Radio For Everyone: Testing Several ADS-B Antennas Under $50

Over on his blog ‘Radio for Everyone’ Akos has shared results submitted to him by FlightAware forum user ‘Nitr0’ which compares several ADS-B antennas that cost under $50 USD. The antenna that we most recommend for ADS-B is the FlightAware antenna, but for European buyers there are also many lower cost alternatives available on eBay, most of which are made by fellow radio hobbyists or hams. The tests use the six antennas listed below, comparing each one against the ‘reference’ FlightAware antenna.

  1. The FlightAware Antenna – $45 USD
  2. A Bulgarian made antenna by LZ3RR – $31 USD + shipping
  3. A Slovakian made collinear antenna by stanislavpalo130 – $25 USD + shipping
  4. A Slovakian made 5/8 antenna by stanislavpalo130 – $24 USD
  5. RTL-SDR stock antenna – Included with generic RTL-SDRs
  6. A 3.5 dBi loaded whip – $3 to $15 USD

In summary the tests seem to show that nothing beats the FlightAware antenna, with the closest in performance being the Bulgarian made antenna. We should mention however, without knowing the real radiation patterns, SWR and various other factors it is hard to say which one will work best for everyone. Different locations/obstacles/mountings could mean that antennas with different designs and therefore radiation patterns work better than others. But it seems that the FlightAware antenna is the top performer in the common scenario of being able to mount the antenna on a roof with a good view of the horizon.

Two ADS-B antennas being tested by Akos.
Two ADS-B antennas being tested by Nitr0.
Tweet
Share
Reddit
Vote
Email

The Panoradio: A tech-demo for direct sampling SDR

SDR researcher Stefan Scholl (DC9ST) recently wrote in to us and wanted to share his project which is a direct sampling SDR using a fast AD converter on the Zynq SoC (System on Chip). He calls the SDR ‘Panoradio’. He writes:

The Panoradio is a modern software defined radio receiver, that directly samples the antenna signal with 250 MHz with an analog-to-digital converter. The receiver captures and displays signals from 0-100 MHz, i.e. shortwave and VHF signals simultaneously, and can even receive signals from the 70 cm band with undersampling.

The hardware platform is the Zedboard, that features the Xilinx Zynq Soc, which combines an FPGA with an ARM A9 dual core and runs a Linux operating system. Fast signal processing is then done in the FPGA, slow signal processing with the ARM A9. The radio can operate in standalone mode with just a monitor and mouse attached.

The radio’s features at a glance:
– 0 -100 MHz direct sampling reception
– Direct sampling of 70 cm (425 – 440 MHz) signals
– Three independent zoomable waterfall displays (100 MHz to 6.1 kHz bandwidth)
– Two independent audio receivers (22 kHz bandwidth) with Weaver SSB demod
– Standalone operation with embedded system (Zynq / Zedboard)
– Full Linux running, including demodulation software (e.g. Fldigi)

The Panoradio is designed as a tech-demo for software defined radio, that shows what is possible with today’s technology in AD conversion and signal processing platforms.
It is an open source project, the design files can be accessed from the project website, which also includes basic information on direct sampling SDRs and single-sideband (SSB) detection:
www.panoradio-sdr.de

Stefan also presented his work at the “Software Defined Radio Academy” conferences in Friedrichshafen, Germany in both 2015 and 2016. The talks are shown below, as well as some photos and screenshots of the SDR in action.

Stefan Scholl, DC9ST: The Zedboard: A Modern “System On Chip” for SDRs

Stefan Scholl, DC9ST: The Panoradio: A wideband direct sampling SDR with 250 Msps

A direct sampling SDR is an SDR without any analogue tuner on the front end, basically directly sampling with the ADC from the antenna. This takes us closer to a ‘true’ SDR which has very little analogue components. Over time we should start to see more direct sampling SDRs popping up. For example recently we saw the release of a new Xilinx RFSoC which is capable of sampling at up to 4Gsamples per second which should provide a very wide band, wide frequency range SDR. While this chip will probably be extremely expensive for the time being as it is mainly designed for commercial cell tower communications, it shows how well direct sampling technology is progressing.

