June 5, 2018

An Update on the PantronX Titus II SDR

The PantronX Titus II is a yet-to-be-released portable Android tablet based SDR that we've been following since 2016. The device will feature a 100 kHz - 2 GHz tuning range, and software that focuses on HF digital DRM decoding, as well as DAB on VHF.

Thomas from the excellent SWLing blog got curious about the Titus II as he had not heard any updates from the team in a while, so he emailed them requesting an update. Mike from PantronX wrote the following reply:

As you might be aware, we have joined up with Fraunhofer to include their MMPlayer app standard on Titus–what a difference a professional decoder, for both analog, DRM(+), and DAB(+), makes! MMPlayer is full featured even including reliable one way file downloads with DRM.

We are attempting also to license HD to include on the app for North America, making a truly worldwide receiver. Some deficiencies in our version of Android have caused issues as well as MMPlayer. All of which have caused delays leading to some serious business decisions – as you can imagine. You are correct that broadcasters have made large orders that will be fulfilled first. There are units in the field testing and such and continuing resolution of the software issues.

One of the issues that folks seem to have a hard time understanding is that we can not just build a few hundred or even thousands of units. Our minimum run is 10,000pcs! To do that everything has to be 100% – including the software. We simply will not ship units that are not 100%. Titus works, MMPlayer works – its that last 5% that takes the most time to resolve. These facts preclude any incremental production attempts. All that being said, we are very hopeful that the first production run is ready by last quarter of this year.

Vote

June 4, 2018

Decoding 12 AERO Channels Simultaneously with an Airspy, Outernet Patch Antenna and SDR-Console V3

In a post uploaded last month we noted that Outernet was selling off some of their old L-Band satellite antennas cheaply. Nils Schiffhauser (DK8OK) decided to take advantage of the sale and bought one. Now Nils has created a blog post that shows how he's been able able to decode 12 L-Band AERO channels simultaneously with the Outernet L-band antenna, an Airspy R2 and SDR-Console V3. AERO is the satellite based version of aircraft ACARS, and it's L-band signals contain short ground to air messages like weather reports and flight plans. Multiple channels are often in use at any one time.

To achieve this Nils uses the multi-channel tuning capabilities of SDR-Console V3, which allows him to open up 12-channels, each tuned to a different AERO frequency. He then opens up 12 instances of the AERO decoder known as JAERO, and then uses VB-Cable to pipe the audio from each channel into a JAERO instance. Nils writes that the key to making JAERO run with multiple instances is to install JAERO into different folders on your PC, and give each JAERO.exe a unique file name like JAERO_1.exe.

He collects all the data into a program called Display Launcher and Nils notes that the whole set up has been stable digesting 54,000 messages over the last 24 hours.

Tweet13

Vote

13 Shares

June 1, 2018

Tracking Planes with RTL-SDR, Apache Kafka, KSQL, Kibana and a Raspberry Pi

Inspired by a low flying aircraft that kept waking his cat in the morning, Simon Aubury decided to use an RTL-SDR and ADS-B tracking software dump1090 to determine which plane was the culprit. This is all now standard stuff, however, Simon's software implementation and management of the received ADS-B data is quite unique, as he uses Apache Kafka, KSQL and Kibana as his tools for processing and visualizing the ADS-B data.

Apache Kafka is a 'distributed streaming platform', and KSQL enables real time processing of the data from Kafka. Kibana is a data visualization tool. Essentially these technologies are just ways to manage, process and digest in a human readable way large amounts of real time data coming into a database.

So with some clever database coding Simon was able to create a constantly updating dashboard in Kibana that plots aircraft positional heat maps, displays data such as spotted airlines and destination frequencies in a text cloud, and displays aircraft height data in a line graph. Finally using a database lookup and his gathered data Simon was able to determine that an A380 aircraft flying over his house was waking his cat in the morning.

Tweet21

Reddit1

Vote1

23 Shares

May 31, 2018

Using RTL_433 to Decode SimpliSafe Home Security Systems

SimpliSafe is an American DIY home security system company that claims over 2 million customers. Their system relies on 433/315 MHz ISM band wireless radio communications between its various sensors, control panels and remote controls. Back in 2016 we already posted about research from Dr. Andrew Zonenberg and Micheal Ossmann who showed that the SimpliSafe wireless communications are unencrypted, and can easily be intercepted, decoded, and spoofed. SimpliSafe responded to those concerns by downplaying them and mentioning that sophisticated hardware was required.

However, now Adam of simpleorsecure.net has recently disclosed a security advisory and a blog post discussing how easy it is to decode SimpliSafe wireless communications with an RTL-SDR and the rtl_433 software. He also also released slides from a recent talk that he did that go over his entire process and findings.

Adam began with some initial manual RF analysis with an RTL-SDR, and then later worked with rtl_433 dev Christian Zuckschwerd to add PiWM demodulation capability, which is the modulation used by SimpliSafe systems. Now Adam is able to easily decode the serial number, pin codes, and status codes transmitted by SimpliSafe sensors and key pads in real time with just an RTL-SDR.

This is very concerning as not only could a burglar easily learn the alarm disarm pincode, but they could also profile your behavior to find an optimal time to break in. For example if you arm your alarm before bed, and disarm in the morning your sleep schedule is being broadcast. It is also possible to determine if a particular door or window has been left open. With a tuned Yagi antenna Adam was able to receive signals from 200+ feet (60m) in free space, and 115 feet (35m) through walls.

