Receiving SpaceX Falcon 9 Telemetry with a HackRF and 1.2m Satellite Dish

Over on the Reddit /r/SpaceXLounge discussion board user /u/Xerbot has made an interesting post showing how u/derekcz was able to receive the telemetry signals from the latest SpaceX Falcon 9 rocket launch using a HackRF and a 1.2m prime focus dish with homebuilt feed designed for the 2232.5 MHz downlink frequency. Then after demodulating the signal with GNU Radio, /u/Xerbot was able to convert that signal into binary data, and then into plain text strings. 

Another user /u/Origin_of_Mind then figured out that these strings are debug messages being sent by the software-defined GPS receiver, which amongst other data contains the GPS coordinates of the second stage. The GPS data indicates that the second stage was tracking over the north of Serbia at an altitude of 219 km and velocity of 7483m/s. /u/derekcz was able to then confirm that he was indeed recording the signal when the satellite would have been crossing Serbia, confirming the received telemetry was correct.

The entire thread is an interesting read, with multiple users dissecting the plaintext and finding out information about the launch. /u/Origin_of_Mind's post in particular explains the meaning of each of the data fields, which includes the system time, the XYZ coordinates in the earth-centered earth-fixed (ECEF) coordinate system, the loss of precision due to unfavorable GPS satellite positions and the number of GPS satellites currently received.

Another user /u/softwaresaur even notes that there was an "radiation_fdir_activation_guard" event. FDIR stands for Fault Detection, Isolation and Recovery (FDIR) and this event was triggered due to 0.06 s mission time discrepancy between the rocket and GPS true time.

SpaceX Falcon 9 Telemetry Downlink Decoded
Tweet117
Share
Reddit50
Vote1
Email
168 Shares

Controlling a Wireless Ceiling Fan with an RTL-SDR and RPiTX on a Raspberry Pi

Over on YouTube River's Educational Channel has uploaded a new video showing how he uses a Raspberry Pi to control a ceiling fan via it's wireless control signal. Back in January we posted about River's first video where he shows him using and RTL-SDR and Universal Radio Hacker (URH) to reverse engineer the control signal.

In this new video River uses the RPiTX software to generate the control signal without requiring any additional transmit hardware. He first explains how RPiTX can generate an arbitrary signal from a square wave and talks a bit about the harmonics this creates. To reduce harmonics he adds a simple low pass filter to the GPIO output.

Next to control the fan he uses the "sendook" program that is included with RPiTX to transmit the binary control string that he reverse engineered in his original video. Finally he creates a simple web server so that he can control his ceiling fans via his phone and integrate it into his smart home.

Abusing Raspberry Pi GPIO pins as a radio transmitter to control my ceiling fan

Tweet
Share
Reddit
Vote
Email

Adding an RTL-SDR Antenna Port to a Pinetab Linux Tablet

The Pinetab is a US$99.99 open source Ubuntu Linux Tablet based on a low power Pine64 singe board computer. The Pinetab can optionally support an internal RTL-SDR, which is essentially just a standard RTL-SDR PCB connected to the single board computer inside the tablet enclosure.

Over on YouTube channel Privacy & Tech Tips has uploaded a video where he takes the Pinetab apart and adds an external antenna port, allowing for external antennas to be connected. In the video we get a good look at the internals of the Pinetab, and after installing the external antenna port he shows us the Pinetab receiving a LoRa signal.

Opening Pinetab (Linux Tablet) back cover (+show tips for safer opening) on video and show how you can add an external threaded antenna port for your internal SDR. It makes for an amazingly compact SDR kit and smaller antennas like LoRa fit right inside the keyboard/tablet/laptop stand. Larger antennas such as a dipole, the antenna cord fits along the case/stand perfectly.

I show how to open the Pinetab safely, and install an external threaded antenna port. After this I take a Heltec LoRa ESP32 I have had laying around and use it to demo GQRX on the screen. I show LoRa packets coming over the radio waves at 915MHz. Series on SDR using Pinetab/Pinephone/Pine64 hardware. Linux makes for an amazing platform where the tools at hand leave the limits to what you can do to the power of your imagination.

Opening Pinetab + Add SDR Modification!

Tweet
Share
Reddit
Vote
Email

Frugal Radio: Monitoring Aviation Communications Part One

Rob from Frugal Radio has recently started a new YouTube series all about monitoring aviation communications. In his first video Rob gives an overview on what can be aviation signals can monitored and recommends a few hardware scanners as well as software defined radios for monitoring.

