NUT2NT+ Crowdfunding: Open Source GNSS RF-to-bits Receiver

Back in May 2018 we first posted about Amungo Navigation's NUT4NT+ project, which is a four channel global navigation satellite system (GNSS) board based on the NT1065 chip. With the right antenna, it is capable of receiving any navigation satellite including GPS, GLONASS, Galileo, BeiDou, IRNSS, and QZSS. With access to multiple satellite systems, the positioning resolution can be down to the centimeter.

Currently Crowd Funding now on CrowdSupply is the NUT2NT+, which is their low cost 2-input GNSS board. Early bird units are going for $250 (12 units left at the time of posting), with the normal price being $320. Compared to their previous legacy version it has an FPGA, TCXO, bias tee and other improvements. They write:

NUT2NT+ hardware is open source, as is the software - giving the user the ability to set a receiver’s modes and frequencies, to capture all signals continuously, and to have complete control over primary processing features.

Several startups and large companies offer proprietary GNSS positioning solutions and even mobile GNSS software-defined receivers. But a closed ecosystem reduces accessibility for an enthusiast or professional developer, and it limits what a user can do with their hardware. We are happy to bring NUT2NT+ to the world as an open source option.

We note that this is an advanced device for developers and experimenters, but the possible applications they write about such as precision positioning for autonomous vehicles and black box logging are quite interesting.

NUT2NT+ with RA125 antenna for precision positioning of autonomous vehicles.
NUT2NT+ with RA125 antenna for precision positioning of autonomous vehicles.

Their higher end four channel input version (which appears to only be for sale via contact on their website at the moment) can be used as a coherent receiver which can locate sources of GPS jamming via an augmented reality app. In our previous post we highlighted how they were able to find the location of the GPS jammer/spoofers famously active around the Russian Kremlin buildings.

XNZR is searching for Moscow GPS Spoofing Anomaly

Tweet
Share
Reddit
Vote
Email

A Portable RTL-SDR Based ADS-B Receiver with Display and 3D Printed Enclosure

Over on Hackaday.io user nathan.matsuda has written about his RTL-SDR based hand held ADS-B aircraft receiver with display and 3D printed enclosure.

His initial idea was to create a flexible and open portable SDR device, however keeping the device open and built for general use meant increased complexity which quickly slowed his progress. Instead [Nathan] decided to focus on just ADS-B for his portable device as living near an airport he’d been interested in aircraft tracking since his first SDR arrived.

The device consists of a Raspberry Zero, RTL-SDR, 3.5″ IPS LCD and a battery pack for portability. For software he uses dump1090 with some custom code for the map plotting. Together with a 3D printed case and some buttons, the result is a very professional looking portable aircraft tracking device.

Hopefully Nathan will continue updating his project page so that others may replicate it on their own.

Raspberry Pi Zero and RTL-SDR Portable ADS-B Receiver
Raspberry Pi Zero and RTL-SDR Portable ADS-B Receiver
Tweet
Share
Reddit
Vote
Email

Next International Space Station SSTV Event on April 11 – 14

Thank you to Alex Happysat for writing in and letting us know about the next upcoming ISS SSTV event which will begin on 11 April at about 18:00 UTC and end on 14 April 2019 18:00 UTC. If you were unaware, the International Space Station (ISS) transmits SSTV images several times a year to commemorate special space related events. SSTV or Slow Scan Television is an amateur radio mode which is used to transmit small images over radio signals.

The images will be transmitted constantly at 145.8 MHz over the active period and they are expected to be in the PD-120 SSTV format. To receive the images you can use a simple RTL-SDR dongle and the MMSSTV software. A tuned satellite antenna like a QFH, turnstile, or tracking Yagi would be preferred, but many people have had good success before using simpler antennas like a V-Dipole. Software like Orbitron, GPredict, various Android apps or NASA's Spot the Station website can be used to determine where the ISS is and predict when it will be over your location.

Over on the ARISS SSTV blog, they write:

The next big event will be the ARISS SSTV event that starts Thursday, April 11 about 18:00 UTC and will be operational until about 18:00 UTC on Sunday, April 14. Since this event will run continuously for 72 hours, folks in the higher latitudes should have a pretty good chance to receive all 12 of the images. Operators in the mid latitudes should be able to get most of them depending on location. Good Luck and Enjoy!

