Building a Ham Transceiver with an RTL-SDR, Raspberry Pi and Rpitx

A few days ago we posted about RpiTx, a piece of software that allows you to turn your Raspberry Pi into a multi purpose transmitter by modulating the output on one of the GPIO pins.

Now over on YouTube user HA7ILM has uploaded a video showing his related software qtcsdr. Qtcsdr runs on the Raspberry Pi and interfaces with an RTL-SDR dongle and RpiTx to create a simple transceiver radio. In the video HA7ILM shows the software in action by using a microphone and RTL-SDR plugged into the Raspberry Pi, and showing the microphone transmitting via RpiTx and being received via the RTL-SDR.

Qtcsdr can be downloaded from https://github.com/ha7ilm/qtcsdr.

As always with this type of thing only transmit if you are licensed and take care with the transmitted distance and filter the antenna output when transmitting over a distance that is further than your room. Also regarding this, on the qtcsdr GitHub page the author mentions that a Raspberry Pi shield called the QRPi filter + amplifier is currently in development (white paper).

QTCSDR Control GUI
QTCSDR Control GUI
Testing qtcsdr: receiving the transmission with an RTL-SDR via attenuator

Tweet11
Share
Reddit46
Vote
Email
57 Shares

Creating a DIY 88-108 MHz FM Trap

One of the most problematic strong signals you can encounter is regular 88 – 108 MHz broadcast FM stations. They transmit at high power and can cause overloading and intermodulation problems on simple receivers such as the RTL-SDR. This means that FM stations can prevent you from receiving signals even when you are tuned far away from the broadcast band.

The simplest solution to reducing strong FM stations is to build an FM trap. This is simply a band stop filter that blocks frequencies between 88 – 108 MHz from entering your radio. Adam (9A4QV), the creator of the popular LNA4ALL and several other RTL-SDR compatible products has recently uploaded an article showing how to build a home made FM trap out of cheap common parts.

Adams article goes through and explains the design of a FM trap and how to use freeware software to aide in the calculations. The final FM trap designed by Adam uses just 3 common SMD capacitors and 3 hand wound coils. His filter attenuates more than 30dB in the 88-108 MHz range with an insertion loss of less than 1dB up to 1.7 GHz.

A DIY FM Trap
A DIY FM Trap
Tweet
Share
Reddit
Vote
Email

SDR-J Now Compatible with the Raspberry Pi 2

The popular software DAB (Digital Audio Broadcast) decoder SDR-J has recently been updated and can now run on the Raspberry Pi 2. In addition the author has also added experimental DRM decoding capabilities to his shortwave receiving software. The author writes about the Raspberry Pi 2:

The Raspberry PI 2 has a processor chip with 4 computing cores. By carefully spreading the computational load of the handling of DAB over these cores it is possible to run the DAB software on the Raspberry PI 2.

In my home situation the – headless – Raspberry PI 2 is located on the attic and remotely controlled through an SSH connection using the home WiFi on my laptop in my “lazy chair”. To accomodate listening remotely, the DAB software on the Raspberry PI 2 sends – if so configured – the generated PCI samples (rate 48000) also to an internet port (port 100240). On the laptop then runs a very simple piece of program reading the stream and sending it to the soundcard

DAB is a digital audio protocol that is used in some countries as a digital alternative to broadcast FM (music stations). SDR-J is a suite of programs that includes the ability to decode DAB, FM, and several shortwave modes such as AM, USB, LSB, PSK, RTTY, WeatherFax, SSTV, BPSK, QPSK, CW, NavTex (Amtor-B), MFSK, Domino, Olivia, Hell, Throb and now DRM. It can directly connect to RTL-SDR receivers as well as other hardware such as the Airspy and SDRplay.

Screenshot of SDR-J running on the Raspberry Pi 2.
Screenshot of SDR-J running on the Raspberry Pi 2.
Tweet
Share
Reddit
Vote
Email

An Unfiltered ADS-B co-op: ADSBexchange

Recently Dan, a reader of RTL-SDR.com wrote in to let us know about a new web project he’s started called adsbexchange.com. ADSBexchange is similar to services like FlightRadar24.com and FlightAware.com, but with one key difference. ADSBExchange explicitly states that they do not and will not filter ADS-B traffic for security reasons. Other similar services all filter FAA BARR (Block Aircraft Registration Request), military and other potentially sensitive ADS-B data. However, Dan argues that filtering the data is simply unneeded security theatre as anyone can build their own unfiltered receiver for very cheap. He writes:

I recently started a website that collects SDR ADS-B and MLAT data (typically from dump1090) worldwide, and displays it unfiltered – http://www.adsbexchange.com . This means that military, “blocked” and other “restricted” traffic is available to see, which is unique as far as I can tell.  We’ve recently tracked a U2 over the UK above 60,000 ft., Air Force One, and various diplomatic aircraft.  Additionally, there is a database of all previous aircraft “sightings” searchable on various parameters.

