The RadioInstigator: A $150 Signals Intelligence Platform Consisting of a Raspberry Pi, RPiTX, 2.4 GHz Crazyradio and an RTL-SDR

Circle City Con is a yearly conference that focuses on information security talks. At this years conference Josh Conway presented an interesting talk titled "SigInt for the Masses Building and Using a Signals Intelligence Platform for Less than $150". Josh's talk introduces his "RadioInstigator" hardware which is a combination of a Raspberry Pi, CrazyRadio and an RTL-SDR all packaged into a 3D printed enclosure with LCD screen. The idea behind the RadioInstigator is to create a portable and low cost Signals Intelligence (SIGINT) device that can be used to investigate and manipulate the security of radio signals.

The RadioInstigator makes use of the RPiTX software which allows a Raspberry Pi to transmit an arbitrary radio signal from 5 kHz up to 1500 MHz without the use of any additional transmitting hardware - just connect an antenna directly to a GPIO pin. Connected to the Pi is a CrazyRadio, which is a nRF24LU1+ based radio that can be used to receive and transmit 2.4 GHz. And of course there is an RTL-SDR for receiving every other signal. Josh has made the plans for the RadioInstigator fully open source over on GitLab.

In his talk Josh introduces the RadioInstigator, then goes on to discuss other SDR hardware, antenna concepts and software installed on the RadioInstrigator like RPiTX, GNU Radio, Universal Radio Hacker, Salamandra, TempestSDR and more.

[First seen on Hackaday]

Track 3 07 SigInt for the Masses Building and Using a Signals Intelligence Platform for Less than 15

Tweet
Share
Reddit
Vote
Email

SignalsEverywhere: What SDR To Buy? Choose the Right one For You

Over on his YouTube channel SignalsEverywhere, Corrosive has just released a new video titled "Software Defined Radio Introduction | What SDR To Buy? | Choose the Right one For You". The video is an introduction to low cost software defined radios and could be useful if you're wondering which SDR you should purchase.

The video includes a brief overview of the Airspy, KerberosSDR, PlutoSDR, LimeSDR Mini, HackRF, SDRplay RSPduo and various RTL-SDR dongles. In addition to the hardware itself Corrosive also discusses the compatible software available for each SDR.

Software Defined Radio Introduction | What SDR To Buy? | Choose the Right one For You

Tweet
Share
Reddit
Vote
Email

Tracking Tagged Orangutans in the Bornean Jungle with Drones, GNU Radio and an Airspy Mini

Due to various human activities causing the environmental destruction of it's habitat, the Orangutan is now classed as a critically endangered species. In addition to being endangered, Orangutans face another problem in that they are often captured and sold as pets due to their intelligence and cuteness.

To combat these problems, NGOs, charities and rescue centers have been using RF tags on rehabilitated Orangutans that have released back into the wild. The RF tag regularly transmits a data-less pulse at VHF frequencies which is then typically tracked using direction finding equipment such as a directional Yagi antenna. The range is only approximately 200-400m. 

In order to try and alleviate the range issue Dirk Gorissen has been working on creating a drone based system that could detect the VHF transmission and create a heatmap of Orangutan positions. The first iteration of his system uses an RTL-SDR, Odroid and lightweight loop antenna. A simple Python script then monitors the spectrum and logs the drones current location, altitude, speed and heading when a pulse is detected. Tests confirmed that the signal was able to be detected from the sky, but unfortunately the drone was eventually crashed and lost before it could be properly used.

In his second try a few years later, Dirk used a larger drone and switched SDRs to an Airspy Mini with preamp. The pulse detection code was also improved by using GNU Radio to create a DSP algorithm combining peak detection, cross correlation with a known template of the signal, and a phase locked loop. Visualization and data transfer is achieved through react.js and a Flask web server running on the drones WiFi hotspot. This time with the new drone and system Dirk was able to successfully detect and locate several Orangutan's on various flights, despite noting that some RF tags appeared to be glitchy.

Orangutan Detected with Drone, Airspy Mini and GNU Radio.
Orangutan Detected with Drone, Airspy Mini and GNU Radio.
Drone used in the experiment
Drone used in the experiment
Tweet
Share
Reddit
Vote
Email

Podcast: The magic of Software Defined Radio with Ben Hilburn

Hanselminutes is a weekly podcast that aims to promote fresh technology and fresh voices to software developers. Last Friday they interviewed Ben Hilburn who is the project lead and president of the GNU Radio Foundation and Director of Engineering at DeepSig Inc who are working on combining deep learning with the signal processing. In the podcast Ben talks briefly about a broad range of topics like spectrum scarcity issues, different SDR hardware, basic SDR fundamental concepts, multipath, GPS, RF security, analogue vs digital and more. It is aimed at technical people who know little about SDR and radio.

EPISODE SUMMARY

Ben Hilburn is the Director of Engineering at DeepSig Inc., which is commercializing the fundamental research behind deep learning applied to wireless communications and signal processing. He also runs GNU Radio, the most widely used open-source signal processing toolkit in the world, serving as Project Lead and President of The GNU Radio Foundation. Ben talks to Scott about why Software Defined Radio is magical and they talk about how SDR can be used to teach STEM and solve interesting engineering problems.

EPISODE NOTES

Ben Hilburn is the Director of Engineering at DeepSig Inc., which is commercializing the fundamental research behind deep learning applied to wireless communications and signal processing. He also runs GNU Radio, the most widely used open-source signal processing toolkit in the world, serving as Project Lead and President of The GNU Radio Foundation. Ben talks to Scott about why Software Defined Radio is magical and they talk about how SDR can be used to teach STEM and solve interesting engineering problems.

