AIS stands for Automatic Identification System and is used by ships to broadcast their GPS locations in order to help avoid collisions and aide with rescues. An RTL-SDR with the right software can be used to receive and decode these signals, and plot ship positions on a map.
The School Amateur Radio Club Network publishes a simple project aimed at promoting the deployment of maritime Automatic Information System (AIS) receiving stations around the world using cheap RTL-SDR dongles and Raspberry Pi computers. The purpose of the project is to improve the existing terrestrial AIS receiving network by encouraging enthusiasts to setup their own AIS receiving stations and to disseminate their local vessel traffic data freely to AIS Servers. This data can then be used by many organisations involved in monitoring and improving the safety and security of shipping.
The SARCNET project, which works on all models of Raspberry Pi, makes building the AIS receiving station simple by providing pictorial construction details with a pre-packaged Raspberry Pi image to download. The free project uses open-source software and a bootable Raspberry Pi image which has been updated to use the latest Raspbian Lite operating system.
One of the attractions of building your own AIS receiving station is that some AIS servers reward you when you freely upload your local vessel tracking data. They publish your station information, showing your station position on a map and your receiving statistics like messages per hour and coverage in nautical miles. Some give you free, premium access to their AIS data, which can be viewed on their mobile apps. Even so, by operating one of these AIS receiving stations, you will have the satisfaction of making the world a safer place.
The PineTab is an upcoming $100 open source Ubuntu Linux Tablet being created by PINE who are known for their low cost Pine64 single board computers, Pinebook Laptop and Linux based PinePhone. The PineTab is not yet for sale, and they have just announced their intention to begin taking pre-orders in late May, and that the first production run will be a limited quantity pilot production intended only for early adopters.
What's interesting about the PineTab is that they are advertising that they are working on expansion options, with one expansion module being an RTL-SDR. It seems that the expansion module will allow cards to be inserted internally, keeping everything tidy on the outside. Apart from the RTL-SDR, they will also offer LoRa, LTE (with GPS) and sata SSD add on cards.
The standard specs of the PineTab are shown below:
Allwinner A64 Quad Core SOC with Mali 400 MP2 GPU
2GB LPDDR3 RAM
10″ MiPi 720p Capacitive LCD
Bootable Micro SD Slot
64GB of eMMC
microHDMI port for external HD output
USB 2.0 A host
Micro USB 2.0 OTG
2Mpx front-facing camera
5Mpx rear camera
Optional M.2 slot
Speakers and Microphone
Volume rocker and ‘home’ button
Magnetically attached keyboard (optional)
3.5″ Barrel Power (5V 3A) Port
Multiple expansion boards for LTE, LoRa and SATA SSD
Over on YouTube Andreas Speiss has uploaded a video that explains what the geostationary QO-100 satellite is, and explains about the parts needed to receive and transmit to it. In particular Andreas goes into depth explaining the low noise block (LNB), and the PLL inside it. A PLL or phase locked loop is a common design used in RF electronics as it allows us to increase the frequency of crystal oscillators.
This PLL explanation ties into the fact that most commercial LNBs available do not have a stable enough crystal oscillator to properly receive or transmit the narrowband amateur radio signals used on QO-100. A PLL can increase the frequency of a crystal, but it will also increase the frequency drift and jitter/phase noise of the crystal. He notes that in later videos he'll show how to modify the LNB to improve these factors. We note that a commercially available stable LNB is the Bullseye LNB which we have posted about previously.
QO-100 Satellite Receiving Technology. And Explanation of a PLL
Radenso is a company that sells radar detectors. These are used to help motorists avoid speeding fines from Police using radar speed detectors in their cruisers. Their latest upcoming product is called the "Radenso Theia" and is a software defined radio based solution.
In one of their latest YouTube videos they explain how SDR is used in the Theia, noting that the SDR ADC chip they are using is an AD9248. The use of an SDR allows them to more easily apply advanced digital signal processing algorithms to the radar detection task. In particular they note that they can now apply deep learning artificial intelligence filtering which helps to classify different radar gun FFT signatures and avoid false positives from other radar sources such as automatic doors.
While the Theia is designed to be a radar detector, they note that the device could also be used by hardware hackers as a standalone software defined radio. They have thought about this use case and have added a separate uFL connector that can be enabled by soldering a zero ohm connector, and this allows users to connect any antenna to it.
What is a software defined radio and why does it matter for Radenso Theia?
Derpcon is a COVID-19 inspired information security conference that was held virtually between April 30 - May 1 2020. Recently the talks have been uploaded to their YouTube channel. One interesting SDR talk we've seen was by Kelly Albrink and it is titled "Ham Hacks: Breaking into the World of Software Defined Radio". The talk starts by giving a very clear introduction to software defined radio, and then moves on to more a complex topic where Kelly shows how to analyze and reverse engineer digital signals using a HackRF and Universal Radio Hacker.
