Tagged: POCSAG

Lon.TV Demonstrates Decoding Various Digital Signals with RTL-SDR

Tech YouTuber Lon.TV has recently uploaded a video demonstrating how to identify and decode various digital transmissions with an RTL-SDR dongle. In the video he explains how to use VB Cable to pipe audio from SDR# into various decoders, and then goes on to show DMR, APRS, POCSAG, L-Band AERO, FT8, and JS8/JS8CALL all being decoded via an RTL-SDR Blog V3 dongle.

Software Defined Radio Part 2 - Decoding Digital Transmissions with an RTL-SDR USB Radio

SDRAngel Features Overview: ADS-B, APT, DVB-S, DAB+, AIS, VOR, APRS, and many more built-in apps

SDRAngel is a general purpose software defined radio program that is compatible with most SDRs including the RTL-SDR. We've posted about it several times before on the blog, however we did not realize how much progress has occurred with developing various built in plugins and decoders for it.

Thanks to Jon for writing in and sharing with us a demonstration video that the SDRAngel team have released on their YouTube channel. From the video we can see that SDRAngel now comes stock with a whole host of built in decoders and apps for various radio applications making it close to an all-in-one SDR platform. The built in applications include:

  • ADS-B Decoder: Decodes aircraft ADS-B data and plots aircraft positions on a map
  • NOAA APT Decoder: Decodes NOAA weather satellite images (in black and white only)
  • DVB-S: Decodes and plays Digital TV DVB-S and DVB-S2 video
  • AIS: Decodes marine AIS data and plots vessel positions on a map
  • VOR: Decodes VOR aircraft navigational beacons, and plots bearing lines on a map, allowing you to determine your receivers position.
  • DAB+: Decodes and plays DAB digital audio signals
  • Radio Astronomy Hydrogen Line: With an appropriate radio telescope connected to the SDR, integrates and displays the Hydrogen Line FFT with various settings, and a map of the galaxy showing where your dish is pointing. Can also control a dish rotator.
  • Radio Astronomy Solar Observations: Similar to the Hydrogen line app, allows you to make solar measurements.
  • Broadcast FM: Decoding and playback. Includes RDS decoding.
  • Noise Figure Measurements: Together with a noise source you can measure the noise figure of a SDR.
  • Airband Voice: Receive multiple Airband channels simultaneously
  • Graves Radar Tracker: For Europeans, track a satellite and watch for reflections in the spectrum from the French Graves space radar. 
  • Radio Clocks: Receive and decode accurate time from radio clocks such as MSF, DCF77, TDF and WWVB.
  • APRS: Decode APRS data, and plot APRS locations and moving APRS enabled vehicles on a map with speed plot.
  • Pagers: Decode POCSAG pagers
  • APRS/AX.25 Satellite: Decode APRS messages from the ISS and NO-84 satellites, via the built in decoder and satellite tracker.
  • Channel Analyzer: Analyze signals in the frequency and time domains
  • QSO Digital and Analog Voice: Decode digital and analog voice. Digital voice handled by the built in DSD demodulator, and includes DMR, dPMR and D-Star.
  • Beacons: Monitor propagation via amateur radio beacons, and plot them on a map.

We note that the video doesn't show the following additional features such as an analog TV decoder, the SDRAngel "ChirpChat" text mode, a FreeDV decoder and several other features.

Frugal Radio: Decoding Fire, Ambulance MDT and Hospital Pagers with SDR++ and PDW

On this weeks Frugal Radio YouTube video, Rob explores how to decode Fire, Ambulance and Hospital pager data using SDR++ and PDW. In the video Rob first explains what applications pagers are used for in 2021 and how they're typically received with pager or MDT hardware terminals mounted in fire and ambulance trucks.

He then goes on to show how we can receive and decode these pager messages using an RTL-SDR, SDR++, VB-Cable and the PDW pager decoder. The tutorial shows how to set up SDR++ settings for pager reception, how to install and setup PDW and how to interface the two programs with VB-Cable. Finally Rob explains how to fully understand some of the messages that you might receive.

Decoding Fire & Ambulance MDT data & hospital pages with a $10 SDR Radio

BSides Talk: It’s 2020, so why am I still able to read your pager traffic?

At the BSides OK 2020 virtual conference Cameron Mac Millan recently presented a talk titled "It’s 2020, so why am I still able to read your pager traffic?". On this blog we have posted numerous times about privacy breaches stemming from insecure wireless pager traffic. Anyone with a radio or SDR can receive and decode pager messages, and this has been known and done since the 1980's. Cameron's talk explains how paging systems work, who are the modern users of pagers, how to capture and decode pager messages and how to best log and filter through messages. He goes on to describe a number of major pager security breaches that he's personally seen. The talk preview reads:

This talk explores why pagers remain a potential threat vector in many environments despite the technology being 40 years old. This is not a the-sky-is-falling presentation: everything from paging history to how simple it is to decode pager traffic (and the associated risks) is covered without FUD.