Alex also mentions that for this and other ISS events AMSAT Argentina is handing out ARISS-SSTV Diplomas to amateur radio operators who receive, record and upload at least 15 images received from the ISS, in at least two different radio operation with a month or more in between then.

If you cannot set up a receiver, it is possible to use R4UAB's WebSDR which will be available directly at websdr.r4uab.ru. However, note that internet reception is not valid for the AMSAT Diploma. An example of WebSDR SSTV reception and decoding from a smaller ISS SSTV event held a few days ago is shown below.

ISS SSTV R4UAB WEBSDR 12.04.2016 14:00 UTC

Tweet
Share
Reddit30
Vote
Email
30 Shares

SignalsEverywhere: Setting Up Priority and Groups in DSDPlus Fastlane

In his last video, Corrosive from the SignalsEverywhere YouTube channel showed us a quick guide on setting up a Phase 1 P25 digital voice decoder with two RTL-SDR dongles and the DSDPlus Fastlane decoder.

Now in his latest video Corrosive continues with the DSDPlus tutorial and this time explains how to set up priority and groups. On a trunked radio system there may be many different agencies using the same system simultaneously. Without priorities and groups, you would be listening to all communications in the system, and following a conversation within a particular agency would be difficult. Setting up priorities and groups allows you to filter out the conversations that you are not interested in, allowing you to focus on listening in to a particular agency only.

RTL SDR Digital Radio Scanning Priority and Groups With DSDPlus Fastlane Setup Tutorial

Tweet
Share
Reddit
Vote
Email

GNU Radio Conference 2019: Registration Open + Call For Papers

GNU Radio Conference is a yearly conference based around the GNU Radio project and the surrounding community. GNU Radio is an open source digital signal processing (DSP) toolkit which is often used to implement decoders, demodulators and various other SDR algorithms.

GRCon is the annual conference for the GNU Radio project & community, and has established itself as one of the premier industry events for Software Radio. It is a week-long conference that includes high-quality technical content and valuable networking opportunities. GRCon is a venue that highlights design, implementation, and theory that has been practically applied in a useful way. GRCon attendees come from a large variety of backgrounds, including industry, academia, government, and hobbyists.

The 2019 GNU Radio Conference will be held on September 16-20 at the Marriot at the Space & Rocket Center in Huntsville, Alabama.

Registration and a call for papers and posters is currently open, see gnuradio.org/grcon/grcon19.

Tweet
Share
Reddit
Vote
Email

Replicating A Rolljam Wireless Vehicle Entry Attack with a Yardstick One and RTL-SDR

Over on his hackaday.io blog, Gonçalo Nespral has written about his experiences in recreating Samy Kamkars now famous low cost rolljam attack. A rolljam attack allows an attacker break into a car by defeating the rolling code security offered by wireless keyfobs. Back at Defcon 2015, an information security conference, Samy Kamkar presented a method for creating a $32 Rolljam device that consisted of two 433 MHz transceiver modules controlled by an Arduino.

In his version, Gonçalo was able to recreate the attack using a Yardstick One and an RTL-SDR. The RTL-SDR receives the signal, whilst the Yardstick One performs the jamming and retransmit functions.

Actually using this attack in a real scenario would be difficult due to the need to properly jam and receive the keyfob signal, which could prove tricky in an uncontrolled environment. However, there have been reports of criminals entering high end cars with wireless devices before and this could be one such attack method in use.

The important thing to learn is to be suspicious if your car key fob doesn't work on the first press while you are definitely in range of the car. To mitigate the possibility of wireless keyfob attacks, always use a manual key and if you must use the wireless keyfob, only unlock the car when standing right next to it, so that the keyfob signal is strong enough to overcome the jammer. Although it is still plausible that an attacker could attach the rolljam device to the car itself for greater jamming power, and then retrieve it later.

