May 4, 2026

Portable ADS-B Receiver Firmware for the ESP32-P4 Based LILYGO T-Display-P4 with RTL-SDR

Over on GitHub, John Stockdale has released ADS-B Scope – T-Display-P4, a portable open source 1090 MHz ADS-B firmware for the LILYGO T-Display-P4, which is a smartphone-shaped handheld microcontroller with a 4" touchscreen, GPS, SD card, SX1262 LoRa, and a USB 2.0 host port, built around the dual-core 360 MHz RISC-V ESP32-P4.

The most interesting bit is that John has written a custom USB host driver that allows an RTL-SDR to plug directly into the T-Display-P4. Neither a Pi nor a laptop is needed in the chain. The driver supports the Blog V4/V3 with software bias-tee control and Mode-S demodulation (adapted from dump1090), which runs in real time alongside an on-device aircraft table and radar scope (range rings, trails, helicopter silhouettes). The firmware also implements adaptive gain control, a 587K-record OpenSky aircraft database cached in PSRAM, SD card CSV logging, USB hot-plug, OTA updates, MQTT telemetry, and a WebSerial companion app at adsb-scope.offx1.com with live map, 3D view, CSV replay, and firmware flashing.

In addition to all that, the firmware also runs a Meshtastic-compatible mesh radio on the SX1262 (with PKI DM decryption and MQTT gateway forwarding) and an MP3 player through the onboard ES8311 DAC. John reports ~30 nm range from Oakland, CA on a 7" telescopic antenna, decoding 15–30 messages per second with 12–30+ aircraft tracked.

Vote

April 28, 2026

Detecting Hidden GPS Trackers via Electromagnetic Unintentional Emissions with a HackRF

Researchers from Hunan University, Boise State, and UT Arlington have published a paper called "GPSBuster" (PDF link), demonstrating how a HackRF One can sniff out covert GPS trackers by their unintended electromagnetic radiation. Hidden trackers are hard to find since they only receive satellite signals and may store coordinates locally rather than transmit. Instead of looking for transmissions, GPSBuster targets side-channel leakage from the tracker's mixed-signal SoC, specifically the coupling between the quartz oscillator, local oscillator, and mixer used to downconvert the 1575.42 MHz L1 signal.

The team found that an active tracker leaks two characteristic spectra: a low band around 26 to 104 MHz and a high band around 1545 to 1625 MHz, each with a strong peak and evenly spaced harmonics. The low band reflects coupling between the quartz oscillator (typically 26 MHz) and the IF, while the high band contains LO plus IF spacing that always sums to 1575.42 MHz, giving a database-free detection rule. The setup consists of a HackRF, an NFP-3 near-field probe, and a 35 dB LNA. The use of the near-field probe means that sweeping the probe over an area to find the tracker is necessary, and the maximum detection range was 0.61 m.

Tested against the top 10 trackers available on a popular online marketplace, GPSBuster hit a 98.4% detection rate, working through plastic, cotton, canvas, and leather, and alongside phones, laptops, and speakers. It also extended to L1+L5 modules like the Quectel LC29H series, and even metal-shielded chips still leaked enough via PCB traces to be picked up.

Covert GPS Tracker Detection with a HackRF and Near Field Probe

Vote

April 28, 2026

Bending the Flipper Zero’s CC1101 Into an APRS Transmitter

Over on GitHub, Richard YO3GND has released a Flipper Zero APRS TX application that pushes the device's onboard CC1101 radio into transmitting Bell 202 AFSK, despite FM not really being what that chip was designed to do.

The author is upfront that this is very impractical: it is transmit-only, the transmitted signal is imperfect and not recognized by some APRS hardware (software decoders seem to work well), and the joystick text entry is painful.

The implementation builds the full APRS stack on the Flipper itself, handling packet type construction, AX.25 framing, and waveform generation in software, and supports status, position, bulletins, and direct APRS messages. There are also some low-level settings exposed in the UI, including 300 baud operation, preamble length, and lead-in tuning, alongside the standard APRS settings.

While this may be impractical for any real use case, the idea of implementing the protocol properly on a constrained device is an interesting read.

Flipper ham - An experimental APRS transmitter

Watch this video on YouTube

Vote

April 28, 2026

Fixing a Locked-Up RTL-SDR 700 km Away Using uhubctl USB Power Cycling

Over on Medium, Jugy depin has shared a useful troubleshooting write-up describing how they recovered a frozen RTL-SDR on a remote Raspberry Pi station located 700 km away, with no physical access available. The dongle had stopped responding with usb_claim_interface error -6 and Failed to open rtlsdr device #0 errors, while still showing up in lsusb.

After ruling out the usual suspects, such as DVB drivers, conflicting processes, permissions, and even a full reboot, they concluded that the RTL2832U had locked up at the USB hardware level. To make things worse, they discovered that a Raspberry Pi reboot from the terminal does not actually power-cycle its USB ports.

The fix was to use uhubctl to cut and restore power to only the specific port the SDR was plugged into, after first carefully identifying which port that was (so as not to accidentally kill the Ethernet port and lose remote access entirely). The commands shown in the post performed a true hardware-level reset equivalent to unplugging and replugging the dongle, and rtl_test confirmed the device came back cleanly.