RF Signals are basically magic. They unlock our cars, power our phones, and transmit our memes. You’re probably familiar with Wifi and Bluetooth, but what happens when you encounter a more obscure radio protocol? If you’re a hacker who has always been too afraid of RF protocols to try getting into SDRs, or you have a HackRF collecting dust in your closet, this talk will show you the ropes. This content is for penetration testers and security researchers to introduce you to finding, capturing, and reverse engineering RF signals. I’ll cover the basics of RF so you’re familiar with the terminology and concepts needed to navigate the wireless world. We’ll compare SDR hardware from the $20 RTLSDR all the way up to the higher end radios, so you get the equipment that you need without wasting money. I’ll introduce some of the software you’ll need to interact with and analyze RF signals. And then we’ll tie it all together with a step by step demonstration of locating, capturing, and reverse engineering a car key fob signal.
Ham Hacks: Breaking into the World of Software Defined Radio - Kelly Albrink
The PlutoSDR is a low cost RX/TX capable SDR with up to 56 MHz of bandwidth and 70 MHz to 6 GHz frequency range. It is typically priced at US$149. By default the PlutoSDR ships with a tuning range of 325 – 3800 MHz and bandwidth of 20 MHz. However a simple software hack allows you to expand this tuning range to 70 MHz to 6 GHz with a maximum bandwidth of 56 MHz.
The reason this is possible is possibly because the AD9363 SDR transceiver chip used in the PlutoSDR is nearly identical to more expensive AD9364 which has the higher specs. The software hack tricks the PlutoSDR firmware into believing that the AD9393 is a AD9364. Mileage may vary as we speculate that the AD9363 might be produced on lower grade silicon or could be failed AD9364 chips with lower performance at the edge frequencies. But so far most users have reported acceptable performance.
TechMinds' video shows how to apply the hack, which is a simple matter of opening a terminal connection to the SDR and running a few commands. He also shows how to enable an extra CPU core on the processor. Finally he demonstrates that it's possible to transmit in the extended tuning range via SDRangel.
ADALM PLUTO Frequency Expansion Modification Plus CPU Cores
Over on his YouTube channel Aaron has uploaded a video showing how we can SigDigger to decode analog NTSC video from a drone camera which is transmitted at 5.7 GHz. SigDigger is a rapidly evolving SDR program for Linux and MacOS that has a lot of built in functionality for inspecting signals in more depth. Although not specifically designed for it, the Symbol Stream viewer in SigDigger can be used to display NTSC Analog Video. Aaron writes:
For the most part, the older an analog modulation is, the easier it is to get basic results when decoding. TV receivers were rather dumb back in the day, basically fast fax machines glued to an off-band FM radio receiver. Receiver circuits were also slow, and the signal had lots of invisible blank spaces in the borders so that the cheapest TVs could switch to the next line in time. The invention of Teletext leveraged those blanks in order to carry digital information and color information was embedded as an additional narrowband signal in the gaps in the spectrum.With this in mind I wanted to take a look at decoding analog video transmissions from drones. While some drones have moved to more effective digital compression and channel transmission technologies allowing for high definition video, there’s still drones using RC-like communications and the FPV video link is pure FM-modulated NTSC.
Searching the internet provided few results on how I could go about using low cost equipment, such as the HackRF One, to decode drone feeds. After an extensive search I decided to start looking at Linux based software defined radio applications I was already familiar with. By chance I happened to be working with SigDigger, a free digital signal analyzer. It has been discussed on RTL-SDR.com and more recently on Signal Lounge (https://signal-lounge.com/2020/05/05/sigdigger-for-signal-analysis/). It is also included in my own creation, DragonOS (https://sourceforge.net/projects/dragonos-lts/)
After a brief email exchange with the developer it was brought to my attention that visualizing analog video transmission is possible in SigDigger (although with no color information, of course). Since SigDigger supports the HackRF and the HackRF provides coverage in the 5ghz band, it was now possible for me to try to decode a 5ghz drone video feed. I’ve documented the process and my results on my YouTube channel. I should point out that this is currently a side feature of SigDigger and currently lacks synchronization. The symbol view area I used in the video is not made for this. It is meant to display symbols and symbols patterns which, due to its behavior, can incidentally show the contents of analog TV and weather faxes with lots of manual adjustments.
While the SigDigger developer makes mention of plans to include an embedded generic analog TV viewer and possibly add the ability to automatically sync video, there’s currently no timeframe on when that might become available.
DragonOS LTS SigDigger demodulating a 5 GHz analog video/FPV drone link (HackRF One, SigDigger)
We note that if you're interested in PAL/NTSC decoding, there is also the excellent TVSharp plugin for SDR# available.
To receive images from GK-2A you'll need an RTL-SDR, 2.4 GHz WiFi grid antenna and an L-band LNA. We have an earlier tutorial about receiving GK-2A and GOES geostationary L-band satellites that goes into more detail about the hardware required.
VKSDR's xrit-rx software decodes the Low Rate Information Transmission (LRIT) signal from GK-2A which provides a 64kbps data stream and full disk images of the earth every 10 minutes. His tutorial explains the various image types that are transmitted, shows a few example images, and shows that some smooth animations can be created with the 144 images received over a day. The rest of the tutorial goes into the software setup, and explains the installation and configuration procedure.
We note that the latest version of xrit-rx now also comes with a nice web based dashboard that allows you to view the latest image, as well as the upcoming image schedule.