Testing the Airspy HF+ Against the FDM-S2 on the Medium and Long Wave Bands

Over on the swling.com blog (short wave listening) contributor Guy Atkins has posted about his comparisons of the Airspy HF+ and the Elad FDM-S2 SDRs on the Medium Wave band. In the test he connected the two SDRs to the same ALA1530S+ Welbrook loop antenna via a splitter and recorded some audio comparisons.

It appears that the Airspy HF+ even outperforms the FDM-S2 on one particular test where he tries to listen to 1540 kHz which is just 10 kHz away from a strong signal at 1550 kHz. He also writes:

It became apparent quickly that the upstart HF+ provides strong competition to the Elad SDR. Clearly, the AirSpy’s trade-off is bandwidth for raw performance at lower cost–approx. 660 kHz alias-free coverage versus about 6 MHz maximum for the Elad.

Also in a later post on the swling.com blog Guy makes an addendum where he swaps out his ALA1530S+ Wellbrook loop antenna for the ALA1530LN Pro which overloads his receivers less. He notes that with the new antenna 6 dB of attenuation is required for the FSM-S2 in order to prevent overloading. With the HF+ very little overloading apart from a weak image could be found, and that was removed by adding 3 dB of attenuation.

He also tests longwave reception with the two receivers, and this time finds that the HF+ seems to have additional MW spurs in the LW band, compared with the FDM-S2.

The Airspy HF+ and Elad FDM-S2.
The Airspy HF+ and Elad FDM-S2.
Tweet
Share
Reddit
Vote
Email

Sniffing MiniMed Insulin Pump RF Packets with an RTL-SDR

A MiniMed Insulin Pump with wireless meter

Over on GitHub we've just seen the release of a program called rtlmm made by user ps2 which decodes MiniMed RF packets with an RTL-SDR. We weren't entirely such what MiniMed was, but from Googling the name it appears that it is a product by a company called Medtronic who sell medical equipment such as portable automatic insulin pumps and glucose monitors for diabetic patients. These products have RF telemetry links that transmit to a meter which can receives data and forwards it to your phone via Bluetooth LE. Sniffing the telemetry from these sensors could allow you to build up your own data without the need of the meter.

Rtlmm was inspired by a similar program called rtlomni which is a program released a few months ago and made by F5OEO. rtlomni works with Omnipod diabetes insulin pumps and monitors which are similar products to MiniMeds offerings.

Tweet13
Share
Reddit
Vote
Email
13 Shares

SDR and Radio Talks from the 34th Chaos Communication Congress: SatNOGs, Bug Detection, GSM with SDR, Open Source Satellites and WiFi Holography

Every year the Chaos Computer Club hold the Chaos Communication Congress (CCC) which is a conference that aims to discuss various topics related to technology and security. This year was the 34th conference ever held (34C3) and there were several interesting SDR and radio related talks which we post below. Further links and video downloads are available in the YouTube description.

SatNOGS: Crowd-sourced satellite operations

An overview of the SatNOGS project, a network of satellite ground station around the world, optimized for modularity, built from readily available and affordable tools and resources.

We love satellites! And there are thousands of them up there. SatNOGS provides a scalable and modular platform to communicate with them. Low Earth Orbit (LEO) satellites are our priority, and for a good reason. Hundreds of interesting projects worth of tracking and listening are happening in LEO and SatNOGS provides a robust platform for doing so. We support VHF and UHF bands for reception with our default configuration, which is easily extendable for transmission and other bands too.

We designed and created a global management interface to facilitate multiple ground station operations remotely. An observer is able to take advantage of the full network of SatNOGS ground stations around the world.

34C3 - SatNOGS: Crowd-sourced satellite operations

Spy vs. Spy: A Modern Study Of Microphone Bugs Operation And Detection

In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. This situation raised our awareness on the lack of research in our community about operating and detecting spying microphones. Our biggest concern was that most of the knowledge came from fictional movies. Therefore, we performed a deep study on the state-of-the-art of microphone bugs, their characteristics, features and pitfalls. It included real life experiments trying to bug ourselves and trying to detect the hidden mics. Given the lack of open detection tools, we developed a free software SDR-based program, called Salamandra, to detect and locate hidden microphones in a room. After more than 120 experiments we concluded that placing mics correctly and listening is not an easy task, but it has a huge payoff when it works. Also, most mics can be detected easily with the correct tools (with some exceptions on GSM mics). In our experiments the average time to locate the mics in a room was 15 minutes. Locating mics is the novel feature of Salamandra, which is released to the public with this work. We hope that our study raises awareness on the possibility of being bugged by a powerful actor and the countermeasure tools available for our protection.

