Category: RTL-SDR

Comparing LHCP and RHCP Reception of a Thuraya Satellite with an RTL-SDR and MIX4ALL

Over on YouTube Adam Alicajic 9A4QV (creator of the popular LNA4ALL) has uploaded a video showing a comparison of reception of Thuraya satellites with a LHCP (left hand circular polarization) and RHCP (right hand circular polarization) patch antennas. To receive Thuraya satellites, a LHCP antenna should be used, and Adam’s results show that using an antenna with the wrong polarization (RHCP) produces a signal that is as theoretically expected almost 20dB lower. Shortly after initially posting this Adam wrote in to comment on the following:

Thuraya LHCP original patch antenna have 2 patches stacked inside the panel antenna and the hand made RHCP patch antenna is made only of 1 patch. Theoretically, this should give the 3dB more gain for the Thuraya antenna.

The difference in the received signal due to polarization should be (theoretically) 20dB, thats RHCP vs. LHCP and I experience some 18dB of difference which is good result. Why not 20dB? First of all it is impossible to get 3dB more gain stacking the antennas, this is just the theory, more likely 2db in the practice.

To receive the signals Adam uses the patch antennas, which are connected to the MIX4ALL (a downconverter that he is currently developing), which is then connected to a RTL-SDR dongle.

In the first video Adam shows the difference the wrong polarization makes, and in the second he shows some information about the Thuraya LCHP antenna he uses.

Receiving Thuraya sat - LHCP and RHCP comparison using MIX4ALL

Thuraya antenna L-band + GSM

RTLSDR4Everyone: Avoiding RTL-SDR Rip-Offs

Akos from the rtlsdr4everyone blog has come up with a new post that aims to help people avoid getting ripped off when trying to buy an RTL-SDR dongle. He shows that there are several sellers on eBay who sell branded products (like Nooelec and our own RTL-SDR Blog brand) for higher prices and higher shipping costs than the official manufacturer. He also notes that there are several sellers falsely advertising E4000 dongles, selling custom units that are too expensive and sellers that stuff in popular keywords to wrongly get to the top of rankings with an inflated price.

We’d like to add the following to Akos’ post: We believe these sellers offering our and other brands products at higher prices on marketplaces like eBay are simple market arbitrage bots that scrape items listed on Amazon and then list them on eBay for a higher price. They write that they can ship overseas, but they are simply using an address forwarder (like shipito, viabox or the eBay global shipping program) to forward the goods from the USA to overseas. Note that we ship overseas via our Chinese warehouse for free, so there is no need to use an address forwarder and pay high shipping costs.

We’d also like to note that we now have three companies who legitimately resell our dongle only units locally in the UKJapan and in India. They may charge higher prices as they must contend with import costs and business taxes, but the advantage is fast local shipping and local support.

Don't get ripped off by scammy sellers.
Don’t get ripped off by scammy sellers.

Getting SDR# and RTL-SDR to run on OSX El Capitan with Mono

A few weeks ago Matthew Miller showed us how it was possible to run DSD+ in OSX using a program called Wineskin. Now he’s uploaded a new video that shows how to get SDR# working in OSX El Capitan with Mono. SDR# is designed to be used in Windows, but since it is written in C# under the .NET framework, it should be possible to run it on OSX with the open source Mono .NET implementation. The overall installation is not as straight forward as simply downloading a zip file like it is on Windows, but the tutorial Matthew provides is clear and easy to follow.

The steps involve downloading SDR#, downloading Mono, installing MacPorts, installing PortAudi, installing the RTL-SDR libraries and then setting up some required symbolic links. Finally he shows that to access the RTL-SDR you must first run RTL-TCP and then connect to that using the RTL-SDR (TCP) option in SDR#.

SDR# on MAC OSX EL CAPITAN - RTL SDR - MONO

RTLSDR4Everyone: Review of 5 RTL-SDR Dongles

Over on the rtlsdr4everyone blog (previously known as the sdr4mariners blog), author Akos has uploaded a new post that compares 5 different RTL-SDR dongles against one another. He compares a Terratec R820T, Black Nooelec R820T, Blue Nooelec R820T2, our own RTL-SDR Blog R820T2 and a Nooelec Nano R820T.

In the post Akos gives an overview of the features of each dongle, and runs tests on things like frequency drift and broadcast FM interference. He also runs SNR tests on Airband, low UHF, high UHF signals and shortwave frequencies. His tests show that the dongles with the R820T2 chip outperform the dongles with the R820T chip by about 4-5 dBs in SNR, and that the overall best dongle is our RTL-SDR Blog dongle.

In the future Akos hopes to also review the Nooelec 9:1 balun.

dongles_all
The dongles compared in Akos’ Review

 

Building a Wideband Helix Antenna for L/S/C Bands

Over on YouTube user Adam Alicajic (creator of the popular LNA4ALL low noise amplifier) has uploaded a video showing the performance of a home made wideband helix antenna that he has created for receiving signals such as ones from L-Band Inmarsat satellites. See our tutorial for more information on receiving Inmarsat signals.

Adams helix antenna is built out of an old used can and is based on a 1.1 turn design. In the first of three videos he shows that the SWR of the antenna is all well below 2.0 from 1.5 GHz to 3 GHz. In the second video Adam shows the performance of the helix antenna on actual L-band signals being received with an RTL-SDR dongle. In the final video Adam compares the helix again a patch antenna and finds that the two receive with very similar performance.

