Briefly, their build consists of a horn antenna and reflector designed for the 1,420.4 MHz Hydrogen line frequency. The horn is built out of a few pieces of lumbar, metallic house wall insulation sheets and aluminum tape. The feed is made from a tin can and piece of wire. In terms of radio hardware, they used an Airspy SDR, GPIO labs Hydrogen Line Filter + LNA, and 2x Uputronics Wide band preamps, and a Minicircuits VBF-1445+ filter. For software processing, they used a GNU Radio flowgraph to integrate and record the spectrum.
The results show that they were able to achieve a good hydrogen line peak detection, and they were able to measure the galactic rotation curve doppler shift, and tangent points which prove that we do in fact live in a spiral galaxy.
The Finished Hydrogen Line SDR Based Horn Radio Telescope Antenna
Leif (SM5BSZ) is fairly well known in the SDR community for doing very indepth technical tests of various SDR receivers over on his YouTube channel. Recently he's released part two of a series where he compares the new Airspy HF+ Discovery against various other SDRs such as the Perseus, SDRplay RSP1, Airpsy HF+ Dual, Airspy + SpyVerter and AFEDRI SDR-Net. In the first video he studied the blocking and second order intermodulation effects of each SDR using signal generators. We summarized those results in this previous post.
In the new video Leif compares the dynamic range of each SDR using real HF antenna signals at 7.2 MHz. In order to create a fair test of dynamic range, appropriate attenuation is added to each receiver in order to make their noise figures equivalent, so that the incoming signal strength is the same for each SDR.
The first set of dynamic range results is summarized at time 08:14, and these results show the dynamic range comparisons for strong night time signals. Again like in the other videos the Perseus is used as the reference SDR since it is always the best. The tests show that the HF+ Discovery trails behind the Perseus by only -3dB, followed by the HF+ Dual at -10dB, AFEDRI at -15dB, Airspy+SpyVerter at -18dB and finally the RSP1 at -23dB.
The second set of results is summarized at 17:47 and this includes a day time dynamic range test. The rankings are very similar to the night time test.
Over the last several months we've been working on a versatile active L-band patch antenna that can cover Inmarsat to Iridium satellite frequencies. That antenna is now almost ready, and should be able to ship out from our Chinese storage warehouse by week 1 or 2 of October NOTE: Due to an unfortunate Typhoon near the factory in Taiwan, and the Chinese National Week long holidays and Taiwan National day we are expecting them to ship out in week 3 or 4 of October now. Apologies for the delays. No other components like filters or amplifiers are required to be able to use this antenna, as it is an all in one system.
The expected price will be US$39.95, but right now we're releasing it for a discounted PREORDER price of US$34.95 incl. free shipping.
Preorder sale has ended. Please see our store to order.
Your preorder will ship out as soon as it's stocked in the warehouse in China. If you prefer to wait we'll also have this product on Amazon (at retail $39.95) about 2-3 weeks after it is stocked in our Chinese warehouse.
The antenna is based on the active (low noise amplified with built in filter) ceramic patch design that was used by Othernet (aka Outernet), back when they had their L-band service active. We've asked them to modify the antenna to cover a wider range of frequencies, and include an enclosure that allows for easier mounting.
The antenna is 3.3 - 5V bias tee powered, so you will need a bias tee capable RTL-SDR like our RTL-SDR Blog V3, or a 5V external bias tee. It draws about 20-30mA of current, so it is compatible with other SDRs like the SDRplay, HackRF and Airspy too.
With this antenna we've paid close attention to the mounting solutions. One major difficulty with these patch antennas is finding a convenient place to mount them. The patch is designed with a built in 1/4" camera screw hole, so any standard camera mount can be used. In the kit we're including a window suction cup, a flexible tripod and 2 meters of RG174 cabling to help with mounting. Your own longer coax cabling can be used, however we'd recommend using lower loss cabling like RG59/58 or RG6 for anything longer than 3 meters.
The patch is also fully enclosed in an IP67 weather proof plastic case, so it can be kept mounted outdoors in the rain.
The RTL-SDR Blog L-Band Satellite Patch Antenna SetWays to mount the patch antenna
Performance
With the patch receiving AERO, STD-C and GPS should be a breeze. Simply point up at the sky, or towards the Inmarsat antenna, apply bias tee power and receive. Below are some sample screenshots showing reception.
The patch is designed to be used with a 1m+ length of coax cable. It may perform poorly if the RTL-SDR is placed right at the antenna due to interference.
If receiving Inmarsat, the patch antenna should ideally be angled to face the satellite.
Rotate the patch until the signal strength is maximized. Rotating the patch optimizes the polarization of the antenna for the satellite and your location. NOTE: Using the wrong orientation could result in 20 dB attenuation, so please do experiment with the rotation.
You can also use the patch on a flat surface for Inmarsat (and rotate for best reception), but signal strength may be a little reduced. Depending on your location and the satellites elevation it should still be sufficient for decoding.
For receiving Iridium and GPS signals you can use the antenna flat, pointing straight up towards the sky. Try to get it seeing a clear view of the sky horizon to horizon to maximize the satellites that it can see.
If you happen to have a very marginal signal, you can clamp on a flat sheet of metal behind the patch antenna for improved performance.
