Investigating QRM from Powerline Ethernet Devices with a Funcube Dongle

Over on his blog Andrew has posted a good writeup where he determines the QRM (interference) effects of a PLT (power line transmission) device. PLTs are also known as ethernet/internet over powerline devices and they are devices that plug into an electricity socket and use household electricity wires to create a computer network, thus eliminating the need for ethernet cables or WiFi. However, many hams and radio hobbyists hate these devices because they believe that they can cause significant amount of radio interference, especially on HF.

In his investigation Andrew bought a pair of Netgear Powerline 500 PLTs. He then plugged the PLTs in and started streaming a movie over the powerline network connection to cause maximum radiation. Then using his Funcube dongle and SDR# he investigated ham bands to see if these devices brought any noise.

In his results Andrew writes that he barely saw any interference caused by these devices. Some interference was noticed at 17 meters and 12 meters, but he notes that the amateur portion was left relatively unaffected. Many hams believe these devices can completely wipe out HF, but it seems that this is untrue, at least for this particular PLT model.

Netgear PLT devices
Netgear PLT devices
Tweet
Share
Reddit
Vote
Email

Demonstrating the ARM Radio

Back in November 2015 we posted about the ARM Radio, a minimalist direct sampling software defined radio that runs almost entirely on an ARM processor on a STM32F429 discovery board. It can tune from about 8 kHz up to 900 kHz, which covers the VLF, LF and some of the MF bands. 

Now over on YouTube amateur radio hobbyist W9RAN has uploaded a video where he demonstrates an ARM Radio that he built. He shows the radio in operation with it clearly receiving some NDB’s and some AM broadcast stations.

ARM Radio demo BY W9RAN

Tweet
Share
Reddit
Vote
Email

Hamradioscience.com’s Review of the SDRplay

The author of hamradioscience.com has posted a review of his thoughts on the SDRplay RSP software defined radio. The SDRplay is a SDR that is a $150 USD software defined radio that can be considered as a next stage level up from the RTL-SDR dongle. We consider it somewhat of a competitor to the Airspy SDR ($199 USD).

The review goes over the marketed specs, what you get in the box, software, support and its real world performance. The review is positive and the author concludes:

At the $150 price point there just isn’t much to complain about. The SDRPlay represents an excellent value in a low cost wideband SDR receiver. If you are currently considering getting involved with SDR radio, or want to trade up from the RTL dongle world, then the SDR Play should definitely be on your short list.

If you are interested in mid level SDR’s like the SDRplay then keep an eye out for our own review on RTL-SDR.com coming out in the next few weeks. We will be doing an in depth review and comparison of the Airspy, SDRplay and HackRF.

SDRPlay-Banner

Tweet
Share
Reddit
Vote
Email

Combining the bandwidth of two RTL-SDR dongles in GNU Radio

The maximum usable and stable bandwidth of an RTL-SDR is about 2.4 MHz. In order to get larger bandwidths it is possible to combine two or more dongles, although doing so comes with a big limitation – since the clocks and signal phases between separate dongles would not be synchronised, it would be impossible to decode a wideband signal this way. However, combining dongles for larger bandwidths is still useful for visualizing the spectrum through an FFT plot, or perhaps for decoding various separate narrowband signals. Although creating a wide band FFT plot with multiple dongles is fairly simple, we haven’t seen much software do this before.

However now RTL-SDR.com reader Oliver wrote in to show us the GNU Radio script he’s been using to combine the bandwidths of two RTL-SDR dongles together to get a 4.4 MHz FFT display. The script can be used to get a combined 4.4 MHz spectrum visualization without a center dip from roll off, or a 4.8 MHz spectrum with rolloff. Oliver writes:

I simply took two RTL-SDR dongles at their max. band width of 2.4 MHz, resampled the signals to 4.8 MHz, then shifted the first signal down by 1MHz, the other one 1 MHz up, added them together, divided the combined signal by 2 and finally feed it into a FFT plot.

At first, I tried shifting the signals by 1.2 MHz to get full 4.8 MHz, but I realized, that I had a notch in the center, so I reduced the frequency shift until I had no notch anymore.

