ESP32-Div: An ESP32 Based Swiss Army Knife for Wireless Networks

On his blog, Cifer has posted about a new device that he's created called "ESp32-Div." ESP32-Div is a multi-featured wireless analysis device for WiFi, Bluetooth, 2.4 GHz, and sub-GHz signals. While ESP32-Div is not based on SDR technology, it is still an interesting device for wireless hackers to discuss.

ESP32-Div can monitor WiFi packets, spam fake WiFi access points, scan for deauth attacks, and scan nearby WiFi networks. For Bluetooth, it can jam, scan, spoof, and cause unintended behaviours on Apple devices via spoofing the AirDrop function. It can also be used as a general 2.4 GHz scanner and jammer. Finally, it can perform replay attacks and jam signals for sub-GHz signals.

The device consists of a custom PCB with an ESP32 and a built-in battery pack. A piggybacking shield adds 3x NRF24 modules for the 2.4 GHz features and a CC1101 module for the sub-GHz features.

Obviously, functions like jamming and spoofing are highly illegal in most countries, but it is interesting to see the capabilities available to anyone with these cheap chips and the right software.

ESP32-DIV: Your Swiss Army Knife for Wireless Networks

Tweet
Share
Reddit
Vote
Email

RTL-SDR Provides Vital Information during Portugal & Spain Blackout

Over on LinkedIn Khalil A. has uploaded a short post highlighting how critical monitoring radio communications was during the mass power outage in Spain. This week Spain and Portugal experienced country wide blackouts, leaving more than 55 million people without power for more than half a day.

During the blackout, news was difficult to obtain as mobile services and internet connections failed. Khalil used a charged laptop and an RTL-SDR to monitor FM, AM, amateur, and emergency services, providing up-to-date information to his neighbourhood.

RTL-SDR provides news during Spain and Portugal blackouts
RTL-SDR provides news during Spain and Portugal blackouts.
Tweet
Share
Reddit
Vote
Email

NOAA 15, 18, 19 End of Life Announcement – But Transmissions will Continue for Hobbyists

Over on the USradioguy.com blog, we've seen news from Carl Reinmann noting that NOAA 15, 18, and 19 will be classed as end-of-life on June 16, 2025. These NOAA satellites are ones commonly used by RTL-SDR hobbyists to download weather satellite images, either via APT on 137 MHz with a V-dipole antenna, or via HRPT on 1.7 GHz with a tracking dish antenna.

Initially, it was thought that this meant that transmissions would cease. However, Carl Reinmann has now clarified with NOAA that transmissions of the APT and HRPT signals will continue as usual. Importantly, NOAA urges that these transmissions will only be "data of opportunity" and should no longer be used for operational purposes (not for anything safety-critical, for example). The transmissions will be fine for everyday hobbyist use.

However, this does mean that should the sensors on these satellites start failing, no attempt will be made to repair them from the ground, and in case of critical failures, the satellites will be decommissioned. In the past, we've seen NOAA 15's scan motor fail multiple times before coming back to life. It's not clear if the satellite received commands from the ground that helped recover it or if the motor just recovered by itself.

The NOAA satellites have lived well past their operational life.
The NOAA satellites have lived well past their operational life.
Tweet
Share
Reddit
Vote
Email

Building a Mechanical Support for the YouLoop and HFDY Loop Amplifier

Thank you to Marco Cardelli (IZ5IOW) who recently wrote in and shared with us his design for mounting a YouLoop antenna indoors, which he uses with his Airspy HF+ Discovery SDR receiver.

Marco's build involves an MDF wooden base measuring 15cm x 15cm, supporting a vertical mast made from a 70cm long, 25mm diameter PVC pipe. The mast is secured to the wooden base using a repurposed metal bracket and cable ties.

Additionally, Marco constructed square loop enclosure out of 20mm diameter PVC pipe for containing his HFDY active loop, measuring 60cm per side. The HFDY is an active loop variant of the YouLoop, available on sites like Aliexpress.

