Category: RTL-SDR

Radio For Everyone New Posts: Building an ADS-B Station, Easy Homemade Beginner ADS-B Antennas

Akos the author of the radioforeveryone.com blog has recently added two new articles to his blog. The first post is a comprehensive guide to setting up your own ADS-B station. The guide focuses on creating a system that is easy to use, has good performance and is value for money. In the post he shows what type of computing hardware is required, what software can be used and what RTL-SDR dongles work best. He also shows what choices are available when it comes to amplification and filtering to improve signal reception and goes on to talk a bit about adapters and the antennas that work best for him.

BuildingADS-Bstation
Building a ADS-B station

 In the second post Akos shows more on how to build your own beginners antennas for ADS-B reception. The post focuses on showing how to modify the stock magnetic mount antenna that comes with most RTL-SDR dongles, and how to build a half-wave ‘spider’ antenna entirely out of coax cable. The post is full of easy to follow images which make it great for beginners.

EDIT: It’s been pointed out in the comments by antenna experts/enthusiasts that the 1/2 wave ground plane antenna described by Akos in his tutorial may not be technically correct. A 1/2 wave antenna has a huge impedance which requires some sort of matching. Without matching there is going to be about 10 dB of loss due to the mismatch, and so the antenna will perform poorly. We recommend sticking with a 1/4 wave design, which is essentially the same as Akos’ 1/2 wave ground plane antenna, just with the element lengths halved.

Running a 1G Mobile Phone Network with a HackRF

First generation (1G) mobile phone technology was brought out in the 80’s and was an unsecured analogue system. These days 1G technology is completely phased out in favor of digital standards like 2G (GSM), 3G and 4G LTE and so those old 1G handsets are now useless. However, at Shmoocon 2017 presenter Brandon Creighton delivered a talk where he showed how to use a TX capable SDR like a USRP or HackRF to create your own home 1G system that allows those old brick phones to be useful once again.

The actual video of the conference talk won’t be available online until about half way through the year but the blurb read:

AMPS, the first widely deployed cellular network in the US, was old enough that it had been designed by pre-breakup Bell, yet robust enough to survive for decades in service. Unlike LTE or even GSM, it was also a protocol simple enough to be described in a fairly short specification; if you wanted to you could listen to calls with a TV tuner (or modified phone).

This is a talk on the design and implementation of gr-amps, a set of GNU Radio blocks that can turn a TX-capable software-defined radio into a base station for AMPS devices–including that brick phone in your basement. No background in SDR is necessary to follow along (but it doesn’t hurt).

Expect detours into near-forgotten phreaker history: the weaknesses that enabled phone cloning, the efforts of wireless carriers and the US government to fight exploitation, and more.

The GNU Radio code to run your own AMPS (1G) system is available on GitHub.  It has been tested on a USRP and HackRF.

lethalweaponcellphone

[Also seen on Hackaday]

Hacking a Danfoss Wireless Thermostat with an RTL-SDR

Over on his blog Andy writes how he wanted a smart way to control his central heating system with a Raspberry Pi and Arduino microcontroller. He discovered that if he could reverse engineer his existing wireless thermostat then he would have an easy way to control the boiler in his house and with that a smart controller could be made. By reverse engineering the thermostat he also avoids the need to rig up his own control system.

The existing thermostat wireless receiver is a Danfoss RX2. In order to reverse engineer the protocol Andy opened up an older that one he had and saw that it used an Infineon TDA5210 RF receiver chip. Armed with this part number he was able to look up the datasheet and determine the operating frequency. Then by using an RTL-SDR he captured some packets while pressing buttons on the thermostat transmitter and piped the audio file into audacity, where he was able to clearly see the digital waveform.

Andy then wrote a Python program using the ‘wave’ library, which allowed him to easily read binary values for a .wav file. With his code he was able to extract the data from the signal and determine the preamble, sync word, thermostat ID and the instruction code (on/off/learn).

In a future post Andy hopes to show us how he’ll use an RF69 module with an Arduino to actually control the thermostat using the reverse engineered packet knowledge.

Danfoss Wireless Thermostat and a Received Binary Waveform in Audacity
Danfoss Wireless Thermostat and a Received Binary Waveform in Audacity

Radio For Everyone New Posts: Line of Sight, Why USB Cable Quality Matters, Uputronics 1090 MHz Filtered Preamp Review

Over on his radioforeveryone.com blog, author Akos has uploaded three new posts. The first post briefly explains visually what is meant by line of sight when it comes to radio signals. Essentially at UHF and higher frequencies the radio antenna needs to be able to ‘see’ the transmitter, meaning that any blockages such as trees, houses etc will block the signal.