All of my research indicates this is legal, but perhaps “frowned upon” by local authorities.  The major flight tracking sites seem to not want to make any waves and voluntarily strip this data from their public feeds, even though they are typically fed “unfiltered” data from their volunteer participants.

The service is currently looking for RTL-SDR users who feed ADS-B data to join their feeding program so that they can expand their service coverage.

adsbexchange

Tweet
Share
Reddit59
Vote1
Email
60 Shares

Transmitting FM, AM, SSB, SSTV and FSQ with just a Raspberry Pi

Previously we posted about the Raspberry Pi’s ability to modulate one of its pins to produce FM transmissions with PiFM. A developer (F5OEO) has recently expanded on this idea, and now the Raspberry Pi is capable of modulating and transmitting FM, AM, SSB, SSTV and FSQ signals anywhere between 130 kHz to 750 MHz.

To transmit with the Raspberry Pi all you need to do is plug in a wire antenna to Pin 12 (GPIO 18) on the GPIO port and run the PiTx software by piping in an audio file or image for SSTV. 

Important Disclaimer: While the output power is very small, you should still take great care as the carrier is a square wave, and there is no filtering on the antenna output. So any transmissions will cause harmonics all across the spectrum – possibly interfering with life critical devices. A filter *must* be used if you actually plan on transmitting with any sort of range further than your room. The predecessor PiFM has been reported to have a range of 10cm without an antenna, so it may be best to not connect an antenna to the pin if just testing. With a simple wire antenna the range is increased to 100m which could affect your neighbours. There are also strict laws and licences governing transmitting in most countries so make sure you follow them carefully. In short, get your ham licence and understand what you are doing before transmitting with any sort of amplification/range.

The code for PiTX can be downloaded at https://github.com/F5OEO/rpitx. Also see the authors (@F5OEOEvariste) Twitter account at https://twitter.com/F5OEOEvariste for some more info about PiTX.

PiTX transmitting SSTV and received in HDSDR. From PiTX's author's Twitter @F5OEOEvariste
PiTX transmitting SSTV and received in HDSDR. From PiTX’s author’s Twitter @F5OEOEvariste

Over on YouTube the author of PiTx has also uploaded a video showing a wireless doorbell being replayed with PiTx. On the video description he writes:

PiTx is a software which permit to transmit HF directly through a pin of Raspberry Pi GPIO. Unlike PiFM which transmit only in FM, PiTx is able to perform multi modulation (FM,AM,SSB,SSTV,FSQ) : it has an I/Q input to be agnostic.
The demonstration here is done in several steps :
– Record an I/Q file from a doorbell transmitter on 434MHZ (first part)
– Playing it with the Raspberry Pi using Pitx on HF on same frequency
– Listen to the doorbell receiver which recognize the signal

Conclusion : Pitx is now a real TRANSMIT SDR at very low cost. Be aware that it generate lot of harmonics and never compete with USRP or HackRF.
Goal is to popularize the transmission as rtlsdr popularize the reception.

Tweet12
Share
Reddit450
Vote1
Email
463 Shares

Hak5: Hacking Wireless Doorbells and Software Defined Radio tips

On this weeks episode of Hak5, a popular electronics and hacking YouTube show, the presenters talk about reverse engineering and performing replay attacks on wireless devices such as a doorbell. They also talk about using the recently released Yardstick One which is a PC controlled wireless transceiver that understands multiple modulation techniques (ASK, OOK, GFSK, 2-FSK, 4-FSK, MSK) and works on multiple bands (300-348 MHz, 391-464 MHz, and 782-928 MHz), but is not a software defined radio.

Finally they discuss how to use the RTL-SDR and GQRX to stream received audio over a UDP network connection using netcat in Linux.

Hacking Wireless Doorbells and Software Defined Radio tips - Hak5 1910

If you are interested in the Yardstick one, Hak5 also uploaded two earlier episodes this month showing how to use the Yardstick one, and how to hack wireless remotes by using the RTL-SDR to do the initial reverse engineering, and then using the Yarstick One to do the transmitting.

