Earlier in the month we posted about how rtl_433 has been ported to ESP32 devices that are combined with CC1101 or SC127X transceiver chips, such as the low cost LILYGO LoRa 32 boards available on Aliexpress.
Over on YouTube Matt from the Tech Minds channel has uploaded a video showing how to set up rtl_433 on an ESP32 device, and how to set it up with a home automation service like Home Assistant, Node Red or OpenHAB via an MQTT broker.
PCB boards that combine these two chips can be found cheaply on Aliexpress as LoRa boards, under the name "LILYGO LoRa 32". If you are unaware, ESP32 chips cheaply combine a WiFi and Bluetooth modem with a microcontroller that is capable of hosting a webserver. CC1101 and SC127X are low cost low power hardware transceiver chips made for IOT devices. We've posted about LILYGO boards in the past as they've been used with interesting projects such as Meshtastic, and for weather balloon tracking.
This project could be useful for home automation as a module has been made available for openMQTTGateway. Instead of dedicating a more powerful Raspberry Pi and RTL-SDR, you can now dedicate a much cheaper and much lower power device to the task.
SDRangel is a free open source software defined radio program that is compatible with many SDRs, including RTL-SDRs. SDRAngel is set apart from other programs because of it's huge swath of built in demodulators and decoders.
Thank you to reader Jon for writing in and noting that SDRangel has recently been released for Android as a free Google Play download. This is an amazing development that could open up many doors into portable decoding setups as the Android version supports almost every decoder implemented on the desktop version. Jon writes:
It includes most of the functionality of the desktop version of SDRangel, including:
AM, FM, SSB, Broadcast FM and DAB, AIS, ADS-B, Digital Voice (DMR, dPMR, D-Star, FreeDV), Video (DVB-S, DVB-S2, NTSC, PAL), VOR, LoRa, M17, Packet (AX.25), Pager (POCSAG), Radiosonde (RS41), Time signal (MSF, DCF77, TDF and WWVB) modems.
RTL SDR, Airspy, Airspy HF, LimeSDR, HackRF and SDRplay support via USB OTG as well as networked SDRs
2D and 3D signal analysis in both time and frequency domain with statistical measurements of SNR, THD, THD+N, SINAD, SFDR and channel power
Satellite tracker, star tracker, maps and rotator controller
It should work on Android 6 and up. It’s a straight port of the desktop application, so although it will run on a phone, probably best used on a large tablet with a stylus or mouse.
Over on their blog Trend Micro have uploaded a post describing how they evaluated the security of LoRaWAN communications using an RTL-SDR. LoRaWAN is a wireless communications technology that allows for Internet of Things (IoT) connectivity at a much lower cost compared to cellular infrastructure. However, as described in their post LoRaWAN incorporates very little security, making connected devices an easy target for hackers.
The researchers at Trend Micro used an RTL-SDR together with the LoRaPWN software tool which is an improved version of the LoRa Craft Project. With LoRaPWN the researchers were able to intercept uplink and downlink packets. Then when combined with a brute force dictionary attack, they were then able to recover the encryption keys allowing them to decode the data. Finally they were also able to demonstrate a denial of service attack which results in a device being unable to send further data.
For more information the technical paper (pdf) describing their full setup and tests is available, as well as an older post describing possible LoRaWAN attacks. There is also a YouTube video from "The Things Conference" which we have embedded below. In the video researcher Sebastian Dudek presents some of his findings on LoRaWAN security.
An RTL-SDR Blog V3 Intercepting LoRaWAN packets.
LoRaPWNing: Practical radio attacks on LoRaWAN - Sebastian Dudek (Trend Micro)
A radiosonde is a small sensor and radio package normally attached to a weather balloon. Meteorological agencies around the world typically launch two balloons a day from several locations to gather data for weather prediction. We have featured radiosondes several times on this blog as it is easy to use an RTL-SDR and computer to receive and decode their signals, which can used to hunt down the fallen sonde, or to receive the weather telemetry data.
Recently RTL-SDR.COM reader António submitted a link to an interesting project called "MySondy" which is created by Mirko Dalmonte (IZ4PNN). MySondy is custom firmware for TTGO Lora32 433 MHz boards which allows them to be turned into a radiosonde tracker. A TTGO is a cheap ~US$20 LoRa32 IoT dev board with an onboard WiFi + Bluetooth enabled ESP32 microcontroller and OLED display. Some of the slightly higher priced units come with a built in GPS receiver as well. With the custom firmware it is capable of receiving and decoding common radiosonde protocols such as RS41, M10, RS92 and DFM.
A TTGO ESP32 LoRa BoardA TTGO running MySondy firmware enclosed in a 3D Printed Case
There is also an Android App called MySondy Go and MySondy FINDER which connect to the TTGO via Bluetooth. This app plots the location of the radiosonde on a map, allowing you to easily follow and track down the balloon. You can also go to mysondy.altervista.org to see public MySondy stations. Clicking on a blinking dot will connect you with the MySondy server, allowing you to see tracked sondes.
