Over on YouTube user Pablo Sala (KI7OJL) has uploaded a video that shows a neat all-in-one receiver build based on an RTL-SDR. Pablo's build runs on a Pipo x8 Mini PC which is a US$110 PC/tablet that includes a build in LCD touch screen. The build also adds several Arduino powered control knobs for tuning, mode and bank selection, squelch and volume to the base. The knobs directly interface with HDSDR, his chosen software.
The video titles are dated 2017, but the video only seems to have been uploaded recently. Unfortunately we weren't able to find much more information about this build, other than the video.
Homebrew: RTL-SDR Receiver with Arduino-powered knobs on a Pipo X8 Mini PC running HDSDR, May 2017
Talks from this years DEF CON 27 conference which was held back in August are now available on YouTube. DEFCON is a yearly conference that a focuses on information security topics and often includes talks about SDRs and other wireless radio topics too. In particular we wanted to highlight the the DEF CON 27 Wireless Village playlist which contains numerous talks related to wireless, radio and SDRs.
Most talks from the wireless village relate to WiFi, but one talk with some very useful information that we really enjoyed was "Antennas for Surveillance" by Alex Zakhorov.
We will cover the various kinds of antennas available to optimized your SDR radio for different types of spectrum monitoring. We will also explain why RF filters are necessary on most SDR's and when Low Noise Amplifiers help, and when Low Noise Amplifiers hurt reception.
Kent Britain/WA5VJB - Antennas for Surveillance - DEF CON 27 Wireless Village
Another interest talk was called "The Ford Hack Raptor Captor video" by Dale Wooden (Woody) where he shows how he used an RTL-SDR and HackRF to hack a Ford car key fob. If you're interested we wrote about the Hak5 videos on this hack in a previous post.
This talk will show flaws with development of security protocols in New Ford key fobs. This will exploit several areas. The ability for a denial of service to the keyfob WITHOUT jamming. How to trick the vehicle into resetting its rolling code count. How to lock, unlock, start, stop, and open the trunk of ford vehicles using a replay attacked after resetting rolling code count. How to find the master access code for Fords keypad to bypass security. This talk will also demonstrate how to reset your key fobs if they are attacked by a deauth attack. We will also demonstrate gnu-radio script to automate RF collection of Ford key fobs. As seen on HAK5 episodes 2523-2525
Woody - The Ford Hack Raptor Captor video - DEF CON 27 Wireless Village
Outside of the Wireless village there were also some interesting SDR topics including this talk titled "SDR Against Smart TVs URL Channel Injection Attacks" by Pedro Cabrera Camara. If you're interested we also wrote about Pedro's work in a previous post.
Software-defined-radio has revolutionized the state of the art in IoT security and especially one of the most widespread devices: Smart TV. This presentation will show in detail the HbbTV platform of Smart TV, to understand and demonstrate two attacks on these televisions using low cost SDR devices: TV channel and HbbTV server impersonation (channel and URL injection). This last attack will allow more sophisticated remote attacks: social engineering, keylogging, crypto-mining, and browser vulnerability assessment.
Pedro Cabrera Camara - SDR Against Smart TVs URL Channel Injection Attacks - DEF CON 27 Conference
Recently three new reviews of the Airspy HF+ Discovery have come out in various radio enthusiast magazines from around the world. All three reviews have been released for free in PDF form over on the Airspy reviews page. Unsurprisingly each review praises the HF+ Discovery as it's clearly a great radio.
” Most the low-priced SDRs have never been preselected, mostly for cost reasons, and will suffer strong signal overload especially in high RF areas (urban/metro areas). Without exception, these devices usually have major problems with the antennas that radio hobbyist use. They overload very quickly, which makes serious reception on long, medium and shortwaves rather difficult. The HF+ Discovery is the big exception. Based on our testing, the Airspy HF+ Discovery has no equal at its price point. You will find world-class performance and an amazing piece of hardware wrapped up in a package smaller than a matchbox. The Airspy line has a very fine reputation in the radio hobby. In reviews published in Gayle Van Horn’s 2018 Global Radio Guide and the 2019 World Radio TV Handbook, the Airspy HF+ received high marks by the testers and a “Best Value” rating. ”
The second review is by Nils Schiffhauer (DK8OK) which was published in the October 2019 edition of "Radio User". For German readers, Nils also published a similar review written in German for the December edition of "Radio-Kurier".
Just another SDR? Wait, this beast is different – not only in size and price but also in terms of its concept and performance. In common with some former models of AirSpy SDRs, the new AirSpy HF+ Discovery model (henceforth: ‘Discovery’) is a joint venture of Youssef Touil and his team at the Chinese ITEAD studio and ST Microelectronics. This smart team has already developed, for example, the ground-breaking AirSpy HF+, which is widely considered to be the top performer in its class. The Discovery continues this success story.
The Discovery shines with less noise, and, astonishingly, less crackle. In at least 80% of these diffi cult cases, intelligibility with the Discovery is clearly better. With very few stations, this receiver will even make the difference between understanding the identification of a station and not copying it. In August, I also tested the Discovery with the most ‘demanding’ band, the Very Low Frequency range (VLF). Here most SDRs – and certainly the majority of budget SDRs – reach their limits, lacking sensitivity and filling up the band with internally-generated signals. Thanks to a newly developed input section to start at even 500Hz, this receiver shows outstanding strong and clean signals from as far as the US Navy in Australia.
Covers from the Spectrum Monitor and Radio User Airspy HF+ Discovery Reviews
Thomas from the SWLing blog has been playing around with the recently announced SDRplay RSPdx and has come out with a comprehensive review of the unit. In the review he also provides some comparison videos on real signals between the RSPdx and other SDRs like the WinRadio Excalibur, and Airspy HF+ Discovery.
