Tagged: rtl2832u

Radio Analyser: New Program for Plotting DSDPlus Statistics

Thank you to Matthew Cowley for submitting news about his new program called "Radio Analyser". Radio Analyser is a program that imports DSDPlus radio and group files into a postgresql database. The data can then graphed on the web interface allowing you to view talk group and radio statistics. DSDPlus is a program that can be used to listen in to digital P25, DMR and other digital voice protocols with an RTL-SDR or similar SDR.

Matthew writes the following, and some screenshots of the interface and graphs are shown in the slider and the end of the post:

I've been learning Ruby on Rails and as a first project I wrote a project that you host at home which imports the DSDPlus.radios and DSDPlus.groups files and displays their activity in graph form. It will show you total site activity, talk group activity and radio activity.

RA2
RA1
RA3
Loading image... Loading image... Loading image...

Radio Analyser: New Program for Plotting DSDPlus Statistics

Thank you to Matthew Cowley for submitting news about his new program called "Radio Analyser". Radio Analyser is a program that imports DSDPlus radio and group files into a postgresql database. The data can then graphed on the web interface allowing you to view talk group and radio statistics. DSDPlus is a program that can be used to listen in to digital P25, DMR and other digital voice protocols with an RTL-SDR or similar SDR.

Matthew writes the following, and some screenshots of the interface and graphs are shown in the slider and the end of the post:

I've been learning Ruby on Rails and as a first project I wrote a project that you host at home which imports the DSDPlus.radios and DSDPlus.groups files and displays their activity in graph form. It will show you total site activity, talk group activity and radio activity.

RA2
RA1
RA3
Loading image... Loading image... Loading image...

SignalsEverywhere: The Ethics of Decoding and Sharing Private Information with SDRs

Over on the SignalsEverywhere YouTube Corrosive has uploaded a new video that addresses the ethics about decoding private information with SDRs. The radio spectrum is full of private communications with little to no security around it. For example hospital pagers in many countries and cities are completely unencrypted and easily decoded by anyone who can run a radio and install software on Windows. These messages often contain very private patient data. Another example he gives is Inmarsat AERO Medlink voice communications, and how he's seen full phone calls being shared online.

In the video Corrosive discusses the ethics about publicly sharing these private communications, even if they may be legal to receive and share in your country. He argues that sharing someones private data and phone calls on the internet is in poor taste and is not okay, which I think is something everyone should be able to agree with.

SDR Ethics | We Need to Talk!

However, on the other side of the coin several responses to his video on Reddit share a different point of view. On that forum several expressed disagreement, noting that it's because these services are so insecure, that we should actively be sharing intercepted messages and trying to raise outrage and awareness about these privacy flaws. The argument stems from the idea that many information security researchers seem to take: if the public is not aware about their lack of privacy, only the bad guys will be taking advantage, and nothing will end up being properly secured by companies.

We've seen this approach taken by information security artists in the past like the Holy Pager art installation in New York. The temporary installation used a HackRF to continuously print out all pager messages being broadcast in an attempt to raise awareness about what private information is being sent for anyone to read. However, it may be one thing to share private data with a few art gallery patrons, versus the entire internet.

I think we should all at least agree on a middle ground. If you are listening/decoding radio services that are meant to be private but are unsecure for all to listen to, at least keep it to yourself, and don't share peoples private conversations/data on the internet. If you want to raise awareness about the lack of security to put pressure on companies, censor peoples private information and only mention generally about what you are hearing.

RTL-SDR and HackRF Used in Mr. Robot – A TV Drama About Hacking

A few readers have written in to let us know the role SDRs played in the last season of "Mr. Robot". The show which is available on Amazon Prime is about "Mr. Robot", a young cyber-security engineer by day and a vigilante hacker by night. The show has actual cyber security experts on the team, so whilst still embellished for drama, the hacks performed in the show are fairly accurate, at least when compared to other TV shows.

Spoilers of the technical SDR hacks performed in the show are described below, but no story is revealed.

In the recently aired season 4 episode 9, a character uses a smartphone running an SSH connection to connect to a HackRF running on a Raspberry Pi. The HackRF is then used to jam a garage door keyfob operating at 315 MHz, thus preventing people from leaving a parking lot. 

Shortly after she can be seen using the HackRF again with Simple IMSI Catcher. Presumably they were running a fake cellphone basestation as they use the IMSI information to try and determine someones phone number which leads to being able to hack their text messages. The SDR used in the fake basestation appears to have been a bladeRF.

HackRF Used on Mr Robot
HackRF Used on Mr Robot

In season 4 episode 4 GQRX and Audacity can be seen on screen being used to monitor a wiretap via rtl_tcp and an E4000 RTL-SDR dongle.

E4000 RTL-SDR Being used for Wiretap Monitoring
E4000 RTL-SDR Being used for Wiretap Monitoring

Did we miss any other instances of SDRs being used in the show? Or have you seen SDRs in use on other TV shows? Let us know in the comments.

Passive Doppler Aircraft Scatter with a VOR Beacon and an RTL-SDR

Over on YouTube Meine Videokasetten has posted a video showing how he's been using an RTL-SDR to detect aircraft landing and taking off via the scatter on a VOR beacon. VOR (aka VHF Omnidirectional Range) is a navigational beacon that is transmitted between 108 MHz and 117.95 MHz from a site usually at an airport. Although as it is an older technology it is slowly being phased out in some places. 

An interesting observation can be made that is unrelated to the actual operation and use of VOR navigation. When an aircraft passes near the VOR beacon it results in the signal reflecting and scattering off the metal aircraft body. As the aircraft is moving quickly, it also results in a frequency doppler shift that can be seen on an RF waterfall display.

