Detecting Car Keyfob Jamming With a Raspberry Pi and RTL-SDR

It’s been known for a while now that it is possible to break into cars using simple wireless attacks that involve jamming of the car keyfob frequency. Sammy Kamkars “rolljam” is one such example that can be built with a cheap Arduino and RF transceiver chip. One way to secure yourself against wireless attacks like this is to run a jammer detector.

A jammer detector is quite simple in theory – just continuously measure the signal strength at the car keyfob frequency and notify the user if a strong continuous signal is detected. Over on his blog author mikeh69 has posted about his work in creating a wireless jammer detector out of a Raspberry Pi and RTL-SDR dongle. He uses a Python script and some C code that he developed to create a tool that displays the signal strength on an onscreen bar graph and also conveys signal strength information via audio tones. He writes that with a pair of earphones and battery pack you can use the system while walking around searching for the source of a jammer.

Mikeh69’s post goes into further detail about installing the software and required dependencies. He also writes that in the future he wants to experiment with creating large area surveys by logging signal strength data against GPS locations to generate a heatmap. If you are interested in that idea, then it is similar to Tim Haven’s driveby noise detector system which also used RTL-SDR dongles, or the heatmap feature in RTLSDR Scanner.

[Also seen on Hackaday]

RTL-SDR + Raspberry Pi Jammer Detector.
RTL-SDR + Raspberry Pi Jammer Detector.
Tweet53
Share
Reddit
Vote
Email
53 Shares

Receiving ADS-B Jetliner Traffic with a Simple Paper Clip

Over on YouTube user icholakov has uploaded a new video showing how easy it can be to build a cheap ADS-B antenna out of a simple paper clip and coax connector. Modern aircraft carry an ADS-B transceiver and antenna which broadcasts the current GPS location of the aircraft. This is used for collision avoidance and air traffic control, but anyone with a receiver like an RTL-SDR can also receive and decode these signals, and plot locally received air traffic on Google maps. We have a tutorial for decoding ADS-B signals available here.

In the video Thomas Cholakov (N1SPY) explains the concept behind the antenna design, which is a standard 1/4 wave ground plane cut to the correct dimensions for ADS-B at 1090 MHz. He cuts 5 pieces of the same length, with one piece used as the active whip element, and four pieces used in the ground plane element. The paper clip pieces are then soldered onto a coaxial connector and then the antenna is ready to be used.

2017: Paper Clip vs. Jetliner Traffic

Tweet
Share
Reddit
Vote
Email

QIRX SDR Updated: Legacy DAB, DAB Transmitter Identifications and more

Back in May of this year we posted about QIRX SDR, which back then was a brand new multimode SDR program compatible with the RTL-SDR. One of its defining features is that it has a built in DAB+ decoder. Recently QIRX SDR has been updated to version 0.9.1, the new features are quoted below:

General:

  • Updated Documentation
  • Device Frontend: Manual Center Freq. Correction in kHz
  • Waterfall Spectrum
  • Raw Recording: Playback Control, for a timed positioning (“seek”) in “arbitrary” large (GBytes) recorded raw files.

DAB:

  • Legacy DAB, intended for users where DAB+ is not generally available, like in the UK or Spain. As this could only be superficially tested here in Germany (no standard DAB any more, I used some raw samples recorded in Madrid), I would be very interested in feedback of users about it.
  • Synchronization of raw files recorded with central frequency offset
  • Enhanced manual synchronization control, mainly for tests in mobile environments
  • Detection of the Transmitter Identifications (TII). However, as this is a feature only useful for specialized applications, it is not included in the distribution. To my knowledge, qirx is the only DAB SDR having this feature.

Some Bug fixing.

The QIRX team have also added a new Quickstart Guide to help users get set up with their software quickly. In addition QIRX author Clem also writes that the QIRX software will be demonstrated during this weekends Ham-Radio fair in Friedrichshafen, Germany.

QIRX SDR Updated
QIRX SDR Updated
Tweet
Share
Reddit
Vote
Email

OpenWebRX Updates: 3D Waterfall and BPSK31 Demodulator

OpenWebRX has recently been updated and now includes a 3D waterfall display and a BPSK31 demodulator. OpenWebRX is a popular program which allows you to stream an SDR like the RTL-SDR over the internet efficiently. A number of clients can connect to your server and tune anywhere within a predefined bandwidth. Many examples of OpenWebRX running on RTL-SDRs and KiwiSDRs can be found on sdr.hu.

The 3D waterfall is quite an interesting feature as it allows you to visual signal strength, frequency and time all at once. BPSK31 is a popular amateur radio digital mode for making QSO’s (contacts). The new decoder allows you to zoom in closely on the band with high resolution and select with the mouse which BPSK31 channel you’d like to decode.

András Retzler, creator of OpenWebRX also writes that he’s now completed his Masters Thesis (congratutions!) on the topic of “Integrating digital demodulators into OpenWebRX”. His thesis is available for download here and looks to be an interesting read.

OpenWebRX BPSK31 Mode
OpenWebRX BPSK31 Mode
Tweet
Share
Reddit
Vote
Email

Demonstrating an RTL-SDR Based Metal Detector

Over on YouTube user Ancient Discoveries has uploaded a video showing a prototype of his RTL-SDR based metal detector. The metal detector appears to consist of a coiled detection loop antenna powered by an AM transmitter and an RTL-SDR running in Q-branch direct sampling mode.

