HDSDR Version 2.75 (Stable) Released

The beta 2.75 version of HDSDR was released about two months ago. Now the stable version has just been released. HDSDR is a free general purpose SDR receiver, similar in nature to other programs like SDR# and SDR-Console. HDSDR can be downloaded from hdsdr.de.

The author of HDSDR emailed us with the following release information:

this morning we released the final version 2.75. Here’s the changelog:

Version 2.75 (January 01, 2017)
– more recording options
– support for 8bit sampling format – ideal for RTLSDR, halving RF recording size
– display level / clipping for RF and AF
– additive noise generator for hiding aliases
– Highpass Filter for AM/FM deactivatable – useful for slow digimodes
– configurable gain for I/Q output – useful for digimode decoding weak signals of SDRs with >16 Bit dynamic range
– Uniform “Calibration” dialog for Frequency/S-Meter/DC Removal/Channel Skew
– “Custom color palette” to customize colors of Waterfall/Spectrum and some more
– output soundcard no longer necessary (e.g. for recording or monitoring)
– support for 8k display resolution (7680×4320)
– some new keyboard shortcuts (see )
– extended ExtIO capabilities
– experimental transmit capability through ExtIO API interface
– many fixes and improvements

Some of the new features were introduced especially for the RTLSDR Dongles:

– 8 bit support, of course

– displaying the RF (ADC) level in dBFS allow working with deactivated Tuner AGC – NOT oversteering/clipping the ADC.
This would also ease making good suitable recordings as used in
https://www.rtl-sdr.com/using-rpitx-and-an-rtl-sdr-to-reverse-engineer-and-control-ask-devices

Especially for decoding this kind of signals (AM/FM) , deactivating the Highpass filter (Ctrl-H) will make the demodulated Audio clearer:
long periods of positive or negative levels will not fade towards zero.
Find attached recordings and screenshots with active and deactivated highpass filter of a garage door opener demodulated in AM.

– additive noise generator (Ctrl-N) is for hiding some alias carriers in scenarios where the ADC does not see real noise from the antenna.
The noise generators level has to be configured carefully for not hiding real signals. A level between -25 to -10 looked fine for me. But that should be measured in a lab.

Below are the mentioned attached images and .wav files.

Highpass Filter - Active
Highpass Filter – Active
Highpass Filter - Inactive
Highpass Filter – Inactive

Highpass Active .wav file (Download)

Highpass Inactive .wav file (Download)

Tweet20
Share
Reddit
Vote
Email
20 Shares

Receiving the Recently Launched BY70-1 Satellite

BY70-1 is a Chinese amateur Cubesat satellite which was recently launched on December 29, 2016. It is expected to stay in orbit for only 1 – 2 months due to a partial failure with the satellite releasing into an incorrect orbit. The purpose of the satellite is for education in schools and for amateur radio use. The receivable signals include an FM repeater and BPSK telemetry beacon both of which can be received at 436.2 MHz. The telemetry beacon is interesting because it also transmits images from an on board visible light camera. These signals can easily be received with an RTL-SDR or other SDR with an appropriate antenna.

Over on his blog Daneil Estevez has been posting about decoding these telemetry images. He’s been using telemetry data collected by other listeners, and the gr-satellites GNU Radio decoder which is capable of decoding the telemetry beacons on many amateur radio satellites. So far the decoded images haven’t been great, they’re just mostly black with nothing really discernible. Hopefully future decodes will show better images.

If you want to track the satellite and attempt a decode, the Satellite AR Android app has the satellite in its database.

Not many people seem to have gotten telemetry decodes or images yet, but below we show an image decoded by  on Twitter.

BY70-1 Image Decoded by @bg2bhc
BY70-1 Image Decoded by @bg2bhc
Tweet13
Share
Reddit
Vote
Email
13 Shares

Building a Wideband Vivaldi Antenna for SDR Use

Vivaldi’s are linearly polarized broadband antennas that have a directional radiation pattern at higher frequencies. The high end SDR manufacturer RF Space produces their own Vivaldi antennas made from PCB boards which they sell online. The larger the antenna, the lower its receiving frequency, and ones that go down to about 200 MHz are almost the size of a full adult person. But all sizes receive up to 6 GHz maximum. Typically smaller versions of Vivald antennas have been used in the past for L-Band satellite reception.

