Videos on Compiling JAERO and libAEROAMBE for AERO C-Channel Voice Audio Reception

At the beginning of last month we posted about an update to JAERO which allows us to now listen to AERO C-Channel voice audio. AERO is a satellite based communications service used by modern aircraft, and it's possible to easily receive the signals with an RTL-SDR, L-band patch antenna and LNA. The C-Channel conversations are typically about Medlink which is a support line for medical emergencies, but other conversations may be heard too.

While it is possible to listen to these conversations, due to legal reasons regarding patents it is necessary to compile the audio decoder manually from source, and this can be quite an involved multi-step process on Windows. Fortunately, YouTuber Corrosive, who has been making SDR related videos for some time now has put up a three part video series on the process.

For those who prefer text based tutorials, he's also uploaded three blog posts that document the procedure. The first covers setting up the development environment, the second covers compiling the dependencies and JAERO itself, and finally the third covers the compilation of libaeroambe.

Compiling JAERO Satcom ACARS Decoder for Inmarsat Part 2 - JAERO and Dependancies

World Radio TV Handbook (WRTH) Reviews the Airspy HF+

The World Radio TV Handbook (WRTH) is a directory book (or CD) of world radio stations on LW, MW, SW and FM. In addition to the directory they also do reviews of radios/SDRs, and recently they reviewed the Airspy HF+ (pdf). The Airspy HF+ is high dynamic range HF/VHF receiver designed for DXing.

According to the review, WRTH give the Airspy HF+ the award of being the best value HF SDR for 2019. The review takes note of the HF+'s excellent dynamic range and then goes on to validate the manufacturers claimed specifications. Finally they write how they tested it during a contest at 7 MHz, and found no overloading or spurious responses apart from a minor noise floor increase when an extremely strong local CW station was encountered.

World Radio TV Handbook Review of the Airspy HF+
World Radio TV Handbook Review of the Airspy HF+

USRP SDRs used to Break 3G to 5G Mobile Phone Security

According to researchers at the International Association for Cryptologic Research it is possible to snoop on 3G to 5G mobile users using a fake base station created by an SDR. It has been well known for several years now that 2G mobile phone security has been broken, but 3G to 5G remained secure. However, the researchers have now determined that lack of randomness and the use of XOR operations used in the Authentication and Key Agreement (AKA) cryptographic algorithm's sequence numbering (SQN) allows them to beat the encryption.

In their research they used a USRP B210 SDR which costs about US$1300, but it's likely that cheaper TX/RX capable SDRs such as the US$299 LimeSDR could also be used. In their testing they used a laptop, but note that a cheap Raspberry Pi could replace it too.

Theregister.co.uk writes:

"We show that partly learning SQN leads to a new class of privacy attacks," the researchers wrote, and although the attacker needs to start with a fake base station, the attack can continue "even when subscribers move away from the attack area."

Though the attack is limited to subscriber activity monitoring – number of calls, SMSs, location, and so on – rather than snooping on the contents of calls, the researchers believe it's worse than previous AKA issues like StingRay, because those are only effective only when the user is within reach of a fake base station.

The full paper is available here in pdf form.

Tools used including a laptop, USRP B210 and a sim card reader.
Tools used including a laptop, USRP B210 and a sim card reader.

Using a Cheap USB to Serial Port Adapter as a Transmitting SDR

A while ago we posted about Osmo-FL2K which is a Steve M Osmocom project that allows you to use a cheap $10 USB to VGA adapter as an HF - 1.7 GHz transmitting SDR. Now another similar project by Ted Yapo has been released which allows the use of a low cost FT232RL based USB to Serial Port adapter as a transmit capable SDR. It appears that the FT232RL via harmonics is able to transmit up to at least 27 MHz, and possibly higher.

A USB To Serial Port adapter being used as a transmitting SDR
A USB To Serial Port adapter being used as a transmitting SDR

The basic implementation is similar to the idea used by RPiTX - that is to modulate the square wave output of a TX pin to generate an arbitrary signal at a desired frequency. Of course this results in numerous harmonics which must be heavily filtered if ever actually transmitting with some power or high gain antenna.

In his hackaday.io project log, Ted shows that he's been able to transmit AM audio at 1 MHz, and has also been able to control an RC toy at 27 MHz. For the RC toy controller he's also created a simple BPF in order to reduce the harmonics. In addition to the FT232RL chip, he's also tried other serial chips like the CP2102N but found that the signal produced was not as clean.

More information about the hack can be found on his project log, and on a recent Hackaday post.

Serial Port SDR: 27 MHz RC Truck

RTL-SDRs and the VHF+ Reverse Beacon Network

The Reverse Beacon Network is a project that monitors the amateur radio bands by using volunteer stations to continuously and autonomously collect data on what/when stations are being received, and how good the signal is. The data is made public on the internet and this allows amateur radio operators to easily determine overall propagation conditions. It is currently working mostly with CW (morse code) stations, and mostly on HF, although it is expanding to VHF+ as explained below.