Ancient discoveries uses SDR# to tune to a low medium wave frequency of around 898 kHz while in direct sampling mode. Then as a piece of metal is moved closer and further from the detection coil the signals on the spectrum move around in correlation with the metals distance. A whining sound just like a real metal detector is also produced by SDR#.

!!! RTL SDR Metal Detector !!! dancing with signals !!! modified latest project

Tweet
Share
Reddit
Vote
Email

Feedback Request: New RTL-SDR Product, Ideas and Interest Check

We are considering building a new multi-purpose RTL-SDR product. The idea is to make several difficult to achieve applications and projects much more accessible. We are looking to implement the following ideas:

  • 3x on-board coherent RTL-SDRs built into the PCB
    • 4x SMA inputs: 3x individual inputs, 1x common input (switched between the two). 
    • All RTL-SDRs connected to the same clock source – enables coherent experiments
    • All RTL-SDR feature sets and performance equivalent to RTL-SDR V3 or better
  • On-board noise source and directional coupler
    • Useful for correlation with rtl_coherent
    • Measure filter characteristics, and get rough SWR antenna readings.
  • Noise source able to be switched in and out via silicon switches
    • Useful with rtl_coherent and other coherent experiments for cross correlation timing correction. This allows for accurate direction finding.
  • Ability to mount onto a Raspberry Pi 3, and provide an ESD protected, buffered and filtered output for RpiTX transmissions. (a PCB plugin filter specific to the transmission frequency would need to be installed onto PCB to use this feature)
    • With a filter installed the board can be connected to an antenna and used with RpiTX for simple transmissions.
    • Go portable with an Raspberry Pi 3 compatible HDMI LCD screen and a battery pack. Possible HackRF portapack alternative.

Possible applications:

  • Multi-band RTL-SDR applications
    • One RTL-SDR receiving NOAA, one receiving ADS-B, one scanning the air band.
    • Easy trunk tracking with 2x RTL-SDR. Third RTL-SDR used for something else.
    • One streaming NOAA weather, one scheduled to receive NOAA/Meteor sats and weather balloons, one receiving Outernet weather updates.
  • Coherent applications
    • RF direction finding
    • Passive radar
    • Possible radio astronomy applications?
  • Noise source applications
    • Characterize filters
    • VSWR meter with directional coupler
  • Raspberry Pi mount applications
    • Replay attacks and security analysis of ISM band devices with RpiTX and an ISM band filter.
    • Transmitting WSPR with WSPRpi.
    • Portable if used with a small HDMI screen and battery pack.
    • Possible control of board via an Android app.
    • Similar applications to the HackRF Portapack idea.
    • Multi-band noise locator if a GPS is added to the Pi. e.g. See Tim Havens’ ‘Driveby’ concept.

The idea is still in the concept stages so we’re looking for any feedback from the community to see if this is even something that people would want.

Would a receiver board like this interest anyone? We would also work on providing basic ready to go software on a downloadable image file for the Raspberry Pi 3 so starting an app would be as easy as using a launcher. We would also provide various tutorials as well.

The target price would be $99 USD. If you think this is too much, please let us know what you would expect to pay in the comments.

Are there any additional features that anyone requests? Please let us know in the comments.

Would you pay $99 USD for a 3-input RTL-SDR coherent receiver with built in noise source, antenna switcher and filtered RpiTX output?

View Results

Loading ... Loading ...
Tweet
Share
Reddit
Vote
Email

Video Tutorial: Installing GQRX and RTL-SDR on a Raspberry Pi

Over on his YouTube channel AVT Marketing has uploaded a new beginner friendly video that shows how to easily install and use GQRX on a Raspberry Pi single board Linux computer. GQRX is a Linux based general purpose SDR receiver program which is compatible with the RTL-SDR. The Raspberry Pi 3 has enough processing power run this software easily with the RTL-SDR.

The tutorial is a 2-part series, with the first video showing how to install the software from scratch. AVT shows every necessary step including installing git, cmake, build-essential, getting and installing the drivers from the Osmocom github and installing libusb. For someone very new to Linux this tutorial is a simple step by step start. The second video goes on to show how to actually use GQRX on the Raspberry Pi.

Installing RTL-SDR on a Raspberry Pi (Linux)

Using GQRX with RTL-SDR on a Raspberry Pi (Linux)

Tweet
Share
Reddit
Vote
Email

Retrieving Dialed Phone Numbers from Intercepted Phone Calls

Over on his YouTube channel Linux Psycho has uploaded a video showing how he was able to listen in on wireless phone calls and recover the dialed phone numbers from within the conversation. 

The intercepted signal appears to be unencrypted in the clear NFM at 130 MHz and appears to originate from some sort of wireless telephone service. Heard in the phone call are DTMF dial tones. Later in the video Linux Psycho shows how to retrieve the dialed phone number by recording the DTMF tones and submitting the .wav file to an online DTMF tone detection website. DTMF tones are simply the tones that you hear when you dial a number on a landline phone. Each tone is a different frequency and so it is fairly trivial to recover the dialed numbers.

We’re not sure exactly what the signal that Linux Psycho is listening to actually is as it seems to be a cordless phone, but in the wrong frequency range. Potentially it is a long range wireless phone extension commonly used in the third world or rural areas where actual landline connections are rare.

rtl sdr new, rtl sdr phone hacking

Tweet
Share
Reddit
Vote
Email