Tagged: rtl-sdr

Frugal Radio: Experimenting with Rdio-Scanner and Trunk Recorder on P25 LSM

In his latest video Rob from the Frugal Radio YouTube channel has uploaded a video where he experiments with a SDR web interface and smartphone App called "Rdio-scanner". Rdio-scanner is an interface that tries to reproduce the user experience of using a real hardware scanner with an SDR and RF voice decoding/recording software like Trunk Recorder being used in the background. Rob writes:

rdio-scanner creates a customizable web interface from which to control your software defined radio. Using it, you can turn a computer, phone or tablet into something that closely resembles a hardware scanner!

Trunk Recorder is the software that decodes the unencrypted P25 signals and records them to disk. Here is it demonstrated working on a large Simulcast (LSM) site.

rdio-scanner reads the audio files. Through the rdio-scanner interface, you are basically choosing which audio files to play.

Rob runs the rdio-scanner software on his Panasonic Toughbook, noting that the interface looks really great in Tablet mode and works well with the touchscreen. He also notes that his toughbook has a SIM card socket, so a data SIM would enable him to access his P25 monitoring system at home from anywhere. 

SDR experiments with Rdio-scanner, Trunk Recorder, Airspy Mini & Panasonic Toughbook on P25 LSM

Pulsar B0329+54 Detected with a 1.9m Dish and RTL-SDR

Over the past few years Job Geheniau has been constantly surprising us with his amateur radio astronomy results coming from modest dish sizes and low cost SDR equipment like an RTL-SDR. We've seen him perform full sky hydrogen line surveys, measure galactic rotation, image the Cygnus star forming region, image the Cassiopeia A supernova remnant, detect interstellar high velocity clouds and observe a red supergiant star.

Job's latest work has seen him detect Pulsar B0329+54 with his 1.9m dish and an RTL-SDR. He writes:

A pulsar is the rapidly spinning and pulsating remnant of an exploded star.

PSR B0329+54 is a pulsar approximately 3,460 light-years away in the constellation of Camelopardalis. It completes one rotation every 0.71452 seconds and is approximately 5 million years old

Everything indicates that I may have been able to detect the pulsar B0329+54 with JRT [Job's Radio Telescope]. This dish has a diameter of 1.9 meters, which would make it the first time (!) this pulsar has been detected with a dish of this size as far as I can tell. This result was obtained thanks to the good help and software of Michiel Klaassen.

Job has also provided a PDF file that documents his setup and results in more detail, which we have uploaded to our server here.

Using an SDR# Plugin to Tune into a Broadcast FM SCA Subcarrier (Radio Reading Service for the Blind)

Thank you to Double A again for submitting a new video where he shows how to use a new SDR# plugin called "SCATuner" to listen to an SCA audio subcarrier embedded within a broadcast FM signal.

SCA short for Subsidiary communications authority, is a separate audio channel hidden within a broadcast FM signal. SCA is typically used for niche radio programs, elevator music, music for doctors offices, and niche services such as reading for the visually impaired. In the past you needed a special hardware SCA radio to receive these channels, however receiving these channels with an SDR is relatively simple. Not all broadcast FM stations will have an SCA service, but the video shown below explains how to find one.

In previous posts Double A and others have shown how to receive these SCA Subcarriers using two instances of SDR#. However, this new plugin makes the task much simpler one click job.

Double A's video goes over how to install and use the plugin, explains SCA and demonstrates it in action decoding a radio reading service for the blind.

SDR# Plugin for Tuning an FM SCA Subcarrier (Radio Reading Service for the Blind) (with RTL-SDR USB)

Using an RTL-SDR to Decode Broadcast FM RDS Data on Android

Over on YouTube Double A Labs has posted a new video demonstrating how to use an RTL-SDR and Android device to receive broadcast FM stations, and to decode any associated RDS data. 

In the video Double A uses the SDR Touch Android app and the Advanced RDS function to show the RDS information. He goes on to explain the various pieces of information RDS data provides including clock time, active RDS groups and alternative frequencies.

Tune broadcast FM radio and decode Radio Data System (RDS) information using your Android phone and an RTL-SDR USB (see parts list below). RDS can include station identification, song name, the current time for a receiver to sync its clock, alternative frequencies the same program is on, and more!

