Adam 9A4QV has once again uploaded three new videos to YouTube, all related to L-band satellite reception. The first video shows how much L-band reception can be improved by using two LNA4ALL low noise amplifiers together with a filter placed in between them. Using two LNA’s instead of one improves the reception by about 2-6 dB. He also shows that L-band Inmarsat satellite signals at 1.5 GHz can even be received by his 1090 MHz folded monopole ADS-B antenna placed indoors.
The second video shows a reception report of the new Outernet signal. The Outernet signal is a new satellite data service being provided that broadcasts up to date news as well as various files and information such as educational videos and books for people in third world countries without internet. They have said that they are working on free decoding software for their service which should be released soon. The Outernet signal is a bit weaker than typical AERO signals, but can still be received quite easily with an RTL-SDR, patch antenna and 2 x LNA4ALL. The Outernet downconverter mentioned in a previous post should of course also work well.
His third video shows some tests on his L-band filter, showing return and insertion loss.
Dejan Ornig, a 26 year old student at the University of Maribor’s Faculty of Criminal Justice and Security was recently almost jailed for finding a security flaw in Police TETRA communications in his home country of Slovenia. Back in 2013 his University Computer Science class of 25 was assigned a task to research security vulnerabilities in TETRA. TETRA is a RF digital communications protocol often used by authorities due to its ability to be secured via encryption. During his research he used an RTL-SDR and the open source Osmocom TETRA decoder, and discovered a flaw in the Slovenian Police’s TETRA configuration which meant that encrypted communications were often being broadcast in the clear. Translated, Ornig said:
For $20 I bought a DVB-T receiver (RTL-SDR), on the Internet, I have found also freely available and open-source software OsmoCOM. Free access solution for decoding the signal Tetra eighth-tetra is already prepared in advance programming framework based on the platform GNU.
He goes on to say (translated):
I was even more surprised when I found that most users do not have authentication turned on the radio terminal, even though the Ministry of the Interior in the documents and tenders repeatedly wrote to all the radio terminals to access networks using authentication.
Shortly after discovering the flaw, Dejan privately contacted the authorities with his findings. But after two years of repeatedly contacting them and waiting for a fix, Dejan decided to take his story to a local news agency in February 2015. At this point the Slovenian Police became interested in Dejan, and instead of fixing the problem, decided to conduct a search on his house, seizing his computer and RTL-SDR. After the search the Police made life harder for Ornig by trying to lump on other problems. During the search they found a “counterfeit police badge” in his house and apparently accused him of impersonating a police officer, and after a search of his PC they also decided to charge him after finding out that he covertly recorded his ex-employer calling him an “idiot”.
Ornig has now been given a 15 month suspended jail sentence for attempting to “hack” the TETRA network. Fortunately the suspended part means that in order to not go to jail Ornig simply must not repeat his crime again within 3 years. While SDR’s and radios are not illegal in most countries this is a reminder to professional and amateur security researchers to check that what you are doing is legal in your country. Even if it is for the overall good, Police often do not have the technical competence to understand security researchers and may react illogically to findings. The good news about Ornig’s story is that apart from the suspended jail sentence the authorities appear to have now worked with him to fix the problems.
Over on YouTube Adam 9A4QV has uploaded a video showing how good L-band reception can be with only a cheap home made patch antenna, RTL-SDR dongle and LNA4ALL. The video is in response to a question on our previous post, which discussed the prototype Outernet downconverter. The question asked what difference can we expect with the downconverter compared to just using an LNA, like the LNA4ALL.
In the video Adam shows that L-Band reception with the LNA4ALL can be as good as with the downconverter. The main problem with L-band reception on the RTL-SDR is that some units tend to fail to receive properly at around 1.5 GHz. The downconverter bypasses this problem by receiving L-band at around 200 MHz instead. Though we believe that this problem is solved on the units we sell as we heatsink to a metal enclosure, and if that is not enough, it can be solved further by using this modified driver. The other advantages of the downconverter is that it includes filtering, an LNA, and allows you to use much longer runs of lossy cable, which is useful if for instance you want to put a permanent L-band antenna on the roof.
Outernet are a startup company that hope to revolutionize the way people in regions with no, poor or censored internet connectivity receive information. Their service is downlink only, and runs on C and L-band satellite signals, beaming up to date news as well as other information like books, educational videos and files daily. To receive it you will need one of their official or homemade versions of the Lighthouse or Lantern receivers (the latter of which is still to be released), or an RTL-SDR or similar SDR. Recently they began test broadcasts of their new 5 kHz 1539.8725 MHz L-band signal on Inmarsat I4F3 located at 98W (covers the Americas), and they hope to begin broadcasts in more regions soon too.
The typical RTL-SDR is known to often have poor or failing performance above 1.5 GHz (though this can be fixed to some extent), so Outernet have been working on an L-band downconverter. A downconverter works by receiving signals, and shifting them down to a lower frequency. This is advantageous because the RTL-SDR is more sensitive and does not fail at lower frequencies, and if used close to the antenna, the lower frequency allows longer runs of cheap coax cable to be used without significant signal loss.
Earlier this week we received in the mail a prototype of their downconverter. The downconverter uses a 1.750 GHz LO signal, so any signal input into it will be subtracted from this frequency. For example the STD-C frequency of 1.541450 GHz will be reduced to 1750 MHz – 1541.450 MHz = 208.55 MHz. This also means that the spectrum will appear reversed, but this can be corrected by selecting “Swap I & Q” in SDR#. The downconverter also amplifies the signal with an LNA, and has a filter to remove interfering out of band signals.
The prototype Outernet downconverter circuit board.Specsheet for the downconverter.
