Recently security researcher cnxroot wrote in to let us know about two of his posts that may be of interest to readers. The posts are written in Chinese, so please use Google Translate to read them in English – it translates okay to some extent.
The first post shows us how to run the RTL-SDR on an OpenWRT capable router server. OpenWRT is a Linux firmware/OS that can be installed on several compatible router devices which extends the usefulness and features of the router. Since it is running Linux the RTL-SDR drivers can be installed onto it, and then rtl_tcp can be run, providing a remote RTL-SDR.
Ham radio enthusiast and RF designer Marco Cardelli (IZ5IOW) recently wrote in and wanted to share his PCB log periodic antenna design which he has been using together with RTL-SDR dongles. Log periodic’s are very wideband directional antennas that can easily be printed onto a circuit board.
Marco’s antenna covers a frequency range of 900 MHz – 2600 MHz. The original principal focus was for EMI/EMC measurements, but Marco writes that it works perfectly fine for microwave experiments on the 23 and 13cm bands of wi-fi links. Marco currently uses this antenna for reception of microwave beacons. Currently there are no designs or plans on his website for the antenna, but we suspect that he will put them up soon.
If you’d rather purchase an antenna like this instead building one, then we’ve seen in the past good reviews from the PCB antennas available from wa5vjb at www.wa5vjb.com.
The wideband PCB log-periodic antenna.Return Loss of the PCB Log Periodic antenna.
Akos the author of the radioforeveryone.com blog has recently added two new articles to his blog. The first post is a comprehensive guide to setting up your own ADS-B station. The guide focuses on creating a system that is easy to use, has good performance and is value for money. In the post he shows what type of computing hardware is required, what software can be used and what RTL-SDR dongles work best. He also shows what choices are available when it comes to amplification and filtering to improve signal reception and goes on to talk a bit about adapters and the antennas that work best for him.
EDIT: It’s been pointed out in the comments by antenna experts/enthusiasts that the 1/2 wave ground plane antenna described by Akos in his tutorial may not be technically correct. A 1/2 wave antenna has a huge impedance which requires some sort of matching. Without matching there is going to be about 10 dB of loss due to the mismatch, and so the antenna will perform poorly. We recommend sticking with a 1/4 wave design, which is essentially the same as Akos’ 1/2 wave ground plane antenna, just with the element lengths halved.
First generation (1G) mobile phone technology was brought out in the 80’s and was an unsecured analogue system. These days 1G technology is completely phased out in favor of digital standards like 2G (GSM), 3G and 4G LTE and so those old 1G handsets are now useless. However, at Shmoocon 2017 presenter Brandon Creighton delivered a talk where he showed how to use a TX capable SDR like a USRP or HackRF to create your own home 1G system that allows those old brick phones to be useful once again.
The actual video of the conference talk won’t be available online until about half way through the year but the blurb read:
AMPS, the first widely deployed cellular network in the US, was old enough that it had been designed by pre-breakup Bell, yet robust enough to survive for decades in service. Unlike LTE or even GSM, it was also a protocol simple enough to be described in a fairly short specification; if you wanted to you could listen to calls with a TV tuner (or modified phone).
This is a talk on the design and implementation of gr-amps, a set of GNU Radio blocks that can turn a TX-capable software-defined radio into a base station for AMPS devices–including that brick phone in your basement. No background in SDR is necessary to follow along (but it doesn’t hurt).
Expect detours into near-forgotten phreaker history: the weaknesses that enabled phone cloning, the efforts of wireless carriers and the US government to fight exploitation, and more.
The GNU Radio code to run your own AMPS (1G) system is available on GitHub. It has been tested on a USRP and HackRF.
Over on his blog Andy writes how he wanted a smart way to control his central heating system with a Raspberry Pi and Arduino microcontroller. He discovered that if he could reverse engineer his existing wireless thermostat then he would have an easy way to control the boiler in his house and with that a smart controller could be made. By reverse engineering the thermostat he also avoids the need to rig up his own control system.
The existing thermostat wireless receiver is a Danfoss RX2. In order to reverse engineer the protocol Andy opened up an older that one he had and saw that it used an Infineon TDA5210 RF receiver chip. Armed with this part number he was able to look up the datasheet and determine the operating frequency. Then by using an RTL-SDR he captured some packets while pressing buttons on the thermostat transmitter and piped the audio file into audacity, where he was able to clearly see the digital waveform.
Andy then wrote a Python program using the ‘wave’ library, which allowed him to easily read binary values for a .wav file. With his code he was able to extract the data from the signal and determine the preamble, sync word, thermostat ID and the instruction code (on/off/learn).