MySondy Web Interface
The firmware and software appear to be fairly new, so there isn't much information about this that we could find just yet. Also we note that all manuals and information about the project is written in Italian, except for a French magazine article (pdf) that António sent us to upload.
We note that these TTGO ESP32 LoRa boards are quite interesting by themselves, with other custom firmware available to do things like create a Paxcounter which counts the number of mobile devices in an area via WiFi and Bluetooth signals, and the ability to use them as a GPS enabled Mesh network based text message radio.
Back in the middle of last year we posted about Othernet's Dreamcatcher hardware and the LoRa chat application. The Dreamcatcher is Othernet's receiver and computing platform that is designed for receiving their satellite data broadcast. It is currently available for US$79.
Although the Othernet datacast is one way receive only, the Dreamcatcher board uses a LoRa radio chipset that has TX capabilities that can be leveraged for experimental purposes. One experimental piece of software that they developed is a chat application that works with two Dreamcatcher boards. It allows you to initiate a text based chat between two boards using the on board LoRa radio chips.
The TechMinds YouTube channel has recently released a video demonstrating the chat application in action, and the video shows how to set up, install and use it too. We note that since our post last year, the Dreamcatcher board has gone through a revision and no longer includes an LCD screen. The company name has also changed from "Outernet" to "Othernet".
What can you do with two Othernet Dreamcatcher Boards?
FossaSat-1 is a recently launched open source "picosatellite" with an onboard LoRa repeater designed for Internet of Things (IoT) communications. It was launched via the Electron Rocket in New Zealand on December 6. At only 5 x 5 x 5cm in size and 250g in weight, a picosatellite is a tiny satellite that fits in your hand and can be affordably built and launched for around US$40k.
Since the launch, it has been confirmed that FossaSat-1 was successfully launched, and is working correctly. However, the antennas have not properly deployed yet resulting in a weak signal that cannot be received by small ground stations. The team are currently working on getting the antenna manually deployed from earth and the latest updates can be found on their Twitter @FossaSys. They note that if the antennas cannot be deployed, then there is still the future launches of FossaSat-1B and FossaSat-2 to look forward to.
While waiting for the antennas to deploy you can watch Andreas Speiss' YouTube video where he explains the satellite in more detail, and shows how to build a FossaSat-1 ground station that can receive the FossaSat-1 LoRa transmission and upload it to the internet. While not SDR-related as it uses a hardware based LoRa chip, this is still an interesting project that some readers may be interested in.
#302 We build a 20 Dollars LoRa Satellite Ground Station and we follow the FossaSat-1 launch
Helium is a cryptocurrency being designed for internet of things (IoT) sensors which will be based on low cost software defined radio (SDR) technology - that's a lot of buzzwords!. The idea is to design a system that will pay people to run an internet connected gateway which will receive data from wireless sensors, and put that data onto the internet. A use case that Helium has already developed is providing services to track and monitor medicine and food supplies. The linked article gives a good example of this use case:
...let’s say you have a gateway in your house: if a vial of medicine were to enter your coverage zone, it would send its location and temperature data to your gateway, which would then send it to its proper destination in return for a previously agreed upon cryptocurrency fee. These steps would then be cryptographically verified and recorded in the distributed ledger.
In terms of IoT network competition, LoraWan and SigFox IoT networks are already popular and established in several places in the world, but wireless coverage isn't great because these networks rely on companies to build gateway infrastructure. Helium crowd sources this infrastructure instead, which could result in greater coverage.
Most cryptocurrencies base the security of their network on the 'proof of work' process, which is a way to ensure that the miners get rewarded for the heavy cryptographic computations that they do in order to secure the network. Instead of proof of work, Heliums idea is to use a 'proof of coverage' system, where other gateways will confirm if a gateway is providing coverage and is in the correct location. Helium cryptocurrency 'miners' will be the people running the internet connected gateways, and they will be paid for any devices that use their wireless coverage.
According to one of their latest blog posts, the wireless gateway radio system is to be based on a software defined radio architecture. The reasoning behind using SDR is that they need to support potentially thousands of wireless sensor channels, require the sensors to be able to be geolocated, and require the radio to be low cost and energy efficient. For geolocation of sensors they are considering the use of radio direction finding techniques that we assume will be based on pseudo-doppler, or alternatively they will use the time difference of arrival (TDoA) technique which requires the signal to be received by multiple gateways. The SDR will be developed on a dual core TI SoC, with four programmable realtime units (PRU), which they'll use to interface with the RF chips.
At the moment Helium is just a whitepaper, and we haven't seen any concrete evidence of a working SDR design yet, but according to their website they plan to launch gateway hardware in Q4 2018 for a cost of $495.