 

The Bandwidth Combiner GRC Script
The Bandwidth Combiner GRC Script
Tweet
Share
Reddit
Vote
Email

Solving the Mystery of a Keyless Vehicle Entry RF Deadspot in a Carpark with a FUNcube Dongle

The Brisbane Times ran a story today that discussed an interesting RF phenomenon that was solved using a FUNcube dongle software defined radio. The Funcube dongle is a SDR similar to the RTL-SDR. The issue was that vehicle wireless entry keyfobs would not work at a particular location within an outdoor shopping centre car park.

The story goes like this – First a user on a local Brisbane subreddit message board posted about how he had noticed that his cars wireless entry keyfob would not work when he parked in a certain area of the shopping area car park. The user wrote:

I walked out to my car from Bunnings, and there was a new HSW Maloo parked in front of me with the owner staring at his key fob and shaking his head.

I said “let me guess, car won’t open?” and he said yeah, and he’d been trying for about 5 minutes. I said that I’d had the same thing happen to me a few months back in the same spot, and then went to open my car.

Nothing. No beep, door stayed locked. Looked around and there was another couple trying to get into their car as well (late model C Class).

It took about 5 minutes of me trying the door every 20 seconds or so before it opened. HSV owner was still there when I left. The only thing he and I could think of causing it was the mobile phone tower in front of Aldi.

After reading the post, user u/riumplus decided to go out to the same spot with his Funcube dongle SDR and see if there was any interference that might explain the issues. But he found no such interference. However, when he pressed the wireless entry on his own keyfob he noticed reflections from the main transmission that were coming from the buildings walls. He wrote:

So I pulled out my SDR and I did a complete frequency sweep from 100kHz to 2.2GHz and… also nothing. Everything completely normal. Nothing on that frequency, nor anything odd anywhere else on the spectrum. Couldn’t see any of the usual potential harmonics from RFID or standard WiFi gear. Here’s the output at 433.3MHz(forgot to grab a screenshot centred right at 433.92Mhz but it was also empty, as was 315MHz).

Here’s where it gets interesting – I noticed that that location is almost in the middle of the car park between the three buildings, and they all have large amounts of metal flashing on their fronts. On a whim I watched the output when I pressed my own keyfob. And what do you know, I could see distorted reflections from my own signal bouncing off these buildings right back at me. My guess is that this is what was causing you issues!

It may sound counter-intuitive, but next time it happens try cupping the keyfob in your hand to weaken the signal. It should still be strong enough to trigger your car to open, but then the reflections will be weak enough they won’t cause you trouble.

So it seems that the layout of the buildings caused a focal point for reflections at that particular location which affected some wireless keyfobs.

The location in the carpark of the deadzone.
The location in the carpark of the deadzone.
Tweet
Share
Reddit
Vote
Email

Talk by Micheal Ossmann at Toorcon 2015: Rapid Radio Reversing

Toorcon is a yearly conference that focusus on information security related topics. At the 2015 Toorcon conference Micheal Ossmann (inventor of the HackRF SDR) gave an interesting talk about reverse engineering wireless systems using software defined radio.

Back in November Micheal gave a bit of a quick tutorial on reverse engineering in a November edition of the YouTube web series Hak5. Now his full conference talk has been released over on his website. In his talk he uses a HackRF and a Yardstick One to show how to reverse engineer a wireless cabinet lock.

The video can be viewed below or over on Micheal’s site greatscottgadgets.

Tweet
Share
Reddit
Vote
Email

Comparing a GPS Patch vs a DIY Patch Antenna on L-Band with the MIX4ALL

Over on YouTube user Adam Alicajic has recently been uploading videos that show him testing a prototype of his upcoming product the MIX4ALL. The MIX4ALL is an RF downconverter which will allow the RTL-SDR to receive signals at around 1.5 GHz or higher. Although the RTL-SDR can already tune up to ~1.7 GHz, above about 1.2 GHz sensitivity is poor and some units have problems receiving when they get hot. The downconverter will convert a 1.5 GHz signal into a signal at around 250 MHz, where the RTL-SDR operates well. At around 1.5 GHz there are several satellite signals of interest including Inmarsat EGC, Iridium and AERO signals.

