Category: RTL-SDR

RadioCapture – Software to Capture, Archive and Listen to Trunked Radio From Many Sources Now Open Sourced

Back in April 2019 we posted about Matt Mills' Radiocapture.com website which is a web service that you can feed that automatically captures analogue and digital trunked radio conversations with an RTL-SDR, and allows public users to play back conversations via the web interface. The Radiocapture page which shows what the software is capable of is also active at radiocapture.com/radio

Back in April Matt was fundraising via Patreon and hoping to make development of Radiocapture his day job, but unfortunately he's had to call it quits for now. Since he no longer has time to work on it, Matt has open sourced the RF side of the software. The software description reads:

[Radiocapture-rf] is capable of using multiple networked computers and multiple SDR radios to demodulate the control channel of P25, EDACS, and Motorola trunking systems, as well as some limited support (alpha quality) for scanning for systems, LTR trunking, and "police scanner" style audio capture.

It is designed to effectively scale to an infinite capacity of trunked systems, captured transmission volume, and dongle bandwidth (more dongles = more available bandwidth, more cpus = more channels and more systems). (There is one remaining feature to be implemented to really make this work well, dongle redis autodiscovery (frontend_connect should autodiscover and use available dongles) and splitting the rc_frontend/receiver.py into one process per dongle.

The frontend initializes the SDRs in whatever configured frequency range, and presents a server interface where clients can connect and request a specific channel be created and forward to them. The frontend will then attach a channel, and output to a UDP sink (might be something better now, I forget). On the backend side, a control_demodulator is listening to that sink and doing the actual RF demodulation, which is passed into redis for distribution to other services. The backend is effectively a bunch of microservices that work together to track & record all ongoing transmissions and do some amount of deduplication. This entire setup is designed such that it can be scaled across as many servers/computers as necessary (although there are a few caveats/things I never got around to implementing in how it actually works). Recorded transmissions are decorated with a metadata scheme in their mp3 tags that is designed to be able to be loaded into the Radiocapture.com database. Finally completed mp3s are dropped into an activemq queue for publishing.

Matt notes that the software in it's current state isn't considered as "ready to distribute" as you may need some decent experience with Linux and Python to get it up and running.

RadioCapture logged audio
RadioCapture logged audio

IridiumLive – New Software to Plot Iridium Satellites as They Pass Overhead with an RTL-SDR

Over on GitHub, microp11, the author of Scytale-C has released a new browser based program called IridiumLive which allows you to visualize the live positions of Iridium satellites as they pass overhead. Iridium is a satellite constellation that provides services such as global paging, satellite phones, tracking and fleet management services, as well as services for emergency, aircraft, maritime and covert operations too.

The software uses gr-iridium as the data source, which is an RTL-SDR and other SDR compatible Iridium satellite decoder. See this very interesting talk by the gr-iridium authors for more information, and this video by Techminds which shows how to install and run gr-iridium.

Also in order to receive Iridium satellites in the first place, you'll need an appropriate antenna such as our "RTL-SDR Blog Active L-Band 1525 - 1637 Inmarsat to Iridium Patch Antenna Set" which is currently available on our store.

Instructions for installing and running IridiumLive are available on the Git readme. Once installed you can browse to the IridiumLive web page on your local network, and view the tracks of the Iridium satellite fleet as they pass overhead, as well as the locations of Iridium signal activity from the ground.

IridiumLive Screenshot
IridiumLive Screenshot

Radio Analyser: New Program for Plotting DSDPlus Statistics

Thank you to Matthew Cowley for submitting news about his new program called "Radio Analyser". Radio Analyser is a program that imports DSDPlus radio and group files into a postgresql database. The data can then graphed on the web interface allowing you to view talk group and radio statistics. DSDPlus is a program that can be used to listen in to digital P25, DMR and other digital voice protocols with an RTL-SDR or similar SDR.