Over on his blog KD0CQ noted that he always had trouble trying to purchase a Vivaldi from RF Space because they were too popular and always out of stock. So he decided to try and build his own out of PCB boards. On this page he’s collected a bunch of Vivaldi cutout or transfer images. On his second page he shows a Vivaldi antenna that he built out of PCB material, just by using scissors and semi-rigid coax. With the Vivaldi placed outdoors he’s been able to successfully receive and decode L-Band AERO on his Airspy Mini even without an LNA. 

KD0CQ writes that he’ll update his blog soon with more results.

Simple Vivaldi antenna by KD0CQ cut out of PCB board.
Simple Vivaldi antenna by KD0CQ cut out of PCB board.
Tweet21
Share
Reddit
Vote
Email
21 Shares

Talks from the 33rd Chaos Computer Club Conference

Videos from the 33rd Chaos Communication Congress [33c3] of the Chaos Computer Club have recently been uploaded to YouTube. This is a yearly European conference with a theme on hacking. This year several SDR and RF related talks were presented and here below is a sampling of our favorites. See their YouTube Channel for more interesting talks.

Reverse Engineering Outernet

Outernet is a company whose goal is to ease worldwide access to internet contents by broadcasting files through geostationary satellites. Most of the software used for Outernet is open source, but the key parts of their receiver are closed source and the protocols and specifications of the signal used are secret. I have been able to reverse engineer most of the protocols, and a functional open source receiver is now available.

Outernet is a company whose goal is to ease worldwide access to internet contents by broadcasting files through geostationary satellites. Currently, they broadcast an L-band signal from 3 Inmarsat satellites, giving them almost worldwide coverage. The bitrate of the signal is 2kbps (or 20MB of content per day), and they use the signal to broadcast Wikipedia pages, weather information and other information of public interest.

Most of the software used for Outernet is open source, but the key parts of their receiver are closed source and the protocols and specifications of the signal used are secret. I think this is contrary to the goal of providing free worldwide access to internet contents. Therefore, I have worked to reverse engineer the protocols and build an open source receiver. I have been able to reverse engineer most of the protocols, and a functional open source receiver is now available.

In this talk, I’ll explain which modulation, coding and framing is used for the Outernet L-band signal, what are the ad-hoc network and transport layer used, how the file broadcasting system works, and some of the tools and techniques I have used to do reverse engineering.

PDF slides available [here].

Intercoms Hacking

To break into a building, several methods have already been discussed, such as trying to find the code paths of a digicode, clone RFID cards, use some social engineering attacks, or the use of archaic methods like lockpicking a door lock or breaking a window.

New methods are now possible with recent intercoms. Indeed, these intercoms are used to call the tenants to access the building. But little study has been performed on how these boxes communicate to request and grant access to the building.

In the past, they were connected with wires directly to apartments. Now, these are more practical and allow residents to open doors not only from their classic door phone, but to forward calls to their home or mobile phone. Private houses are now equipped with these new devices and its common to find these “connected” intercoms on recent and renovated buildings.

In this short paper we introduce the Intercoms and focus on one particular device that is commonly installed in buildings today. Then we present our analysis on an interesting attack vector, which already has its own history. After this analysis, we present our environment to test the intercoms, and show some practical attacks that could be performed on these devices. During this talks, the evolution of our mobile lab and some advances on the 3G intercoms, and M2M intercoms attacks will be also presented.