Wideband L/S/C band helix antenna Part.1

Wideband L/S/C band helix antenna Part.2

Wideband L/S/C band helix antenna Part.3

Reverse Engineering the SimpliSafe Wireless Burglar Alarm

SimpliSafe is a home security system that relies on wireless radio communications between its various sensors and control panels. They claim that their system is installed in over 300,000 homes in North America. Unfortunately for SimpliSafe, earlier this week Dr. Andrew Zonenberg of IOActive Labs published an article showing how easy it is for an attacker to remotely disable their system. By using a logic analyser he was able to fairly easily reverse engineer enough of the protocol to discover which packets were the “PIN entered” packets. He then created a small electronic device out of a microcontroller that would passively listen for the PIN entered packet, save the packet into RAM, and then replay it on demand, disarming the alarm.

A few days later Micheal Ossmann (wireless security researcher and creator of the HackRF SDR and YardStick One) decided to have a go at this himself, using a YARD Stick One and a HackRF SDR. First he used the HackRF to record some packets to analyze the transmission. From the analysis he determined that the protocol was an Amplitude Shift Keying (ASK) encoded signal. With this and some other information he got from the recorded signal, he could then use his Yardstick One to instantly decode the raw symbols transmitted by the keypad and perform a replay attack if he wanted to.

Next, instead of doing a capture and replay attack like Andrew did, Micheal decided to take it further and actually decode the packets. This took him a few hours but it turned out to not be too difficult. Now he is able to recover the actual PIN number entered by a home owner from a distance without having to do any transmitting. With the right antenna someone could be gathering 100’s of PINs over a distance of many miles. Also, an expensive radio is not required, Micheal notes that the gathering of PIN numbers could just as easily be done on a cheap $10-$20 RTL-SDR dongle.

Micheal notes that the SimpliSafe alarm seems to lack even the most basic cryptographic protection, and that this is a problem that is seen all too often in wireless alarm systems. Rightly so, Micheal and Andrew are not publishing their code, although it seems that anyone with some basic knowledge could repeat their results.

The SimpliSafe Alarm Keypad and a Yardstick One.
The SimpliSafe Alarm Keypad and a Yardstick One.

Meteor M-N1 Still Working, Meteor M-N2 Still Down

The Meteor M N-2 is a polar orbiting Russian weather satellite that was launched in July 2014. It transmits with the LRPT protocol which allows us to receive weather satellite images that are of a much higher resolution than the NOAA APT satellites. For a while since the launch RTL-SDR users had a good time receiving beautiful images from Meteor M-N2, but unfortunately since late last year the N2 LRPT transmitter has been turned off, due to technical problems with the IR sensors as cited by Russian meteorologists.

Fortunately for Meteor N2 enthusiasts the old Meteor M N1 satellite which was thought to be dead sprung back into life around November 2015. Recently Matthew A., a reader of our blog wrote in to let us know that while N2 is still not transmitting, N1 is still transmitting, albeit with somewhat distorted images. Matthew also mentions this link: http://homepage.ntlworld.com/phqfh1/status.htm, which contains up to date info on the status of all weather satellites. He also writes: 

  • While transmissions are readily detectable and decodable at night, it seems that M N-1’s infrared sensors are not functioning. Yielding only black, with the typical noise bars of Red, Green, or Blue
  • As has been previously mentioned, Meteor MN-1’s stabilization system has obviously failed, and the horizon is clearly visible. Perhaps not of scientific value, but certainly beautiful. 

We also note that there are several comments over on the Meteor-M N2 news and support website regarding receiving images from N1 and N2. It seems that sometimes N1 also has some problems with transmission, but they are usually quickly fixed.

Meteor M-N1 Image Received by Matthew
Meteor M-N1 Image Received by Matthew
 

Receiving C-Band AERO Signals

Jonti, the programmer of JAERO has recently updated his software to version 1.04 which can now be used to decode C-Band AERO signals. Previously only L-Band (1.5 GHz) AERO signals could be decoded with JAERO. C-Band signals are much harder to receive as they are at 3.6 GHz, so require an LNB, and they are also much weaker so require a large dish (at least about 1.8 meters or larger in diameter). However, the interest in them is that C-Band AERO signals arguably contain more interesting information that the L-Band AERO data. They contain actual aircraft position data which would allow you to plot the locations of all planes using that satellite. About the information that can be received Jonti writes:

The L band Aero signals (around 1.54GHz) that everyone has been decoding lately using JAERO are the very strong signals being sent from the satellites to the airplanes, this is the information that is being sent from the GESs (ground earth stations i.e. the people on the ground) to the AESs (air earth stations i.e. the people in the airplanes). A modified 2cm GPS antenna, an LNA (Low Noise Amplifiers) or two, and an SDR receiver is enough to receive such signals.

Receiving the information going the other way around from the people in the airplanes to the people on the ground is a lot more challenging. This AES to GES information first gets transmitted from the airplanes around 1.6 GHz to the satellites which is then relayed back down to the GES people on the C-band around 3.6 GHz. that means to receive information from the airplanes the only practical option is to receive the 3.6 GHz frequencies. This is above any SDR receiver I know of. To make things worse, I believe the signals are 11dB weaker than the L band ones that everyone has been receiving. Complicating matters further the signals are transmitted in bursts and each burst is dependent on the airplane’s L band transmitter. So a weaker L band transmitter on a plane produces a weaker C-band burst transmission, likewise any frequency offset of an L band transmitter on the plane produces a frequency offset on the C-band.

So what’s so attractive about C-band Aero signals?

Two reasons spring to mind. The first is the challenge of receiving and demodulating it and the second is this information contains plane location information like ADS-B (Automatic dependent surveillance – broadcast) so you can produce pretty pictures of where all the planes are in the world.

C-Band Data Received with JAERO
C-Band Data Received with JAERO