Marco's YouLoop stand, and the inside of the HFDY active loop.
Marco's YouLoop stand, and the inside of the HFDY active loop.
Tweet
Share
Reddit
Vote
Email

Hearing Lightning with an RTL-SDR

On YouTube, user MatdoFM has uploaded a video demonstrating what lightning sounds like over the radio and how to receive lightning pulse noise using an RTL-SDR.

When lightning strikes it releases a pulse of electromagnetic radiation, which shows up as a short wideband noise pulse over the radio spectrum. Lightning detection and mapping services like Blitzortung use a network of volunteer run VLF receivers spread out across the globe to determine the location of lightning pulses using time of arrival radio direction finding techniques.

In the video, MatdoFM uses a frequency of 124 MHz. Because the lightning pulse noise is so wideband, it extends from VLF to VHF and sometimes even UHF frequencies. At the end of his video, MatdoFM shows a lightning strike captured with his security camera and the corresponding radio sound produced by that strike.

Hear LIGHTNING With Your RTL-SDR!

Tweet
Share
Reddit
Vote
Email

Creating an Open Source DMR Transceiver with a LimeSDR Mini

Thank you to Adrian Musceac for writing and sharing his article detailing how he implemented an open-source DMR (Digital Mobile Radio) transceiver modem with his LimeSDR Mini and GNU Radio.

DMR is a digital voice communications protocol often used by commercial business band radios, as well as by amateur radio hobbyists.

Adrian explains:

I wrote an article about the implementation of an open-source DMR transceiver using the LimeSDR-mini, GNU Radio and Codec2, which could be used for SDR experiments.

The DMR modem was designed to work both in repeater and direct (DMO) mode, and supports voice and other basic features of the ETSI TS 102 361-1 standard.

In the article there is discussion about aspects of the TDMA transmission, time synchronization, as well as how David Rowe's Codec2 can be used to replace the default vocoder.

The work builds upon Jonathan Naylor's extensive DMR implementation which a large number of amateur radio operators are using as part of MMDVM.

DMR TX Flowgraph
DMR TX Flowgraph
Transmitting DMR with the LimeSDR-mini

Tweet
Share
Reddit
Vote
Email

DragonOS: LTE IMSI Sniffing using the LTE Sniffer Tool and an Ettus X310 SDR

DragonOS creator Aaron recently uploaded a video on YouTube showing how to capture IMSI data from an LTE-enabled phone by using the open-source LTE sniffer tool and Ettus X310 software-defined radio.

In the video, Aaron uses a simulated environment involving a Signal SDR Pro to simulate the LTE cell phone, a B205 Mini operating as the eNodeB (base station), and an Ettus X310 SDR for the actual LTE sniffing. The SRSRAN software running on DragonOS is used to simulate the LTE network environment.

Aaron goes on to show how the LTE sniffer software passively decodes the physical downlink control channels and captures IMSI numbers from user cell phones.

An IMSI is a unique identifier associated with a cell phone user's SIM card. IMSI sniffing cannot be used to listen to or decode voice, text, or data as they are all encrypted. However, bad actors can use IMSI sniffing to track the movement of devices/people.

DragonOS Noble Sniff + Passively Capture LTE IMSI (x310, b205mini, SignalSDR Pro)

Tweet
Share
Reddit
Vote
Email

Receiving Elektro-L3 LRIT Weather Satellite Images with an 11-Turn Helix Antenna and No Dish

Typically, a satellite dish is used to receive Elektro L3. As an example, our 70cm diameter Discovery Dish with linear feed can do this easily, and achieve an SNR of about 5-6 dB. However, as Meti shows, it is possible to receive this satellite even without a dish, and as he shows, an SNR of 1.5 dB is sufficient for decoding a perfect image.

Meti's antenna is an 11-turn RHCP helix made of copper wire, with a 17 x 17cm ground plane. In his post, he also notes a few interesting findings, noting that the height of the antenna off the ground is critical, rotating the helix can help, interference from cell towers can cause issues, and bending the corners of the ground plane can help.

In the rest of the post, Meti also shows how well the helix antenna works at receiving weather satellite signals from polar orbiting L-Band satellites like Meteor M2-3.

Meti's 11-Turn RHCP Helix Antenna
Meti's 11-Turn RHCP Helix Antenna
Tweet
Share
Reddit
Vote
Email