On one video Adam decided to use the MIX4ALL to test the difference between a GPS patch antenna and a home made air gap patch antenna. The GPS patch antenna was salvaged from an old GPS receiver and the patch antenna is the one discussed in this previous post. In the test Adam used the MIX4ALL and an RTL-SDR, and tested reception of Inmarsat signals. His results showed that the reception given by the GPS patch was very poor compared to the home made patch antenna.

Comparing the GPS and DIY Patch antenna for the L-band INMARSAT

GPS antenna match on L-band 1575 MHz

Some other recent videos by Adam show him also testing his MIX4ALL with S-Band signals around 2.3 GHz and also receiving Alphasat XL.

MIX4ALL receiving on S-band terestrial weak signals

Alphasat XL band spectrum using the converter and R820T dongle

Tweet
Share
Reddit
Vote
Email

The Best RTL-SDR Posts of 2015

Things are developing fast in the software defined radio and RTL-SDR world. This year we’ve seen some amazing projects and developments occur. Here’s our highlight reel.

January

In January we first heard about Tim Haven’s RTL-SDR based “Driveby” system which he used to try and pinpoint a nasty source of noise in his neighbourhood. The system consisted of multiple RTL-SDR dongles scanning the spectrum and a GPS receiver. Together the system correlated noise power with locations and from the data Tim was able to pinpoint the source of the problem noise to a faulty power pole in his neighbourhood.

William Dillon, a small aircraft pilot and radio enthusiast also gave us an interesting set of videos that not only explained VOR navigation signals, but also showed how to decode them with an RTL-SDR in order to obtain a bearing.

We also heard from RF expert Leif who did a big test comparing several SDR’s on their dynamic range and other factors. The SDR-14 and Airspy SDR’s came out on top in most results.

Finally, near the end of the month Jay Moore wrote up a tutorial showing us how to receive SCA audio, which is a special audio service channel that is embedded into regular broadcast FM as a subcarrier.

February

At the beginning of February Vasilli, a SDR# plugins author released a new SDR# driver for the RTL-SDR that included manual gain control and access to the decimation feature. The decimation feature allows you to zoom in to signals without loosing FFT resolution, it is very useful for browsing HF signals.

Later in the month we saw the release of Artemis a companion program to our Signal Identification Guide sister site sigidwiki.com.

March

In March radio astronomer Jim Brown used an RTL-SDR and ham-it-up upconverter to listen to noise bursts originating from the planet Jupiter.

We also released a tutorial that showed how to measure the characteristics of RF filters and antenna VSWR with just an RTL-SDR dongle, noise source and directional coupler.

In this month we also saw the reduction of the SDRplay RSPs price from $299 down to $149. The SDRplay (and also the Airspy SDR) are software defined radios that can be considered as a next stage “step up” from the RTL-SDR dongles.

Finally, we also posted an interesting article about fingerprinting aircraft using aircraft scatter techniques, which could be done using an RTL-SDR dongle.

April

In April we learned that the FlightAware ADS-B app had started supporting UAT reception on 978 MHz, and we also reviewed Adam’s ADS-B folded monopole antenna.

May

In May we saw a post by amateur radio astronomers EA4EOZ and EB3FRN who showed us that it was possible to determine the radiant (origin point) of meteors showers, using meteor scatter techniques with an RTL-SDR.

Regular contributor to our blog Happysat wrote in and supplied us with a tutorial that showed how to decode LRPT images from Meteor M2 satellites using a new plugin by Vasilli and a new version of the Lrtpdecoder by Oleg.

June

In June on Hackaday Juha Vierinen did a nice write up that showed us how we could build a passive radar system using two RTL-SDR dongles.

We also saw an interesting story by John Wiseman about monitoring FBI aircraft that made headlines around the world on several news sites. Essentially John used ADS-B logs received by his RTL-SDR to discover several aircraft with suspicious flight paths and call signs. These aircraft turned out to probably be “persistent wide-area surveillance” FBI spy planes.

Later in the month we saw how University researchers from Tel Alviv university were able to use a FunCube dongle to extract encryption keys by sniffing unintended emissions from PCs.

