Tagged: rtl-sdr

An RTL-SDR telemetry decoder for the soon to be launched MRC-100 CubeSat

Thank you to Zoltan Doczi (HA7DCD) for submitting news about the MRC-100 Hungarian CubeSat that is scheduled to launch on a Falcon 9 on June 12. Zoltan notes that the MRC-100 is the successor to the SMOG-1 CubeSat which we posted about back in March 2021. The satellite is named to honoring the 100th year anniversary of the HA5MRC Ham Radio Club at the Budapest University of Technology.

To help with decoding the Telemetry on the CubeSat an RTL-SDR based telemetry receiver was created by Peter and Miklos, and Levente HA7WEN has created an installation script for Raspberry Pi's and Linux PC's which installs OpenWebRX along with the satellite receiver software.

The satellite should be receivable with a simple satellite antenna, such as a handheld Yagi, Turnstile, Dipole or quadrifilar-helix antenna. It will be transmitting telemetry at 436.720 MHz. If you have a dish and tracking equipment for it, there is also a high speed downlink at 2267.5 MHz. Like SMOG-1 the satellite carries a sensor that is designed to measure human caused electromagnetic pollution. It also carries a camera and an AIS receiver for tracking marine vessels.

The MRC-100 CubeSat

A Video Demonstration on Cracking a GSM Capture File

Over on YouTube Rob VK8FOES has been uploading some fairly comprehensive demonstrations and tutorials showing how to crack a GSM capture file which can be recorded with any SDR.

It's well known now that GSM aka 2G communications are insecure, with the encryption having been breakable on a standard PC for a long time now. It is for this reason that GSM is now mostly phased out, however in many regions the GSM system is still operational in reduced capacity due to some legacy users who are mostly industrial.

In his video Rob makes use of the opensource Airpobe GSM decoder tool, as well as the opensource Kraken tool (not to be confused with KrakenSDR) which is a brute force password cracking tool.

We want to note that doing this is only legal if it is your own communication that has been recorded, or you have permission from the communicating parties.

My GSM cracking content has been getting quite a lot of attention lately. Previous videos of mine relating to this topic were only boring screen recordings with no real explanation on what steps are required to crack the A5/1 stream cipher and decrypt GSM traffic by obtaining the Kc value.

I was bored one day and decided to present a live-style workflow of how hackers and security researchers 'crack' 2G cellular communications in real-time. Be warned that if you don't have an interest in cryptography or cellular network security, you might find this video rather boring.

The GSM capture file used in this video, to my knowledge, has never been publicly cracked before. 'capture_941.8M_112.cfile' was recorded and uploaded with permission by the owner of the data themselves as a decoding example for testing Airprobe.

I make a few mistakes in the video that I can't be bothered editing out. But they are not critical, just myself misreading a number at the 10 minute mark somewhere, and saying the wrong name of a software tool at 17 minutes.

Additionally, l am not a GSM technology engineer, nor a cryptography expert. I do my best to explain these concepts in a simple and easy to understand way. But due to my limited knowledge of these subjects, it's possible that some of this information may be incorrect or lacking context.

However, this video will still allow you to crack a real GSM capture file if you are able to follow along with my flip-flopping style of presentation. Haha. But please, only replicate this tutorial on GSM data that originated from YOUR OWN mobile phone. Do not attempt to decrypt private telecommunications from any other cellular subscriber, EVER.

How To Get Arrested In 30 Minutes: Cracking A GSM Capture File In Real-time With AIRPROBE And KRAKEN

Video Demonstrating Hydrogen Line Detection with an RTL-SDR and WiFi Dish

Back in January 2020 we posted a tutorial showing how it's possible to detect and measure the galactic Hydrogen line using a simple 2.4 GHz WiFi dish, RTL-SDR Blog V3 and a filtered LNA. Since then many people have used the same setup with great results.

Over on YouTube user stoppi who is one such person who is using the same steps from our tutorial, and he has uploaded a video showing his setup and results. If you're thinking of getting started with Hydrogen Line reception, his video slide show tutorial would be a good complimentary overview to go along with our text tutorial.

Detection of the galactic hydrogen - the 21 cm radiation - Wasserstoffstrahlung der Milchstrasse

TechMinds: Receiving and Decoding Packets from the GreenCube Cubesat Digipeater

GreenCube is a CubeSat by the Sapienza University of Rome, and it is designed to demonstrate an autonomous biological laboratory for cultivating plants onboard a CubeSat.

While this is an interesting mission in itself, for amateur radio operators there is another interesting facet to the satellite. Unlike most CubeSats which are launched in Low Earth Orbit (LEO), GreenCube was launched higher in Medium Earth Orbit (MEO) which provides a larger radio reception footprint over the earth. The satellite also contains a digital repeater (digipeater) at 435.310 MHz, which allows amateur radio operators to transmit digital radio packets up, and have the satellite repeat the packet back over a wide area footprint on earth. 

