Back in 2017 we first posted about KYDronePilot's HDFM software which allows users to display the live weather and traffic data embedded into some HDFM signals.
If you are in the USA, you might recognize HD Radio (aka NRSC-5) signals as the rectangular looking bars on the frequency spectrum that surround common broadcast FM radio signals. These signals only exist in the USA and they carry digital audio data which can be received by special HD Radio receivers. Earlier in in 2017 a breakthrough in HD Radio decoding for SDRs like the RTL-SDR was achieved by Theori when he was able to piece together a full HD Radio software audio decoder that works in real time.
It turns out that some of these HD Radio signals run by iHeartRadio also contain other data streams such as live weather and traffic data that is consumed by HD Radio based car GPS receivers or audio head units in US vehicles. HDRadio.com also write that they can embed other data such as sports scores and emergency messages into the data stream as well.
FISSURE (Frequency Independent SDR-Based Signal Understanding and Reverse Engineering) is a recently released open source framework that runs on Linux, and includes a whole suite of previously existing software that is useful for analyzing and reverse engineering RF signals. On top of that it includes a custom GUI with a bunch of custom software that ties everything together in a full reverse engineering process.
Recently the developers spoke at this years Defcon conference, and the talk video is supplied at the end of this post. In their talk they explain the purpose of FISSURE, before going on to demonstrate it being used to reverse engineer a wireless X10 doorbell. FISSURE makes analyzing the signal easy, starting with spectrum analysis to find the signal, then signal recording, signal cropping, signal replay, crafting packets and crafting attacks.
News and developments about FISSURE can also be seen on their Twitter.
FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions.
The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. FISSURE contains a growing library of protocol and signal information to assist in identification, packet crafting, and fuzzing. Online archive capabilities exist to download signal files and build playlists to simulate traffic and test systems.
The friendly Python codebase and user interface allows beginners to quickly learn about popular tools and techniques involving RF and reverse engineering. Educators in cybersecurity and engineering can take advantage of the built-in material or utilize the framework to demonstrate their own real-world applications. Developers and researchers can use FISSURE for their daily tasks or to expose their cutting-edge solutions to a wider audience. As awareness and usage of FISSURE grows in the community, so will the extent of its capabilities and the breadth of the technology it encompasses.
FISSURE RF Framework - Griffiss Institute & AIS Monthly Lecture + Education Series
Over on YouTube TheSmokinApe has uploaded a video showing how to use the direct sampling mode on RTL-SDR Blog V3 devices to receive HF transmissions, such as the ham bands, short wave and AM broadcast. In the video he shows how to activate direct sampling mode in SDR#, and then goes on to show reception of a few HF signals.
We note that an appropriate HF capable antenna is required to receive HF signals. The multipurpose dipole kits we sell are for VHF/UHF reception only. A simple and low cost HF antenna could just be a long wire running through your house.
Thank you to Samual Yanz (N7FNV) for submitting a guide that he's created about tracking and decoding NOAA weather satellites. The guide can be downloaded from this link as a PDF.
Currently there are three operational polar orbiting NOAA weather satellites that transmit image data in the APT format at 137 MHz. When one of these satellites pass overhead, it is possible to use an RTL-SDR with appropriate satellite antenna and software to receive the satellite weather images they transmit.
Samual's guide focuses on the software and shows how to setup Virtual Audio Cable for piping audio between programs, SDR# for receiving the signal, Orbitron for tracking the satellite and WXtoIMG for decoding the image.
Thank you to Joel Moser who has submitted news about his teams scientific research work at Soochow University in Suzhou, near Shanghai, China which makes use of RTL-SDR Blog V3 dongles in their research to replace bulky and expensive analysis equipment such as a lock-in amplifier, a vector network analyzer, or a spectrum analyzer. Their results show that an RTL-SDR can produce results as good as those more traditional pieces of equipment.
The researchers have also provided a summary video, which helps explain the science in an easier way. In a nutshell, as far as we understand it, they first use a laser optical interferometer to measure the graphene nanomechanical resonator, and then connect the output of the interferometer to the RTL-SDR, where the signal can be measured on a PC, and then easily put forward to further DSP processing in GNU Radio.
One interesting result is that they were able to recover very clear audio from the graphene nanomechanical resonator using the RTL-SDRs. This is highlighted in the video from around 4:25. Also provided via their website are two audio files demonstrating a clear reading of a Shakespeare sonnet, and a musical.
Our project is about detecting weak vibrations in nanomechanical resonators based on graphene drums. Graphene is an atomically thin membrane of carbon atoms. Graphene drums are made by suspending the membrane over an array of cavities nanofabricated in silicon oxide. Vibrations of the membrane are driven using a capacitive force at frequencies ranging from 10 to several hundreds of MHz. The detection of vibrations is done by optical interferometry, with the electrical output of our photodetector connected to a radio frequency measuring instrument. Usually, the measuring instrument is a lock-in amplifier, a vector network analyzer, or a spectrum analyzer, which are all rather bulky and expensive systems.
In our work, we demonstrate that graphene nanomechanical vibrations can be adequately measured with RTL-SDR v3 dongles. We find that the quality of our dongle-based measurements is as good as that of measurements made with a low noise spectrum analyzer, provided the driving force is not too small.
We take full advantage of your dongles by measuring the amplitude of two vibrational modes in parallel. For this, we split the output of the photodetector and connect it to two dongles. Measuring multiple modes in parallel is very valuable for nanomechanical sensing applications, as more information can be extracted compared to single mode measurements. However, this is a challenging task that requires several instruments collecting data in parallel. Here, we demonstrate that a composite of SDR dongles offers an alternative that is remarkably simple and inexpensive per frequency channel.