In his video Meine Videokasetten uses an RTL-SDR and OpenWebRX to receive the VOR signal. He then pipes the audio output of that signal into Speclab which allows him to get significantly increased FFT resolution for the waterfall. This increased resolution allows him to clearly see the doppler scattering effects of aircraft on the VOR transmission. He notes that it's possible from the scattering to determine if an aircraft is taking off or landing.

Passive doppler radar on VOR beacon transmitter .:°:. A let's test it out

We note that back in 2015 we posted about the ability to "fingerprint" aircraft using this technique. Different types of aircraft will result in unique patterns on the waterfall. In that post they used analogue TV carriers which are not very common in most countries anymore, so it's good to see that this can be used with VOR signals too.

Comparing large and small aircraft with aircraft scatter
Comparing large and small aircraft with aircraft scatter with an analogue TV transmitter. From previous post.

Starlink GRAVES Radar Reflections Received with SDR

Over on YouTube Jan de Jong who is based in Germany has posted a short slide show video showing that he received reflections of the GRAVES space radar from the new Starlink satellites.

Starlink is a SpaceX run satellite constellation that is slowly being launched in order to provide worldwide satellite internet access. The last launch was on 11 November 2019. Typically multiple satellites are launched at once, and they follow each other closely in a line, slowly spreading out.

The GRAVES space radar is a powerful radar based in France that is used to track satellites. If you are not too far away from France and within the GRAVES radar footprint you can point an antenna at the sky, and tune to the GRAVES radar frequency of 143.05 MHz with an RTL-SDR or any other SDR. You might then receive the reflections of this radar signal coming from satellites passing overhead. GRAVES has also been used for meteor scatter detection.

As the 60 and more satellites from Starlink 2 pass over the Graves radar signal they reflect a vertical track on the HROFFT radar image from the 143.05Mhz signal. In the first images the satellites are all still very close together, in current passes they have spread already and the display looks almost like rain in the sky on the 1 second radar plot from HROFFT.
Signal received with SDR RTL (SDRuno RSP1A) and 3 element Yagi at 45 degrees towards south

Starlink-2 Passes over Graves Radar

Solving a Frequency Hopping CTF Challenge with Aliasing

At this years BSides Ottawa security conference, Clayton Smith was tasked with setting up a wireless "Capture the Flag" (CTF) competition. CTF competitions generally consist of a mystery signal that participants need to figure out how to decode with an SDR such as an RTL-SDR. 

One CTF that Clayton set up was a frequency hopping challenge with several levels of difficulty. The signal consisted of a narrow band FM signal that constantly hopped between multiple fixed frequencies. The idea was to use whatever means possible to piece together that signal again so that the speech audio could be copied.

The first level had the audio signal hopping very slowly, so the speech could be pieced together manually by listening by ear to each channel it transmitted on. Subsequent levels had the signal hopping much faster, so they required some DSP work to piece everything back together.

In his post Clayton writes about three possible GNU Radio based DSP solutions to the problem. The first method he describes is an interesting method that abuses the effects of aliasing. Aliasing is a problem in SDRs when a signal can be folded on top of another, creating interference. However, this approach makes use of aliasing to purposely fold the hopping channels into one frequency, resulting in speech that can be copied.

The rest of his post explains two other methods that could be used as well. The second method involves treating the entire band consisting of the hopping signals as a single FM signal, then filtering it with a DC block. The third approach uses FFT to detect which channel is active with the highest power, then shifting that channel by it's offset.

Spectrum of the frequency hopping CTF challenge.
Spectrum of the frequency hopping CTF challenge.

Clayton also set up another CTF with gr-paint. The idea was to read text on a "painted" waterfall with ever decreasing text spacing that would eventually be too small to read on standard SDR programs like GQRX. Instead, the solution was to open the IQ data in a tool like Inspectrum or Baudline which has much higher FFT resolution. 

Gr-Painted spectrum with decreasing text.
Gr-Painted spectrum with decreasing text spacing.

Astrophiz Podcast Interviews Steve Olney: Capturing the 2019 Vela Pulsar Glitch with an RTL-SDR

Back in May 2019 we posted about Steve Olney's HawkRAO amateur radio astronomy station which was the only station in the world to capture the 2019 Vela Pulsar "glitch" which he did so using his RTL-SDR as the radio. The astronomy focused podcast "Astrophiz" recently interviewed Steve in episode 95 where he talks about his amateur radio background, his home made radio telescope, his RTL-SDR and software processing setup, and the Vela glitch.

A pulsar is a rotating neutron star that emits a beam of electromagnetic radiation. If this beam points towards the earth, it can then be observed with a large dish or directional antenna and a radio, like the RTL-SDR. The Vela pulsar is the strongest one in our sky, making it one of the easiest for amateur radio astronomers to receive.

Pulsars are known to have very accurate rotational periods which can be measured by the radio pulse period. However, every now and then some pulsars can "glitch", resulting in the rotational period suddenly increasing. Glitches can't be predicted, but Vela is one of the most commonly observed glitching pulsars.

The HawkRAO amateur radio telescope run by Steve Olney is based in NSW, Australia and consists of a 2 x 2 array of 42-element cross Yagi antennas. The antennas feed into three LNAs and then an RTL-SDR radio receiver. 

Astrophiz 95: Steve Olney: From Ham Radio to Radio Astronomy - "The 2019 Vela Glitch" 

Feature Interview: This amazing interview features Steve Olney who has established the Hawkesbury Radio Astronomy Observatory in his backyard. