An ADS-B Decoder for the GOMX-3 Satellite ADS-B Repeater

The GOMX-3 is a CubeSat which carries an experimental ADS-B repeater. Since it is a satellite the experimental receiver hopes to be able to receive ADS-B from orbit, then beam it back down to earth at a frequency of about 437 MHz using a GFSK at 19200 baud high data rate transmission protocol. From space the GOM3-X satellite can see many aircraft at one time and space based tracking allows for aircraft tracking over oceans.

Recently the creators of the satellite, GomSpace released a complete decoder for the ADS-B downlink, and now it has also been turned into a GNU Radio flowgraph by Daniel Estevez which can output decoded aircraft position data directly to a KML file which can then be opened in Google Earth or similar. This blog by DK3WN shows several logged decodes of the satellite and shows what the signal looks like in SDR#. Some of his posts also curiously shows what looks to be a Windows decoder, or logger, though we were unable to find a download for it.

Decoding the downlink should give you real time ADS-B data in your area, but the full log of stored stored data is apparently only downloaded when the satellite passes over the GomSpace groundstations which are mostly located in the EU.

[Also mentioned on Hackaday]

The GOMX-3 ADS-B Downlink Signal.
The GOMX-3 ADS-B Downlink Signal.
Aircraft detected by the GOM3-X Satellite ADS-B Receiver.
Logged aircraft detected by the GOM3-X Satellite ADS-B Receiver. Major flight corridors are visible.

Tweet
Share
Reddit
Vote
Email

Stealing a Drone with Software Defined Radio

PHDays (Positive Hack Days) is a yearly forum with a focus on ethical hacking and security. During this years forum which took place in June, the organizers set up a competition where the goal was to “steal” or take control of a Syma X8C quadcopter drone. The drone runs on the nRF24L01 module, which from previous posts we have seen can easily be sniffed and decoded with an RTL-SDR or other SDR.

To reverse engineer the drones wireless communications system the teams used software defined radios like the HackRF and BladeRF, and also an alternative method involving just using an Arduino and nRF24L01+ receiver chip. Once the signal was received, they used GNU Radio to decode the signal into packets of data. After analyzing the data they found that the data bytes were easily reverse engineered and then were able to transmit their own data packets to control the drone. The post goes into further detail on the specifics of the reverse engineering.

The Syma X8C drone to be stolen in the competition.
The Syma X8C drone to be stolen in the competition.
Tweet27
Share
Reddit
Vote
Email
27 Shares

RTL-SDR Stock Antenna Teardown and VNA Measurements

Over on his YouTube channel oh2ftg has uploaded two new RTL-SDR related videos. In the first video he does a tear down on the stock standard antennas that are supplied with most cheap RTL-SDR units. He finds that most are just a simple design, with the center conductor of the coax soldered to the whip, and the shield pinched between a metal plate and the base.

In his second video he measures the stock antennas on a Vector Network Analyzer (VNA). He places the antennas on a reasonably sized ground plane and finds that the antennas are as expected and pretuned to the DVB-T TV band at around 500 – 600 MHz.

Generally the included antennas are okay for receiving strong signals but we recommend getting yourself an outdoor discone antenna, or building a planar disk (pdf) for more serious scanning.

A look inside five rtl stock antennas

RTL-SDR stock antennas measured on a VNA!

Tweet
Share
Reddit
Vote
Email

Receiving WSPR with a Direct Sampling Modified RTL-SDR

Over on YouTube user Veryokay has uploaded a video showing how he was able to receive WSPR (Weak Signal Propagation Report) signals at 14 MHz with his direct sampling modified RTL-SDR. WSPR is a HF mode designed to be received even if the signal is very weak. It is used to help determine radio propagation conditions. Direct sampling mode allows you to receive HF signals on an RTL-SDR without the need for an upconverter, but it is more difficult to implement and get good results with. To get the best results Veryokay built an add on PCB that fits onto the RTL-SDR which contains and LNA and single ended to differential operational amplifier to amplify and get correct impedance matching on the input.

His video mainly shows how to calibrate the receiver correctly to receive WSPR as incorrect calibration is the most common error when trying to receive WSPR for the first time. In the video he also explains that he is transmitting WSPR himself using his Raspberry Pi and a QRPi WSPR filter shield for use with Rpitx.

Receiving WSPR with the RTL-SDR in direct sampling mode and WSPR-X.
Receiving WSPR with the RTL-SDR in direct sampling mode and WSPR-X.