How to begin hacking with the YARD Stick One - Hak5 1908

How to Hack Wireless Remotes with Radio Replay Attacks - Hak5 1909

Tweet
Share
Reddit
Vote
Email

Hacking GSM Signals with an RTL-SDR and Topguw

The ability to hack some GSM signals has been around for some time now, but the steps to reproduce the hack have been long and difficult to set up. Recently RTL-SDR.com reader Bastien wrote into us to let us know about his recently released project called Topguw. Bastien's Topguw is a Linux based program that helps piece together all the steps required in the GSM hacking process. Although the steps are simplified, you will still need some knowledge of how GSM works, have installed Airprobe and Kraken, and you'll also need a 2TB rainbow table which keeps the barrier to this hack still quite high. Bastien writes about his software:

So like I said my software can "crack" SMS and call over GSM network.

How ?

I put quotation marks in crack because my software is not enough to deciphered GSM itself. My software can make some steps of the known-plaintext attack, introduce by Karsten Nohl, and by the way, increase the time to decipher an SMS or call. I'll not explain here all the steps because they are long and tedious, but there is a lot of work done behind the Gui.

Actually my software can extract Keystream (or try to find some of them) from a capture file of GSM, or by sniffing GSM with a rtl-sdr device. Then you just have to use Kraken to crack the key and you're able to decipher sms or call.

Why ?

This hack is very interesting! With only a little receiver (rtl-sdr) and some hard-disk capacity (2Tb), everyone can try to hack the GSM. It's very low cost compare to other hack vector. Moreover the success rate is really great if you guess the Keystream correctly. So when I started to done this with my hands I though -> why don't try to make something to do this automatically.
This is how Topguw was born.

Topguw, I hope, will sensitize people about risk they take by calling or sending sms with GSM.

My software is currently in beta version but I did run several time and I got good results. Maybe better than something done by hand. But Topguw is made to help people who want to learn the hack. This is why several files are made to help GSM reverse-engineering.

Topguw can be downloaded from GitHub at https://github.com/bastienjalbert/topguw. Bastien has also uploaded a video showing his software in action. If you're interested in Bastiens YouTube channel as he plans to upload another video soon where he shows himself hacking his own GSM sms/call signals.

Topguw Proof of concept - GSM Hacking educational purpose

Of course remember that hacking into GSM signals is very illegal and if you do this then you must check the legality of doing so in your country and only receive your own messages or messages that are intended for you.

Update 27 Feb 2023: Note that this content is constantly being censored by video upload sites. If the above video is down, Bastien has uploaded links to alternative video upload sites on pastebin.

Tweet10
Share
Reddit87
Vote1
Email
98 Shares

Receiving Digital Amateur TV from the ISS with an RTL-SDR

The international space station (ISS) is currently testing transmission of a DVB-S digital video signal. At the moment only a blank test pattern is transmitted, but one day they hope to be able to transmit live video properly for the purposes of making live contact with astronauts, and possibly to stream video of scientific experiments, extravehicular activities, docking operations, or simply live views of the Earth from space.

Over at www.pabr.org the author Pabr has been experimenting with using an RTL-SDR dongle for the reception of these digital amateur TV (DATV) signals. Over on Reddit he also posted some extra information about his work:

I have been able to receive DVB-S broadcasts from the ISS (known as HamVideo or HamTV) with a high-gain 2.4 GHz WiFi antenna ($50), a custom downconverter ($65), a R820T2 dongle, and a software demodulator (Edmund Tse’s gr-dvb). I used to think this could only be done with much more expensive SDR hardware.

It is commonly known that rtl-sdr dongles do not have enough bandwidth to capture mainstream satellite TV broadcasts, but the ISS happens to transmit DVB-S at only 2Msymbols/s in QPSK with FEC=1/2, which translates to 2 MHz of RF bandwidth (2.7 MHz including roll-off).

Before anyone gets too excited I should mention that:

  • This was done during a favourable pass of the ISS (elevation 85°)
  • With a fixed antenna, only a few seconds worth of signal can be captured
  • Demodulation is not real-time (on my low-end PC)
  • Currently the ISS only transmits a blank test pattern.

I now believe the BoM will be less than $50 by the time the ISS begins broadcasting interesting stuff on that channel.

Pabr uses a 2.4 GHz parabolic WiFi antenna to receive the signal. He writes that ideally a motorized antenna tracker would be used with this antenna to track the ISS through the sky. Also since the DATV signal is transmitted at around 2.4 GHz, a downconverter is required to convert the received frequency into one that is receivable with the RTL-SDR. The DATV decoder is available on Linux and requires GNU Radio.

Receiving DATV from the ISS
Receiving DATV from the ISS with an RTL-SDR
Tweet
Share
Reddit
Vote
Email