In addition to the lack of encryption, Adam also discovered that the SimpliSafe system was susceptible to jamming attacks, and that the tamper detection system can be easily compromised. Adam has disclosed all concerns and findings to SimpliSafe who are aware of the problems. They assure him that next generation systems will not suffer from these flaws. But unfortunately for current generation owners, the hardware will need to be eventually replaced as there is no over the air update capability.

Tweet24

Vote

24 Shares

May 29, 2018

A Lightweight Meteor M2 Demodulator

Over on GitHub dbdexter-dev has released a new lightweight and open source Meteor M2 demodulator. Meteor M2 is a Russian weather satellite that transmits images down in the digital LRPT format. This provides much higher resolution images compared to the NOAA APT signals. With an RTL-SDR, appropriate satellite antenna and decoding software it is possible to receive these images.

This new lightweight demodulator may be especially useful for single board PCs like the Raspberry Pi. Previously, on Linux GNU Radio based demodulators have been used, and GNU Radio isn't exactly a light weight piece of software. To use the software you first need to record an IQ file of the Meteor M2 LRPT signal, downsample the IQ file to 140 kHz (if required), then pass it into the demodulator. This will spit out an 8-bit soft-QPSK file which can be used with LRPTofflinedecoder (now known as M2_LRPT_Decoder) on Windows or meteor_decoder on Linux to generate an image.

An Example LRPT Image Received with an RTL-SDR from the Meteor-2 M2. — An Example LRPT Image Received with an RTL-SDR from Meteor-2 M2.

Vote

May 29, 2018

Chasing Cubesats on a $25 Budget with an RTL-SDR and Homemade Antenna

Cubesats are small shoebox sized satellites that are usually designed by universities or amateur radio organizations for basic space experiments or amateur radio communications. Typically they have an orbit lifespan of only 3-6 months.

Cubesats typically transmit signals at around 435 MHz, and they are powerful enough to be received with a simple home made antenna and an RTL-SDR. To help with this Thomas N1SPY has created a YouTube video where he shows exactly how to construct a cheap eggbeater antenna made out of a few pieces of copper wire and an SO-239 UHF connector. Later in the video he demonstrates some Cubesats being received with his antenna, an RTL-SDR and the SDR-Console V3 software.

2018: Thomas N1SPY chases mini satellites on a budget

Watch this video on YouTube

Tweet16

Vote

16 Shares

May 29, 2018

CalicoCAT: New Serial CAT Control Plugin for SDR#

Thanks to Stephen 'Tag' Loomis (N0TTL) for submitting news about his new plugin called 'CalicoCAT' which is a serial CAT control plugin for SDR#. The plugin emulates the Kenwood TS-2000 CAT control command set, and is used to allow SDR# to communicate with other software running on the PC via a virtual serial port. To create a virtual serial port you can use free software like com0com.

Stephen notes that the plugin could be used to allow software like WSJT-X to control SDR#. For example you could use it to automatically change bands at certain times.

Vote

May 28, 2018

Tzumi MagicTV WiFi TV Tuner Device contains an RTL-SDR, OpenWRT board and Battery for only $13

The Tzumi MagicTV is a device that allows users in the USA to watch TV on an Android phone via free over the air digital ATSC signals. It receives and decodes TV on the device, then streams decoded TV to an Android phone via a WiFi connection.

Over on Reddit user meowTheKat has alerted everyone to the fact that 'Tzumi MagicTV' devices contain not only an ~~R828D~~ RTL-SDR inside them, but also an AR9331 OpenWRT board and a 3000 mAh battery pack. This means that the device could potentially be used as a portable RTL-SDR server over a WiFi connection without any additional required hardware. And right now is a particularly good time for this discovery to come out, as the device is reportedly selling at a clearance sale price of only $13 at Walmarts across the USA.

OpenWRT is custom open source firmware that is intended to be installed on compatible internet routers. It extends the functionality and stability of many routers. Since OpenWRT is based on Linux, it is possible to use the RTL-SDR on routers running OpenWRT and we have several previous posts about people doing this.

Currently meowTheKat reports that the MagicTV is indeed running OpenWRT, and that SSH is available. The SSH password is unknown but a colleague of his is currently working on cracking the password. Once cracked it should become possible to install RTL-SDR software on to it. However, there is no word yet on if the front end has additional filtering specifically for TV signals or not. If there is additional filtering those circuits would need to be removed to restore wideband tuning to the RTL-SDR.

Update: From discussion on the Reddit thread it appears that the tuner chip used is not an R828D as first thought, but instead a MXL603/608. This tuner is currently not supported in the RTL-SDR code, but support could probably be added by a developer.

Update 2: Unfortunately it seems that this won't end up going anywhere. In the librtlsdr GitHub issues forum Hoernchen commented:

The tuner is connected to a demod ic, which is connected to the TS input of the rtl2832p, so code is not going to fix the fact that the device is unusable without quite a bit of tricky soldering to reroute the tuner output to the rtl.

The "Tzumi MagicTv" contains an RTL-SDR, OpenWRT Board and Battery Pack.

Tweet34

Vote

34 Shares