Tweet
Share
Reddit
Vote
Email

Simple NOAA/Meteor Weather Satellite Antenna: A 137 MHz V-Dipole

Over on his blog Adam 9A4QV (seller of various RTL-SDR related goods including the LNA4ALL) has just made a post detailing a build of a high performance super simple NOAA/Meteor M2 weather satellite antenna. Most antenna designs for polar orbiting weather spacecraft are based on circularly polarized turnstile or QFH designs. However, Adams antenna is based on a very simple linearly polarized dipole, which makes construction almost trivial.

The idea is that by arranging a dipole into a horizontal ‘V’ shape, the radiation pattern will be directed skywards in a figure 0 (zero) pattern. This will be optimal for satellites travelling in front, above and behind the antenna. Since polar orbiting satellites always travel North to South or vice versa, we can take advantage of this fact simply by orienting the antenna North/South. 

There is also another advantage to Adams design. Since the antenna is horizontally polarized, all vertically polarized terrestrial signals will be reduced by 20 dB. Most terrestrial signals are broadcast in vertical polarization, so this can help significantly reduce interference and overloading on your RTL-SDR. Overloading is a big problem for many trying to receive weather satellites as they transmit at 137 MHz, which is close to the very powerful FM broadcast band, air band, pagers and business radio. In contrast a circularly polarized antenna like a QFH or turnstile only reduces vertically polarized terrestrial signals by 3 dB.

As the satellites broadcast in circular polarization there will be a 3 dB loss in Adams design from using a linear polarized antenna. But this can be considered as almost negligible. Adam also argues that the home construction of a QFH can never be perfect, so there will always be at least a ~1dB loss from inaccurate construction of these antennas anyway.

The final advantage to Adams design is that construction is extremely simple. Just connect one element to the center coax conductor, and the other to the shield, and spread apart by 120 degrees.

Adam 9A4QV's V-Dipole for 137 MHz Weather Satellites.
Adam 9A4QV’s V-Dipole for 137 MHz Weather Satellites.

Adam has tested the antenna and has gotten excellent results. If you want more information about the antenna design, Adam has also uploaded a pdf with a more indepth description of the design and his thoughts.

DIY 137 MHz WX sat V-dipole antenna

137 MHz NOAA WX sat reception using V-dipole antenna

Tweet9
Share
Reddit21
Vote
Email
30 Shares

RTL-SDR Tutorial: GPS Decoding and Plotting

The RTL-SDR can be used to receive, decode and plot Global Positioning System (GPS) data in real time. To do this the RTL-SDR must be connected to a GPS antenna.

Extremely cheap $5 or less active GPS antennas with SMA connectors can be found on eBay, Amazon or Aliexpress. These GPS antennas contain a small ceramic patch antenna, a low noise amplifier and a GPS filter. In order to power the LNA in the antenna, you'll need to have an RTL-SDR with bias tee. Our RTL-SDR.com V3 dongles have this feature built in, but if you don't have a V3 you could also use a homebrew 5V external bias tee module or hack it into a standard RTL-SDR if you desired.

Also note that most standard R820T/2 RTL-SDRs fail to receive after a few minutes at frequencies above about 1.3 GHz due to heat issues. Our RTL-SDR.com V3 dongles don't have this problem in most climates thanks to the metal case cooling and improved thermal design on the PCB. If you experience this problem it can also be alleviated by using the special L-Band RTL-SDR drivers.

A typical $3 GPS antenna
A typical $3 GPS antenna

The main GPS frequency is 1.575420 GHz, but most of this signal is very weak and below the noise floor. If you were try to view the spectrum of GPS in SDR# you will find that you won't see much other than perhaps a very weak hump. Only through clever signal processing is such a weak signal actually recovered. Below we show screenshots of the GPS spectrum as seen by an RTL-SDR and more wideband Airspy R2 SDR.