In a future post Andy hopes to show us how he’ll use an RF69 module with an Arduino to actually control the thermostat using the reverse engineered packet knowledge.
Danfoss Wireless Thermostat and a Received Binary Waveform in Audacity
Over on our YouTube channel we’ve uploaded a new video that shows how bad the interference from Ethernet over Power devices can be. Ethernet over Power, Powerline Networking, Powerline Communications or ‘HomePlug’ is a technology that allows you to use any of your household power outlets as an internet Ethernet port, completely eliminating the need for runs of Ethernet cabling. They are capable of high speeds and can be used anywhere in the house assuming the two plugs are on the same power circuit.
Unfortunately these devices tend to wipe out almost the entire HF spectrum for anyone listening nearby. As household powerline cables are not shielded for RF emissions they radiate in the HF spectrum quite heavily. In the video we demonstrate what the HF spectrum looks like with one of these devices used in the house. The particular device used was a TP-Link brand adapter, and a WellBrook Magnetic Loop antenna was used outdoors, with the null facing the house. An Airspy R2 with SpyVerter was used to view the spectrum.
The video shows that even when the network is idling there are several brief bursts of noise all over the spectrum. Then when a file is downloaded almost the entire spectrum is completely wiped out.
Interestingly from the video it appears that the amateur radio frequencies are actually carefully notched out and those frequencies remain relatively clean. Most manufacturers of these devices appear to have worked with the ARRL to please ham radio enthusiasts, but SWLers will likely be in trouble if any of these devices are used in your house or neighbors house.
How Ethernet/Internet over Powerline Can Wipe out the HF Band
Over on his radioforeveryone.com blog, author Akos has uploaded three new posts. The first post briefly explains visually what is meant by line of sight when it comes to radio signals. Essentially at UHF and higher frequencies the radio antenna needs to be able to ‘see’ the transmitter, meaning that any blockages such as trees, houses etc will block the signal.
In his second post Akos briefly explains why USB cable quality can matter when it comes to SDRs. He shows that some USB cables tend to pick up more interference than others.
Finally in his third post Akos reviews the Uputronics 1090 MHz Filtered Preamp. Uputronics is a UK based company that sells various filtered LNA’s. Akos writes how he’s very impressed with the premium packaging, look and feel of the device and thickness of the metal case. In performance tests the preamp together with a V3 dongle with bias tee power clearly improves ADS-B position reports significantly. We note that we also have 1090 MHz filtered preamp from Uputronics (an older model), and can also highly recommend their products.
The Uputronics 1090 MHz Filtered Preamp reviewed on radioforeveryone.com
The LimeSDR is a RX/TX capable SDR with a 100 kHz – 3.8 GHz frequency range, 12-bit ADC and 61.44 MHz bandwidth. Back in June 2016 they surpassed their $500k goal, raising over $800k on the crowdfunding site Crowdsupply.
We predict that the LimeSDR will essentially be seen as an improved HackRF SDR, perfect for experimenting with and reverse engineering RF devices without the 8-bit ADC, poor sensitivity and half-duplex limitations of the HackRF. They also seem to be active in promoting software for the device, writing that they will eventually have an app store like marketplace for various LimeSDR apps.
Shipping Will Start in 24 Hours The first batch of LimeSDRs and accessories has arrived safely at the Crowd Supply warehouse.
Address Changes Must Be Processed Now
Shipping of the first batch of orders will commence within the next 24 hours. If you need to change your address, you should do it now by logging into your Crowd Supply account and viewing your order.
When Will My Order Ship?
The only way to know to know with certainty if your order is shipping within the next few days is if you receive a shipping confirmation email from Crowd Supply. The logistics of shipping hundreds of varied orders around the world is complex enough that it’s not possible to tell you your exact place in line. For example, Crowd Supply will likely send several test shipments to different countries to gauge how well they get through customs and the timing of future shipments to those countries may be affected by the results.
When Will My Order Arrive?
Once your order has shipped, you will receive a shipping confirmation email with a tracking number. For orders destined for outside the US, it is not uncommon for the tracking information to cease being updated after it leaves the US, though for some countries (e.g., UK, Germany, Australia) the packages can continue to be tracked using your national postal website and the same tracking number. If there is a delay in delivering your package, you should check with your local customs office to make sure they are not holding it and waiting for you to pick it up.
We look forward to beginning to use our own LimeSDR and will post reviews when it arrives.
