XRIT Decoder for GOES Satellites: Supports Airspy R2/Mini and SDRplay RSP2

Over on his blog USA-Satcom has released his XRIT (LRIT/HRIT) decoder for GOES satellites. The software requires a licence and costs $100 USD. GOES-13 (East), GOES-15 (West) and the new GOES-16 are geosynchronous orbiting satellites that broadcast very nice high resolution weather images of the entire visible disk of the earth. The transmit their LRIT/HRIT signals at about 1.7 GHz at fairly weak power, which means that a good LNA and dish set up is critical to be able to receive them. A dish size of about 1 meter, or an equivalent grid or Yagi is recommended as the lowest starting point.

GOES Full Disk Image of the Earth
GOES Full Disk Image of the Earth

USA-Satcom’s decoder is Windows based and comes with a nice GUI. Some portions of the code are based on the Open Satellite Project created by Lucas Teske. It currently supports the Airspy R2/Mini and the SDRplay RSP2 software defined radios.

The software is not free, it costs $100 USD for the licence. To help curb illegal distribution of his software which has been rampant in the past, USA-Satcom also requests that you show some proof of a working setup which is capable of receiving the GOES signal before inquiring about the software.

If you are also interested, USA-Satcom did an interesting talk at Cyberspectrum a few months ago, and he has also recently uploaded his slides.

Screenshot of USA-Satcoms GOES XRIT decoder.
Screenshot of USA-Satcoms GOES XRIT decoder.
Tweet14
Share
Reddit
Vote
Email
14 Shares

QIRX SDR: A New MultiMode RTL-SDR Program with Built-In DAB+ Decoder

Recently Clem from softsyst.com wrote in and let us know about their new SDR software called ‘QIRX SDR’. This is a multimode receiver currently capable of receiving AM/NFM/WFM and also DAB Plus. It supports the RTL-SDR via an rtl_tcp connection, so it can be used on a local machine, or a remote networked one. The main differentiating features that QIRX has against other multimode receivers like SDR#, HDSDR and SDR-Console etc is:

  • Dual Receiver, within the bandwidth of the frontend. This is most useful e.g. for watching two stations simultaneously in busy airband regions.
  • DAB+ Demodulator, to our knowledge the first one written in C#, allowing for recordings in very good quality (some samples provided for download).

The full list of features are quoted below:

QIRX is an Open Source Software Defined Radio, written in C#, downloadable on this site as a Visual Studio 2013 Solution, offering the following features:

  • TCP/IP Based: QIRX accepts 8-bit I/Q-Data either from TCP/IP sources or from pre-recorded files containing the I/Q-data. It is designed to cooperate with RTL-SDR dongles and the widely available rtl-tcp.exe as I/Q-data server. Both QIRX and rtl-tcp may run on the same machine or on separate ones. The rtl-tcp.exe might be started automatically without additional user actions, also when used remote via a LAN.
  • Dual Receiver: Within the selected bandwidth, e.g. 2.56MHz QIRX is able to operate two independent receivers simultaneously.
  • Squelch: For each receiver, QIRX provides a digital squelch, enabling to monitor the selected stations – when not transmitting – without annoying background noise.
  • Simplest Operating Principle: QIRX – using its AM, NFM or WFM demodulators – is purely FFT-based, with a NF lowpass filter only. This might change in a future version.
  • Scanner: QIRX provides for Receiver 1 a simple scanner, being able to scan large frequency areas. This is still in an experimental state.
  • HF and NF Spectrum: For each receiver, QIRX provides a spectrum viewer being able to show the HF and the NF spectrum. No waterfall spectrum yet. For DAB+, it shows the constellation.
  • DAB+ Receiver: QIRX provides a comfortable DAB+ receiver ( Transmission Mode I ). It is -to the best of our knowledge- the first C# based SDR providing this facility. Some standard libraries like the Viterbi decoder are used as C/C++ packages, accessed via P/Invoke.
  • File Recorder: For all demodulators, the audio output can be saved to .wav files, independently for each of the both receivers. For DAB+ this allows for high-quality audio recordings.

    Additionally, the I/Q raw data can be saved to a file. It is possible to replay recorded I/Q-data files.