Tweet
Share
Reddit
Vote
Email

Using an RTL-SDR to Monitor A Tire Pressure Sensor used in Home Brewing

Over on YouTube Andreas Spiess has been helping his friend create a pressure monitoring system for his home brew beer bottles. In order to do this, Andreas uses an externally mounted after market wireless tire pressure sensor whose data can be received with an RTL-SDR and the rtl_433 decoder software. Modern vehicle tires contain a TPMS (tire pressure monitoring system) sensor, which keeps track of tire pressure, temperature and acceleration. The data is wirelessly transmitted via 433 or 315 MHz to the cars dashboard and computer for safety monitoring.

In the first video Andreas discusses tire pressure monitors and how they could be used for other non-tire applications, talks a bit about the wireless protocol used, and how to reverse engineer it. He notes that the author of rtl_433 was able to implement his particular tire pressure sensor brand's protocol into the rtl_433 database, so now anyone can decode them. Finally in this video he also shows that he can easily spoof a flat tire signal using a HackRF and GNU Radio which might cause a modern high end car to refuse to move.

The second video shows how to continuously monitor that TPMS data for the home brew set up. Andreas uses an RTL-SDR and Raspberry Pi running rtl_433, which outputs it's data into Mosquitto, Node-Red, InfluxDB and the Grafana. These programs help to read, manage, log and graph the data. The rtl_433 program is also monitored by Supervisord which automatically restarts rtl_433 if the program crashes.

If you are interested, there is a related video that was uploaded in between the two shown below which shows how he created a 3D printed cap to mount the valve and tire pressure sensor on the beer bottles.

#261 Measure Pressure Remotely (including TPMS Hacking / Attack) for Beer Brewing

#270 Safely Monitor and Alarm with Supervisord and Telegram

Tweet
Share
Reddit
Vote
Email

NOAA-APT Software Decoder: Users Guide Now Available

Back in August, 2018 we posted about NOAA-APT, which back then was a new NOAA APT image decoder program. Recently Martin, the author of NOAA-APT has written in and wanted to note that he's now created a guide and video tutorials for his software, and for NOAA APT reception in general.

NOAA weather satellites broadcast an Automatic Picture Transmission (APT) signal, which contains a live weather image of your area. With an RTL-SDR and antenna they can be received and downloaded every time one of the satellite's passes overhead which could be multiple times a day.

Our standard NOAA weather satellite tutorial makes use of SDR#, audio piping and the WXtoIMG to receive NOAA satellite images. Martin's guide and software might be slightly easier for newbies as it only involves recording an audio WAV file, then loading it up into his software. The disadvantage is that the image is not colorized, and not displayed in real time as it is in WXtoIMG.

As you may already know, the old standard software in NOAA image decoding, WXtoIMG, is now considered abandonware, and the only place to get it is from a third party mirror rehosting the now defunct WXtoIMG website. As WXtoIMG is closed source no further development can occur on it. Martin's NOAA-APT still misses a lot of the advanced features of WXtoIMG but it is fully open source and multiplatform, and so it is a very promising program.

Receiving NOAA satellite images with noaa-apt and SDR#

Tweet
Share
Reddit
Vote
Email

Using a LimeSDR Mini in SDR#

Thank you to Steve Bossert who wrote in and wanted to share his notes about getting a LimeSDR Mini SDR to run in SDR#. The LimeSDR Mini is a $159 RX and TX capable SDR with 12-bit ADC, 10 MHz to 3.5 GHz tuning range and up to 30.72 MHz of live bandwidth. We have a short review of it available here.

Steve notes that to get the Limesdr Mini to run in SDR# he simply had to download and extract into the SDR# folder a front end plugin developed by Goran Radivojevic (YT7PWR). After adding the front end plugin XML definition, it can now be found in the SDR# device selection menu. This plugin should work for the standard LimeSDR as well.

We note that this is the same procedure for other SDRs too, such as the PlutoSDR. If you have an SDR not supported by default in SDR#, search for "[your_sdr] + SDR# front end plugin" on Google, and if you are lucky you might find something already exisiting.

LimeSDR Mini Control Interface in SDR#
LimeSDR Mini Control Interface in SDR#
Tweet
Share
Reddit
Vote
Email

QIRX SDR Now Shows Received DAB Transmitters on A Map

QIRX SDR is an RTL-SDR compatible program that focuses on DAB+ decoding and listening. In a recent update programmer Clem notes that the newest feature is a map powered by OpenStreetMap that can display a the location of received DAB stations. He writes

The main new feature is the integration of Openstreetmap to display the locations of DAB transmitters (please see attached picture of a raw recording from England), together with the own position of the receiver.

In case the transmitter ident code (TII) is detected and the transmitter is contained in the database, it is displayed on the map as an icon, colored according to the TII signal strength.

The "Own Position" is indicated as a red or green dot, either (without GNSS sensor) placed by dragging the red circle with the mouse to its correct position, or by attaching a GNSS (GPS or GLONASS) sensor.

When recording raw I/Q data, the GNSS positions are written into a second file, parallel with the .raw file. On replaying, the current recorded geolocation is displayed synchronously to the recorded transmitters on the map. This might be useful in a mobile environment. The distances are displayed in the TII table.

The transmitter database comes from two sources:

  • UK: Public OFCOM database,
  • Rest of Europe: DABLIST (www.fmlist.org), as provided by the UKW/TV Arbeitskreis e.V. (www.ukwtv.de).

Currently, both databases are merged into a single, local Excel file, serving as the data source to the software.

QIRX SDR Screenshot with OpenStreetMap and Received DAB Transmitter Locations Showing
QIRX SDR Screenshot with OpenStreetMap and Received DAB Transmitter Locations Showing
Tweet
Share
Reddit
Vote
Email