GPS RTL-SDR
GPS Airspy
GPS RTL-SDR GPS Airspy

The following tutorial shows how to receive and decode GPS signals and get a coordinate on a map of your location, using only an RTL-SDR dongle (with bias tee) and GPS antenna. This tutorial is based heavily on Philip Hahn's blog post at sdrgps.blogspot.com/2015/12/first-proof-of-concept-gps-fix-in.html.

  1. Download GNSS-SDRLIB from github.com/taroz/GNSS-SDRLIB. On GitHub click on the green “Clone or download” button on the right and then click “Download ZIP”. Extract the zip file into a convenient folder on your PC. If you want to use the modified L-band drivers, copy the modified rtlsdr.dll into the the bin folder.
     
  2. Download the latest version of RTK-NAVI from rtklib.com. If you like, you can also try their beta version at github.com/tomojitakasu/RTKLIB_bin/tree/rtklib_2.4.3. Extract the zip into a convenient folder on your PC.
     
  3. Make sure your RTL-SDR is plugged in, and that the bias tee has been activated (V3 software for activating the bias tee, see feature 2).
     
  4. In the GNSS-SDRLIB folder, open gnss-sdrgui.exe. This will be stored in the bin subfolder.
     
  5. Now set the following parameters:
    1. Change the Input Type to RTL-SDR
    2. Place a check next to RTCM MSM , and set the Port to 9999.
    3. Ensure that “Output Interval” is set to 10Hz.
    4. Ensure that “Plot Acquisition” and “Plot Tracking” are both checked.
    5. Under “MISC” optionally enter your approximate latitude and longitude to help with getting an initial lock..
    6. Under the GPS, GLONASS and Galileo headings ensure that the “ALL”
Apply appropriate settings in GNSS-SDRLIB GUI
Apply appropriate settings in GNSS-SDRLIB GUI
  1. Press Start. A bunch of command windows will begin opening and closing for a few seconds. After that, a bunch of gnuplot graph windows will open up. These can be ignored.
     
  2. Next go to the extracted RTK-NAVI folder, and enter the bin directory. Open the rtlnavi.exe file.
     
  3. Click on the “I” button in the upper right region.
     
  4. Place a check mark next to (1) Rover, and change the “Type” to TCP Client, and the “Format” to RTCM3. Click on the button with three dots under the leftmost “Opt” and set the “TCP Server Address” to localhost, and the “Port” to 9999. Press the OK button to exit the two windows.
Set the input stream
Set the input stream
  1. Now press Start in RTK-NAVI.
     
  2. You should now see several bars in the top graph. These bars show GPS signal strengths for satellites. After a short time you should see a solution in the left panel which will be your current coordinates. If no solution ever comes, try respositioning your GPS antenna for a better view of the sky, and double checking that the bias tee is activated. Sometimes simply restarting GNSS-SDRLIB can fix no solution being found.
Check reception and wait for GPS lock solution.
Check reception and wait for GPS lock solution.
  1. In RTK-NAVI click on the “Plot” button. This will open a positional plot of the recorded coordinates. To view your position on a Google map, click View → Google Map View. If everything is working correctly you should now be seeing an accurate marker of your current location.
View your GPS position on a map.
View your GPS position on a map.
Tweet
Share
Reddit
Vote
Email

dumpvdl2: A Lightweight VDL2 Decoder

The VHF Data Link mode 2 (VDL2) is a relatively new wireless transmission mode used on aircraft for sending short messages, position data (similar to ADS-B) and also for allowing traffic controllers to communicate to pilots via text and data. VDL2 is an evolution of ACARS and is eventually supposed to replace it entirely. The advantage over ACARS is that VDL2 can transmit data 10 times faster, and supports a much wider range of services. The main default channel is at 136.975 MHz, but channels could exist on other air band frequencies too.