In his second post Akos briefly explains why USB cable quality can matter when it comes to SDRs. He shows that some USB cables tend to pick up more interference than others. 

Finally in his third post Akos reviews the Uputronics 1090 MHz Filtered Preamp. Uputronics is a UK based company that sells various filtered LNA’s. Akos writes how he’s very impressed with the premium packaging, look and feel of the device and thickness of the metal case. In performance tests the preamp together with a V3 dongle with bias tee power clearly improves ADS-B position reports significantly. We note that we also have 1090 MHz filtered preamp from Uputronics (an older model), and can also highly recommend their products.

The Uputronics 1090 MHz Filtered Preamp reviewed on radioforeveryone.
The Uputronics 1090 MHz Filtered Preamp reviewed on radioforeveryone.com

Lowering the Noise Floor on HF with High Quality Coax

Bonito is a company that sells various products such as their own small active antennas. Some examples are the Bono-Whip (20kHz – 300 MHz), GigaActiv (9kHz – 3 GHz) and the MegaLoop (9kHz – 200 MHz). 

Over on their blog they’ve uploaded a post titled “why even good antennas need good coax cable”. The post explains why high quality heavy shielded coax cable may be required to receive HF signals in noisy environments. The author writes how even placing an antenna in a quiet area outdoors may not work if the coax is still run through an high interference environment, such as through a house.

Typically RG58 cable is most commonly used with HF antennas. However, the author noticed that when using RG58 he was still receiving FM stations, even though the antenna that he was using was a MegaLoop with a built in broadcast FM filter. After switching his RG58 cable to H155 coax, the FM station disappeared. H155 coax is low loss and designed for GHz level frequencies, so it has much better shielding from its tighter braid.

The images below also show the difference in noise floor the author saw after replacing all his RG58 with H155 coax. 

Reception with RG58 Coax
Reception with H155 Coax
Reception with RG58 Coax Reception with H155 Coax
Tweet
Share
Reddit
Vote
Email

Radio For Everyone New Posts: Building an ADS-B Station, Easy Homemade Beginner ADS-B Antennas

Akos the author of the radioforeveryone.com blog has recently added two new articles to his blog. The first post is a comprehensive guide to setting up your own ADS-B station. The guide focuses on creating a system that is easy to use, has good performance and is value for money. In the post he shows what type of computing hardware is required, what software can be used and what RTL-SDR dongles work best. He also shows what choices are available when it comes to amplification and filtering to improve signal reception and goes on to talk a bit about adapters and the antennas that work best for him.

BuildingADS-Bstation
Building a ADS-B station

 In the second post Akos shows more on how to build your own beginners antennas for ADS-B reception. The post focuses on showing how to modify the stock magnetic mount antenna that comes with most RTL-SDR dongles, and how to build a half-wave ‘spider’ antenna entirely out of coax cable. The post is full of easy to follow images which make it great for beginners.

EDIT: It’s been pointed out in the comments by antenna experts/enthusiasts that the 1/2 wave ground plane antenna described by Akos in his tutorial may not be technically correct. A 1/2 wave antenna has a huge impedance which requires some sort of matching. Without matching there is going to be about 10 dB of loss due to the mismatch, and so the antenna will perform poorly. We recommend sticking with a 1/4 wave design, which is essentially the same as Akos’ 1/2 wave ground plane antenna, just with the element lengths halved.

Tweet
Share
Reddit
Vote
Email

Running a 1G Mobile Phone Network with a HackRF

First generation (1G) mobile phone technology was brought out in the 80’s and was an unsecured analogue system. These days 1G technology is completely phased out in favor of digital standards like 2G (GSM), 3G and 4G LTE and so those old 1G handsets are now useless. However, at Shmoocon 2017 presenter Brandon Creighton delivered a talk where he showed how to use a TX capable SDR like a USRP or HackRF to create your own home 1G system that allows those old brick phones to be useful once again.

The actual video of the conference talk won’t be available online until about half way through the year but the blurb read:

AMPS, the first widely deployed cellular network in the US, was old enough that it had been designed by pre-breakup Bell, yet robust enough to survive for decades in service. Unlike LTE or even GSM, it was also a protocol simple enough to be described in a fairly short specification; if you wanted to you could listen to calls with a TV tuner (or modified phone).