Jugy recommends that anyone running remote SDR stations either build uhubctl into a healthcheck script or add a smart plug for unattended recovery.

Vote

April 22, 2026

Build a Cubesat Reviews a Discovery Drive Prototype and Sets up SatNOGS

Over on YouTube Manuel from the 'Build a Cubesat' channel has uploaded a video testing a prototype version of our Discovery Drive antenna rotator. If you are unaware, Discovery Drive is our new antenna rotator product for applications like satellite tracking and general antenna positioning that is currently being crowd-funded over on Crowd Supply. There are two days left in the campaign.

In the video, Manuel overviews the Discovery Drive, shows the internals, and walks us through the web UI. He goes on to show how it can be set up with the SatNOGS project. The SatNOGS project has volunteers set up ground-based satellite stations, and anyone can use those stations to log an observation anywhere in the world.

We note that he mentioned some trouble with getting SatNOGS to rotate the Discovery Drive over zenith. We have added a note to our Wiki showing how this can be fixed by specifying the correct rotational limits for the Discovery Drive.

Discovery Drive Antenna Rotator Preview

Watch this video on YouTube

Vote

April 22, 2026

Hacking a Secondhand Marine Satellite Dish to Track Satellites with Gpredict

Thank you to Melan / Alex for submitting news about their project, where they reverse-engineered a second-hand Intellian i4 marine satellite dish, which retails new for around €4000 but which they picked up second-hand for about €200. The dish itself is a 40 cm prime-focus design with a quad LNB, beefy stepper motors, and a motorized sub-reflector implementing Intellian's Dynamic Beam Tilting (DBT) technology, where the small sub-reflector handles fast beam corrections so the main motors only deal with large movements.

The dish normally expects heading data from the boat via NMEA 0183 over RS-422, so Melan solved the "we're not on a boat" problem with an RP2040 and a TTL-to-RS-422 module spoofing $HCHDG compass sentences to the Antenna Control Unit. To avoid being tied to Intellian's Aptus software, they decompiled the C# application to reverse engineer the ACU's text-based serial protocol. They then wrote a shim making the dish appear as a generic rotator to Gpredict, and put it on the roof of Dutch hackerspace NURDspace, pulling in Ku-band satellite TV.

The full write-up includes photos of the internals, an auto-generated protocol document, and a video of the dish doing a test dance.

The Intellian i4 Marine Satellite Dish Platform

Vote

April 22, 2026

RTL-SDR 433: A New Android App for Decoding 433 MHz Sensors with rtl_433

Thank you to Christian Ebner from ebcTech, who has submitted news about his newly released Android app RTL-SDR 433, which lets you run the rtl_433 decoder directly on your phone using an RTL-SDR dongle connected via a USB OTG cable.

The app bundles rtl_433 as a native Android library and supports all 258 device protocols out of the box, including weather stations, TPMS, wireless doorbells, PIR motion sensors, energy meters, door/window contacts, and remote sockets. Decoding runs entirely on-device with no internet connection required, no root, and no special drivers. It uses the standard Android USB Host API together with a libusb Android port.

The UI is built with Jetpack Compose and Material 3, and shows a live list of unique sensors with expandable cards (temperature, pressure, RSSI, raw JSON) plus a full history log. The app is free to try with a decreasing per-session reading limit, and a one-time purchase for a few dollars removes the limit permanently.

We note that the GPL-licensed native layer (rtl_433, rtl-sdr, libusb Android port and EBC's integration glue) is published openly at github.com/ebc81/rtlsdr433-native-gpl in compliance with GPL-2.0, while the UI layer remains closed-source.

More information about the app is available on the ebcTech page at https://ebctech.eu/rtl-sdr-433-android.

RTL SDR 433 for Android

Watch this video on YouTube

Vote

April 20, 2026

Setting up a MastChain AIS Tracking System

AIS (Automatic Identification System) is the VHF protocol on ~162 MHz that ships use to broadcast position, speed, heading and identity, and it's long been a popular decoding target for RTL-SDR owners.

Feeder networks like MarineTraffic and AISHub have relied on volunteer receivers for years, but a newer project called MastChain applies the DePIN (Decentralized Physical Infrastructure Network) model, similar in spirit to Helium, to maritime tracking. Independent operators run their own stations, feed decoded AIS into a shared distributed network, and earn crypto MAST tokens in return, with rewards based on coverage, uptime, and data consistency.

We wanted to thank "depinguy" who has shared with us a write-up on Medium that walks through a build using a Raspberry Pi 3 or 4, an RTL-SDR Blog V4, and a marine-band antenna (optionally with a Uputronics filtered preamp). Installation is handled by a one-line script called MastControl, which deploys AIS-catcher (branded "MastRadar" here) and configures automatic uploads. You create an account at app.mastchain.io, generate a station token, paste it into the installer, then verify with sudo mastcontrol status. We also note that maritime industry publication Spash247 has also recently covered Dan's post.

We note that MastChain is the new name for WAKE, which we covered back in 2025.

As with anything crypto-related, we recommend experimenting only for the fun of it and not expecting to even recoup your hardware costs, as this has been the case with many hardware-based crypto projects before.

Vote