Saveitforparts: Receiving Military DMSP Satellite Data with a Hacked TV Dish

Over on the saveitforparts YouTube channel, Gabe has uploaded a video showing how he uses a hacked TV satellite dish to receive satellite weather data from Defense Meteoroloogical Satellite Program (DMSP) satellites.

These satellites were initially developed during the Cold War and featured an encrypted downlink of meteorological data. However, recently, the DMSP downlink has encryption turned off when passing over the northern half of the USA (40°-41° latitude and up to 60° North), allowing hobbyists in some parts of the USA to decode images. 

In his video, Gabe uses a HackRF SDR with an old DirectTV dish with a modified S-band helical feed mounted on a hacked Wineguard motorized platform that was originally intended for automatically pointing TV dishes on RVs. Despite some initial problems with the SatDump software crashing, he is eventually able to receive some nice, clean images.

Interestingly, Gabe also shows what the signal looks like while encrypted and how it transitions to the unencrypted signal after the satellite passes over the threshold. 

We note that it is not documented by the military why encryption is being turned off only over the northern half of the USA. Still, it is speculated that the military doesn't consider images over this part of the USA to be sensitive, and disabling encryption could help save power and help other organizations with scientific research. However, as Gabe mentions in the video, being a Cold War-era satellite, the image quality from DMSP isn't great, and more modern satellites like the NOAA series give much better images over the entire earth unencrypted. 

Grabbing Military Satellite Data With Hacked TV Dish

Tweet
Share
Reddit
Vote
Email

TechMinds: Building an Automated NavTex Receiver using a Raspberry Pi and SDRplay

Over on the TechMinds YouTube channel, Matt has uploaded a video tutorial showing how to create an automated NavTex receiver using a Raspberry Pi and an SDRplay software- defined radio.

NavTex is a safety and navigational information radio text broadcast system for mariners, typically broadcast at 518 kHz and 490 kHz. On ships, it is typically received by dedicated hardware that prints out information on a piece of paper as it comes in. However, with an appropriate antenna and an SDR, it is possible to receive and decode NavTex signals at home. 

In his video, Matt shows how a Raspberry Pi loaded with a piece of software created by "boat-comm" can be combined with an SDRplay RSPdx to create a homemade automated NavTex receiver. Matt shows how to install the software and goes on to demonstrate it in action.

Currently, only SDRplay receivers are supported by boat-comms software, but it's possible that in the future, other SDRs may be supported, too.

Automated NavTex Receiver Using A Raspberry Pi & SDRPlay SDR

If you're interested, boat-comm also has a video about his software available on his YouTube channel and we've embedded his video below.

NAVTEX on raspberrypi for sailors

Tweet
Share
Reddit
Vote
Email

Saveitforparts Checks out the Discovery Dish

Over on his YouTube channel 'saveitforparts,' Gabe has uploaded a video checking out and reviewing our Discovery Dish product that we successfully crowd-funded on CrowdSupply back in December 2023.

Discovery Dish is designed as a low-cost way to dive straight into backyard satellite experiments, including receiving L-band and S-Band weather satellites as well as Inmarsat satellites. It also offers an easy entry into making galactic Hydrogen line observations.

The dish is a 70cm prime focus dish, that can easily be broken down into three parts for easy storage and transport. The feeds are fully integrated, meaning that the feed antenna, LNA, and filtering are all in one unit and built into a waterproof enclosure. This means there is no need to purchase individual components and figure out waterproofing.

In his video, Gabe unboxes the Discovery Dish, builds it, and uses the L-band feed to receive a few images from GOES 16, Meteor M3, Meteor M4, and METOP weather satellites. He goes on to successfully test reception with the S-band feeds on NOAA weather satellites, before testing out the Inmarsat feed and successfully receiving signals. Finally, Gave notes that he hopes to test out the Hydrogen Line feed in a future video.

Checking Out The Discovery Dish - A Simple & Easy-To-Use Satellite Antenna For Everyone!

Tweet
Share
Reddit
Vote
Email

Jeff Geerling Explores the CaribouLite Raspberry Pi Hat

The CaribouLite is a software-defined radio hat for the Raspberry Pi that was successfully funded on Crowd Supply in early 2022. Despite being a few years old, we've rarely heard news about the CaribouLite being used. However, Jeff Geerling, a popular YouTube maker, recently uploaded a video about CaribouLite.

In the video, Jeff explains that he uses a Raspberry Pi 4, noting that the newer Raspberry Pi 5 actually cannot be used, as they have changed the architecture by placing an RP1 chip in between the SMI memory interface used by the CaribouLite to transfer data. He goes on to show the installation procedure, referring to the instructions he's written on his blog post. Jeff goes on to demonstrate the CaribouLite operating in GQRX, and receiving some example signals.

Finally, Jeff shows how he powered the CaribouLite via the Raspberry Pi PoE (Power over Ethernet) hat, noting that he had to use GPIO and a custom 4-pin extender to support both hats at the same time. He then shows how he mounted the stack in his Raspberry Pi rack.