Matthew writes the following, and some screenshots of the interface and graphs are shown in the slider and the end of the post:

I've been learning Ruby on Rails and as a first project I wrote a project that you host at home which imports the DSDPlus.radios and DSDPlus.groups files and displays their activity in graph form. It will show you total site activity, talk group activity and radio activity.

RadioCapture – Software to Capture, Archive and Listen to Trunked Radio From Many Sources Now Open Sourced

Back in April 2019 we posted about Matt Mills' Radiocapture.com website which is a web service that you can feed that automatically captures analogue and digital trunked radio conversations with an RTL-SDR, and allows public users to play back conversations via the web interface. The Radiocapture page which shows what the software is capable of is also active at radiocapture.com/radio

Back in April Matt was fundraising via Patreon and hoping to make development of Radiocapture his day job, but unfortunately he's had to call it quits for now. Since he no longer has time to work on it, Matt has open sourced the RF side of the software. The software description reads:

[Radiocapture-rf] is capable of using multiple networked computers and multiple SDR radios to demodulate the control channel of P25, EDACS, and Motorola trunking systems, as well as some limited support (alpha quality) for scanning for systems, LTR trunking, and "police scanner" style audio capture.

It is designed to effectively scale to an infinite capacity of trunked systems, captured transmission volume, and dongle bandwidth (more dongles = more available bandwidth, more cpus = more channels and more systems). (There is one remaining feature to be implemented to really make this work well, dongle redis autodiscovery (frontend_connect should autodiscover and use available dongles) and splitting the rc_frontend/receiver.py into one process per dongle.

The frontend initializes the SDRs in whatever configured frequency range, and presents a server interface where clients can connect and request a specific channel be created and forward to them. The frontend will then attach a channel, and output to a UDP sink (might be something better now, I forget). On the backend side, a control_demodulator is listening to that sink and doing the actual RF demodulation, which is passed into redis for distribution to other services. The backend is effectively a bunch of microservices that work together to track & record all ongoing transmissions and do some amount of deduplication. This entire setup is designed such that it can be scaled across as many servers/computers as necessary (although there are a few caveats/things I never got around to implementing in how it actually works). Recorded transmissions are decorated with a metadata scheme in their mp3 tags that is designed to be able to be loaded into the Radiocapture.com database. Finally completed mp3s are dropped into an activemq queue for publishing.

Matt notes that the software in it's current state isn't considered as "ready to distribute" as you may need some decent experience with Linux and Python to get it up and running.

RadioCapture logged audio
RadioCapture logged audio

IridiumLive – New Software to Plot Iridium Satellites as They Pass Overhead with an RTL-SDR

Over on GitHub, microp11, the author of Scytale-C has released a new browser based program called IridiumLive which allows you to visualize the live positions of Iridium satellites as they pass overhead. Iridium is a satellite constellation that provides services such as global paging, satellite phones, tracking and fleet management services, as well as services for emergency, aircraft, maritime and covert operations too.

The software uses gr-iridium as the data source, which is an RTL-SDR and other SDR compatible Iridium satellite decoder. See this very interesting talk by the gr-iridium authors for more information, and this video by Techminds which shows how to install and run gr-iridium.

Also in order to receive Iridium satellites in the first place, you'll need an appropriate antenna such as our "RTL-SDR Blog Active L-Band 1525 - 1637 Inmarsat to Iridium Patch Antenna Set" which is currently available on our store.

Instructions for installing and running IridiumLive are available on the Git readme. Once installed you can browse to the IridiumLive web page on your local network, and view the tracks of the Iridium satellite fleet as they pass overhead, as well as the locations of Iridium signal activity from the ground.

IridiumLive Screenshot
IridiumLive Screenshot

Radio Analyser: New Program for Plotting DSDPlus Statistics

Thank you to Matthew Cowley for submitting news about his new program called "Radio Analyser". Radio Analyser is a program that imports DSDPlus radio and group files into a postgresql database. The data can then graphed on the web interface allowing you to view talk group and radio statistics. DSDPlus is a program that can be used to listen in to digital P25, DMR and other digital voice protocols with an RTL-SDR or similar SDR.

