Over on YouTube channel Tech Minds has uploaded a short tutorial video that shows how to perform a replay attack with a HackRF and the Universal Radio Hacker software. A replay attack is when you record a control signal from a keyfob or other transmitter, and replay that signal using your recording and a TX capable radio. This allows you to take control of a wireless device without the original keyfob/transmitter. This is easy to do with simple wireless devices like doorbells, but not so easy with any system with rolling codes or more advanced security like most car key fobs.
In the video Tech Minds uses the Universal Radio Hacker software to record a signal from a wireless doorbell, save the recording, replay it with the HackRF, and also analyze it.
Universal Radio Hacker - Replay Attack With HackRF
In the past we've posted twice about Hex and Flex who has been designing and selling various types of wideband PCB antennas. Previously we saw his wide band vivaldi antenna, and his wideband 400/800 MHz+ spiral antennas.
Now on the latest episode of SignalsEverywhere host Corrosive gives us a brief review of the Hex and Flex antennas, and goes on to demonstrate the spiral antenna in action. In his tests he was able to receive Inmarsat AERO, 433 MHz tire pressure monitors (TPMS), 300 MHz APRS signals, 300 MHz SATCOM, 800 MHz P25 and 1090 MHz ADS-B aircraft tracking signals with the spiral antenna and our RTL-SDR Blog Wideband LNA.
The video also comes with a 20% off promotion code for the Hex and Flex Tindie store. Simply enter the code "signalseverywhere" at checkout.
Reddit user [Bobcalamarie] recently [posted] about how he uses his car dash mounted Android tablet along with an RTL-SDR Blog V3 and a magnetic mount antenna while sitting in traffic to track aircraft overhead.
We’ve seen something similar to this once before when [Signals Everywhere] uploaded a video showing off ADS-B reception (among other things) to a dash-mounted Windows tablet and an Android head unit.
The software used by Bobcalamarie is the Android [Avare ADS-B] software which can be found in the Google Play Store. However, other applications exist for Windows, Linux, and other operating systems as well. Some software such as [Virtual Radar Server] even allows you to set-up alerts for specific types of aircraft. Which while we wouldn’t condone it, it might come in handy for someone in traffic.
What would you do if you had an SDR installed in your vehicle? We would love to hear what you have to say in the comments below.
Thank you to Frank for submitting his new RTL-SDR compatible Orbcomm Satellite monitor software called "Orbcomm Receiver". Orbcomm is a low earth orbit satellite communications system that operates in the 137 - 138 MHz frequency range. The satellites specialize in remote IoT and machine to machine (M2M) connectivity, an example use case being a GPS tracker on a shipping container regularly uploading GPS coordinates from anywhere in the world via the Orbcomm satellites. Orbcomm satellite signals are fairly strong and can easily be received with an RTL-SDR and V-Dipole antenna.
We haven't posted about Orbcomm on this blog since 2015 since there is not many interesting things to say about it. The data is all encrypted, and the only information you can really see is Orbcomm satellite ID, frequency and positioning data. Franks software doesn't change this fact, but his software is all open source, so it may be a useful tool for learning about satellite signal DSP processing. Frank writes:
There are a couple different projects out there to decode ORBCOMM signals (Orbcomm-Plotter and MultiPSK). What makes my project different from these is that I wrote it as a learning project. So all of the signal processing, written in Python, is available to the user and is decently documented. I hope this can be a good learning resource for people who want to see a practical example of satellite communications signal processing. Also, my software is open source and free to use.
Currently, the software can do offline or real-time decoding of a single ORBCOMM downlink channel. The transmitted bits of the ORBCOMM signal are demodulated and when the packet type is known, the packet information is decoded. There are a lot of ORBCOMM packets that can't be decoded and of course the message data is encrypted so that information is not available. But, there is still a ton of interesting information available.
The project is still in development so it has some limitations. For real-time recordings, I only support RTLSDRs currently. Also, I'm having trouble getting the real-time processing to work on mac OS, so currently that mode is only supported on linux. However, I have included a couple data files in the repo, so even without an SDR, users can experiment with the signal processing. I welcome any bug reports or suggestions.
Marcus Leech from ccera.ca is a pioneer in using low cost software defined radios for observing the sky with amateur radio telescopes. In the past he's shown us how to receive things like the hydrogen line, detect meteors and observe solar transits using an RTL-SDR. He's also given a good overview and introduction to amateur radio astronomy in this slide show.
His recent project has managed to create a full Hydrogen sky map of the northern Canadian sky. In his project memo PDF document Marcus explains what a sky map shows:
A [sky map] shows the brightness distribution over the sky for a given set of observing wavelengths. In the case of the 21cm hydrogen line wavelength, maps show the distribution of hydrogen over the sky. For amateur observers, such maps generally show the distribution within our own galaxy, since extra-galactic hydrogen is considerably more faint, and significantly red/blue shifted relative to the rest frequency of 1420.40575 MHz, due to relative motion between the observer and the target extra-galactic hydrogen.