Finally, we show that our software-based instrument can be employed to demodulate human voice encoded in nanomechanical vibrations. For this, we drive vibrations with a frequency modulated force. As a baseband signal, we alternatively use a Chinese song performed by one of us, poetry by Shakespeare, and an excerpt from a musical.
We are now improving our measurement setup by synchronizing the clocks of several RTL-SDR v3 dongles to measure vibrational modes coherently. We are also greatly interested in employing your KrakenSDR for even better and cleaner multimode nanomechanical measurements.
A recent paper about our work can be freely accessed here:
Audio files for our demodulated nanomechanical signals can be found at the same address, but they are buried in a supplemental material (media) folder. Alternatively, the paper and the audio files can be found here:
Thank you to Sasha Engelmann for letting us know about the release of the Open-Weather community's web browser based NOAA APT decoder. The decoder allows for easy NOAA satellite decoding by allowing you to upload a wav file recording of a NOAA satellite pass, and it will decode it into an image within the browser.
The project emerged from a desire to understand the process of decoding APT audio recordings into NOAA satellite images, and a need for an accessible browser-based decoder for new practitioners during open-weather DIY Satellite Ground Station workshops.
While we were inspired by Thatcher's APT 3000, we felt accessibility, documentation and features could be expanded and improved. open-weather apt allows you to select an audio file on your computer, choose a demodulation method, add histogram equalisation and download images. The website does not store your personal data, including your location or any files you upload.
Over on the usradioguy.com blog, Carl Reinemann has highlighted a very impressive remote off-grid radio satellite image receiver setup by Manuel Lausmann (DO3MLA). The setup consists of two Raspberry Pi's, two RTL-SDRs and a QFH satellite antenna connected to an antenna splitter and bias tee. It is able to receive APT and LRPT images from NOAA and Meteor satellites which transmit at 137 MHz. The received images are then uploaded to the internet via a mobile LTE router.
The system is located a remote part of Northern Norway and is powered by a dual solar and wind turbine system with battery storage. Being so remote with little interference, the system is able to receive very clean images, and with the location being so Northern, it can even glimpse the north pole.
Manuel has uploaded a YouTube video where he shows each part of the system. It is in narrated in German, however the YouTube caption auto translate feature can be used.
He notes that in the future he hopes to install a web SDR like KiwiSDR on the site too.
The RX888 is a $200 software defined radio that has a 16-bit ADC and tuning range from 1 kHz up to 1.8 GHz, with a bandwidth of up to 64 MHz between 1 KHz to 64 MHz and 10 MHz between 64MHz - 1700MHz. The design is based on the RX-666 which is turn was based on Oscar Steila's (IK1XPV) BBRF103 original open source hobby design. The product is designed and manufactured in China and is sold on Aliexpress and eBay without any official company backing it.
While on paper, the RX888 has great specs and a great price, it appears that the software driver support from the manufacturer has been extremely poor, and no one has really been able to get this SDR working in practice without it constantly throwing errors and locking up.
@Aang245 & @Ryzerth are the developers of the popular open source SDR programs 'SatDump' and 'SDR++'. They often get queries to support the RX888, but have been unable to get much working due to broken drivers and no support from the manufacturer.
In the document Aang245, author of SatDump, discusses the technical problems he's been having with the library and drivers, noting that almost all of the library drive code is broken, leaving him unable to support the device in his software.
When actually attempting to use the library on any of my machines, pretty much nothing would work reliably, and even when streaming samples would work, gain control, frequency or simply loading the firmware would fail horribly.
Later, I tried instead using the ExtIO code, maintained by the original project maintainers. By then, libsddc mentioned above had been merged into that main repo. Seemed great… Until I tried to use it. To put it simply : It was bad before, but now it relied on an entire ExtIO, segfaulted seconds after trying to do anything, and of course what worked before didn’t even anymore.
A good reason for that is that when the library was “merged”, it instead was made to rely on ExtIO internals, with barely half of the functions even implemented or working...
...In summary, it just feels like the BBRF103 hobby project commercialized without any thoughts about consequences or the ecosystem, and not even usability. Same hardware, usually sold as a premium, but really just a bunch of parts hacked together.
Ryzerth, author of SDR++ then adds the following reinforcing viewpoint:
The code quality in the library was absolutely horrendous. Functions were unimplemented, stuff was hardcoded everywhere and it was just generally hacked together. Same goes for the firmware, it seems to be a barely modified “streaming” example from Cypress (the FX3 chip manufacturer)...
...I have tried multiple times to reach back to the manufacturer on twitter but they have been radio silent since April 2022...
...Something else that bothers me is that SDR seems to be popular in the SWL community. A bunch of people recommend it when the performance can only be described as mediocre. Making a wideband HF frontend is an art, and you’re not gonna get any good result from something built down to a price like it. It’s a cool ham radio project, but not something that can be marketed as a commercial SDR. I’ve seen people claim that it has superior performance to Airspy and SDRplay SDRs, which is complete bullsh*t...
...This SDR has been unlike any other SDR I’ve had to support. Other manufacturers have clean APIs, proper drivers and libraries. It usually takes me at most a day or two to support the hardware properly. Being an “aliexpress special”, I guess I shouldn’t be surprised, you get what you pay for. All the money went into the BOM and none into the R&D and software.
This entire saga highlights the fact that software defined radios are not only about the hardware specs. The support and state of the drivers from the manufacturer is key to allowing third party developers to integrate the device into their software.