This is a talk on the design and implementation of gr-amps, a set of GNU Radio blocks that can turn a TX-capable software-defined radio into a base station for AMPS devices–including that brick phone in your basement. No background in SDR is necessary to follow along (but it doesn’t hurt).

Expect detours into near-forgotten phreaker history: the weaknesses that enabled phone cloning, the efforts of wireless carriers and the US government to fight exploitation, and more.

The GNU Radio code to run your own AMPS (1G) system is available on GitHub.  It has been tested on a USRP and HackRF.

lethalweaponcellphone

[Also seen on Hackaday]

Tweet50
Share
Reddit
Vote
Email
50 Shares

Hacking a Danfoss Wireless Thermostat with an RTL-SDR

Over on his blog Andy writes how he wanted a smart way to control his central heating system with a Raspberry Pi and Arduino microcontroller. He discovered that if he could reverse engineer his existing wireless thermostat then he would have an easy way to control the boiler in his house and with that a smart controller could be made. By reverse engineering the thermostat he also avoids the need to rig up his own control system.

The existing thermostat wireless receiver is a Danfoss RX2. In order to reverse engineer the protocol Andy opened up an older that one he had and saw that it used an Infineon TDA5210 RF receiver chip. Armed with this part number he was able to look up the datasheet and determine the operating frequency. Then by using an RTL-SDR he captured some packets while pressing buttons on the thermostat transmitter and piped the audio file into audacity, where he was able to clearly see the digital waveform.

Andy then wrote a Python program using the ‘wave’ library, which allowed him to easily read binary values for a .wav file. With his code he was able to extract the data from the signal and determine the preamble, sync word, thermostat ID and the instruction code (on/off/learn).

In a future post Andy hopes to show us how he’ll use an RF69 module with an Arduino to actually control the thermostat using the reverse engineered packet knowledge.

Danfoss Wireless Thermostat and a Received Binary Waveform in Audacity
Danfoss Wireless Thermostat and a Received Binary Waveform in Audacity
Tweet19
Share
Reddit
Vote
Email
19 Shares

Radio For Everyone New Posts: Line of Sight, Why USB Cable Quality Matters, Uputronics 1090 MHz Filtered Preamp Review

Over on his radioforeveryone.com blog, author Akos has uploaded three new posts. The first post briefly explains visually what is meant by line of sight when it comes to radio signals. Essentially at UHF and higher frequencies the radio antenna needs to be able to ‘see’ the transmitter, meaning that any blockages such as trees, houses etc will block the signal.

In his second post Akos briefly explains why USB cable quality can matter when it comes to SDRs. He shows that some USB cables tend to pick up more interference than others. 

Finally in his third post Akos reviews the Uputronics 1090 MHz Filtered Preamp. Uputronics is a UK based company that sells various filtered LNA’s. Akos writes how he’s very impressed with the premium packaging, look and feel of the device and thickness of the metal case. In performance tests the preamp together with a V3 dongle with bias tee power clearly improves ADS-B position reports significantly. We note that we also have 1090 MHz filtered preamp from Uputronics (an older model), and can also highly recommend their products.

The Uputronics 1090 MHz Filtered Preamp reviewed on radioforeveryone.
The Uputronics 1090 MHz Filtered Preamp reviewed on radioforeveryone.com
Tweet
Share
Reddit
Vote
Email

Lowering the Noise Floor on HF with High Quality Coax

Bonito is a company that sells various products such as their own small active antennas. Some examples are the Bono-Whip (20kHz – 300 MHz), GigaActiv (9kHz – 3 GHz) and the MegaLoop (9kHz – 200 MHz). 

Over on their blog they’ve uploaded a post titled “why even good antennas need good coax cable”. The post explains why high quality heavy shielded coax cable may be required to receive HF signals in noisy environments. The author writes how even placing an antenna in a quiet area outdoors may not work if the coax is still run through an high interference environment, such as through a house.

Typically RG58 cable is most commonly used with HF antennas. However, the author noticed that when using RG58 he was still receiving FM stations, even though the antenna that he was using was a MegaLoop with a built in broadcast FM filter. After switching his RG58 cable to H155 coax, the FM station disappeared. H155 coax is low loss and designed for GHz level frequencies, so it has much better shielding from its tighter braid.

The images below also show the difference in noise floor the author saw after replacing all his RG58 with H155 coax. 