Over on GitHub Tomasz Lemiech (szpajder – also the author of RTL-Airband) has uploaded a new VDL2 decoder called dumpvdl2. This is a lightweight command line Linux based VDL2 decoder and protocol analyzer. The features include:

  • Runs under Linux (tested on: x86, x86-64, Raspberry Pi)
  • Supports following SDR hardware:
    • RTLSDR (via rtl-sdr library)
    • Mirics SDR (via libmirisdr-4)
    • reads prerecorded IQ data from file
  • Decodes up to 8 VDL2 channels simultaneously
  • Outputs messages to standard output or to a file (with optional daily or hourly file rotation)
  • Outputs ACARS messages to PlanePlotter over UDP/IP socket
  • Supports message filtering by type or direction (uplink, downlink)
  • Outputs decoding statistics using Etsy StatsD protocol

In a previous post we showed how VDL2 could be decoded with MultiPSK on Windows. But the advantage of dumpvdl2 is that it allows you to set up a lightweight monitoring station on something like a Raspberry Pi. dumpvdl2 can also be interfaced with PlanePlotter, and statistics can be graphed with another program such as Grafana.

dumpvdl2 running.
dumpvdl2 running.
Tweet
Share
Reddit
Vote
Email

Building an RTL-SDR “Moto Mod”

One nice feature of modern Motorola smartphones is that some models can accept ‘mods’, which are essentially phone cases that snap onto the back of the phone and interface via some exposed data pins. Some examples include a snap on speaker, projector, battery pack and zoom lens. Currently Moto Mods and Indiegogo are running a promotional campaign that gives developers a chance to pitch new Moto Mod ideas to Motorola, and if successful be partnered with Motorola and receive funding to complete and sell the hardware.

Vaclav Bouse is one developer who has been working on an RTL-SDR based Moto Mod. The idea is to integrate RTL-SDR hardware into the Moto Mod phone case form factor and possibly even add transceiver capabilities via an AX5043 transceiver chip. The hardware is still in the very early concept and design phases, and Vaclav is seeking donations on Indiegogo to help fund the development of a prototype (note that donating will not get you the final product). As it will be an RTL-SDR, it should be compatible with all Android RTL-SDR software, such as SDR Touch.

The hardware is also related to his other Moto Mod campaign idea which is a universal remote control.

The Moto Mod RTL-SDR Concept
The Moto Mod RTL-SDR Concept
Tweet
Share
Reddit
Vote
Email

Reverse Engineering Linear DX Wireless Door Locks

Employees at the network data security company Duo recently had their interest piqued when they discovered that their office’s keycard based door system had a wireless remote which was used by reception to unlock and lock the door. The device was a DX model magnetic lock created by Linear.

After noting down the FCC ID printed on the device, they determined that the operating frequency was 315 MHz. They discovered from the documentation that each wireless DX device is encoded with a unique code that is precoded at the factory. Only remotes with the correct code programmed in can open the door.

The first attack they tried was a simple replay attack. They used a HackRF to record the signal, and then play it back again. This worked perfectly first time.

Next they decided to take this further and reverse engineer the protocol and see if a brute force attack could be applied. By doing some logic analysis on the circuit, they were able to figure out how to iterate over the entire key space. It turns out that the lock can be brute forced in at most 14.5 hours, or 7.25 hours on average.

The Linear DX Wireless Door Lock
The Linear DX Wireless Door Lock
Tweet
Share
Reddit
Vote
Email

Video Tutorial: Transmitting Signals with a Raspberry Pi

Over on YouTube Crazy Danish Hacker, who earlier brought us an excellent video tutorial series on GSM sniffing, has now uploaded a two part series that shows how to transmit signals with a Raspberry Pi and the PiFM and RPiTX software. We’ve featured RPiTX several times on this blog before as a cheap TX complement to the RTL-SDR. The software allows you to modulate a GPIO pin on your Raspberry Pi in such a way that it produces AM/FM/SSB etc radio signals at a frequency of choice.

Crazy Danish Hackers tutorial shows us how to set up RPiTX, starting from installing Raspbian and enabling SSH to installing the software and actually transmitting something. Some useful tips to get around common problems are also presented.

Transmit Radio Signals w/ Raspberry Pi (1/2) - Software Defined Radio Series #24

Transmit Radio Signals w/ Raspberry Pi (2/2) - Software Defined Radio Series #25

Tweet
Share
Reddit
Vote
Email