Creating an RF Proximity Alarm (Close Call) with an RTL-SDR

“Close Call” is a feature that some radio scanners have which notifies the user when there is a radio transmitter that is in the near vicinity (such as from a police radio). It works by detecting the strength of signals from near field emissions, and it requires a strong RF signal to trigger.

Over on the ar15.com forums, user seek2 wanted something similar to the “close call” feature, but didn’t want certain transmissions like APRS signals from hams driving by to set it off. He also didn’t want to be restricted to near field emissions, rather he wanted something that acted more like a squelch that would activate for strong signals only.

To implement this seek2 used an RTL-SDR dongle, together with the rtl_power spectrum scanning software. He outputs the signal strength data generated by rtl_power to a CSV file which is then piped into a tail -f terminal command in Linux which simply outputs the latest lines of the CSV file as it updates in real time. Then he uses a simple Python script to monitor the output and to set off an alarm and report strong signals when it see’s them. His script is also used to filter out reports from strong unwanted signals like APRS.

Below is a video showing an example of Close Call working on a Uniden hardware radio scanner for reference.

Uniden CloseCall© What is it? How does it work? How well does it perform?

Tweet19
Share
Reddit
Vote
Email
19 Shares

Comparing LHCP and RHCP Reception of a Thuraya Satellite with an RTL-SDR and MIX4ALL

Over on YouTube Adam Alicajic 9A4QV (creator of the popular LNA4ALL) has uploaded a video showing a comparison of reception of Thuraya satellites with a LHCP (left hand circular polarization) and RHCP (right hand circular polarization) patch antennas. To receive Thuraya satellites, a LHCP antenna should be used, and Adam’s results show that using an antenna with the wrong polarization (RHCP) produces a signal that is as theoretically expected almost 20dB lower. Shortly after initially posting this Adam wrote in to comment on the following:

Thuraya LHCP original patch antenna have 2 patches stacked inside the panel antenna and the hand made RHCP patch antenna is made only of 1 patch. Theoretically, this should give the 3dB more gain for the Thuraya antenna.

The difference in the received signal due to polarization should be (theoretically) 20dB, thats RHCP vs. LHCP and I experience some 18dB of difference which is good result. Why not 20dB? First of all it is impossible to get 3dB more gain stacking the antennas, this is just the theory, more likely 2db in the practice.

To receive the signals Adam uses the patch antennas, which are connected to the MIX4ALL (a downconverter that he is currently developing), which is then connected to a RTL-SDR dongle.

In the first video Adam shows the difference the wrong polarization makes, and in the second he shows some information about the Thuraya LCHP antenna he uses.

Receiving Thuraya sat - LHCP and RHCP comparison using MIX4ALL

Thuraya antenna L-band + GSM

Tweet11
Share
Reddit
Vote
Email
11 Shares

Shielding the SDRplay RSP with Copper Tape

The SDRplay RSP is a $149 USD software defined radio that many consider as a next step upgrade from the RTL-SDR. See our recent review for a comparison between the Airspy, SDRplay RSP and HackRF.

One problem with the SDRplay RSP is that it comes in an unshielded plastic enclosure. This means that strong interfering signals can pass through the enclosure and cause interference, making any filtering done on the antenna less effective. Recently Tom Naumovski wrote in to us to let us know that he has been experimenting with a simple fix that involves shielding his RSP with adhesive copper tape. (Tom carefully notes that doing this may void the warranty). Tom simply wraps the plastic enclosure with conductive copper tape, making sure that electrical contact is made between the copper shielding and RSP ground (e.g. making sure the RSP USB and SMA ports make electrical contact with the copper tape)

Copper tape shielding for the RSP.
Copper tape shielding for the RSP.

After shielding the RSP, Tom tested the shielding effectiveness by using his shielded RSP with no antenna connected to try and pick up an interfering tone transmitted by his HackRF SDR. He collected the results in a pdf file. The results clearly show that the shielded RSP does not pick up, or significantly reduces the power of the HackRF's interfering tone.

If you want to try this yourself, Tom writes that copper slug barrier tape found on eBay is the tape he used. Tom also points out the discussion on the Facebook SDRplay group thread he posted where other users have been using aluminium tape or alternative copper tape products.

We note that this same shielding technique can also be used to improve unshielded RTL-SDR dongles.

Tweet15
Share
Reddit
Vote
Email
15 Shares

RTLSDR4Everyone: Avoiding RTL-SDR Rip-Offs

Akos from the rtlsdr4everyone blog has come up with a new post that aims to help people avoid getting ripped off when trying to buy an RTL-SDR dongle. He shows that there are several sellers on eBay who sell branded products (like Nooelec and our own RTL-SDR Blog brand) for higher prices and higher shipping costs than the official manufacturer. He also notes that there are several sellers falsely advertising E4000 dongles, selling custom units that are too expensive and sellers that stuff in popular keywords to wrongly get to the top of rankings with an inflated price.

We’d like to add the following to Akos’ post: We believe these sellers offering our and other brands products at higher prices on marketplaces like eBay are simple market arbitrage bots that scrape items listed on Amazon and then list them on eBay for a higher price. They write that they can ship overseas, but they are simply using an address forwarder (like shipito, viabox or the eBay global shipping program) to forward the goods from the USA to overseas. Note that we ship overseas via our Chinese warehouse for free, so there is no need to use an address forwarder and pay high shipping costs.