Reception with RG58 Coax
Reception with H155 Coax
Reception with RG58 Coax Reception with H155 Coax
Tweet12
Share
Reddit
Vote
Email
12 Shares

WaveConverter: An Open Source RF Reverse Engineering Tool

During the Schmoocon 2017 conference presenter Paul Clark introduced a new open source Linux tool called WaveConverter which he’s been working on for reverse engineering RF signals. Paul writes:

WaveConverter is a tool that helps you extract digital data from RF transmissions that have been captured via Software Defined Radio (SDR). After the user defines the modulation parameters, framing and encoding, WaveConverter will process a stored I-Q file and extract the data from any transmissions that match this definition. Using programmable timing tolerances and glitch filters, WaveConverter is able to extract data from signals that would otherwise appear corrupted.

This software will make the process of reverse engineering signals easier and more error-proof. Because WaveConverter includes the ability to store and retrieve signal protocols (modulation + encoding parameters), we have been generating a database of protocols that we can quickly use to iteratively attack unknown signals.

This tool should be very useful for reverse engineering digital signals, such as those found in keyfobs, wireless doorbells, wireless temperature sensors and any other simple RF device. Simply use an SDR device like an RTL-SDR to capture a sample of the signal of interest and then open it up in WaveConverter to first easily analyze the signal and determine it’s properties, then to automatically demodulate any subsequent signal into a binary string. For more information the documentation can be found here (pdf).

WaveConverter seems to be quite similar in purpose to Inspectrum and DSpectrum which are two Linux tools that are also designed for reverse engineering digital signals.

WaveConverter Screenshot
WaveConverter Screenshot

[First seen on Hackaday]

 

Tweet13
Share
Reddit
Vote
Email
13 Shares

Receiving GOES Weather Satellite Images with a Small Grid Antenna and an Airspy Mini

GOES is an L-band geosynchronous weather satellite service that can be received typically with a satellite dish. It produces very nice full disk images of the earth. In the past we’ve posted about Lucas Teske’s work in building a GOES receiving system from scratch (including the software decoder for Airspy and RTL-SDR receivers), devnullings post about receiving GOES and also this talk by @usa_satcom on decoding GOES and similar satellites.

Over on Twitter @usa_satcom has been tweeting about his experiments where he has been successfully receiving GOES L-Band weather satellite images with a small grid antenna and an Airspy Mini. In a Tweet he writes that the antenna is an $85 USD Hyperlink 1.9 GHz 22 dBi Grid Antenna made by L-com. A grid antenna may be more suitable for outdoor mounting for many people as they are typically lighter, smaller and more suitable for windy and snowy conditions. As the GOES satellite is in geosynchronous orbit, no tracking motor or tracking mount is required.


Tweet23
Share
Reddit
Vote
Email
23 Shares

Testing a Prototype of the SDRx: A Custom Outernet L-Band RTL-SDR

Recently the Outernet team sent us a prototype of their L-Band tuned RTL-SDR which is called the SDRx for testing. This is an RTL-SDR with RTL2832U and R820T2 chips together with an L-band LNA and filter on the same PCB. It is designed for their Outernet system which transmits from geostationary L-Band satellites. 

Outernet is an L-band satellite service that hopes to be a library in the sky. Currently it is broadcasting down about 20 MB of data a day, with data like weather updates, books, pictures, wikipedia pages, APRS repeats and more.

For their DIY Outernet kit they have been using E4000 or our RTL-SDR V3 dongles, so we speculate that this SDRx is going to be used in the “Lantern” which will be their fully assembled Outernet receiver product. The Lantern looks like it will be a single unit, with patch antenna, battery pack, solar panel, RTL-SDR radio and CHIP built into a plastic enclosure.

The upcoming RTL-SDR base Lantern Outernet Receiver.
The upcoming RTL-SDR base Lantern Outernet Receiver.

The SDRx connects to the computer via a micro USB port. It also has a USB repeater and two USB expansion ports on board. This is useful as Outernet is designed to be used with the CHIP portable computer which only has one USB port. The expansion USB ports can be used for plugging in a portable hard drive which can be used as the storage for downloaded Outernet files.

We’ve been running a version of the SDRx prototype on an Outernet receiver for a number of weeks without issue. The SNR on Outernet signals is about identical to the V3 dongles combined with the external Outernet LNA and no L-band heat problems are observed.

The SDRx Prototype
The SDRx Prototype
Under the shield. SAW Filter, R820T2. LNA top left.
Under the shield. SAW Filter, R820T2. LNA top left.

Tweet18
Share
Reddit
Vote
Email
18 Shares