Decoding Amateur Radio Digital Voice with an RTL-SDR and the QRadioLink Android App

Thank you to Adrian for submitting his video about using the Android App called QRadioLink and an RTL-SDR to decode digital amateur radio voice transmissions. Adrian writes that in the video the RTL-SDR connects to the Android phone with a USB OTG cable and uses a sample rate of 1 MSPS. He also writes the following about QRadioLink:

QRadioLink is a building platform which allows experimenting with VHF-UHF SDR transceivers using different modulation schemes for digital data transmissions. So far digital voice and text transmission is supported, using either a narrow band modem and Codec2 or a high bandwidth modem and Opus. Supported hardware includes the RTL-SDR, Ettus USRP, HackRF, BladeRF and in general all devices supported by libgnuradio-osmosdr.

Using the SDRuno EXTIO Edition with an RTL-SDR and other SDRs

Over on YouTube Mike from the SDRplay team has created a tutorial video that shows how to use the SDRuno EXTIO edition. SDRuno is the official software of the SDRplay line of products and can be freely downloaded from the SDRplay website. The EXTIO edition allows other non-SDRplay SDR units to freely be used with SDRuno. The only restrictions are that the maximum bandwidth is artificially restricted to 2.5 MHz and some DSP filters are missing.

In the video Mike shows how to set up the SDRuno workspace to work with an RTL-SDR dongle and demos reception of some signals. Note that the EXTIO dll file for the RTL-SDR mentioned in the video is the same one required for HDSDR, and can be downloaded from the dll table on the HDSDR website.

If you’re interested in more, Mike has a full SDRuno tutorial series available on the SDRplay YouTube channel which mostly focuses on usage with the SDRplay units, but could be applicable to the EXTIO version as well.

Opening a Car and Garage Door With PlutoSDR

Over on his YouTube channel Tysonpower (aka Manuel) has uploaded a video showing how he was able to use his PlutoSDR to perform some simple replay attacks that open his garage and car doors. To do this he records the signal from the wireless keyfobs with the PlutoSDR, and then uses a GNU Radio program to replay that signal again at a later time. From the tests he concludes that the PlutoSDR can be a great cheaper alternative to a HackRF, with the PlutoSDR coming in at $100 vs $300 for the HackRF.

To get around the rolling code security on his car he records the keyfob with the PlutoSDR while it’s out of the wireless range of his car, so that the rolling code will not be invalidated. Then later closer to the car the PlutoSDR is used to replay the car keyfob signal which opens the door.

Note that Tysonpower’s video is narrated in German, but English subtitles are available through the YouTube interface.

ARRL QST Review of the SDRplay RSP2Pro with Independent Lab Measurements

In the latest version of the ARRL QST magazine editor Steve Ford (WB8IMY) has released a comprehensive review and set of measurements for the SDRplay RSP2 / RSP2Pro. The review is also freely available online in pdf format from the SDRplay website (pdf warning).

The review initially focuses on the differences between the RSP1 and the RSP2 units, explaining how most differences occur in the front end circuitry. WB8IMY then goes on to review SDRuno, the official software package of SDRplay units. The review is fairly brief, but the most interesting part is the lab test results which are displayed throughout the review.

WB8IMY performed several benchmark lab measurements such as frequency coverage, MDS (minimum discernible signal) levels (note MDS measured at 400 Hz instead of the standard 500 Hz for some reason), noise figure, AM and FM sensitivity, blocking gain compression dynamic range, two tone IMD tests, second order intercept points, FM adjacent channel selectivity and more. The results can be useful for comparing against other SDRs.

ARRL RSP2 Lab Measurement Results
ARRL RSP2 Lab Measurement Results (see the PDF for the full set of results)

Online 101 Course on RTL-SDR, DSP and MATLAB Starting Soon

Thanks to Juan Moreno for letting us know that his online MOOC (massive open online course) on RTL-SDR is starting on September 25. The course is presented by Juan and three of his colleagues from the Technical University of Madrid. It will focus on SDR 101 knowledge such as digital signal processing with the aide of an RTL-SDR to help with practical learning. In their video they also mention that MATLAB and Simulink will be required and used for most of the course, so it will probably be a fairly technical beginners course at a University level of learning. Their description of the course reads:

SDR is a reality around us. It is present in a lot of systems everywhere and is a versatile technology which can be used for many things (not only academics and industrial). The purpose of this course is to introduce students into general-purpose SDR tools. The SDR hardware platform chosen for this course is the RTL-SDR. It is worldwide available, it’s cheap ($15) and there is a lot of help in the Internet. But, as far as we know, there is no other MOOC focused on an introduction to SDR as this MOOC. Here we will not only learn about SDR but also a lot of related areas like antennas, digital signal processing, radio frequency and communication electronics.