Building a high throughput low-latency PCIe based SDR

Software Defined Radios (SDRs) became a mainstream tool for wireless engineers and security researches and there are plenty of them available on the market. Most if not all SDRs in the affordable price range are using USB2/USB3 as a transport, because of implementation simplicity. While being so popular, USB has limited bandwidth, high latency and is not really suitable for embedded applications. PCIe/miniPCIe is the only widespread bus which is embedded friendly, low latency and high bandwidth at the same time. But implementing PCIe/miniPCIe is not for the faint of heart – you have to write your own FPGA code, write your own Linux kernel driver and ensure compatibility with different chipsets, each with its own quirks. In this talk we will look at the requirements for a high performance SDR like XTRX, how this leads to certain design decisions and share pitfalls and gotchas we encountered (and solved).

We’ve been working with SDRs since 2008 and building own SDRs since 2011, focusing on embedded systems and mobile base stations. We created ClockTamer configurable clock source and UmTRX SDR and built a complete base station (UmSITE) to run OpenBTS and later Osmocom GSM stacks. This year we’ve started working on a new tiny high-performance SDR called XTRX which fits into the miniPCIe form-factor and using PCIe for the I/Q samples transfer.

We will talk about when to use PCIe and when not to use PCIe and why did we choose it for XTRX; FPGA implementation of PCIe with optimization for low latency and high throughput; Linux kernel driver for this PCIe device; integration with various SDR platforms; all the various issues we encountered and how you can avoid them.

Tweet13
Share
Reddit
Vote
Email
13 Shares

A Guide to Using RPiTX and an RTL-SDR to Reverse Engineer and Control ASK/OOK Devices

Erhard E. has been experimenting with capturing, analyzing, reverse engineering and then transmitting new ASK/OOK signals with his RTL-SDR and Raspberry Pi running RPiTX. Erhard has written a very informative guide/tutorial (pdf) that explains how he did it for wireless doorbell and for remote control toy cars. RPiTX is software for the Raspberry Pi which allows it to transmit almost any signal via modulation of a GPIO pin. RPiTX related posts have been featured on this blog several times in the past.

First Erhard records a copy of the doorbell signal using his RTL-SDR and then views the waveform in Audacity. He then writes that you’ll need to find the waveform characteristics either manually using Audacity, or by using the rtl_433 decoder. In the tutorial he uses rtl_433 which automatically gives his the pulse width, gap width and pulse period.

Next in order to actually generate the signal using RPiTX he uses the waveform characteristics that he found out and manually creates a .ft hex file that describes the signal to be generated. Then using using the rpitx command, the .ft file can be transmitted.

Later in the tutorial he also shows how he performed the same reverse engineering process with a cheap RC car toy (forward/reverse commands only), which uses OOK encoding on the wireless controller.

The tutorial can be downloaded in PDF form here.

Showing the Pulse Width, Gap Width and Symbol Period of a signal in Audacity.
Showing the Pulse Width, Gap Width and Symbol Period of a signal in Audacity.
Tweet17
Share
Reddit
Vote
Email
17 Shares

Designing a Remote SDR Station

Over on his blog w5fcx has posted an article that explains how he’s managed to set up a remote software defined radio based ham radio station. The article is more focused on high end ham equipment for RX and TX use, but similar principles could apply to a RX only station with SDRs like the RTL-SDR/Airspy/SDRplay.

He writes how he uses a VPN to remotely connect to his home computer and makes use of the SmartSDR app for Flex SDR radios which is available for iOS and Windows. Many of the apps he uses such as his antenna rotator software are also controlled over VPN via remote COM port software. He also notes requirements for having an internet controllable AC power supply in case TX needs to be shut down and a UPS for continuous power. For the actual radio side he uses a FlexRadio SDR, Elecraft Amplifier and Tuner, and antenna rotator and a Spiderbeam Yagi antenna.

The article explains in detail much of the equipment and software that he uses and is an excellent read for those wanting to get started in designing a remotely accessible SDR station.

Remote SDR Station Components
Remote SDR Station Components
Tweet12
Share
Reddit
Vote
Email
12 Shares

Simulating GPS with LimeSDR and Receiving it with an RTL-SDR

In previous posts we showed how Phillip Hahn had been trying to use his RTL-SDR as a GPS receiver on a high powered rocket in order to overcome the COCOM limits which prevent commercial GPS devices from operating when moving faster than 1,900 kmph/1,200 mph and/or higher than 18,000 m/59,000 ft.