We tested the downconverter using their patch antenna which they had sent to us at an earlier date (the patch antenna is used and shown in this Inmarsat STD-C reception tutorial). Our testing found that overall the downconverter works extremely well, giving us much better signal levels. Previously, we had used the patch + LNA4ALL and were able to get reception good enough to decode STD-C and AERO signals, but with the requirement that the patch be carefully pointed at the satellite for maximum signal. With the downconverter the signals come in much stronger, and accurate pointing of the patch is no longer required to get a signal strong enough to decode STD-C or AERO.
The downconverter can be powered by a bias tee connection, and this works well with our bias tee enabled RTL-SDR dongles. We also tested with the bias tee on the Airspy R2 and Mini and had no problems. It can also be powered with a direct 5V connection to a header, and they note that the header will be replaced by a USB connector in the production version.
The release date and exact price that these will be sold at is not confirmed, but we believe that it will be priced similarly to upconverters at around $50 USD or less. A good low cost downconverter should help RTL-SDR and other SDR users receive not only the Outernet signal better, but also other satellite signals such as STD-C and AERO. Although the input is filtered and the RF frequency is specified at 1525 to 1559 MHz, we had no trouble receiving signals up to GPS frequencies of 1575 MHz, and even up to Iridium signals at 1.626 GHz, though reception was much weaker up that high.
Below are some screenshots of reception. Here we used the Outernet patch antenna sitting in a windowsill with the downconverter directly after the antenna, and then 10 meters of RG6 coax cable to the PC and bias tee enabled RTL-SDR. We found that with the downconverted ~200 MHz signal the loss in the RG6 coax was negligible. Better reception could be obtained by putting the patch outdoors. In some screenshots we used Vasilli’s R820T driver with the decimation feature, which allows you to zoom into narrowband signals much more clearly.
Some AERO Signals Zoomed in with the Decimation feature in SDR#. Received with the Outernet downconverter and patch antenna.Some AERO and other Signals Zoomed in with the Decimation feature in SDR#. Received with the Outernet downconverter and patch antenna.Signals zoomed out. Received with the Outernet downconverter and patch antenna.
His results show that the dish outperforms the helix antennas by a significant amount, but only once he took it outdoors. The 10-turn helix antenna also worked better than the tin can helix, although he found that it required very accurate pointing.
Inmarsat are geostaionary satellites that transmit signals on L-band at around 1.5 GHz. They transmit signals that can be decoded with an RTL-SDR, such as STD-C EGC (weather, messaging and safety messages for boats), as well as AERO (the satellite version of ACARS for aircraft).
The RTL-SDR has a maximum available stable bandwidth of about 2.4 MHz. Many people have had the idea to combine multiple RTL-SDR dongles together to implement a wider band or multi channel RX device, but very few successful implementations have been seen. The biggest challenge is time synchronization between the multiple RTL-SDR units. Even if a common clock is used, there is no guarantee that the samples streams are synchronized, which can cause problems for the decoding of many signals. The most successful implementations so far have used a common clock, and an external synchronization signal from a generator in addition to other hardware like switches.
In his Multi-RTL block he implemented a method of a discovery he made that allows a way to time synchronize the dongles by using a signal that is already being broadcast over the air. He writes that his method is the following:
tuning the RTL-SDR dongles to the same frequency where some transmission is present,
recording a short signals with all of the dongles,
computing cross-correlation of the signals (i.e. with respect to a one selected channel),
finding position of maximums of cross-correlations in order to estimate relative delays of the channels,
correcting the delays so the channels are time-synchronized,
switching the dongles to their target frequencies,
changing other parameters of the channels (like gains) to target values.
With his Multi-RTL GNU Radio block Piotr was able to successfully monitor a GSM uplink and downlink channel pair that were spaced 45 MHz apart. Whilst monitoring the signals he sent an SMS to his phone, and then using his recovered encryption key was able to use gr-gsm to decode his message.
The successful implementation of this tool opens the door for many more RTL-SDR based projects, such as the reception of GSM uplink and downlink channels simultaneously, reception of frequency hopping signals, passive radar, and the receiving and decoding of signals with a bandwidth wider than 2.4 MHz.
Two dongles with a common clock.Synchronizing two dongles by using an external signal.
Unfortunately patients who are interested in taking a more active approach to their health (such as one member of the team who herself has an implanted defibrillator) do not get to see this data. The team are hoping to use an RTL-SDR to sniff this data which is transmitted in the 402 – 405 MHz ISM band, and then implement a decoder. So far they have successfully been able to capture some signals, and are working on decoding them into data.
By reverse engineering the signal they hope to draw attention to the fact that healthcare providers are not providing real time body data to the patient, preventing them from making their own informed decisions about their health. They write:
It’s all about making informed decisions. A patient knowing about arrhytmias episodes that occured to him/her has the power to change his lifestyle accordingly, by deducing the factors that have influenced his recent attacks and eliminating them – i.e. observing his/her heart condition according to his/her sleep schedule, work rhythm, food choices and participation in sports. As for now, the patients can only hope to get some information on ICD-prevented arrhytmias on scheduled appointments with their doctor, which often occur once a year or even less often. This eliminates any possibility of making informed choices by using patient’s lifestyle data for future arrhythmia episode prevention.
RTL-SDR.com reader Jean Marie Polard (F5VLB) recently wrote in to let us know about a useful document that he has put together which covers beginners amateur radio astronomy. The document includes various introductions to the types of antennas and electronic tools often used in radio astronomy, the software used and an introduction to all the different types of observable objects. There are also a few mentions of the RTL-SDR dongle which is known to be a useful tool for amateur radio astronomy.
The document is available in pdf form in English, as well as in French. If you are looking at getting started in amateur radio astronomy then this is a good starting guide.