During October, John Ackermann (N8UR) did a talk at the "Microwave Update 2018" conference held in Dayton, Ohio. His talk was about setting up a VHF+ reverse beacon network monitoring station, using multiple RTL-SDR dongles for monitoring. The RTL-SDR dongles run on a Raspberry Pi which runs the rtl_hpsdr software. This allows multiple RTL-SDR dongles to emulate a multi-band HPSDR receiver over Ethernet. They can then be accessed on a PC by the CW Skimmer program which decodes the received CW signals, and then logs it online on the reverse beacon network's website.

The talk slides can be found here, and the video is shown below. More talks from the conference can be found on this YouTube playlist.

Four RTL-SDR.COM V3 dongles used in a VHF+ Reverse Network Setup
Four RTL-SDR.COM V3 dongles used in a VHF+ Reverse Network Setup

John Ackermann, N8UR - The VHF+ Reverse Beacon Network

Amazon AWS Satellite Ground Stations Now Available For Hire

Over on the AWS blog Jeff Barr has blogged about Amazon's new rentable ground station system called "AWS Ground Station". AWS, or Amazon Web Services is the server farm division of Amazon. They allow customers to rent out server capability on demand. In a similar sense, AWS Ground Station is aiming to allow customers to rent out satellite ground stations on demand.

Launching low cost micro/nano satellites has become very affordable in recent years and it's now common to see high schools, colleges, organizations and hobbyists designing, fabricating and launching their own satellites. Once launched, a ground station is required to receive the satellite's radio transmission as it passes over. Most low cost satellite owners will not have the budget to deploy ground stations all around the world for continuous monitoring of the satellite. This is where AWS Ground Station can take over, allowing a ground station on the other side of the world to be rented temporarily during a pass.

Currently the service is just starting, and only has 2 ground stations, but by 2019 they hope to have a total of 12. More information available on the official AWS Ground Station website.

Alternatively, there are other free open source services that could be utilized such as SATNOGS. SATNOGs relies on volunteer ground stations running antenna rotators that can be built with a 3D printer, some low cost motors and electronics, and an RTL-SDR. The antenna rotator carries a Yagi antenna and will automatically track, receive and upload satellite data to the internet for the public to access.

AWS Ground Station Web Site
AWS Ground Station Web Site

Element14 Video on Setting up a Portable Raspberry Pi & RTL-SDR Based NOAA Weather Satellite Receiver

Electronics distributor element14 has uploaded a video to their 'element14 presents' YouTube channel showing presenter Matt building and setting up a portable Raspberry Pi & RTL-SDR based NOAA weather satellite receiver. More information is also available on their supplemental content page.

The build consists of a Raspberry Pi, RTL-SDR and QFH antenna as the basic components. However, it is made into a very nice portable unit by using a stripped down LCD monitor placed into a heavy duty waterproof brief case. The whole thing is powered via a PC power supply. After the build is completed, Matt leaves the case on the roof for a few days collecting images.

Emboldened by the success of his Raspberry PIrate radio, Matt indulges in some more radio hacking by building a specialized QFH antenna and a briefcase form-factor satellite receiver in an attempt to intercept "faxes" from OUTER SPAACEEE!!! Connect with Matt on the element14 community: http://bit.ly/2RiSXC5

Project TIROS is a self-contained, Raspberry Pi-based satellite signal reception system designed to automatically download images and data from NOAA's POES spacecraft as they pass overhead and display the data on an integrated LCD panel. In this video, Matt will walk through how to set up an RTL-SDR module with a Raspberry Pi for automated satellite downloads as well as how to design and build a quadrifilar helical antenna for polar-orbiting signal reception.

Raspberry Pi NOAA Satellite Receiver

Watching DVB-T TV and Using SDR Mode at the same time with two RTL-SDRs

Normally if you want to use the RTL-SDR as an SDR on Linux you install the SDR drivers, and blacklist the Kernel's built in DVB-T drivers to prevent them from taking over the RTL-SDR. Once blacklisted, no RTL-SDR plugged into that system can be used for DVB-T watching unless the blacklist is removed. But if the blacklist is removed, SDR mode cannot be used. So it's impossible to use one RTL-SDR as an SDR, and one for DVB-T TV at the same time.

However now, Hayati A. has submitted news about his RTL-SDR driver patch which allows you to run SDR mode and DVB-T TV mode at the same time with two RTL-SDR dongles.

The idea behind allowing two dongles to operate in separate modes is that one dongle needs to have the PID code stored in its EEPROM changed to a code which was recently registered by Hayati. The dongle with this PID code won't be recognized as a DVB-T device by Linux, and so can only be used for SDR. An dongle with the stock EEPROM can then be plugged in and used for DVB-T.

The patch has been accepted into the development branch of the librtlsdr drivers and the Readme notes read:

  • A special USB vendor/product id got reserved at http://pid.codes/ : 0x1209/0x2832 
  • for such devices the linux kernel's DVB modules are not loaded automatically, thus can be used without blacklisting dvb_usb_rtl28xxu below /etc/modprobe.d/
  • this allows to use a second RTL dongle for use with DVB in parallel 
  • the IDs can be programmed with 'rtl_eeprom -n' or 'rtl_eeprom -g realtek_sdr'

Note that the DVB-T drivers in Linux should not be blacklisted if you are doing this. Also some cheaper RTL-SDR models don't come an EEPROM, and those models can not do this.