Amateur Radio Direction Finding With a KrakenSDR: AREG Presentation

Over on YouTube, we've seen a talk by Mark Jessop that may be interesting to some readers, as it covers Amateur Radio Direction Finding / Fox Hunting with the KrakenSDR, as well as various other radio tools. If you are unaware, KrakenSDR is our 5-channel coherent RTL-SDR based software defined radio system, designed for coherent applications like radio direction finding.

In the talk, Mark explains the amateur radio fox hunting sport, which involves the organizer hiding a transmitter somewhere in a defined area and having participants search for it using just its radio emissions. He goes on to show the different types of antennas, radio systems and vehicle setups participants used.

Mark further explains that on his particular vehicle, he uses a KrakenSDR as the primary receive system. He explains how the KrakenSDR works, how he integrated it into this vehicle and the custom software and LED display that he is using with it. 

ARDF at Mt Gambier - by Mark VK5QI and Grant VK5GR - AREG September 2025 Presentation

Tweet
Share
Reddit
Vote
Email

ESP32 Bus Pirate: Turn your ESP32 into a Multi-Purpose Hacker Tool

Thank you to "Geo" for writing in and sharing with us his open source project called "ESP32-Bus-Pirate" which he thinks might be of interest to those in the RTL-SDR community. The ESP32 is a popular low-cost microcontroller due to the fact that it has WiFi and Bluetooth capabilities built in. Although the ESP32 does not have true SDR capabilities, it can leverage its numerous built-in hardware radio components to achieve various interesting feats. Geo writes:

This firmware turns an inexpensive ESP32-S3 board into a multi-protocol debugging and hacking tool, inspired by the original Bus Pirate and the Flipper Zero.

It currently supports a wide range of protocols and devices, including I²C, SPI, UART, 1-Wire, CAN, infrared, smartcards, and more. It also communicates with radio protocols as Subghz, RFID, RF24, WiFi, Bluetooth.

Compared to existing solutions, the focus is on:

Accessibility — runs on cheap ESP32-S3 hardware (around $7–$10).

Versatility — one device can probe, sniff, and interact with multiple buses.

Extensibility — open-source and modular, making it easy to add new protocol support.

I believe this could be useful for hardware hackers, security researchers, and hobbyists looking for a low-cost, flexible alternative to commercial tools.

With the firmware installed on a compatible ESP32 device, it is possible to create WiFi, Bluetooth, and RF24 sniffers, scanners, and spoofers, as well as perform general sub-GHz and RFID sniffing, scanning, and replay attacks. It also has a host of non-RF capabilities useful for hacking devices.

Tweet
Share
Reddit
Vote
Email

PhaseLoom: A Software Defined Radio Powered by the Chip used in the Commodore 64, NES and other Early Home Computers

The MOS Technology 6502 is, by today's standards, an ancient chip, having just turned 50 this September 8. It was the chip behind the early age of home computing, powering iconic systems like the Apple I & II, Commodore 64, Atari, and Nintendo Entertainment System. It is, therefore, fascinating that someone has managed to use this chip as a core component in a modern software-defined radio system.

Over on his blog, Anders B Nielsen describes PhaseLoom, a 6502-based "Quadrature Sampling Detector Phase-Locked Loop SDR frontend". Realistically, we want to point out that the 6502 isn't actually doing any digital signal processing (DSP). The 6502 is used as an assembly programmed controller for a SI5351-based local oscillator and multiplexor chip that generates IQ data. Piping the IQ data into a PC with a soundcard is still required to actually get data out. However, Anders notes that he eventually hopes to get some DSP running on the 6502.

With the setup he is currently able to tune just to he 40m band, noting that performance isn't great, but at least it works!

Anders' video below explains the entire design and concept in detail, and we note that he is currently selling a full kit on his store and has uploaded the schematics to GitHub.

A 6502 Software Defined Radio

Tweet
Share
Reddit
Vote
Email

A Small 11.2 GHz Motorized Radio Telescope with TV Dish and RTL-SDR

Thank you to Kaustav Bhattacharjee for writing in and submitting to us his project, where he created a small 11.2 GHz motorized radio telescope with a TV dish and an RTL-SDR. A full description of Kaustav's work can be found in a white paper he wrote on behalf of the Department of Physics at the Indian Institute of Technology Roorkee. In summary he writes:

Briefly put, the hardware Setup comprises a 66 cm parabolic dish, a standard Ku-band LNB with bias tee power injection as the frontend, an RTL-SDR V3 tuned to 1.45 GHz (due to downconversion) as the receiver and a Raspberry Pi 5 handling SDR data (via GNU radio) and stepper motor control (using GPIO pins). A heatmap of the southern sky at 0.9° resolution, showing a belt of geostationary satellites, is the primary result of interest!