34C3 - Spy vs. Spy: A Modern Study Of Microphone Bugs Operation And Detection

Running GSM mobile phone on SDR

Since SDR (Software Defined Radio) becomes more popular and more available for everyone, there is a lot of projects based on this technology. Looking from the mobile telecommunications side, at the moment it's possible to run your own GSM or UMTS network using a transmit capable SDR device and free software like OsmoBTS or OpenBTS. There is also the srsLTE project, which provides open source implementation of LTE base station (eNodeB) and moreover the client side stack (srsUE) for SDR. Our talk is about the R&D process of porting the existing GSM mobile side stack (OsmocomBB) to the SDR based hardware, and about the results we have achieved.

There is a great open source mobile side GSM protocol stack implementation - OsmocomBB project. One could be used for different purposes, including education and research. The problem is that the SDR platforms were out of the hardware the project could work on. The primary supported hardware for now are old Calypso based phones (mostly Motorola C1XX).

Despite they are designed to act as mobile phone, there are still some limitations, such as the usage of proprietary firmware for DSP (Digital Signal Processor), which is being managed by the OsmocomBB software, and lack of GPRS support. Moreover, these phones are not manufactured anymore, so it's not so easy to find them nowadays.

Taking the known problems and limitations into account, and having a strong desire to give everyone the new possibilities for research and education in the telecommunications scope, we decided to write a 'bridge' between OsmocomBB and SDR. Using GNU Radio, a well known environment for signal processing, we have managed to get some interesting results, which we would like to share with community on the upcoming CCC.

34C3 - Running GSM mobile phone on SDR

UPSat - the first open source satellite

During 2016 Libre Space Foundation a non-profit organization developing open source technologies for space, designed, built and delivered UPSat, the first open source software and hardware satellite.

UPSat is the first open source software and hardware satellite. The presentation will be covering the short history of Libre Space Foundation, our previous experience on upstream and midstream space projects, how we got involved in UPSat, the status of the project when we got involved, the design, construction, verification, testing and delivery processes. We will also be covering current status and operations, contribution opportunities and thoughts about next open source projects in space. During the presentation we will be focusing also on the challenges and struggles associated with open source and space industry.

34C3 - UPSat - the first open source satellite

Holography of Wi-Fi radiation

Can we see the stray radiation of wireless devices? And what would the world look like if we could?

When we think of wireless signals such as Wi-Fi or Bluetooth, we usually think of bits and bytes, packets of data and runtimes.

Interestingly, there is a second way to look at them. From a physicist's perspective, wireless radiation is just light, more precisely: coherent electromagnetic radiation. It is virtually the same as the beam of a laser, except that its wavelength is much longer (cm vs µm).

We have developed a way to visualize this radiation, providing a view of the world as it would look like if our eyes could see wireless radiation.

Our scheme is based on holography, a technique to record three-dimensional pictures by a phase-coherent recording of radiation in a two-dimensional plane. This technique is traditionally implemented using laser light. We have adapted it to work with wireless radiation, and recorded holograms of building interiors illuminated by the omnipresent stray field of wireless devices. In the resulting three-dimensional images we can see both emitters (appearing as bright spots) and absorbing objects (appearing as shadows in the beam). Our scheme does not require any knowledge of the data transmitted and works with arbitrary signals, including encrypted communication.

This result has several implications: it could provide a way to track wireless emitters in buildings, it could provide a new way for through-wall imaging of building infrastructure like water and power lines. As these applications are available even with encrypted communication, it opens up new questions about privacy.

34C3 - Holography of Wi-Fi radiation

Tweet
Share
Reddit
Vote
Email

Securing the Bitcoin network against Censorship with WSPR

Bitcoin WSPR Test Setup
Bitcoin WSPR Test Setup

If you didn't know already Bitcoin is the top cryptocurrency which in 2017 has begun gaining traction with the general public and skyrocketing to a value of over $19,000 US per coin at one point. In addition to providing secure digital transactions, cryptocurrencies like Bitcoin are intended to help fight and avoid censorship. But despite this there is no real protection from the Bitcoin internet protocol being simply blocked and censored by governments with firewalls or by large ISP/telecoms companies.

One idea recently discussed by Nick Szabo and Elaine Ou at the "Scaling Bitcoin 2017" conference held at Stanford University is to use the something similar to WSPR (Weak Signal Propagation Reporting Network) to broadcast the Bitcoin network, thus helping to avoid internet censorship regimes. To test their ideas they set up a HackRF One as a transmitter and RTL-SDR and used GNU Radio to create a test system.

Other ideas to secure the Bitcoin network via censorship resistant radio signals include kryptoradio, which transmits the network over DVB-T, and the Blockstream satellite service which uses an RTL-SDR as the receiver.

