Recently, Great Scott Gadgets announced the upcoming September release of their HackRF Pro, an upgrade to their popular HackRF software-defined radio.
On YouTube, Michael Ossmann, the founder of Great Scott Gadgets, has just uploaded a video explaining the improvements that the HackRF Pro will bring. Apart from the change from microUSB to USB-C, Michael demonstrates how the HackRF Pro has achieved improved performance by eliminating the DC spike and reducing the number of strong signal mirror images.
In his latest YouTube video, Gabe from the saveitforparts channel has uploaded an interesting video detailing how he's tracking government spy planes over his neighbourhood using SDRs to monitor ADS-B data, and Orbic hotspots to detect Stingray activity (fake cell tower basestations).
In the video, Gabe highlights how he detects and follows a suspicious aircraft, concluding that it is most likely a DEA surveillance plane. This conclusion is supported by the fact that the ADS-B data is censored on FlightRadar24, something which normally only happens with law enforcement aircraft, as well as private jets. Upon zooming in on the aircraft with a camera, various antennas and cameras are also visible on the belly. Finally, Gabe found that the plane's registration number is linked to a Texas-based shell company with connections to the DEA.
In the video Gabe also tests out the RayHunter custom firmware for Orbic mobile internet to WiFi hotspot devices. This custom firmware turns these devices into Stingray detectors. A Stingray is a fake cellular base station that is often used by law enforcement to spy on cell phone activity.
Is That Really A Government Spy Plane Over My Neighborhood?
Over on the Tech Minds YouTube channel, Matt has uploaded a review video of the HydraSDR RFOne. The HydraSDR RFOne is a new software-defined radio, made in the USA. The design is heavily based on the Airspy R2, and the creator of HydraSDR worked on the Airspy product design in the past. In a previous post, we also reviewed the HydraSDR, comparing it against the Airspy R2.
In the video, Matt goes over the specs of the HydraSDR, and then unboxes and disassembles the enclosure, showing the PCB. He goes on to update the firmware and then test its operation in SDR++, noting generally good performance.
HydraSDR RFone - A New High Performance Software Defined Radio - Made in the USA!
Discovery Drive is an automatic antenna rotator that is designed to be used with our Discovery Dish product, as well as similarly sized antennas such as Wi-Fi grid and Yagi antennas.
Discovery Drive with Discovery Dish Mounted
A motorized rotator allows you to use a satellite dish or directional antenna to track and receive signals from polar orbiting satellites, which quickly move across the sky. It also lets you switch swiftly between geostationary satellites without manually realigning the dish.
Examples of polar-orbiting weather satellites that you can track include NOAA POES, METEOR-M2, METOP, and FENGYUN. Depending on your location, you may also have access to other interesting satellites that dump data over specific regions. Amateur radio operators can also use Discovery Drive to track amateur radio satellites with Yagi antennas.
Discovery Drive
Discovery Dish is designed to be easy to set up and use. Unlike many other rotators on the market, no external controllers are required. Discovery Drive has a built-in ESP32 controller, and control can be commanded over WiFi or serial from rotctl-compatible software such as SatDump, GPredict, and Look4Sat on Android.
Features and Specifications
Up to 125 kgcm (12.25 Nm) of torque
ESP32 control board
± 1.5° of accuracy
-360° to +360° Azimuth range, 0° - 90° elevation range
1.5 RPM Azimuth speed, 0.25 RPM elevation speed
12 V power input (either barrel jack or USB Type-C Power Delivery)
Wi-Fi connectivity with browser-based web UI
Serial over USB data connectivity or Wi-Fi data connectivity
Low power draw (< 10 W, can be powered with PoE+ supplies and still have power left over for powering a single board computer and RTL-SDR)
Robust worm gear-locked output drives
Direct rotctl compatibility over Wi-Fi (compatible with programs that implement the rotctl protocol, such as SatDump, GPredict, and Look4Sat on Android)
A recently published CVE (Common Vulnerabilities and Exposures) states that a software-defined radio can be used to remotely send a brake command signal to the End-Of-Train wirelessly linked control box.