I enjoy poking things with sticks and turn over rocks to see what crawls out from under them. One of my interests is seeing how technologies believed to be obsolete can still pose a problem for security today, and do that from the perspective of a 20-year career in infosec. When not creating tomorrow’s problems with yesterday’s technology, I can usually be found wrenching on unusual cars.

It’s 2020, so why am I still able to read your pager traffic? - Cameron Mac Millan - BSidesOK 2020

TechMinds: OpenWebRX Feature Overview And Raspberry Pi Setup

Over on YouTube TechMinds has posted his latest video which shows an overview of the features available in OpenWebRX, and also how to set it up on a Raspberry Pi. OpenWebRX is software which allows you to access your SDR remotely via the internet or local network through a web browser. All major SDRs are supported including RTL-SDRs. The software includes a waterfall display, all the standard demodulators, as well as several digital decoders for DMR, YSF, NXDN, D-Star, POCSAG, APRS, FT8, FT4, WSPR, JT65 and JT9.

In the video TechMinds first demonstrates OpenWebRX in action, showing reception of HF SSB amateur radio signals, decoding FT8 and plotting received grids on a map, decoding and plotting APRS on a map and decoding YSF/DSTAR/DMR digital voice. After this demonstration he goes on to show how to set up the OpenWebRX server on a Raspberry Pi via the installation image.

OpenWebRX Feature Overview And Raspberry Pi Setup

Australian Teenager Exposes COVID-19 Patient Data via POCSAG Pager Network

A 15 year old Australian teenager has been accused of leaking sensitive COVID-19 patient data such as the phone numbers and addresses of people in quarantine, and conversations between health officials and doctors about COVID-19 patients. The leak occurred via a public web page that he had set up to share decoded POCSAG pager data that he received from his home.

Pagers are still typically used in many parts of the world by hospitals. It is a tried, tested and very reliable system for messaging, however most systems in the world send data out in unencrypted plain text for all to see. Anyone with a cheap scanner radio or $20 SDR and freely available software can decode every single message sent via paging from almost anywhere in a city as the signals are often extremely strong. Pagers are intended to be reserved for urgent infallible messaging, as paging is more reliable compared to mobile SMS since SMS messages do not always get through, or can be delayed by several minutes. Alternative secure communication channels such as SMS should be used for private information, however this protocol is not always followed due to the additional hassle.

The teen appears to have used either a Baofeng or RTL-SDR to receive the POCSAG pager signal available in his hometown in Western Australia. The pager signal was decoded with multimon-ng, and displayed via the PagerMon software. PagerMon creates a web page that displays pager messages in an easily readable format, and the page can be made accessible to the internet if desired. It seems that the teen is a scanner enthusiast, and did not intend to purposely leak patient data, however others found his PagerMon page and brought it to the attention of the media. His site has now been shut down, and officials have decided to shut down the pager system in favour of a double SMS system.

Some of the leaked messages via 9 News Perth
Some of the leaked pager messages via 9 News Perth

This is a story that repeats often all around the world. In the past we've seen whistleblowers report on patient data breaches in VancouverKansas, and via an art installation in New York that continuously printed out pager messages.

OpenEar Updated to Version 1.6

The RTL-SDR compatible multi-mode digital decoder OpenEar has recently been updated to version 1.6. The latest version currently supports the decoding of FM/AM, TETRA, DMR, Pocsag and ADS-B. New features include a zoomable waterfall and other GUI and functionality improvements. The changelog reads:

6/4/2020
version 1.6.0
- saving last settings
- waterfall
- zoom on spectrum and waterfall with mouse wheel
- better list placement (pocsag & ads-b)
- wav(I/Q) loading (only 1024000 Sample/sec)
- voice volume & mute button
- spectrum range and offset
- rtl gain and correction (ppm)
- top menu
- frequency list
- some DMR improvement on SYNC detection
- solved center frequency issue (DC problem)
- and other few UI improvements

OpenEar Version 1.6
OpenEar Version 1.6

OpenEar Now Supports TETRA, DMR, POCSAG, ADS-B

Back in March we posted about "OpenEar" which was a newly released Windows TETRA decoder for RTL-SDR dongles. Back then the author "moneriomaa" noted that he planned to add several new modes. In the release that is currently available, OpenEar now supports TETRA, DMR, Pocsag, ADS-B as well as standard AM and NFM modes. We tested the software, and all modes appear to decode as advertised. In the future the author plans to add more modes such as MPT-1327 and AERO.

In the previous post we added an update noting that OpenEar appeared to be violating the GPL licence of OsmocomTETRA, and the author noted that he would remove the TETRA functionality until licencing was resolved. As TETRA decoding is back in the recent releases we assume these legal issues have been solved.

In the current release you also need to provide your own rtlsdr.dll file, which can be obtained from your SDR# folder, or directly from the Osmocom windows release (rename librtlsdr.dll to rtlsdr.dll).

Latest OpenEar Version
Latest OpenEar Version