After listening to dock workers with his RTL-SDR for a few days, RTL-SDR.com reader Eoin decided that he wanted to try a more practical experiment. He decided to see if he could reverse engineering the wireless protocol on his garage door opener. Upon opening his remote he discovered a bunch of DIP switches, which are presumably used to program the remote to a particular garage door. Eoin’s next step was to determine at what frequency the garage door opener was transmitting at. He made an assumption that it would be in the 433 MHz unlicenced ISM band as this is where many handheld remotes transmit at. He was right, and found the signal.
His next step was then to record the signal audio in Audacity. From the audio waveform he could see a square wave which looked just like binary bits. By manually eyballing the waveform and translating the high/low squarewave into bits he was able to get the binary data. He then confirmed this data with the dipswitch positions and discovered that a 010 binary code matched with the UP position on the dip switch and 011 matched with the DOWN position.
Having decoded the signal manually fairly easily, Eoin decided his next challenge would be to automate the whole decoding in GNU Radio. In the end he was successful and managed to create a program that automatically determines the position of the DIP switches from the signal. His post goes into detail about his algorithm and GNU Radio program.
The GOMX-3 is a CubeSat which carries an experimental ADS-B repeater. Since it is a satellite the experimental receiver hopes to be able to receive ADS-B from orbit, then beam it back down to earth at a frequency of about 437 MHz using a GFSK at 19200 baud high data rate transmission protocol. From space the GOM3-X satellite can see many aircraft at one time and space based tracking allows for aircraft tracking over oceans.
Recently the creators of the satellite, GomSpace released a complete decoder for the ADS-B downlink, and now it has also been turned into a GNU Radio flowgraph by Daniel Estevez which can output decoded aircraft position data directly to a KML file which can then be opened in Google Earth or similar. This blog by DK3WN shows several logged decodes of the satellite and shows what the signal looks like in SDR#. Some of his posts also curiously shows what looks to be a Windows decoder, or logger, though we were unable to find a download for it.
Decoding the downlink should give you real time ADS-B data in your area, but the full log of stored stored data is apparently only downloaded when the satellite passes over the GomSpace groundstations which are mostly located in the EU.
To run GNU Radio for Windows you will need a 64-bit version of Windows 7/8/10. It appears that the installation is as easy as running the installer and waiting for it to download and install the 1.7 GB worth of files.
Also, over on his blog author designing on a juicy cup posted about how he’d been able to get the GNU Radio Windows binaries to run a ATSC HDTV decoder from a file recorded using an SDRplay RSP (ATSC is too wideband for an RTL-SDR to decode). ATSC is the digital TV standard used in North America, some parts of Central America and South Korea. He writes that one advantage to using GNU Radio on Windows is the ability to use a RAM drive for faster file processing.
Oliver’s GNU Radio program is now capable of combining four RTL-SDR dongles and is now also capable of piping the output via a FIFO to GQRX. With four RTL-SDR dongles you can get a total bandwidth of 8.4 MHz. He also writes that it is even possible to listen to analog signals that are in overlapping areas.
The maximum usable and stable bandwidth of an RTL-SDR is about 2.4 MHz. In order to get larger bandwidths it is possible to combine two or more dongles, although doing so comes with a big limitation – since the clocks and signal phases between separate dongles would not be synchronised, it would be impossible to decode a wideband signal this way. However, combining dongles for larger bandwidths is still useful for visualizing the spectrum through an FFT plot, or perhaps for decoding various separate narrowband signals. Although creating a wide band FFT plot with multiple dongles is fairly simple, we haven’t seen much software do this before.
I simply took two RTL-SDR dongles at their max. band width of 2.4 MHz, resampled the signals to 4.8 MHz, then shifted the first signal down by 1MHz, the other one 1 MHz up, added them together, divided the combined signal by 2 and finally feed it into a FFT plot.
At first, I tried shifting the signals by 1.2 MHz to get full 4.8 MHz, but I realized, that I had a notch in the center, so I reduced the frequency shift until I had no notch anymore.
To show his analysis methods Yashin used an ASK modulated FS1000A 433 MHz transmitter connected to an Arduino Teensy microcontroller. He first uses GQRX and baudline together with an RTL-SDR in Kali Linux to test that the transmitter is working and to visually inspect the RF spectrum. Then he shows how to use GNU Radio to receive the 433 MHz transmitter and how to record an audio file. The final tool he shows how to use is rtl_433 which will automatically decode the data into binary strings using the analysis option.
Over on YouTube user MrCircuitMatt has uploaded two videos on how he was able to decode a temperature weather sensor using an RTL-SDR and GNU Radio. His videos go through the GNU Radio technical steps as well as the signal encoding theory he used to decode the temperature.
Using RTL-SDR to read temperature from outdoor sensor, part 1
Using RTL-SDR to read temperature from outdoor sensor, part 2