This is an introductory video to my new series aimed about monitoring aviation communications. Throughout the series we will talk about:

  • Civil Airband (aka VHF airband)
  • Military Airband (aka UHF airband)
  • HF Aeronautical communications
  • Decoding aircraft data on HF and VHF
  • Decoding CPDLC transmissions and much more!
  • Good frequency scanners to use, like the Uniden BC125AT and BCT-15X
  • Recommended Software Defined Radios (SDR)
Monitoring Aviation Communications - Part 1

Tweet13
Share
Reddit
Vote
Email
13 Shares

SDRSharp Guide by IZ1MLL Updated

Thank you to Paolo Romani IZ1MLL for letting us know that he has updated his popular SDRSharp users guide that we posted about previously last December. The guide is available on the Airspy downloads page. SDR# (aka SDRSharp) from Airpsy.com is designed for Airspy SDRs, however it is one of the most popular SDR receiver programs that is used with RTL-SDRs as well. Paolo's guide covers all of the settings and features in SDR# as well as some third party plugins. Paolo writes:

In the last month I have completely rewritten the guide for other devices and for the latest radical changes to the software. From today, version 2.1 is available in Italian and English for all interested guys.

We note that the guide has also been translated in Spanish and Russian, although at the time of writing those translations are still only for the older guide. 

SDRSharp Guide
Tweet15
Share
Reddit
Vote
Email
15 Shares

Engineer and Beauty Queen Xyla Foxlin sends an RTL-SDR and Miss America Crown to Space in a High Altitude Balloon

Xyla Foxlin is a Mechatronics engineer, entrepreneur, and beauty queen who amongst many other titles is also a STEM YouTuber. In her latest YouTube video Xyla sends her Miss America crown that she received as winner of Miss Greater Cleveland 2018 to space on a high altitude balloon.

In the video she explains her beauty queen journey, shows the balloon prep, launch and recovery and well as the video of the crown ascending into space via an onboard camera. Whilst not specifically mentioned in the video, in the description of her video she also notes that the scientific payload of the balloon was an RTL-SDR.

The scientific payload was an RTL SDR radio receiver recording spectrum data from FM broadcast stations as it ascended. This was a collaboration with my friend (and PhD candidate in Electrical Engineering) Kristina Collins, with the goal of submitting a paper to HamSCI eventually. (Collaboration means she did most of the payload and I did most of the get-it-to-the-stratosphere part)

We were able to track the payload in real time all the way to 112,00 feet because we flew an APRS transmitter using my Amateur Radio Callsign. This let anyone following me watch it in real time as well, it even flew over one of my fan's houses! If you plan on launching a weather balloon, I HIGHLY recommend getting your HAM license so you can fly with APRS.

Why I Sent My Miss America Crown to Space

EDIT: Please note that violent and hateful comments will be removed - they have no place on this technical blog. This post is about an interesting individual who has done something interesting that promotes the radio hobby. We look forward to more work from Xyla and anyone else promoting ham radio, and radio projects in general.

Tweet
Share
Reddit
Vote
Email

TechMinds: Testing a DC-160 MHz Panadapter Switch

Over on his YouTube channel Tech Minds has uploaded a video where he tests out a cheap US$90 automatic antenna switch with DC-160 MHz range that he purchased from Chinese goods retailer Banggood. An automatic antenna switch like this is required when wanting to use an SDR such as an RTL-SDR as a panadapter with a transmit capable radio. The switch will automatically switch the SDR to ground when transmitting, so that high power does not enter the SDR via the shared antenna and destroy it.

In the video Tech Minds shows how to set the switch connections up and then demonstrates the switch in action with a Yaesu FT-991A and SDRplay SDR. He notes that this cheap Chinese version is actually built better than the MFJ-1708 antenna switch which until recently was the only commercial option available. It is also half the price.

PANADAPTER For Any Radio DC - 160 MHz SDR Antenna Switch

Tweet
Share
Reddit
Vote
Email

Evaluating LoRaWAN Security with an RTL-SDR

Over on their blog Trend Micro have uploaded a post describing how they evaluated the security of LoRaWAN communications using an RTL-SDR. LoRaWAN is a wireless communications technology that allows for Internet of Things (IoT) connectivity at a much lower cost compared to cellular infrastructure. However, as described in their post LoRaWAN incorporates very little security, making connected devices an easy target for hackers.

The researchers at Trend Micro used an RTL-SDR together with the LoRaPWN software tool which is an improved version of the LoRa Craft Project. With LoRaPWN the researchers were able to intercept uplink and downlink packets. Then when combined with a brute force dictionary attack, they were then able to recover the encryption keys allowing them to decode the data.  Finally they were also able to demonstrate a denial of service attack which results in a device being unable to send further data.

For more information the technical paper (pdf) describing their full setup and tests is available, as well as an older post describing possible LoRaWAN attacks. There is also a YouTube video from "The Things Conference" which we have embedded below. In the video researcher Sebastian Dudek presents some of his findings on LoRaWAN security.

An RTL-SDR Blog V3 Intercepting LoRaWAN packets.
LoRaPWNing: Practical radio attacks on LoRaWAN - Sebastian Dudek (Trend Micro)

Tweet
Share
Reddit
Vote
Email