Tuning FM Radio & Decoding RDS Data on ANDROID using RTL-SDR USB

RTL-SDR Virtual Reality Spectrum Display Software Released

Back in September 2021 we posted about Manahiyo's software that allows the RF spectrum and related graphs to be viewed in virtual reality, using a VR headset and an RTL-SDR. Back then the software was only demonstrated on YouTube, but not released.

A few days ago Manahiyo released the VR software on GitHub. The software requires a Oculus/Meta Quest2 VR headset, and the it is able to run directly on the headset's computing hardware. This makes it possible to have the RTL-SDR attached to the headset itself.

RTL-SDR VR Software for Oculus Quest 2

Frugal Radio: Travelling with SDR & Scanner Gear

Over on his YouTube channel Frugal Radio, Rob has uploaded a new video whilst on holiday travelling through the USA. In the video he shows what sort of scanner radios, antennas and SDR gear he carries with him on his travels. His gear includes a Uniden SDS-100 scanner, a BCD325 scanner, a Radio-Tone RT4 internet network radio and of course an RTL-SDR Blog V3 and laptop.

He goes on to demonstrate the hardware in action from his Hotel room, decoding local digital audio.

A peek in Frugal's Travel Bag : SDR & Scanner gear on the road

Opening and Starting Honda Civic Vehicles with a HackRF Replay Attack

A few months ago University student Ayyappan Rajesh and HackingIntoYourHeart reported cybersecurity vulnerability CVE-2022-27254. This vulnerability demonstrates how unsecure the remote keyless locking system on various Honda vehicles is, and how it is easily subject to very simple wireless replay attacks. A replay attack is when a wireless signal such as a door unlock signal is recorded, and then played back at a later time with a device like a HackRF SDR.

Most car manufacturers implement rolling code security on their wireless keyfobs which makes replay attacks significantly more difficult to implement. However, it appears that Honda Civic models (LX, EX, EX-L, Touring, Si, Type R) from years 2016-2020 come with zero rolling code security:

This is a proof of concept for CVE-2022-27254, wherein the remote keyless system on various Honda vehicles send the same, unencrypted RF signal for each door-open, door-close, boot-open and remote start(if applicable). This allows for an attacker to eavesdrop on the request and conduct a replay attack.

In the videos on the GitHub demonstration page they show a laptop with GNU Radio flowgraph and a HackRF SDR being used to turn the engine of a Honda civic on, and to lock and unlock doors.

Various news agencies reported on the story, with "The Record" and bleepingcomputer contacting Honda for comment. Honda spokesperson Chris Martin replied that it “is not a new discovery” and “doesn’t merit any further reporting.” further noting that "legacy technology utilized by multiple automakers” may be vulnerable to “determined and very technologically sophisticated thieves.”. Martin went on to further note that Honda has no plans to update their vehicles to fix this vulnerability at this time.

Laptop and HackRF used to turn on a Honda Civic Engine via simple Replay Attack.

In the past we've seen similar car hacks, but they have mostly been more advanced techniques aimed at getting around rolling code security, and have been difficult to actually implement in the field by real criminals. This Honda vulnerability means that opening a Honda Civic could be an extremely simple task achievable by almost anyone with a laptop and HackRF. It's possible that a HackRF and laptop is not even required. A simple RTL-SDR, and Raspberry Pi with the free RPiTX software may be enough to perform this attack for under $100.

More information about the hack can be found on HackingIntoYourHeart's GitHub page. He writes:

Recording the "unlock" command from the target and replaying (this works on most if not all of Honda's produced FOBs) will allow me to unlock the vehicle whenever I'd like to, and it doesn't stop there at all On top of being able to start the vehicle's ENGINE Whenever I wished through recording the "remote start", it seems possible to actually (through Honda's "Smart Key" which uses FSK) demodulate any command, edit it, and retransmit in order to make the target vehicle do whatever you wish.

Lon.TV Demonstrates Decoding Various Digital Signals with RTL-SDR

Tech YouTuber Lon.TV has recently uploaded a video demonstrating how to identify and decode various digital transmissions with an RTL-SDR dongle. In the video he explains how to use VB Cable to pipe audio from SDR# into various decoders, and then goes on to show DMR, APRS, POCSAG, L-Band AERO, FT8, and JS8/JS8CALL all being decoded via an RTL-SDR Blog V3 dongle.

Software Defined Radio Part 2 - Decoding Digital Transmissions with an RTL-SDR USB Radio