The website and registration forms seem to all be in Spanish or Portuguese, but the course will be presented in entirely in English. Google Translate can easily be used to help with the signup process. The course is completely free and students that complete 75% of assignments will receive a free participation certificate. A more official accomplishment certificate can be obtained for a 50 Euros.

A Solar Powered Raspberry Pi + RTL-SDR NOAA Weather Satellite Receiver

Over on YouTube user Fuzz has uploaded a video showing his solar powered NOAA weather satellite receiver.

The system is based on a Raspberry Pi connected to an dongle. The front-end input of the RTL-SDR dongle consists of an LNA and FM reject filter, and this is all connected up to a QFH antenna in his front yard. The electronics are completely solar powered, with the solar system consisting of solar panel, solar controller and four 12v batteries used for energy storage. A 12V to 5V step down converter is used to power the Raspberry Pi, with the 12V LNA being powered directly by the batteries. The system is able to be accessed remotely via the Raspberry Pi’s WiFi connection.

Over on his Facebook page Fuzz has uploaded some additional photos, and some of the images he’s receiving.

Fuzz's solar powered NOAA weather satellite receiver.
Fuzz’s solar powered NOAA weather satellite receiver.

SDR on an Android Wristwatch with Airspy HF+ and SpyServer

Over on Twitter @lambdaprog and @mm6dos, developers of SDR# and Airspy SDR products have tweeted videos showing off an Android watch being used as an SDR interface. They use a prototype of their upcoming Airspy HF+ SDR, their SpyServer streaming software and an Android watch. The Android watch receives the streaming FFT and audio data from a server running the SpyServer and Airspy HF+.

They write that this new SpyServer client is mainly for phones and tablets and is efficient enough to run on a watch. It appears that this lightweight version of the SpyServer sends compressed FFT and audio instead of a slice of the IQ data like the current SpyServer, making it very light on the client side CPU and network usage.

If you’re interested in the Airspy HF+ we have an initial review available here.

Salamandra: A modern study of microphone bugs operation and detection with an RTL-SDR

A couple of weeks ago we posted about Salamandra, an RTL-SDR compatible piece of software which can be used to help detect and locate microphone bugs that are used for spying. Recently we discovered that the two authors of Salamandra, Veronic Valeros and Sebastian Garcia both from the MatesLab Hackerspace in Buenos Aires, Argentina have written a paper on their experiences with microphone bugs, and about the development of Salamandra. The abstract reads:

In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. This situation raised our awareness on the lack of research in our community about operating and detecting spying microphones. Our biggest concern was that most of the knowledge came from fictional movies. Therefore, we performed a deep study on the state-of-the-art of microphone bugs, their characteristics, features and pitfalls. It included real life experiments trying to bug ourselves and trying to detect the hidden mics. Given the lack of open detection tools, we developed a free software SDR-based program, called Salamandra, to detect an locate hidden microphones in a room. After more than 120 experiments we concluded that placing mics correctly and listening is not an easy task, but it has a huge payoff when it works. Also, most mics can be detected easily with the correct tools (with some exceptions on GSM mics). In our experiments the average time to locate the mics in a room was 15 minutes. Locating mics is the novel feature of Salamandra, which is released to the public with this work. We hope that our study raises awareness on the possibility of being bugged by a powerful actor and the countermeasure tools available for our protection.

The paper first outlines the history of microphone bugs and tries to dispel some of the myths about them which originate from movies and other fictional sources. They then perform a survery of the current state-of-the-art microphone bugging techniques, and later go on to discuss the development of Salamandra and some experiments that they performed with it.

In their experiments they show that the Salamandra software and RTL-SDR is able to outperform a commercial bug detector. They also performed several real world simulations where one researcher would hide a bug in a room, and then another would have to use Salamandra to determine if a bug was present, and then locate it using the location feature of Salamandra. They concluded that Salamandra was a very useful tool as they were able to detect the location of the bugs in under 40 minutes in 4/5 tests.

An example waterfall of a microphone bug transmitting and being received with an RTL-SDR
An example waterfall of a microphone bug transmitting and being received with an RTL-SDR
Location of a hidden bug in one of their tests.
Location of a hidden bug in one of their tests.