SDR ‘SDRx’ board, patch antenna and C.H.I.P single board computer. The patch antenna needs to point roughly in the direction of the Inmarsat/Alphsat satellite in your area. This can be a problem because the Outernet patch antenna doesn’t come with a stand or mounting solution.

Manuel solved this problem with his 3D printed Outernet enclosure. The enclosure houses the patch antenna, SDRx and C.H.I.P, and also doubles as a stand for pointing the patch antenna. Inside he’s also fitted a small 30mm fan to keep everything cool while inside the enclosure as the C.H.I.P is known to have overheating problems.

The 3D printed Outernet enclosure.
The 3D printed Outernet enclosure.

Over on YouTube Manuel has uploaded a video explaining how the enclosure is made with 3D printing, demonstrates the assembly steps and finally shows the final product. The video is narrated in German, but it has English subtitles available. The design files required for 3D printing the case are also available on thingiverse.

[EN subs] Outernet Case aus dem 3D Drucker (Universal elv. Winkel) - für DIY Kit

Opening Car Doors with an RTL-SDR, Arduino and CC1101 Transceiver

Recently we found this post from last year by security researcher Anthony which shows how an RTL-SDR combined with an Arduino and CC1101 transceiver can be used to open a car. The technique he presents is the jam, intercept and replay technique which was also used by Samy Kamkars Rolljam device

Most modern vehicles use some form of rolling code security on their wireless keyfobs to prevent unauthorized replay attacks. When the car owner presses a button on the keyfob, a unique rolling code is sent to the car. If it matches the codes stored in the car, the car will unlock and then invalidate that code so it can never be used again, thus preventing a replay attack. On the next press the keyfob sends a new code. This system can be defeated simply by jamming the car keyfob receiver, and using a more selective receiver to record the keyfob unlock packet, then replaying those packets at a later time.

The technique Anthony presents has the attacker use an Arduino with CC1101 transceiver as the jammer. Jamming is totally illegal within the USA, so Anthony does not show exactly how to do the jamming. While the signal is being jammed, the RTL-SDR captures and saves the signal from the keyfob. Later the signal is processed in GNU Radio to remove the jamming signal and extract the keyfob signal. He then uses GNU Radio to demodulate the ASK signal into a binary modulated waveform that he can replay later.

Anthony tested this technique on two cars and a truck and was successful at unlocking the doors all three times.

RTL-SDR receiving a BMW keyfob signal at 315 MHz in HDSDR.
RTL-SDR receiving a BMW keyfob signal at 315 MHz in HDSDR.

Decoding ADS-B in MATLAB Video Tutorial

Over on YouTube the official MATLAB channel has uploaded a new video that is a tutorial on setting up ADS-B decoding in MATLAB. MATLAB is a technical computing language that is frequently used by many scientists and engineers around the world. They write:

Use the software-defined radio capabilities that are part of Communications System Toolbox™ to capture and decode ADS-B messages. ADS-B is a relatively simple standard used by commercial aircraft to transmit flight data such as aircraft ID, position, velocity, and altitude to air traffic control centers. ADS-B messages are 56 or 112 bits long, the data rate is 1 Mbit/sec, and the messages are amplitude modulated signals, transmitted at a carrier frequency of 1090 MHz

The video goes over what ADS-B is, how to receive it, and then goes on to explain a bit of the MATLAB code. This is a good introduction for people wanting to use an RTL-SDR in MATLAB, or for anyone wanting to learn about ADS-B.

Real-time Airplane Tracking with ADS-B Signals and RTL-SDR Radios

A 3D Printed Stand for Generic MCX RTL-SDR Dongles

Thanks to Jaime (EB5ABT) for submitting his 3D printed stand for the generic MCX RTL-SDR dongles. The stand is designed to hold one of the generic dongles on it’s side so that a small whip antenna can be attached to it, whilst staying stably upright.

If you’re interested in printing the stand for yourself Jaime has uploaded the design files to his dropbox. He has also created a short YouTube video showing a slideshow of his stand which is shown at the end of this post.

If you’re interested in 3D printing accessories and enclosures for the RTL-SDR then thingiverse.com has a range of user submitted designs, ranging from custom RTL-SDR dongle enclosures, to stratux Raspberry Pi + dongle enclosures, to Outernet patch antenna stands.

Some of the RTL-SDR related design on Thingiverse.
Some of the RTL-SDR related design on Thingiverse.
Soporte receptor RTL-SDR