QIRX SDR: A new multimode receiver with DAB+ decoding
QIRX SDR: A new multimode receiver with DAB+ decoding
Tweet24
Share
Reddit
Vote
Email
24 Shares

The New England Workshop for SDR (NEWSDR) Accepting Poster Submissions

Thanks to Michael Rahaim a Postdoctoral Researcher at Boston University for letting us know about the New England Workshop for SDR (NEWSDR) which will be held on June 1 & 2 and Tufts University in Medford, MA. They write:

A few of my colleagues and I are organizing the New England Workshop for SDR (NEWSDR) next month and we are currently accepting submissions for poster presentations. The event will be held at Tufts University and is sponsored by MathWorks, Ettus/NI, MediaTek and Analog Devices. It is the 7th time we’ve held the workshop and we typically have attendance of 80-100 people from industry, academia, and government.

This seems to be mostly an academic and industry conference type event, but a few people reading this blog may be interested. Registration is free.

This year as well as the poster presentations there will be a tutorial and introduction to using the PlutoSDR, which is an (as of yet unreleased) TX & RX capable SDR that will be priced at around $149 USD. It looks to be like a way to get started with SDR TXing very cheaply. During the workshops they are also providing tutorials on using USRP SDR devices with MATLAB Simulink, and with FPGAs. In 2016 they also had some interesting presentations including “Wireless Beyond RF: From Underwater to Intra-body Ultrasonic Software Defined Radios” and a tutorial on “Identifying Mystery Waveform Using Simulink and RTL-SDR”

Tweet
Share
Reddit
Vote
Email

A 3D Printed Case for the DIY Outernet Kit

Thanks to Manuel (aka Tysonpower) for writing in and sharing his 3D printed ‘Universal Outernet Case’. Outernet is a satellite file casting service that uses an RTL-SDR based solution for reception. With an Outernet set up you can receive things like daily news, weather updates, books, Wikipedia pages and more all for free. About 20 MB of data can be transmitted in one day.

The DIY Outernet kit consists of an RTL-SDR ‘SDRx’ board, patch antenna and C.H.I.P single board computer. The patch antenna needs to point roughly in the direction of the Inmarsat/Alphsat satellite in your area. This can be a problem because the Outernet patch antenna doesn’t come with a stand or mounting solution.

Manuel solved this problem with his 3D printed Outernet enclosure. The enclosure houses the patch antenna, SDRx and C.H.I.P, and also doubles as a stand for pointing the patch antenna. Inside he’s also fitted a small 30mm fan to keep everything cool while inside the enclosure as the C.H.I.P is known to have overheating problems.

The 3D printed Outernet enclosure.
The 3D printed Outernet enclosure.

Over on YouTube Manuel has uploaded a video explaining how the enclosure is made with 3D printing, demonstrates the assembly steps and finally shows the final product. The video is narrated in German, but it has English subtitles available. The design files required for 3D printing the case are also available on thingiverse.

[EN subs] Outernet Case aus dem 3D Drucker (Universal elv. Winkel) - für DIY Kit

Tweet
Share
Reddit
Vote
Email

Opening Car Doors with an RTL-SDR, Arduino and CC1101 Transceiver

Recently we found this post from last year by security researcher Anthony which shows how an RTL-SDR combined with an Arduino and CC1101 transceiver can be used to open a car. The technique he presents is the jam, intercept and replay technique which was also used by Samy Kamkars Rolljam device

Most modern vehicles use some form of rolling code security on their wireless keyfobs to prevent unauthorized replay attacks. When the car owner presses a button on the keyfob, a unique rolling code is sent to the car. If it matches the codes stored in the car, the car will unlock and then invalidate that code so it can never be used again, thus preventing a replay attack. On the next press the keyfob sends a new code. This system can be defeated simply by jamming the car keyfob receiver, and using a more selective receiver to record the keyfob unlock packet, then replaying those packets at a later time.

The technique Anthony presents has the attacker use an Arduino with CC1101 transceiver as the jammer. Jamming is totally illegal within the USA, so Anthony does not show exactly how to do the jamming. While the signal is being jammed, the RTL-SDR captures and saves the signal from the keyfob. Later the signal is processed in GNU Radio to remove the jamming signal and extract the keyfob signal. He then uses GNU Radio to demodulate the ASK signal into a binary modulated waveform that he can replay later.