He was able to make this observation using his radio telescope made from a 1.8m dish antenna, a NooElec 1420 MHz SAWBird LNA + Filter, a 15dB line amplifier, another filter and two Airspy R2 software defined radios locked to an external GPSDO. The system runs his custom odroid_ra software on an Odroid XU4 single board computer, which provides spectral data to an x86 host PC over an Ethernet connection.
Over 5 months of observations have resulted in the Hydrogen sky map shown at the end of this post. Be sure to check out his project memo PDF file for more information on the project and how the image was produced. Marcus' blog post over on ccera.ca also notes that more data and different maps will be produced soon too.
Thanks to a tweet by @rf_hacking we recently came across an interesting project called "r2cloud". This is an open source program provided on a ready to use image for the Raspberry Pi that can be used to set up an automated satellite recording station for NOAA APT and Meteor LRPT signals, as well as for CubeSats.
The software presents a web based user interface that is easy to setup and view decoded images on. It appears that the software also communicates with a public server that can aggregate and log your data, and also provide it to SatNOGS and provide FunCube satellite telemetry to FunCube Warehouse.
A Geostationary Satellite Imaged with the RTL-SDR Based Mini Radio Telescope
Just a few days we posted an update on the PICTOR open source radio telescope project. That project makes use of an RTL-SDR and a small dish antenna to receive the Hydrogen line, and is able to measure properties of our galaxy such as determining the shape of our galaxy.
Now over on Hackaday another amateur radio telescope project has been posted, this one called the "Mini Radio Telescope" (MRT) which was made by Professor James Aguirre of the University of Pennsylvania. This project makes use of a spare Direct TV satellite dish and an RTL-SDR to make radio astronomy observations. What makes this project interesting in particular is the automatic pan and tilt rotor that is part of the design. Unlike other amateur radio telescopes, this motorized design can track the sky, and map it over time. This allows you to create actual radio images of the sky. The image on the right shows a geostationary satellite imaged with the dish.
In the past we saw a similar project by the Thought Emporium YouTube channel which used a tracking mount and a HackRF to generate images of the WiFi spectrum. This was to be a precursor to a motorized tracking mount for radio astronomy but it doesn't seem that they completed that project yet.
Professor James Aguirre 's project including designs for the rotor is fully open source and can be found over on GitHub.
Cross Country Wireless is a UK based company that has created an active HF loop antenna for only $70 USD including international shipping. The loop appears to have already been for sale for a while now, but recently they've created a new version that can be easily powered by a 5V bias tee with at least a 67 mA current capacity. This makes it very easy to use with radios that have built in bias tee's such as our RTL-SDR Blog V3 and SDRplay and Airspy units. The page reads:
The Loop Antenna Amplifier contains all the electronics needed for home DIY construction of an active loop (magnetic loop) low noise receiving antenna.
The amplifier consists of two units, a weatherproofed outdoor unit for connection to a suitable loop and a base unit to further amplify the signal and to provide DC power up the coaxial cable to the outdoor unit.
The outdoor unit is housed in a polycarbonate box with stainless steel antenna connections and a BNC socket. The indoor unit is a PCB with two BNC connectors and a USB socket to take 5V from a USB socket on a PC or phone charger.
Like our other active antenna products it has RF overload protection to allow it to be used very close to transmit antennas without damaging the amplifier or the attached receiver.
The loop depends on what the user has available. We have tested it with simple wire loops or deltas, coax loops and an alloy loop made from a bicycle wheel rim. We supply a 3m (10 ft) length of wire as a simple loop to make a first loop for testing.
The photograph on the right shows the prototype with a 1m diameter loop of LDF4-50 coax cable as a test loop.
With a simple wire loop or delta and a small USB powerbank it makes a very compact and portable receiving antenna for holiday listening or covert use.
The latest version can now have the head unit powered directly from receivers with a 5V bias-tee such as the SDRplay receivers or some RTL-SDR dongle receivers with a bias-tee option.
Specifications:
Frequency range: 10 kHz to 30 MHz
Loop amplifier input impedance: 0.3 ohms
Output impedance: 50 ohms
Supply voltage: 5 V from USB socket or charger
Supply current (head and base unit): 112 mA
Supply current (head unit fed with 5V bias-tee): 67 mA
Loop antenna outdoor unit connectors: Two M6 stainless steel threaded studs and BNC female (RF out 50 ohms)
There is no comparison yet that we've seen on how this loop compares against the cheaper US$45 Chinese made MLA-30 loop. In a previous post Martin (G8JNJ) reviewed the MLA-30 and noted several design flaws after reverse engineering the circuit. He has let us know that he will also be reviewing the Cross Country Wireless Active Loop and will let us know his thoughts in the future.
Cross Country Wireless Loop
Cross Country Wireless Loop Antenna Amplifier VLF test with 1m diameter coax loop
