Android developers have a new RTL-SDR driver wrapper available to use called "RTL-SDR CP Driver". This driver by Evgeni Karalamov is designed to have an additional feature over the current Android RTL-SDR drivers in that it implements client application permission management. The overview reads:
RTL-SDR CP Driver utilises the rtl-sdr codebase and is meant to be kept in sync with the developments there. The provided interface mirrors the functionality of rtl_tcp in an Android way. Instead of via a TCP socket, the communication is carried out through file descriptors returned by a ContentProvider.
Since some potentially sensitive information could be captured through the SDR receivers, like indications of the device location, the RTL-SDR CP Driver implements permission control similar to that of the Android framework. Prior to accessing receivers, client applications have to ask the user for permission to access the driver by starting the driver's permission flow via startActivityForResult. Once the user grants access, their answer is remembered and they are not prompted again. The user has the ability to later revoke the permission from the driver's UI, accessible via the Android launcher.
Over on his YouTube channel Kalle Hallden has uploaded a video demonstrating how to perform a replay and "rolljam" attack on a wireless car key with an RTL-SDR and Yardstick One. His first experiment is a simple replay attack which involves recording the unlock signal from the car key with the Yardstick One in a place far away from the car so that it is not received, then replaying it close by.
This works well, but Kalle then explains rolling code security and how this would easily thwart any replay attack in the real world. However, he then goes on to explain and demonstrate the "rolljam" technique, which is one known way to get around rolling code security. The demonstrations are obviously not full tutorials, but are just high level overviews of how wireless security can be defeated.
Over on his YouTube channel Tech Minds has uploaded a video showing how it's possible to receive and decode GPS signals with an RTL-SDR. To do this he uses one of our RTL-SDR Blog V3 dongles and a GPS patch antenna which is powered via the bias tee on the dongle.
On the software side he uses GNSS-SDRLIB and RTKLIB to decode the GPS signal. The result of the two programs is your current GPS coordinates which can be plotted on a map. Unfortunately in the video Tech Minds was unable to get the Google Maps display to work, but you can easily type the coordinates into Google maps yourself.
A few days ago we posted about Hayati and others' work in creating a new release of the librtlsdr drivers which implemented some new interesting features. However, at the time of the post there was no GUI for actually making use of the features easily. Now Hayati has released a new rtl_tcp ExtIO interface.
The interface exposes the ability to manually adjust the filtering within the R820T tuner. This is quite useful for managing out of band interference and raising overall dynamic range especially when trying to listen to a narrowband signal. It also exposes decimation controls, tcp connection features like auto reconnect and persistent connection, manual IF gain control, the ability to choose USB vs LSB tuning, and the ability to choose the highest stable sample rate of 2.56 MSPS.
The ExtIO interface is only available for SDR programs that support ExtIO, such as HDSDR. To test the ExtIO, first download and extract the latest librtlsdr release then run rtl_tcp from the command line. Extract and run the new ExtIO dll into the HDSDR folder, then run HDSDR, making sure to select the new dll when it asks on startup. You can then set the desired bandwidth and the matching decimation settings for that bandwidth.
Over on his YouTube channel M Khanfar has put together a tutorial for an interesting idea. The idea is to use an automatic SSH connection to tell your Windows PC to run rtl_tcp whenever you open SDRTouch or RFAnalyzer on your Android device. SDRTouch and RFAnalyzer are both Android based SDR applications and rtl_tcp is a server which allows both apps to connect to a remote RTL-SDR over a network connection.
To set this up, Khanfar first sets up OpenSSH on his Windows PC which allows a secure remote connection to the PC. On his Android device he then installs MacroDroid and RaspController. MacroDroid is an app that help you automate tasks on your Android device, and RaspController is an app designed for remotely controlling a Raspberry Pi, but also works on Windows via the SSH connection. These apps are then setup so that an SSH connection to the Windows PC is automatically opened whenever SDRTouch is run. From within the SSH connection rtl_tcp is then started.
Full text instructions are available in the video description.
Automate MacroDroid with RTL_TCP through OpenSSH under Windows 10
In their experiment they set up both circular and linear antenna arrays for the KerberosSDR, then flew the drone in front of the antenna array while recording the bearings calculated by the KerberosSDR system. The results showed that the KerberosSDR was able to successfully track the drone's bearing with either antenna array, however the linear array produced more accurate results as expected.
We note that a linear array cannot differentiate if an object is in front or behind the array. However, if this knowledge is known it can be used instead of a circular array to get more accurate bearings that are less affected by multipath.
Thank you to Hayati Ayguen for letting us know that he and others have submitted a slew of updates to the "librtlsdr" fork of the librtlsdr RTL-SDR drivers. The improvements made to the development branch are extensive and are pasted below, and Hayati also has also created some presentation slides about his improvements. Hayati also notes that there are several open issues being tracked, and he has labelled some as "help wanted" where help and testing would be appreciated.
If you have tested any of the new features of tools, please let us know how they work in the comments!