Radio Hacking 101: Raspberry Pi SDR with a CaribouLite

Tweet
Share
Reddit
Vote
Email

The Taylorator: Flooding the Broadcast FM Band with Taylor Swift Songs using a LimeSDR

Over on Hackaday and creator Stephen's blog, we've seen an article about the 'Taylorator,' open source software for the LimeSDR that floods the broadcast FM band with Taylor Swift music. In his blog post, Stephen explains how he wrote this software, explaining the concepts behind audio preparation, FM modulation, and what computing hardware was required to implement it.

The advertised use case of the Taylorator is obviously a bit of a joke; however, as the video on Stephen's blog shows, his software can play a different song on every broadcast FM channel. So, there could be some use cases where you might want people to be able to tune an FM radio to custom music on each channel. Of course, you could also just use it to play a practical joke on someone.

In terms of legality, in his blog post, Stephen notes that blasting the broadcast FM band on every channel is probably not legal and may go against the spirit of low-power FM transmitter laws in most countries. However, he notes that spreading a few mW over 20 MHz of bandwidth results in a weak signal that is unlikely to travel very far. Regardless, we would advise potential users of the software to check their local laws before going ahead and playing around with something like this.

The software is open source and available on Stephen's GitLab.

The Taylorator: Broadcasting Taylor Swift songs on every broadcast FM channel
The Taylorator: Broadcasting Taylor Swift songs on every broadcast FM channel
Tweet
Share
Reddit
Vote
Email

Video on the Basics of SDR for Hackers

On YouTube, An0n Ali posted a video providing a good overview of the basics of using a software-defined radio for hacking. The video introduces RTL-SDR and how it can be used to listen to unencrypted communications, the HackRF and how it can be used for replay and jamming attacks, and the Flipper Zero, noting how it is a more beginner-friendly entry into the world of RF security.

SDR Basics for HACKERS!

Tweet
Share
Reddit
Vote
Email

CCC Conference Talk: BlinkenCity – Radio-Controlling Street Lamps and Power Plants

In another talk at the Chaos Computer Club (CCC) 2024 conference, Fabian Bräunlein, and Luca Melette talked about how vulnerable Europe's renewable energy production is to attacks via the longwave radio ripple control system. Essentially, attacks over radio could be used to remotely switch loads and power plants on and off in a way that could damage the grid.

The recorded talk can be viewed directly via the CCC website, or via the embedded YouTube player below.  

A significant portion of Europe's renewable energy production can be remotely controlled via longwave radio. While this system is intended to stabilize the grid, it can potentially also be abused to destabilize it by remotely toggling energy loads and power plants.

In this talk, we will dive into radio ripple control technology, analyze the protocols in use, and discuss whether its weaknesses could potentially be leveraged to cause a blackout, or – more positively – to create a city-wide Blinkenlights-inspired art installation.

With three broadcasting towers and over 1.3 million receivers, the radio ripple control system by EFR (Europäische Funk-Rundsteuerung) GmbH is responsible for controlling various types of loads (street lamps, heating systems, wall boxes, …) as well as multiple gigawatts of renewable power generation (solar, wind, biogas, …) in Germany, Austria, Czechia, Hungary and Slovakia.

The used radio protocols Versacom and Semagyr, which carry time and control signals, are partially proprietary but completely unencrypted and unauthenticated, leaving the door open for abuse.

This talk will cover:

  • An introduction to radio ripple control
  • Detailed analysis of transmitted radio messages, protocols, addressing schemes, and their inherent weaknesses
  • Hardware hacking and reversing
  • Implementation of sending devices and attack PoCs
  • (Live) demonstrations of attacks
  • Evaluation of the abuse potential
  • The way forward
38C3 - BlinkenCity: Radio-Controlling Street Lamps and Power Plants

Tweet
Share
Reddit
Vote
Email

A USB-C Mod for RTL-SDR Blog V3/V4 Dongles

Over on GitHub, umbertoragone has uploaded some schematics for a USB-C modification he's made for RTL-SDR Blog V3 and V4 dongles. The modification removes the stock USB-A plug on the dongle, and instead replaces it with a USB-C connector mounted on an adapter PCB.

The repo contains all the gerbers, BOM, and assembly details required to replicate the modification. He notes that he is also selling a pre-made USB-C adapter board over on his Tindie or Lectronz store for US$4 (currently out of stock).

Let us know in the comments if you would be interested in seeing an official USB-C version of the Blog V3 and V4 line of dongles. Previous polling has indicated that USB-A is still the preferred choice by a wide margin, but attitudes may have changed over the years.

A USB-C Modification for RTL-SDR Blog V3 and V4 dongles.
A USB-C Modification for RTL-SDR Blog V3 and V4 dongles.
Tweet
Share
Reddit
Vote
Email