Receiving and Decoding FLARM (Tracking Gliders, Helicopters etc) using the RTL-SDR

Over on our Facebook page, a user has let us know about the Open Glider Network project which makes use of the RTL-SDR dongle to decode FLARM. FLARM is a low cost and low power consumption ADS-B alternative which is often used by small aircraft such as gliders and helicopters for collision avoidance. With the right antenna, receiver and decoder any aircraft transmitting a FLARM signal could potentially be tracked on a map.

FLARM signals are transmitted at 868 MHz and are effectively weaker by 100-1000 times compared to standard ADS-B signals. The project recommends use of a high gain collinear antenna for receiving the weak FLARM signals. The open glider network project wiki contains information on how to set up their Linux based FLARM decoder that relies on the RTL-SDR for various embedded devices.

Once the software is up and running, the received and decoded FLARM packets can be seen on http://cunimb.fr/live/ as real time glider positions (also at http://cunimb.fr/live/3D/ in a 3D Google Earth).

FLARM Gliders shown in real time on a map
FLARM Gliders received with the RTL-SDR shown in real time on a map
Tweet
Share
Reddit
Vote
Email

Using an RTL-SDR and TI Chronos RF Wristwatch to Copy a Garage Door Opener

At Tel-Aviv University in Israel, two students undertook a class project where they were able to use an RTL-SDR to record a garage door opener signal and then use a Texas Instruments (TI) Chronos watch to retransmit a copy of the signal. Their report can be found here (pdf). The TI Chronos is a wrist watch with a built in programmable ISM band RF transmitter.

The students report contains an analysis of the signal which may be of use to anyone interested in decoding their own ISM band signals and they also describe a method used to automatically obtain the required parameters for programming the TI Chronos with the signal to be copied. The abstract of their report is as follows

We present a simple and affordable way of copying remote controls widely used for parking lot gates, garage doors and other simple systems. These simple remote controls usually use a fixed code (as opposed to the more secured rolling code used for car keys remote controls) and a simple On-Off Keying (OOK) modulation, over 433.92MHz in the ISM band. We suggest the use of the TI-Chronos wrist-watch platform for the emulation of the remote control, as this platform transmits in the same band, and can be programmed to emulate different modulations and to send user pre-defined signals.

In this report we show the complete process for copying a remote control into the Chronos platform. This process utilizes only a standard PC and low-cost hardware (less than $75 all together), alongside free software, and additional software developed by us. The process starts with recording the original remote control RF signal. It continues with automatic analysis of the recording, extracting the needed parameters of the signal. Finishing the process, we set the Chronos with those parameters. We demonstrate the copy process using a 4-channel remote control and its receiver board.

Flow Diagram of Copy Process
Flow Diagram of Copy Process
Tweet23
Share
Reddit
Vote
Email
23 Shares

Using Xastir with the RTL-SDR

Xastir is a Linux based program that is used for plotting Automatic Packet Reporting System (APRS) data on a map. APRS is is type of packet radio system used by ham radio for real time local area digital communications. It is often used for sending messages, plotting positions on a map or providing weather station data.

Over on his blog, KJ6VVZ’s has uploaded a post showing how he was able to get the RTL-SDR working with Xastir. He uses rtl_fm piped into MultimonNG for the APRS decoding and then sends the decoded APRS information to Xastir via a FIFO buffer.

Xastir Message Log
Xastir Message Log
Tweet
Share
Reddit
Vote
Email

New Inline Low Noise Amplifier Design for the RTL-SDR and RTL-SDR Power Injector Modification

Recently a reader named Fabio wrote in to let us know about his new Low Noise Amplifier (LNA) design for the RTL-SDR. Fabio writes that his design is similar to the LNA4ALL, but is small enough to fit inline with an antenna. An LNA can help improve reception especially if you have long runs of coax cable between the antenna and RTL-SDR.

Fabio’s design requires that the LNA be powered inline with a bias-tee power injector circuit which can be easily built from an inductor and capacitor. But instead of building an external bias-tee he modified the RTL-SDR dongle itself to provide the required 5V output power from the USB bus. He writes that with this modification the RTL-SDR could also be used to power an active antenna.

Fabio has also released his circuit designs on his GitHub page for free.

