SDRangel is a free open source software defined radio program that is compatible with many SDRs, including RTL-SDRs. SDRAngel is set apart from other programs because of it's huge swath of built in demodulators and decoders.
Tech YouTuber Lon.TV has recently uploaded a video demonstrating how to identify and decode various digital transmissions with an RTL-SDR dongle. In the video he explains how to use VB Cable to pipe audio from SDR# into various decoders, and then goes on to show DMR, APRS, POCSAG, L-Band AERO, FT8, and JS8/JS8CALL all being decoded via an RTL-SDR Blog V3 dongle.
Software Defined Radio Part 2 - Decoding Digital Transmissions with an RTL-SDR USB Radio
SDRAngel is a general purpose software defined radio program that is compatible with most SDRs including the RTL-SDR. We've posted about it several times before on the blog, however we did not realize how much progress has occurred with developing various built in plugins and decoders for it.
Thanks to Jon for writing in and sharing with us a demonstration video that the SDRAngel team have released on their YouTube channel. From the video we can see that SDRAngel now comes stock with a whole host of built in decoders and apps for various radio applications making it close to an all-in-one SDR platform. The built in applications include:
ADS-B Decoder: Decodes aircraft ADS-B data and plots aircraft positions on a map
NOAA APT Decoder: Decodes NOAA weather satellite images (in black and white only)
DVB-S: Decodes and plays Digital TV DVB-S and DVB-S2 video
AIS: Decodes marine AIS data and plots vessel positions on a map
VOR: Decodes VOR aircraft navigational beacons, and plots bearing lines on a map, allowing you to determine your receivers position.
DAB+: Decodes and plays DAB digital audio signals
Radio Astronomy Hydrogen Line: With an appropriate radio telescope connected to the SDR, integrates and displays the Hydrogen Line FFT with various settings, and a map of the galaxy showing where your dish is pointing. Can also control a dish rotator.
Radio Astronomy Solar Observations: Similar to the Hydrogen line app, allows you to make solar measurements.
Broadcast FM: Decoding and playback. Includes RDS decoding.
Noise Figure Measurements: Together with a noise source you can measure the noise figure of a SDR.
On this weeks Frugal Radio YouTube video, Rob explores how to decode Fire, Ambulance and Hospital pager data using SDR++ and PDW. In the video Rob first explains what applications pagers are used for in 2021 and how they're typically received with pager or MDT hardware terminals mounted in fire and ambulance trucks.
He then goes on to show how we can receive and decode these pager messages using an RTL-SDR, SDR++, VB-Cable and the PDW pager decoder. The tutorial shows how to set up SDR++ settings for pager reception, how to install and setup PDW and how to interface the two programs with VB-Cable. Finally Rob explains how to fully understand some of the messages that you might receive.
Decoding Fire & Ambulance MDT data & hospital pages with a $10 SDR Radio
At the BSides OK 2020 virtual conference Cameron Mac Millan recently presented a talk titled "It’s 2020, so why am I still able to read your pager traffic?". On this blog we have posted numerous times about privacy breaches stemming from insecure wireless pager traffic. Anyone with a radio or SDR can receive and decode pager messages, and this has been known and done since the 1980's. Cameron's talk explains how paging systems work, who are the modern users of pagers, how to capture and decode pager messages and how to best log and filter through messages. He goes on to describe a number of major pager security breaches that he's personally seen. The talk preview reads:
This talk explores why pagers remain a potential threat vector in many environments despite the technology being 40 years old. This is not a the-sky-is-falling presentation: everything from paging history to how simple it is to decode pager traffic (and the associated risks) is covered without FUD.
I enjoy poking things with sticks and turn over rocks to see what crawls out from under them. One of my interests is seeing how technologies believed to be obsolete can still pose a problem for security today, and do that from the perspective of a 20-year career in infosec. When not creating tomorrow’s problems with yesterday’s technology, I can usually be found wrenching on unusual cars.
It’s 2020, so why am I still able to read your pager traffic? - Cameron Mac Millan - BSidesOK 2020
Over on YouTube TechMinds has posted his latest video which shows an overview of the features available in OpenWebRX, and also how to set it up on a Raspberry Pi. OpenWebRX is software which allows you to access your SDR remotely via the internet or local network through a web browser. All major SDRs are supported including RTL-SDRs. The software includes a waterfall display, all the standard demodulators, as well as several digital decoders for DMR, YSF, NXDN, D-Star, POCSAG, APRS, FT8, FT4, WSPR, JT65 and JT9.
In the video TechMinds first demonstrates OpenWebRX in action, showing reception of HF SSB amateur radio signals, decoding FT8 and plotting received grids on a map, decoding and plotting APRS on a map and decoding YSF/DSTAR/DMR digital voice. After this demonstration he goes on to show how to set up the OpenWebRX server on a Raspberry Pi via the installation image.
Pagers are still typically used in many parts of the world by hospitals. It is a tried, tested and very reliable system for messaging, however most systems in the world send data out in unencrypted plain text for all to see. Anyone with a cheap scanner radio or $20 SDR and freely available software can decode every single message sent via paging from almost anywhere in a city as the signals are often extremely strong. Pagers are intended to be reserved for urgent infallible messaging, as paging is more reliable compared to mobile SMS since SMS messages do not always get through, or can be delayed by several minutes. Alternative secure communication channels such as SMS should be used for private information, however this protocol is not always followed due to the additional hassle.
The teen appears to have used either a Baofeng or RTL-SDR to receive the POCSAG pager signal available in his hometown in Western Australia. The pager signal was decoded with multimon-ng, and displayed via the PagerMon software. PagerMon creates a web page that displays pager messages in an easily readable format, and the page can be made accessible to the internet if desired. It seems that the teen is a scanner enthusiast, and did not intend to purposely leak patient data, however others found his PagerMon page and brought it to the attention of the media. His site has now been shut down, and officials have decided to shut down the pager system in favour of a double SMS system.
This is a story that repeats often all around the world. In the past we've seen whistleblowers report on patient data breaches in Vancouver, Kansas, and via an art installation in New York that continuously printed out pager messages.
The RTL-SDR compatible multi-mode digital decoder OpenEar has recently been updated to version 1.6. The latest version currently supports the decoding of FM/AM, TETRA, DMR, Pocsag and ADS-B. New features include a zoomable waterfall and other GUI and functionality improvements. The changelog reads:
6/4/2020 version 1.6.0 - saving last settings - waterfall - zoom on spectrum and waterfall with mouse wheel - better list placement (pocsag & ads-b) - wav(I/Q) loading (only 1024000 Sample/sec) - voice volume & mute button - spectrum range and offset - rtl gain and correction (ppm) - top menu - frequency list - some DMR improvement on SYNC detection - solved center frequency issue (DC problem) - and other few UI improvements