July

In July we saw the release of a paper that describes how to use the RTL-SDR to detect meteors entering the earth’s atmosphere. The author also runs a live stream of his RTL-SDR based meteor detecting set up.

August

In August there were many interesting posts, but the very first piece of news was that the very first RTL-SDR manga comic book was released. Out of interest we bought a copy and it turned out to be a short comic book that detailed the installation and basic use of the RTL-SDR.

A light aircraft pilot also wrote in to let us know how some pilots have been using RTL-SDRs and dump978 as a cheap alternative to $500+ FIS-B weather report receivers.

We also released our new upgraded RTL-SDR Blog line of SDR dongles, all of which now include a TCXO and SMA connector by default.

Another story that made headlines on several news sites was Samy Kamkars Def Con conference talk on his RollJam device which can be used to break into almost any car wirelessly.

We released a tutorial that showed how to use the RTL-SDR together with a suitable L-band satellite antenna to decode Inmarsat STD-C EGC messages. The tutorial also showed how a cheap GPS antenna could be modified into a wideband L-band antenna.

We also heard about MIT Haystack Observatory researchers who had been using RTL-SDR to create a low cost ozone spectrometer to perform scientific measurements.

Bastian wrote in to show us how he was able to reverse engineer the bus telemetry signals in his area, and create a live map of all the bus locations in his area.

Finally in August we also heard how researchers at the University College of London were able to use already present WiFi signals and a USRP SDR to actually see through walls (or at least detect people and objects on the other side).

September

In September we discovered how radio astronomers Peter W East and GM Gancio were using RTL-SDR dongles to detect pulsars (rotating neutron stars). 

We also saw how Bastian Bloessl was able to use his RTL-SDR to reverse engineer the protocol used by a set of portable traffic lights used in construction outside his house. He was able to write a short program that displayed the current state of the traffic light on his PC.

September also showed us how easy it is getting to sniff GSM SMS and voice messages from mobile phones (assuming you have the encryption details of the phone you want to sniff).

October

October brought interesting news RF from the Raspberry Pi. Clever coder F5OEO was able to manipulate the GPIO pins on the Raspberry Pi enough to be able to actually transmit FM, AM, SSB and SSTV signals. Later developments saw a full transceiver built with F5OEO’s software and an RTL-SDR connected to the Pi.

Tatu Peltola created a “phase correlative direction finder” out of three RTL-SDRs and three antennas. With his system he is able to determine the direction of a transmitter.

We also saw how it it will be possible in the near future to use the RTL-SDR to decode DATV DVB-S signals from the ISS.

November

In November the Meteor M1 satellite managed to wake up from the dead, providing satellite image enthusiasts with another weather satellite signal that is receivable by the RTL-SDR.

Researchers at Disney created a very advanced smart watch prototype that could detect with good accuracy the actual (electrical) object the user was touching. The watch uses an RTL-SDR dongle as the RF receiver, and it works by receiving and correlating the electromagnetic emissions given off by electronic devices with a database of known emissions.

December

Finally in the last month of December we saw a new decoder for Inmarsat AERO signals released. AERO is a satellite based version of ACARS which is used by aircraft.

Mario Fillipi wrote in and gave us an interesting article on Ionosondes.

We reviewed the SpyVerter upconverter and determined that it is probably the one with the best performance and best value available for the RTL-SDR.

We also saw that it is now possible to use an RTL-SDR dongle and cheap GPS antenna to receive GPS signals and also acquire a position lock.

2016

2015 was full of interesting SDR developments, only some of which were covered in this post. If you want to read more we suggest going through our previous posts page by page.

No doubt we’ll continue to see more developments in the SDR field this year. We can expect to see new SDR hardware released, updates to existing SDR hardware and more accessories such as downconverters for the RTL-SDR. We can also expect to find new uses for low cost SDRs and to see new software released.

We hope that the readers of this blog will continue to experiment with the RTL-SDR and other SDR’s this year. If you have an interesting SDR related project that you’ve developed or found, please let us know at [email protected].

Tweet
Share
Reddit
Vote
Email