Inline LNA for the RTL-SDR
Inline LNA for the RTL-SDR
RTL-SDR Bias-T Modification
RTL-SDR Bias-T Modification

Tweet
Share
Reddit
Vote
Email

Hak5: Using a Solar Powered Embedded Device with an RTL-SDR to Track Aircraft Remotely

Over on YouTube Hak5, a popular electronics enthusiast channel has uploaded a video showing their project which involves creating a remote solar powered ADS-B receiver with the RTL-SDR. They used a WiFi Pineapple which is a mini Linux based embedded computer as a remote PC and sealed it in a weather tight briefcase with a lead acid battery and solar panel. They also used a high gain directional WiFi antenna on both the transmitting and receiving ends. With this setup the WiFi Pineapple is capable of running indefinitely transmitting ADS-B data using just the solar panel and battery.

They took their setup to the top of a hill near to their office and pointed the transmitting WiFi antenna towards their offices. Then back in the comfort of their offices they were able to remotely connect to the WiFi Pineapple and start a dump1090 webserver and connect to it using Virtual Radar Server.

Solar WiFi Pineapple Briefcase, Aircraft Tracking with High Gain Point-to-Point, Hak5 1614

Tweet
Share
Reddit
Vote
Email

Listening to Spacewalk Communications from the International Space Station

Over on YouTube user LEGION ELMELENAS has uploaded a video showing his reception of voice communications from a Russian spacewalk on the International Space Station (ISS).

Legion used a Funcube Dongle Pro+ which is a software defined radio USB dongle similar to the RTL-SDR, but with better performance and higher cost. He also used a home made turnstile antenna, the SDRSharp software and the Orbitron satellite tracking software to automatically correct for the signals doppler shift as the ISS flies over.

International Space Station spacewalks(Russian astronauts EVA) received with Funcube Dongle Pro+

Tweet11
Share
Reddit
Vote
Email
11 Shares

KN0CK HF Upconverting and Direct Sampling RTL-SDR Receiver Store

In previous posts we have featured Marty KN0CK’s popular modified RTL-SDR dongles which have either a miniature built in high quality HF upconverter with amplifier and filter, or an amplified and filtered direct sampling modification applied to them. With these modified dongles you can receive the HF frequencies from 0.5 MHz to 54 MHz. These kits were previously available for sale on a webstore, however that store has since closed down.

Fortunately, Marty’s modified RTL-SDR dongles are still available at http://www.kn0ck.com/HF_SDR/. The HF upconverting dongle can be bought for $75 and the direct sampling dongle at $60. The store page also shows example videos of the performance you can expect.

KN0CK HF Upconverting RTL-SDR Modification
KN0CK HF Upconverting RTL-SDR Modification
KN0CK HF DIrect Sampling RTL-SDR Modification
KN0CK HF DIrect Sampling RTL-SDR Modification
Tweet
Share
Reddit
Vote
Email

Reverse Engineering NSA Spy ‘Retro Reflector’ Gadgets with the HackRF

In 2013 whistleblower Edward Snowden leaked (along with other documents) some information about the American National Security Agencies (NSA) spy tools. One such group of tools named ‘retro reflectors’ has recently been investigated and reverse engineered by Micheal Ossmann, the security researcher behind the recently available for preorder HackRF software defined radio. The HackRF is a SDR similar to the RTL-SDR, but with better performance and transmit capabilities.

Newscientist Magazine has written an article about Ossmann’s work here. From their article a retro reflectors are described in the following quote.

One reflector, which the NSA called Ragemaster, can be fixed to a computer’s monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the keyboard cable and harvests keystrokes. After a lot of trial and error, Ossmann found these bugs can be remarkably simple devices – little more than a tiny transistor and a 2-centimetre-long wire acting as an antenna.

The HackRF comes in to play in the following quote

Ossmann found that using the radio [HackRF] to emit a high-power radar signal causes a reflector to wirelessly transmit the data from keystrokes, say, to an attacker. The set-up is akin to a large-scale RFID- chip system. Since the signals returned from the reflectors are noisy and often scattered across different bands, SDR’s versatility is handy, says Robin Heydon at Cambridge Silicon Radio in the UK.

Ossmann will present his work at this years Defcon conference in August.

retro-reflector-surlyspawn     retro-relector    retro-reflector-ragemaster

 

Tweet25
Share
Reddit43
Vote
Email
68 Shares