Over on his latest video, Matt, from the TechMinds YouTube channel shows us how to receive and decode the packets from the GreenCube digipeater. In his demonstration Matt uses an SDRPlay RSPdx as the receiver, SDR++ as the receiver software, SoundModem as the packet decoder, GreenCube Terminal for displaying the messages, and GPredict for tracking the satellite and compensating for the doppler effect. He also notes that while a directional antenna on a motorized tracker is recommended, he was able to still receive packets with his omnidirectional terrestrial antennas without much issue.

RECEIVING AND DECODING GREENCUBE CUBESAT

Building an OpenWebRX Server with an RTL-SDR Blog V3 for HF Monitoring

Thank you to Ramadhan (YD1RUH) who has put together a brief set of commands showing how to quickly get setup with OpenWebRX and an RTL-SDR Blog V3. OpenWebRX is a web based SDR program that allows users to use their SDR over a network or internet connector. It is compatible with several SDRs including the RTL-SDR.

 The installation is based on Ubuntu, and uses docker for the install. He also shows how to set up the OpenWebRX configuration file so that it will use the Q-branch direct sampling mode in RTL-SDR Blog V3 dongles for HF reception.

A demonstration of the result can be seen on Ramadhan's public OpenWebRX page. You can select between the various enabled HF bands in the lower left.

OpenWebRX HF reception running on an RTL-SDR Blog V3 dongle.

RFinder P10 – An Android Tablet with a built in Two Way Radio and RTL-SDR

Recently we came across a company called RFinder / AndroidDMR who are a shop selling custom made two way radios and Android Tablets with built in radio hardware. One of their new tablets that is currently in pre-order is being advertised with a built in RTL-SDR. The preorder status notes that they should be shipping within less than a months time.

The "RFinder Android Radio 10 Inch Tablet - 136-174mhz, 400-490mhz DMR/FM - Embedded RTL-SDR" is able to be pre-ordered for $1,499.95 USD + shipping. It is a ruggedized 10 inch Android tablet with a built in two way 4W VHF/UHF DMR/RF radio as well as an additional built in RTL-SDR. In terms of computing hardware, it comes with an Octa-Core 2.3 GHz CPU, 4GB RAM, 64GB ROM, and it supports cellular connectivity.

In their manual they share the following slide showing the built in RTL-SDR running the RF Analyzer Android app.

Various reviews of the RFinder P10 have been showing up on YouTube. Here is one review by Ham Radio 2.0 where the RFinder P10 is demonstrated at the Huntsville Hamfest.

New RFinder P10 Tablet with Dual Band DMR and RTL-SDR Receiver - Huntsville Hamfest

Decoding the Mexican Seismic Alert System (SASMEX Alerta sísmica)

Back in 2015 we posted about the dsame software, which is a decoder for the American Emergency Alert System (EAS) which is encoded with the SAME (Specific Area Message Encoding) protocol. EAS transmits on the NOAA weather frequency. 

Recently programmer Sam submitted news about his fork of dsame which adds the ability to decode the Mexican SASMEX (Sistema de Alerta Sísmica Mexicano) alert system. SASMEX is a system developed by the Mexican Government which can detect earthquakes and rapidly activate a warning siren across the country, allowing an early warning for people to prepare for an incoming earthquake.

The sirens appear to be activated wirelessly through the same frequencies that weather and EAS use, and so the signal can be monitored with an RTL-SDR or other SDR. When an active signal is present, the forked dsame software will decode the alert. The alert could then be used to activate a local siren or display.

How the SASMEX System Works (Credit: http://www.cires.org.mx/sasmex_n.php)

A Satellite Listening Journey

On his Medium.com blog, Mohsen Tahmasebi has posted an article about his journey into listening to satellites which started with his acquisition of an RTL-SDR Blog V3 dongle. The article begins by explaining his motivations for receiving satellites and how difficult hobbies like this are to get into in his home country of Iran. Despite the challenges he tasted success when he was able to receive NOAA APT signals on his second attempt using the included portable dipole antenna in a V-dipole configuration. Shortly after Mohsen was also able to receive Meteor-M2 LRPT.

Mohsen then built a more permanent V-dipole out of copper rods and optimized his antenna using NEC simulation software, finding that adding a reflector significantly improved reception. He then moved on to building a slightly more complex Turnstile antenna, which yielded even better results and allowed him to explore CubeSats at 435 MHz and contribute to SatNOGS. Finally, Mohsen ordered a Bullseye LNB and using a homemade bias tee, he received the QO-100 amateur radio transponder.

Overall, Mohsen's journey demonstrates that there is a lot of fun and learning available from internationally available satellites even in a country where equipment is hard to come by.

Mohsen's First Permanent V-Dipole for NOAA APT Reception