Security researcher Neil Smith reported the vulnerability. Neil explains more in X, explicitly noting that he has been trying to get this published for 12 years and how no one from the American Association of Railroads (AAR) seems to consider this vulnerability a significant issue.
US trains use wireless RF communications devices, called "End-of-Train" (EoT) and "Head-of-Train" (HoT), to enable data communication between the head and end of the train. The two systems interface with the train's braking and control system, allowing the engineer to view information from both sides of the train, and command systems at ends of a long train instantaneously. Such signals can easily be received with an RTL-SDR and the softEOT decoder, or the PyEOT decoder.
The vulnerability stems from the fact that a software-defined radio can easily be used to replicate an EoT RF signal that can command braking. The signal could be transmitted over a long distance with an appropriate amplifier and antenna. Unexpected braking could cause derailment, amongst other problems.
As of right now, the vulnerability is still unpatched, but AAR have noted that they intend to replace the system with the 802.16t standard. However, in the X thread, Neil notes that this replacement won't be in place until 2027 in the best-case scenario.
Thank you to Lincoln Boggs (KF8DPW) for submitting his open source RTL-SDR Blog V3 shield footprint PCB design, which is available on GitHub.
This PCB serves as a bare-bones starter design that precisely matches the footprint of the RTL-SDR Blog V3, allowing you to develop custom addon boards. The current layout provides connections to GPIO, I2C, CLK, and several other pins on the RTL-SDR Blog V3 that are exposed for experimental and bespoke projects. As Lincoln explains:
Recently in my spare time I have been looking into developing an open-source project for the RTL-SDR blog dongles, more specifically an addon board system similar to RPi hats and arduino shields through the I2C pins.
So far, I've gotten a board footprint published on GitHub for the V3's pins.
The idea is to allow easy addition of modules like external clocks, sensors, controller boards, or even something like a LoRa chip all with minimal soldering and easy swap-ability. I also plan to design 3D models of cases for the SDR to allow it to look cleaner or be more portable in different senses.
Thank you to Nagy István for writing in and sharing with us his video showing how he uses a home-made backfire helix antenna and the JAERO software to receive and decode Inmarsat Aero at 1545 MHz. AERO messages are a form of satellite ACARS, typically containing short messages from aircraft, and some channels also support digital voice communications.
The backfire helix is an antenna design that consists of a helically wound wire, typically wound around a 3D-printed frame, attached to a large backplane. Recently, a similar design called a 'heliocone' has become popular for use with 1.7 GHz polar orbiting satellites.
In the video, Nagy shows two designs, one of his own and the other by Digitalelektro, and the good SNR that he's achieved with them in JAERO.
Inmarsat Aero 1545Mhz decoding with Backfire helix / JAERO software
Thank yoy to Viol Tailer for submitting news about the release of his new software called "uAVD - Analog Video Decoder". uAVD is capable of demodulating the following:
AM (broadcast analog television - NTSC, PAL, SECAM)
FM (FPV drone video links)
RAW (composite output from VHS, camcorders, game consoles)
The software uses the uSDR software as a host, and it passes the IQ passband stream to the uAVD via a uSDR-TCP link. uSDR is a lightweight general purpose multimode software defined radio receiver Windows application that we have posted about on the blog in the past. Currently, it supports RTL-SDR, AirSpy, BladeRF, HackRF, FobosSDR, and LimeSDR devices.
The software supports full color and grayscale modes. With a wideband receiver, it will be possible to receive full-color video. With the reduced bandwidth available with an RTL-SDR, only grayscale will be available.
The image below shows it being used to receive video from a camcorder composite video output. A FobosSDR used in direct sampling mode is used to receive the signal.
uAVD Receiving Camcorder Composite Video via the Direct Sampling Input in FobosSDR
Below is a video from a user of the software demonstrating it in action.