We also want to point out that his rotor setup involves several 3D printed gears driven by two NEMA17 stepper motors. However, Kaustav notes that the long term resolution is limited due to cumulative backlash errors from the open-loop control scheme.

Kaustav's 11.2 GHz RTL-SDR Radio Telescope
Kaustav's 11.2 GHz RTL-SDR Radio Telescope
Geostationary satellites visualized with the radio telescope
Geostationary satellites visualized with the radio telescope
Tweet
Share
Reddit
Vote
Email

Creating a Spectrum Analyzer with Zoom Capability with an RTL-SDR in GNU Radio

Thank you to Paul Maine "The SDR Guy" for submitting his latest video showing how to create a simple spectrum analyzer with zoom capability, using an RTL-SDR and GNU Radio. Paul writes:

Zoom capabilities are discussed in the 3rd edition of Richard G Lyons “Understanding Digital Signal Processing” book. This is a novel approach when compared to other YouTube videos about creating a Simple Spectrum Analyzer with an RTL-SDR.

Additionally, in the video, Paul explains what a spectrum analyzer is and what it's used for, as well as explaining the use of attenuators and discone antennas. In the video, Paul uses an RTL-SDR Blog V4, but has mentioned that an RTL-SDR Blog V3 would work well too.

E19 Create a Spectrum Analyzer with Zoom Capabilities

Tweet
Share
Reddit
Vote
Email

A Video on Optimizing VLF Loop Antennas

VLF (Very Low Frequency) refers to signals in the 3–30 kHz range. Software-defined radios like the SDRplay RSPdx can pick up these signals with an appropriate antenna.

Over on YouTube, @electronics.unmessed has uploaded a video showing how you can build a high-performing VLF loop using a single loop of wire and a balun. The one-turn design results in a naturally low impedance at low frequencies. A balun is then added to step up the impedance, resulting in impedance compatibility with an SDR.

The video explains the concepts behind VLF loops using an equivalent circuit model and shows how conductor thickness offers little benefit above 10 kHz (though wide sheet conductors can add ~3 dB), larger loops scale with area but 2 m is a good indoor compromise, extra turns help small loops but underperform a single turn with a proper transformer, and alternative ferrite mixes give little improvement over standard choke cores. Ultimately, it is concluded that a one-turn loop with a well-chosen balun is one of the most effective designs.

If you're interested in similar content, there are also several other interesting videos on the @electronics.unmessed channel about VLF antennas, mag loop antennas, SDR reception, and more.

VLF Loop - What really Matters? (EP172)

Tweet
Share
Reddit
Vote
Email

Reverse Engineering the RF Communications on a 27 MHz RC Toy with an RTL-SDR and GNU Radio

On his blog, Jacob has recently uploaded an interesting post showing how he used an RTL-SDR to reverse-engineer the 27 MHz RF communications protocol used by his kids' RC toy truck.

To reverse engineer the protocol, Jacob used GNU Radio to visualize and demodulate the signal. He discovered that it was modulated via Amplitude Shift Keying (ASK), and viewing the waveform in a time-domain plot confirmed the on-off nature of the signal. Next, using symbol sync and thresholding blocks, he generated a bit pattern, which was then processed using Python.

Reverse Engineering the RC Toy Truck 27 MHz Signal
Reverse Engineering the RC Toy Truck 27 MHz Signal
Tweet
Share
Reddit
Vote
Email

Decoding ADS-C with a Cheap Aliexpress LNB and SDRplay RSP1B

Thank you to Nagy István for sharing with us his setup for decoding ADS-C with a 180cm prime focus dish, a cheap Aliexpress LNB, an Aliexpress bias tee, and an SDRplay RSP1B.

István receives the ADS-C signal from the Inmarsat 4A-F4 satellite, which he can see from his home in Hungary. 

István also notes the following information about the Chinese LNB:

This LNB original for DVB reception, but it works on Inmarsat reception, 3.6Ghz where ADS-C signals are, without any modification... But sometimes you need correcting frequency because of LNB oscillator drifting. I don't use dielectric plate, I don't have any material for this, at the moment.

Compared to ADS-B, which continuously broadcasts an aircraft’s GPS position and velocity to any ground station or nearby aircraft, ADS-C instead sends position reports via satellite, and is especially used over oceans and remote areas without ADS-B ground receivers.

However, ADS-C is relatively complex for hobbyists to receive due to the need for a large satellite dish and LNB to convert the 3.6 GHz frequency down to a frequency receivable by most SDRs. However, fortunately, as István shows, the LNB can be obtained cheaply these days.

Inmarsat ADS-C decoding with Jaero and Virtual Radar

ADS-C Being Received with an 1.8m dish, cheap Aliexpress LNB and SDRplay RSP1B.
ADS-C Being Received with an 1.8m dish, cheap Aliexpress LNB and SDRplay RSP1B.
Tweet
Share
Reddit
Vote
Email