We’d also like to note that we now have three companies who legitimately resell our dongle only units locally in the UKJapan and in India. They may charge higher prices as they must contend with import costs and business taxes, but the advantage is fast local shipping and local support.

Don't get ripped off by scammy sellers.
Don’t get ripped off by scammy sellers.
Tweet
Share
Reddit
Vote
Email

Getting SDR# and RTL-SDR to run on OSX El Capitan with Mono

A few weeks ago Matthew Miller showed us how it was possible to run DSD+ in OSX using a program called Wineskin. Now he’s uploaded a new video that shows how to get SDR# working in OSX El Capitan with Mono. SDR# is designed to be used in Windows, but since it is written in C# under the .NET framework, it should be possible to run it on OSX with the open source Mono .NET implementation. The overall installation is not as straight forward as simply downloading a zip file like it is on Windows, but the tutorial Matthew provides is clear and easy to follow.

The steps involve downloading SDR#, downloading Mono, installing MacPorts, installing PortAudi, installing the RTL-SDR libraries and then setting up some required symbolic links. Finally he shows that to access the RTL-SDR you must first run RTL-TCP and then connect to that using the RTL-SDR (TCP) option in SDR#.

SDR# on MAC OSX EL CAPITAN - RTL SDR - MONO

Tweet12
Share
Reddit
Vote
Email
12 Shares

RTLSDR4Everyone: Review of 5 RTL-SDR Dongles

Over on the rtlsdr4everyone blog (previously known as the sdr4mariners blog), author Akos has uploaded a new post that compares 5 different RTL-SDR dongles against one another. He compares a Terratec R820T, Black Nooelec R820T, Blue Nooelec R820T2, our own RTL-SDR Blog R820T2 and a Nooelec Nano R820T.

In the post Akos gives an overview of the features of each dongle, and runs tests on things like frequency drift and broadcast FM interference. He also runs SNR tests on Airband, low UHF, high UHF signals and shortwave frequencies. His tests show that the dongles with the R820T2 chip outperform the dongles with the R820T chip by about 4-5 dBs in SNR, and that the overall best dongle is our RTL-SDR Blog dongle.

In the future Akos hopes to also review the Nooelec 9:1 balun.

dongles_all
The dongles compared in Akos’ Review

 

Tweet
Share
Reddit
Vote
Email

Building a Wideband Helix Antenna for L/S/C Bands

Over on YouTube user Adam Alicajic (creator of the popular LNA4ALL low noise amplifier) has uploaded a video showing the performance of a home made wideband helix antenna that he has created for receiving signals such as ones from L-Band Inmarsat satellites. See our tutorial for more information on receiving Inmarsat signals.

Adams helix antenna is built out of an old used can and is based on a 1.1 turn design. In the first of three videos he shows that the SWR of the antenna is all well below 2.0 from 1.5 GHz to 3 GHz. In the second video Adam shows the performance of the helix antenna on actual L-band signals being received with an RTL-SDR dongle. In the final video Adam compares the helix again a patch antenna and finds that the two receive with very similar performance.

Wideband L/S/C band helix antenna Part.1

Wideband L/S/C band helix antenna Part.2

Wideband L/S/C band helix antenna Part.3

Tweet14
Share
Reddit
Vote
Email
14 Shares

Reverse Engineering the SimpliSafe Wireless Burglar Alarm

SimpliSafe is a home security system that relies on wireless radio communications between its various sensors and control panels. They claim that their system is installed in over 300,000 homes in North America. Unfortunately for SimpliSafe, earlier this week Dr. Andrew Zonenberg of IOActive Labs published an article showing how easy it is for an attacker to remotely disable their system. By using a logic analyser he was able to fairly easily reverse engineer enough of the protocol to discover which packets were the “PIN entered” packets. He then created a small electronic device out of a microcontroller that would passively listen for the PIN entered packet, save the packet into RAM, and then replay it on demand, disarming the alarm.

A few days later Micheal Ossmann (wireless security researcher and creator of the HackRF SDR and YardStick One) decided to have a go at this himself, using a YARD Stick One and a HackRF SDR. First he used the HackRF to record some packets to analyze the transmission. From the analysis he determined that the protocol was an Amplitude Shift Keying (ASK) encoded signal. With this and some other information he got from the recorded signal, he could then use his Yardstick One to instantly decode the raw symbols transmitted by the keypad and perform a replay attack if he wanted to.

Next, instead of doing a capture and replay attack like Andrew did, Micheal decided to take it further and actually decode the packets. This took him a few hours but it turned out to not be too difficult. Now he is able to recover the actual PIN number entered by a home owner from a distance without having to do any transmitting. With the right antenna someone could be gathering 100’s of PINs over a distance of many miles. Also, an expensive radio is not required, Micheal notes that the gathering of PIN numbers could just as easily be done on a cheap $10-$20 RTL-SDR dongle.

Micheal notes that the SimpliSafe alarm seems to lack even the most basic cryptographic protection, and that this is a problem that is seen all too often in wireless alarm systems. Rightly so, Micheal and Andrew are not publishing their code, although it seems that anyone with some basic knowledge could repeat their results.

The SimpliSafe Alarm Keypad and a Yardstick One.
The SimpliSafe Alarm Keypad and a Yardstick One.
Tweet20
Share
Reddit
Vote
Email
20 Shares