Matthew writes the following, and some screenshots of the interface and graphs are shown in the slider and the end of the post:

I've been learning Ruby on Rails and as a first project I wrote a project that you host at home which imports the DSDPlus.radios and DSDPlus.groups files and displays their activity in graph form. It will show you total site activity, talk group activity and radio activity.

SignalsEverywhere: The Ethics of Decoding and Sharing Private Information with SDRs

Over on the SignalsEverywhere YouTube Corrosive has uploaded a new video that addresses the ethics about decoding private information with SDRs. The radio spectrum is full of private communications with little to no security around it. For example hospital pagers in many countries and cities are completely unencrypted and easily decoded by anyone who can run a radio and install software on Windows. These messages often contain very private patient data. Another example he gives is Inmarsat AERO Medlink voice communications, and how he's seen full phone calls being shared online.

In the video Corrosive discusses the ethics about publicly sharing these private communications, even if they may be legal to receive and share in your country. He argues that sharing someones private data and phone calls on the internet is in poor taste and is not okay, which I think is something everyone should be able to agree with.

SDR Ethics | We Need to Talk!

However, on the other side of the coin several responses to his video on Reddit share a different point of view. On that forum several expressed disagreement, noting that it's because these services are so insecure, that we should actively be sharing intercepted messages and trying to raise outrage and awareness about these privacy flaws. The argument stems from the idea that many information security researchers seem to take: if the public is not aware about their lack of privacy, only the bad guys will be taking advantage, and nothing will end up being properly secured by companies.

We've seen this approach taken by information security artists in the past like the Holy Pager art installation in New York. The temporary installation used a HackRF to continuously print out all pager messages being broadcast in an attempt to raise awareness about what private information is being sent for anyone to read. However, it may be one thing to share private data with a few art gallery patrons, versus the entire internet.

I think we should all at least agree on a middle ground. If you are listening/decoding radio services that are meant to be private but are unsecure for all to listen to, at least keep it to yourself, and don't share peoples private conversations/data on the internet. If you want to raise awareness about the lack of security to put pressure on companies, censor peoples private information and only mention generally about what you are hearing.

RTL-SDR and HackRF Used in Mr. Robot – A TV Drama About Hacking

A few readers have written in to let us know the role SDRs played in the last season of "Mr. Robot". The show which is available on Amazon Prime is about "Mr. Robot", a young cyber-security engineer by day and a vigilante hacker by night. The show has actual cyber security experts on the team, so whilst still embellished for drama, the hacks performed in the show are fairly accurate, at least when compared to other TV shows.

Spoilers of the technical SDR hacks performed in the show are described below, but no story is revealed.

In the recently aired season 4 episode 9, a character uses a smartphone running an SSH connection to connect to a HackRF running on a Raspberry Pi. The HackRF is then used to jam a garage door keyfob operating at 315 MHz, thus preventing people from leaving a parking lot. 

Shortly after she can be seen using the HackRF again with Simple IMSI Catcher. Presumably they were running a fake cellphone basestation as they use the IMSI information to try and determine someones phone number which leads to being able to hack their text messages. The SDR used in the fake basestation appears to have been a bladeRF.

HackRF Used on Mr Robot
HackRF Used on Mr Robot

In season 4 episode 4 GQRX and Audacity can be seen on screen being used to monitor a wiretap via rtl_tcp and an E4000 RTL-SDR dongle.

E4000 RTL-SDR Being used for Wiretap Monitoring
E4000 RTL-SDR Being used for Wiretap Monitoring

Did we miss any other instances of SDRs being used in the show? Or have you seen SDRs in use on other TV shows? Let us know in the comments.