AERO C-Channel: C-Channel transmissions are at 1647-1652 MHz which are outside of the advertised range of this antenna. However, the filter cut off is not that sharp, and you may be able to get results, although we cannot guarantee this. (If you want to test this for us and can demonstrate that you can receive C-Channel already, please contact us at [email protected] for a sample)
To keep them away from humid air Scott uses "PrintDry" plastic vacuum canisters. Unfortunately he found that the vacuum sealing system wasn't perfect, and that some canisters would lose their vacuum after a few days. In order to ensure that the canisters were properly sealed he decided to add some active monitoring with pressure and humidity sensors and a wireless transmitter.
His monitoring system consists of a cheap 315 MHz ISM band transmitter, ATTINY85 microcontroller and pressure + humidity sensor. To receive and monitor the data he uses an RTL-SDR that runs the rtl_433 software, which is a program that is capable of decoding many different types of wireless ISM band sensors.
DIY Wireless Temp/Humid/Pressure sensors for measuring vacuum sealed 3d printed filament containers
Canadian based researchers from the "Open Privacy Research Society" recently rang the alarm on Vancouver based hospitals who have been broadcasting patient data in the clear over wireless pagers for several years. These days almost all radio enthusiasts know that with a cheap RTL-SDR, or any other radio, it is possible to receive pager signals, and decode them using a program called PDW. Pager signals are completely unencrypted, so anyone can read the messages being sent, and they often contain sensitive pager data.
Open Privacy staff disclosed their findings in 2018, but after no action was taken for over a year they took their findings to a journalist.
Encryption is available for pagers, but upgrading the network and pagers to support it can be costly. Pagers are also becoming less common in the age of mobile phones, but they are still commonly used in hospitals in some countries due to their higher reliability and range.
In the past we've seen several similar stories, such as this previous post where patient data was being exposed over the pager network in Kansas City, USA. There was also an art installation in New York called Holypager, that continuously printed out all pager messages that were received with a HackRF for gallery patrons to read.
HolyPager Art Installation. HackRF One, Antenna and Raspberry Pi seen under the shelf.
Over on YouTube user JellyImages has uploaded a video demonstrating his Windows based ARESrcvr software. ARES is a railway control communications protocol used by some trains in the USA. His code connects to an RTL-SDR dongle, and demodulates the ARES protocol, providing decoded packets to ATSCMon via UDP on localhost.
ATSCMon allows you to view train telemetry data, and see on a rail map where that control indication came from. It appears that ATSCMon actually already supports ARES decoding via audio piping, but the decoder by JellyImages is a cleaner solution that doesn't require audio piping. In the past we've posted about one other YouTube user whose uploaded videos on using ATSCMon to monitor trains [Post 1][Post 2].
JellyImages also notes that his software only supports the ARES protocol which is used mostly around former Burlington Northern (BN) territory in the USA.
Back in August 2019 the Chaos Communication Camp was held in Germany. This is a 5 day conference that covers a variety of hacker topics, sometimes including SDR. At the conference Osmocom developer Harald Welte (aka @LaF0rge) presented a talk titled "The Limits of General Purpose SDR devices". The talk explains how general purpose TX capable SDRs like HackRFs and LimeSDRs have their limitations when it comes to implementing advanced communications systems like cellular base stations.
Why an SDR board like a USRP or LimeSDR is not a cellular base station
It's tempting to buy a SDR device like a LimeSDR or USRP family member in the expectation of operating any wireless communications system out there from pure software. In reality, however, the SDR board is really only one building block. Know the limitations and constraints of your SDR board and what you need around it to build a proper transceiver.
For many years, there's an expectation that general purpose SDR devices like the Ettus USRP families, HackRF, bladeRF, LimeSDR, etc. can implement virtually any wireless system.
While that is true in principle, it is equally important to understand the limitations and constraints.
People with deep understanding of SDR and/or wireless communications systems will likely know all of those. However, SDRs are increasingly used by software developers and IT security experts. They often acquire an SDR board without understanding that this SDR board is only one building block, but by far not enough to e.g. operate a cellular base station. After investing a lot of time, some discover that they're unable to get it to work at all, or at the very least unable to get it to work reliably. This can easily lead to frustration on both the user side, as well as on the side of the authors of software used with those SDRs.
The talk will particularly focus on using General Purpose SDRs in the context of cellular technologies from GSM to LTE. It will cover aspects such as band filters, channel filters, clock stability, harmonics as well as Rx and Tx power level calibration.
The talk contains the essence of a decade of witnessing struggling SDR users (not only) with running Osmocom software with them. Let's share that with the next generation of SDR users, to prevent them falling into the same traps.
Over on YouTube Black Hills Information Security (aka Paul Clark) has uploaded a one hour long presentation that shows how to use a software defined radio to reverse engineer digital signals using GNU Radio.
One of the most common uses of Software Defined Radio in the InfoSec world is to take apart a radio signal and extract its underlying digital data. The resulting information is often used to build a transmitter that can compromise the original system. In this webcast, you'll walk through a live demo that illustrates the basic steps in the RF reverse engineering process, including:
- tuning - demodulation - decoding - determining bit function - building your own transmitter - and much, much more!