If you're interested in the presentation the talk on WSPR starts at about 1:23 in the video below. The slides are available here.

Scaling Bitcoin 2017 Stanford University - Day 2 Afternoon

Tweet12
Share
Reddit
Vote
Email
12 Shares

A Portable SDR Transceiver with LimeSDR Mini, Android Phone and QRadioLink

QRadioLink is a Linux and Android compatible radio app that can run on smartphones. It can be used to receive and transmit digital radio signals with a compatible SDR such as an RTL-SDR (RX only), or a LimeSDR Mini (TX and RX). The following video by Adrian M shows QRadioLink running on an Android phone with a LimeSDR Mini connected to it. An external battery pack is also connected to maintain power levels over a longer time.

In the video Adrian shows how this combination can be used as a fully portable radio transceiver. The video first shows him receiving broadcast FM, digital amateur radio voice (Codec2 & Opus is supported), narrowband FM and SSB signals. Later in the video he transmits a digital voice signal using the microphone on his Android phone. He notes that an external amplifier would still be needed if you wanted more transmission power.

Portable SDR transceiver: LimeSDR-mini, mobile phone and QRadioLink

 

Tweet
Share
Reddit
Vote
Email

Turning an old Radiosonde into an Active L-Band Antenna

VK5QI's Radiosonde Collection
VK5QI's Radiosonde Collection

Over on his blog VK5QI has shown how he has was able to re-purpose an old radiosonde into a wideband active L-band antenna. Radiosondes are small packages sent up with weather balloons. They contains weather sensors, GPS and altitude meters and use an antenna and radio transmitter to transmit the telemetry data back down to a ground station. With a simple radio such as an RTL-SDR and the right software, these radiosondes can be tracked and the weather data downloaded in real time. Some hobbyists such as VK5QI go further and actually chase down the weather balloons and radiosondes as they return to earth, collecting the radiosonde as a prize.

VK5QI and his friend Will decided to put some of his radiosonde collection to good use by modifying one of his RS92 radiosondes into a cheap active L-band antenna. They did this by first opening and removing unnecessary components that may interfere such as the main CPU, GPS receiver, 16 MHz oscillator, SAW filters and balun. They left the battery, LDO's, LNA's and Quadrifilar Helix GPS antenna which is tuned to the GPS L-band frequency. Finally they soldered on a coax connector to a tap point on the PCB and it was ready to use.

They then connected the new antenna to a RTL-SDR V3 and fired up GQRX. They write that their results were quite promising with several Inmarsat and Iridium signals being visible in the spectrum. VK5QI also used gr-iridium with the antenna as was able to decode some Iridium signals.

Modified Radiosonde L-Band Antenna connected to a RTL-SDR V3.
Modified Radiosonde L-Band Antenna connected to a RTL-SDR V3.
Tweet
Share
Reddit
Vote
Email

Transmitting and Receiving Text Data via an MP3, FM Transmitter and RTL-SDR

Over on his YouTube channel Kris Occhipinti has uploaded some videos where he shows how he is able to send text data over FM radio frequencies by using an MP3 audio file that  encodes the text data, an FM transmitter connected to an Android phone or MP3 player to transmit the file and an RTL-SDR on the receiving side to receive the FM signal from the FM transmitter. The software used to encode the text into an MP3 is Minimodem, and on the receiving side Minimodem is also used which can easily decode the received audio. Minimodem is a command line program which can generate FSK modem tones from data.

These two videos are part of a series that Kris has been working on that includes many videos about using Minimodem to transfer data like text, files and images between computers via radio.

12 Minimodem an FM Transmitter and a USB SDR Dongle

13 Radio Data Trasmission with RTL FM and SDR

Tweet
Share
Reddit
Vote
Email

Airspy HF+ Can Receive L-Band 1.2 GHz to 1.67 GHz

The Airspy HF+ is a much anticipated and recently released software defined radio that specializes in HF and VHF reception. However, one little known and not often advertised feature is that it can actually be used for L-band reception between 1.2 and 1.67 GHz as well. This means that it could be used for signals such as AERO, STD-C, Iridium, the 23cm amateur radio band and more.

Over on YouTube Adam 9A4QV has uploaded a video that tests the HF+ with Alphasat AERO signals at about 1.545 GHz. He notes that the sensitivity is quite good as it is able to receive the satellite signals directly with only the antenna connected and no external LNA used. Of course adding in an external low noise figure LNA and filter would improve the signal even further. Adam notes that reception on the 23cm amateur band (1240 MHz to 1300 MHz) is also quite good with sensitivity reaching about -130 dBm.

Airspy HF+ L-band satcom test

Tweet
Share
Reddit
Vote
Email