[First seen on Hackaday]

How RollJam Works
How RollJam Works
Tweet
Share
Reddit
Vote
Email

RSA Conference Talks: IOT Hacking with SDR, Tracking Rogue RF Devices & Wireless Offense and Defense

RSA Conference is an information security event that was recently held on March 4 - 8 in San Francisco. The talks have been uploaded to YouTube and from what we see there are three interesting SDR/RF related talks that may be worth looking at, which we show below. The full list of videos can be found on their YouTube channel.

RF Exploitation: IoT and OT Hacking with Software-Defined Radio

Harshit Agrawal, Security Researcher, MIT Academy of Engineering, SPPU

Himanshu Mehta, Team Lead (Senior Threat Analysis Engineer), Symantec

Recent years have seen a flood of novel wireless exploits, from vulnerable medical devices to hacked OT devices, with exploitation moving beyond 802.11 and into more obscure standard and proprietary protocols. While other non-WiFi RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think. SDR is changing the game for both offense and defense.Learning Objectives:1: Become familiar with common security concerns and attack surfaces in a wireless communication system.2: Understand the ease and prevalence of wireless exploitation, with sophisticated examples.3: Learn to view IoT devices, security and privacy collectively.

RF Exploitation: IoT and OT Hacking with Software-Defined Radio

Hunting and Tracking Rogue Radio Frequency Devices

Eric Escobar, Principal Security Consultant, SecureWorks

Rogue radio frequencies pose a substantial and often overlooked threat to both organizations and targeted individuals. This talk will explore the dangers of rogue radio frequencies and highlight tactics, techniques and tools which can be used to identify and locate potential threats.Learning Objectives:1: Understand the major ways rogue wireless frequencies can impact an organization.2: Develop a basic understanding of how to locate a rogue wireless signal.3: Gain a conversational knowledge of ways to identify and track a wireless signal.Pre-Requisites:Basic understanding of security principles. Basic understanding of wireless communication. Basic understanding of computer networks.

Hunting and Tracking Rogue Radio Frequency Devices

Wireless Offense and Defense, Explained and Demonstrated!

Rick Farina, Senior Product Manager, WLAN Software Security, Aruba
Rick Mellendick, Chief Security Officer, Process Improvement Achievers LLC

This session will discuss the use of radio frequency, often overlooked for network enumeration and attack. The techniques to be discuss are used to identify authorized and unauthorized signals in an organization. Without understanding the offensive attacks an organization can’t perform effective defense. The talk will explain and demonstrate how to enumerate and gain access to resources through RF signals.Learning Objectives:1: Understand that wireless doesn’t just mean WiFi.2: Understand that the Bluetooth protocol can allow for direct attacks against phones, PCs and other devices.3: Learn that other RF attacks are very difficult to detect, and gain an understanding of what they look like.Pre-Requisites:The biggest prerequisite for our talk is an open mind and the ability to understand risk, and after the talk to better assess risk on your environment.

Wireless Offense and Defense, Explained and Demonstrated!

Tweet
Share
Reddit
Vote
Email

SignalsEverywhere: Using DSDPlus Fastlane for Listening to Phase 1 P25 Trunking

DSDPlus is a popular piece of software often used with RTL-SDR dongles to listen to unencrypted digital voice signals such as P25 and DMR. Digital voice is now commonly used by many Police and emergency services as well as business radio. DSDPlus fastlane is DSD's paid upgrade which allows subscribers to access to the latest releases of DSDPlus early.

Over on the SignalsEverywhere YouTube channel, Corrosive has uploaded a quick video guide that shows how to use DSDPlus Fastlane and two RTL-SDR dongles to set up a Phase 1 P25 voice decoder that automatically follows a P25 trunking channel. The basic process involves running two FMP instances which is a program in the DSDPlus suite that connects to the RTL-SDR's and receives the signal. One DSDPlus instance monitors the trunking channel, and this tunes the second FMP+DSD instance to the frequency currently active in the trunking system.

Corrosive also explains how people who are subscribed to RadioReference can download pre-populated data files that will allow the DSDPlus event log to display talkgroup information so that you can see who is talking to who.

RTL SDR Digital Radio Scanning With DSDPlus Setup FastlaneTutorial

Tweet
Share
Reddit
Vote
Email