"Driver" Library Features
added support for special USB (vendor) VID 0x1209 (product) PID 0x2832: "Generic RTL2832U":
added smaller bandwidths, improving selectivity: 290, 375, 420, 470, 600, 860, 950, 1100, 1300, 1500, 1600, 1750, 1950 kHz. These are coarse measured values .. which might get adjusted in future.
bandwidth filters utilize tuner's low- and highpass filters at IF
added spectrum flipping (inside tuner) - and back in RTL2832
the band edges (low/high-pass) have different steepness; the steeper edge can be selected with the mixer sideband (rtlsdr_set_tuner_sideband()), to achieve better attenuation depending on signal scenario
added (automatic) control over VGA (variable gain amplifier)
VGA gain (besides LNA and Mixer) can be utilized and set to automatic, letting it controlled from RTL2832U. Having all automatic (AGC) including activation of digital AGC in RTL2832 (rtlsdr_set_agc_mode()), oversteering effects got reduced (a lot).
gain range now up to 100 dB
deactivated "Filter extension under weak signal" for a stable filter characteristic
added shifting of IF-center, to receive away from DC. See rtlsdr_set_tuner_band_center()
probably some more: it's highly probable, that this list is incomplete
"Driver" Library API
added rtlsdr_set_and_get_tuner_bandwidth(), which also delivers the bandwidth. [ with rtlsdr_set_tuner_bandwidth() does not deliver the bandwidth ]
added rtlsdr_set_tuner_band_center(), to set center of the filtered tuner band
added rtlsdr_set_tuner_sideband(), to set mixer sideband
added rtlsdr_set_tuner_gain_ext(), special for R820T/2 tuner
added rtlsdr_set_tuner_if_mode(), sets AGC modes in detail
added rtlsdr_set_ds_mode() including threshold frequency
added rtlsdr_set_opt_string() and rtlsdr_get_opt_help() for configuration of 'driver' - especially from command line
added rtlsdr_set_tuner_i2c_register(), rtlsdr_get_tuner_i2c_register() and rtlsdr_set_tuner_i2c_override() exposing hacking of tuner-specific I2C registers
added rtlsdr_get_ver_id(), to allow discrimination between osmocom library - or this fork
added rtl_ir: display received IR signals.
requires the IR diode of an RTL-SDR - which might not exist!
added rtl_rpcd: a Remote Procedure Call server for RTL-SDR dongles.
for use, set environment variable "RTLSDR_RPC_IS_ENABLED"
optionally set environment varibales "RTLSDR_RPC_SERV_ADDR" and "RTLSDR_RPC_SERV_PORT". These default to "127.0.0.1" and "40000".
requires cmake option WITH_RPC
added rtl_raw2wav: save rtl_sdr or rtl_fm's output (pipe) into a wave file, including some meta information like timestamp and frequency
added rtl_udp: same as rtl_tcp - just using UDP instead of TCP
added rtl_wavestat: display wave file meta information
added rtl_wavestream: stream raw data (in specified format)
added command file option '-C', which can trigger actions depending on signal. have a look at README.rtlfm_cmdfile.
added command line interface option '-E rdc', to enable dc blocking on raw I/Q data at capture rate
added CLI option '-E rtlagc', to enable rtl2832's digital agc
added CLI option '-E bclo', to use tuner bandwidths low corner as band center
added CLI option '-E bchi', to use tuner bandwidths high corner as band center
added CLI option '-O', to set RTL driver options seperated with ':', e.g. -O 'bc=30000:agc=0'
added CLI option '-R', to specify number of seconds to run
added CLI option '-H', to write wave Header to file, producing a wave file with meta information, compatible with several SDR programs
added CLI option '-o', to request oversampling (4 recommended) for processing gain
not just rtl_fm, but many tools have more options. compare all the details by starting with command line option '-h'.
"Driver" Library's UDP-Server - only on Windows
enabled by cmake option PROVIDE_UDP_SERVER for tests. OFF by default
activated by rtlsdr_set_opt_string(): "port=1" or "port=<udp_port>", default port number: 32323
purpose is to allow configuration at runtime with a simple text protocol, e.g. with netcat
for detailed protocol, see comment section in parse() of librtlsdr.c. or look for sections with '#ifdef WITH_UDP_SERVER'
allows non-GPL programs, e.g. QIRX, to utilize the RTLSDR stuff in a license compliant way
added several control functions in rtl_tcp, not existing in osmocom release: UDP_ESTABLISH, UDP_TERMINATE, SET_I2C_TUNER_REGISTER, SET_I2C_TUNER_OVERRIDE, SET_TUNER_BW_IF_CENTER, SET_TUNER_IF_MODE, SET_SIDEBAND, REPORT_I2C_REGS
control functions documented in rtl_tcp.h
(by default) control port number 1234, configurable via command-line-interface (CLI)
response(s) at +1 of control port: 1235, configurable via CLI
RTLion is a software framework for RTL-SDR dongles that currently supports various features such as a power spectrum plot and frequency scanning. The software can run on a Raspberry Pi 3 and all features are intended to be accessed via an easy to use web browser interface, or via an Android app. The software can also be run with Docker, making it useful for IoT applications.
Over on YouTube M Khanfar has uploaded a comprehensive tutorial video explaining how to setup and run the RTLion server software on a Linux computer. He goes on to demonstrate and explain how to use the server via the web interface and also via the RTLion Android app.