In the review Thomas notes that while having the advantage of being a wideband receiver, the predecessor to the SDRplay RSPdx (the SDRplay RSP2) was never able to compete with the similarly priced Airspy HF+ and Airspy HF+ Discovery units when it came to HF, MW and LW receiving performance.
But now with it's 0 to 2 MHz enhanced HDR mode activated, Thomas notes that the new RSPdx is majorly improved over the RSP2 in terms of sensitivity and selectivity on the medium wave bands. Thomas' tests also show substantial improvements in the shortwave bands.
KerberosSDR is our experimental 4-Tuner Coherent RTL-SDR product made in collaboration with Othernet. It can be used for applications such as radio direction finding and passive radar. Currently it's available for US$149 on the Othernet store.
The RDF Mapper software allows you to upload bearings from multiple devices distributed around a city to a public RDF server, and view all the bearings on any internet connected PC. This can allow you to quickly triangulate the location of a transmitter.
Normally you would use RDFMapper combined with an RDF42 to upload bearings, but we've written a simple script that can be used to upload bearings generated by a KerberosSDR onto the server. The RDFMapper software can then be used to visualize those bearings.
The script is based on Python, and can run directly on the Pi 3/4 or Tinkerboard that is running the KerberosSDR, or on another PC that can see the KerberosSDR bearing server if you prefer.
Instructions are available on the GitHub page. Simply set unique station names for each of your distributed units, entry your lat/lon and fixed direction bearing. Then on the RDF Mapper software open the 'Web upload/download' tab and add the unique station ID name. All the other tabs for connecting to a GPS and serial port can be ignored, as those are used for the RDF42.
This script will only work for stationary KerberosSDR units as the lat/lon is fixed. If you want to try radio direction finding in a vehicle, we recommend using our Android App for a better experience. If there is interest, we may also add support for the Android app to upload to an RDFMapper server for mobile bearing uploads.
Notes: RDFMapper runs on the system's default browser and it needs to run in either Chrome or Firefox to work. IE does not work. It also appears that Jonathan processes orders manually, so we just want to note that there may be a delay between payment and receiving the software.
RDF Mapper Software. Plotting bearing data from networked units.
Over on Twitter and YouTube Bastian Bloessl (@bastibl) have been posting teaser shots and videos of GNU Radio 3.8 running on an un-rooted Android device. Unfortunately there doesn't yet seem to be any word yet on how he's been able to do this, but we guess that the details will all be released in due time, possibly on his blog.
GNU Radio is an open source digital signal processing (DSP) toolkit which is often used in cutting edge radio applications and research, and to implement decoders, demodulators and various other SDR algorithms.
GNU Radio 3.8 on un-rooted Android. Now with double-mapped circular buffers using Android shared memory. USRP B2XX support. Volk support including a Volk Profile Android app (thanks @albinstigo for the NEON kernels) and OpenCL acceleration w/ gr-clenabled (thanks @Ghostop141). pic.twitter.com/w2tdaRW4Mk
Over on YouTube the Scanner and Sdr Radio channel has uploaded a video comparing four different brands of HF wideband loop antennas using an SDRplay RSPduo. The loops he tested include the cheap Chinese MLA-30 (~$40), the Cross Country Wireless (CCW) loop ($70), Bonito ML200 (~$442) and the Wellbrook 1530LN (~$305).
The MLA-30 was slightly modified with the cheap coax removed and a BNC connector added. Each of the antennas used a wire loop with diameter of approximately 1.6m, except for the Wellbrook which has a fixed size solid loop of 1m.
The tests compare each loop against the Wellbrook which is used as the reference antenna. In each test he checks each HF band with real signals on the RSPduo and compares SNR between the two antennas.
The results show that the two expensive antennas, the Bonito and Wellbrook, do generally perform the best with the lowest noise floors, but surprisingly the MLA-30 actually performs very well for it's price point, even outperforming the Wellbrook reference on SNR in some bands. We note that some of the improvement may be due to the larger 1.6m loop size used on the MLA-30, compared to the 1m loop on the Wellbrook.
Also we note that it can be hard to compare antennas in single tests, because the differences in antenna radiation patterns could be favorable for some signals, and less so for others, depending on the location.
Over on YouTube the TechMinds YouTube channel has uploaded a review of our RTL-SDR Blog L-Band patch antenna which we recently released. TechMinds tests the antenna on a STD-C Inmarsat channel with the Scytale-C decoder, and on various AERO ACARS transmissions with JAERO. Later in the video he also tests the patch antenna on Iridium reception using the Iridium Toolkit software. In all tests the patch is able to suitably receive the signal with either an RTL-SDR or Airspy SDR.
We also wanted to make a note about an additional tip regarding polarization that many people using the antenna seem to have missed. As Inmarsat signals are LHCP polarized, it is important to not only point the antenna towards the satellite, but also to rotate the antenna to match the polarization until maximum SNR is achieved. The rotation can make the difference between strong signals and nothing received at all.
RTL-SDR Active L-Band Patch Antenna For Inmarsat / Iridium / GPS
We've also recently seen a user 'Bert' who has needed to boost the signal strength as he was running the patch inside and at a location in northern Europe with poor reception of Inmarsat. To boost it he simply added a metal horn over the patch made from an old aluminum box, and also a back plate reflector. He notes that this improved his SNR on AERO 10500 from 8 - 9 dB, up to 12 - 14 dB. He also tested using the patch on a dish antenna, and found very good results too.
Aluminum Horn Added to L-Band PatchL-Band Patch Antenna on Dish