Receiving WSPR mode at 20m with RTL-SDR dongle in direct sampling

Tweet12
Share
Reddit
Vote
Email
12 Shares

Fan Cooling the RTL-SDR

Over on his Japanese blog Nobu has uploaded a post showing how he modified his RTL-SDR dongle to be air cooled via two small PC fans (post is in Japanese but can be read with Google Translate – right click -> translate to English in Chrome).

By cooling the dongle, and especially the R820T chip, Nobu writes that he sees improved ADS-B decoding performance as his range is increased. Without cooling the R820T chip can get quite hot and causes failing reception at around 1.5 GHz. Passive cooling is usually enough to fix reception at those higher frequencies, but active cooling via a fan can take it further and actually improve sensitivity slightly.

To add to his post, we suspect that the sensitivity of the R820T/2 front end reduces by about 0.5 dB at most when it heats up (after a few seconds), so forced air cooling should be able to improve sensitivity by about this much.

An fan cooled RTL-SDR dongle.
An fan cooled RTL-SDR dongle.
Tweet15
Share
Reddit
Vote
Email
15 Shares

Broadcasting DVB-S2 with the LimeSDR

The LimeSDR is a $299 USD software defined radio that has RX and TX capabilities, a tuning range of 100 kHz – 3.8 GHz, a 12 bit ADC and up to 61.44 MHz worth of bandwidth. It is currently seeking crowdfunding over at CrowdSupply.com, and there are still 170 early bird units available at a lower price of $249 USD. The funding campaign ends in 14 days at the time of this post.

In a recent blog post on the myriadrf website, beta tester Alexandru shows how the LimeSDR can be used to transmit DVB-S2 video using GNU Radio.  Alexandru used bladeRF dvbs2_tx.grc gr-dtv example which is provided with GNU Radio and modified it for the LimeSDR. He then transmitted the video stream and used an off the shelf satellite TV receiver to display the video, and an Airspy to monitor the spectrum. The gr-dtv library can also be used to transmit other video standards such as ATSC, DVB-T, DVB-T2, DVB-C and DVB-S2.

LimeSDR DVB-S2 GNU Radio Flowgraph
LimeSDR DVB-S2 GNU Radio Flowgraph

LimeSDR demo: High Definition Video Transmission using GNU Radio

Tweet40
Share
Reddit
Vote
Email
40 Shares

IF Average SDR# Plugin Updated

The IF Average tool is a RTL-SDR compatible plugin for SDR# which allows you to plot an average of the current spectrum shown in SDR#. This is especially useful for radio astronomers who often need to average the spectrum for a long time in order to get a good plot of the Hydrogen Line. Recently the plugin was updated to support newer versions of SDR# and to upgrade some features. Daniel Kaminski, the author of the plugin writes:

I used ultrafast FFT which works on 4k to 512k bit space. With this plugin it is possible to average up to 64000000 samples in real time. XNA allows to shows the calculation results in real time.

To install the plugin you will need to install the XNA Framework 4.0 Redistributable first. Then copy the plugin files over to the SDR# folder and add the “magicline” to the SDR# Plugins.xml file.

The IF Average SDR# Plugin
The IF Average SDR# Plugin
Tweet11
Share
Reddit
Vote
Email
11 Shares

A Demonstration of the RTL-SDR Receiving WiFi and 2.4 GHz ISM with a Modded SUP-2400 Downconverter

Back in April we posted about how KD0CQ found that he could receive signals up to 4.5 GHz with an RTL-SDR by using a $5 downconverter for DirecTV called the SUP-2400. The RTL-SDR can only receive up to a maximum frequency of about 1.7 GHz, but the SUP-2400 downconverter can be modified to convert frequencies at around 2.4 GHz down into a range receivable by the RTL-SDR.

When we first posted the story the instructions for modifying the SUP-2400 to use as a downconverter weren’t uploaded yet, but they are now. The modification requires decent soldering skills as it involves desoldering a few small SMD components and bridging some points with wires.

Over on YouTube user T3CHNOTURK has uploaded a video showing the downconverter in action. With the SUP-2400 downconverter and RTL-SDR he is able to receive some WiFi at 2.447 GHz as well as signals from a wireless keyboard at 2.465 GHz

RTLSDR Receiveing wifi & 2.4 ghz ism band with moded SUP-2400 Downconverter

Tweet13
Share
Reddit
Vote
Email
13 Shares