In order to test future flights with the RTL-SDR GPS receiver, Phillip has been simulating GPS rocket trajectory signals and using his LimeSDR. The RTL-SDR then receives the simulated GPS signals which are then fed into SoftGNSS for decoding. The simulation simulates the Japanese SS-520-4 rocket which is a 32′ long, 2′ diameter small high powered rocket capable of putting loads like cubesats into orbit affordably. Using the simulated data Phillip is able to calculate the trajectory and see all the motor burns in the velocity profile.

While Phillip intends to use the RTL-SDR on a similar rocket in the future, he notes that the simulation does not take into account problems such as thermal noise, or RF interference, rocket jerk, satellite occlusion and vibration problems.

LimeSDR Simulated GPS Rocket Trajectory Received with RTL-SDR.
LimeSDR Simulated GPS Rocket Trajectory Received with RTL-SDR.
Tweet16
Share
Reddit
Vote
Email
16 Shares

Airspy New Year Competition: Comment to win Airspy and SpyVerter Prizes!

The team behind the Airspy have given us permission to give away three Airspy related prizes for the New Year Holidays! The first prize is an Airspy R2 + Spyverter, the second prize is an Airspy Mini + Spyverter and the third prize is a Spyverter.

The Airspy is a high performance yet low cost software defined radio with a 12-bit ADC and tuning range between 24 – 1800 MHz. It is an attractive device as its dynamic range exceeds all other SDRs in a similar price range. Its performance begins to approach that of the very high end expensive SDRs. High dynamic range means that weak and strong signals can coexist in the received spectrum without any overload occurring. We have previously written reviews of the Airspy R2 and Airspy Mini on our blog.

The Spyverter is a high performance upconverter that allows the Airspy to tune to LF/MW/HF frequencies between DC – 30 MHz. The Spyverter perfectly compliments an Airspy device as it is also a very high dynamic range device. It also works perfectly with the bias tee on our RTL-SDR.com V1/V2/V3 dongles. We previously reviewed the Spyverter here.

More information about these products can be found at airspy.com.

How to Enter

Competition is now finished. Winners will be announced and emailed shortly. Thanks to all who entered!

Winners: 

Larry (Airspy R2 + SV)
If I am going to win something from this one stuff, me build internet remote receiver on hill in central Europe (CZ) for all readers and fans of rtl-sdr.com website, generally for all RTL SDR enthusiasts….. :-)))
Pour Felicitér 2017
Larry (Ladislav)

kevin (Airspy Mini + SV)
been a ham a couple years now. their are so many uses for sdr’s ! it’s so cool. just looking down the list of others comments, i was like ‘oh ya’ forgot about that idea. awhile back we did a demo at our ham club with a el cheapo sdr and it sparked some interest , would like to play around with some of the newest toys, worlds of diff in capabilities. ultimate goal is to find the right one for the clubs emergency trailer. seeing the bands and whats going on, is priceless 🙂

Josh (SpyVerter)
I’d love to finally get into the HF band!

The winners were randomly selected using random.org, and all have now been emailed. If you’re a winner, please check your email and spam folder just in case.

Thank you all for participating! It’s really great to see all the variety in what projects people are doing. There were about 500 valid entries resulting in about a 0.6% chance of winning. Keep an eye out for future contests!

Simply make a comment on this post explaining what you’d do like to do with an Airspy or Spyverter if you won one.

PLEASE MAKE SURE TO ENTER YOUR EMAIL ADDRESS IN THE COMMENT FORM.
The address will only be visible to us, and we promise not to use it for any other purpose.

Rules: The winners will be selected at random. One entry per person only. You must legally be allowed to receive the prize.

Draw closes in one week on 3 January 2017, 11:59PM UTC Time.

airspy_giveaway2

Tweet28
Share
Reddit5
Vote
Email
33 Shares