Passive Doppler Aircraft Scatter with a VOR Beacon and an RTL-SDR

Over on YouTube Meine Videokasetten has posted a video showing how he's been using an RTL-SDR to detect aircraft landing and taking off via the scatter on a VOR beacon. VOR (aka VHF Omnidirectional Range) is a navigational beacon that is transmitted between 108 MHz and 117.95 MHz from a site usually at an airport. Although as it is an older technology it is slowly being phased out in some places. 

An interesting observation can be made that is unrelated to the actual operation and use of VOR navigation. When an aircraft passes near the VOR beacon it results in the signal reflecting and scattering off the metal aircraft body. As the aircraft is moving quickly, it also results in a frequency doppler shift that can be seen on an RF waterfall display.

In his video Meine Videokasetten uses an RTL-SDR and OpenWebRX to receive the VOR signal. He then pipes the audio output of that signal into Speclab which allows him to get significantly increased FFT resolution for the waterfall. This increased resolution allows him to clearly see the doppler scattering effects of aircraft on the VOR transmission. He notes that it's possible from the scattering to determine if an aircraft is taking off or landing.

Passive doppler radar on VOR beacon transmitter .:°:. A let's test it out

We note that back in 2015 we posted about the ability to "fingerprint" aircraft using this technique. Different types of aircraft will result in unique patterns on the waterfall. In that post they used analogue TV carriers which are not very common in most countries anymore, so it's good to see that this can be used with VOR signals too.

Comparing large and small aircraft with aircraft scatter
Comparing large and small aircraft with aircraft scatter with an analogue TV transmitter. From previous post.

Starlink GRAVES Radar Reflections Received with SDR

Over on YouTube Jan de Jong who is based in Germany has posted a short slide show video showing that he received reflections of the GRAVES space radar from the new Starlink satellites.

Starlink is a SpaceX run satellite constellation that is slowly being launched in order to provide worldwide satellite internet access. The last launch was on 11 November 2019. Typically multiple satellites are launched at once, and they follow each other closely in a line, slowly spreading out.

The GRAVES space radar is a powerful radar based in France that is used to track satellites. If you are not too far away from France and within the GRAVES radar footprint you can point an antenna at the sky, and tune to the GRAVES radar frequency of 143.05 MHz with an RTL-SDR or any other SDR. You might then receive the reflections of this radar signal coming from satellites passing overhead. GRAVES has also been used for meteor scatter detection.

As the 60 and more satellites from Starlink 2 pass over the Graves radar signal they reflect a vertical track on the HROFFT radar image from the 143.05Mhz signal. In the first images the satellites are all still very close together, in current passes they have spread already and the display looks almost like rain in the sky on the 1 second radar plot from HROFFT.
Signal received with SDR RTL (SDRuno RSP1A) and 3 element Yagi at 45 degrees towards south

Starlink-2 Passes over Graves Radar

A new VOR Decoder Written in Python

Thank you to Martin Bernardi for writing in and sharing with us his new VOR decoder that is written in Python. The program decodes VOR from a wav file, so any SDR such as an RTL-SDR can be used to record the audio initially.

VOR stands for VHF Omnidirectional Range and is a way to help aircraft navigate by using fixed ground based beacons. The beacons are specially designed in such a way that the aircraft can use the beacon to determine a bearing towards the VOR transmitter. VOR beacons are found between 108 MHz and 117.95 MHz, and it's possible to view the raw signal in SDR# with a software defined radio such as an RTL-SDR.

Martin notes that there are already several VOR decoders available, including vortrack written in C, and several GNU Radio based decoders [1][2]. However, Martins is the first in Python, which is a fairly easy to understand language and this should make learning from the code easier.

The GitHub readme for the project is a good read too, as it explains exactly how the VOR decoder works, and shows some results that they were able to obtain. In their testing they were able to obtain measurements at three locations with an accuracy of +/-3°.

The VOR Spectrum
The VOR Spectrum