Anthony tested this technique on two cars and a truck and was successful at unlocking the doors all three times.

RTL-SDR receiving a BMW keyfob signal at 315 MHz in HDSDR.
RTL-SDR receiving a BMW keyfob signal at 315 MHz in HDSDR.
Tweet38
Share
Reddit
Vote
Email
38 Shares

Identifying Issues that can be used to Disable IoT Alarms

Seekintoo cybersecurity researcher Dayton Pidhirney has been investigating security flaws in wireless IoT (Internet of Things) based alarm systems, and has identified six issues that can be used to bypass or disable an alarm. Five attack the RF portion of the IoT device, and one through the traditional IP network.

In his post he specifically attacks the iSmartAlarm (ISM). This is an IoT home alarm system that comes with several sensors, and can be controlled via an app on your smartphone. The unit uses the Texas Instruments CC1110 RF SoC, which implements the SimpliciTI low-power radio network protocol. Dayton notes that the majority of attacks not specific to a single manufacturer, and could be applied to other IoT devices as well.

Using a variety of hardware including a logic analyzer, Yardstick One, GoodFET, RFCat, USRP B210 software defined radio and several pieces of software including GNU Radio, GQRX, Baudline, Audacity, Dayton was able attack the alarm in the following ways:

  • Brute-force attack on the alarm system device source addresses.
  • Remotely clone authenticated devices used to interact with the alarm system security features.
  • Decryption of authenticated devices radio communications, allowing remote attackers to craft packets used to send arbitrary commands to the alarm system.
  • RF Jamming.
  • Assisted replay attack.

The post goes into deep detail on the methods he used to reverse engineer the device and is a great tutorial for anyone wanting to get into wireless IoT security research.

The iSmartAlarm IoT wireless alarm system
The iSmartAlarm IoT wireless alarm system
Tweet
Share
Reddit
Vote
Email

Decoding ADS-B in MATLAB Video Tutorial

Over on YouTube the official MATLAB channel has uploaded a new video that is a tutorial on setting up ADS-B decoding in MATLAB. MATLAB is a technical computing language that is frequently used by many scientists and engineers around the world. They write:

Use the software-defined radio capabilities that are part of Communications System Toolbox™ to capture and decode ADS-B messages. ADS-B is a relatively simple standard used by commercial aircraft to transmit flight data such as aircraft ID, position, velocity, and altitude to air traffic control centers. ADS-B messages are 56 or 112 bits long, the data rate is 1 Mbit/sec, and the messages are amplitude modulated signals, transmitted at a carrier frequency of 1090 MHz

The video goes over what ADS-B is, how to receive it, and then goes on to explain a bit of the MATLAB code. This is a good introduction for people wanting to use an RTL-SDR in MATLAB, or for anyone wanting to learn about ADS-B.

Real-time Airplane Tracking with ADS-B Signals and RTL-SDR Radios

Tweet11
Share
Reddit
Vote
Email
11 Shares

Instructions and a Review of the SDRplay RSP1 Metal Enclosure Upgrade Kit

Mike (kd2kog), our partner on the SDRplay RSP1 Metal case upgrade kit has recently uploaded an instruction set that shows step by step how to perform the upgrade (pdf). It shows how to dismantle the RSP1 from the plastic case, install the included broadcast FM filter, mount the PCB and shows where all the nuts and washers go.

The metal case upgrade is something we brought out back in March. It allows owners of the SDRplay RSP1 SDR to upgrade the default plastic case to a sturdy metal one for improved ruggedness and RF shielding. It also comes with an included broadcast FM filter to help reduce strong FM images which are often a problem on some bands with the RSP1. It also comes with a handy travel case. If you want to purchase the enclosure we have it available on our store at www.rtl-sdr.com/store, and also on US Amazon, both with free shipping.

Also, over on his blog K5ACL has posted a short review of the case.

Image of the RSP1 Metal Case from K5ACL's review
Image of the RSP1 Metal Case from K5ACL’s review
Tweet
Share
Reddit
Vote
Email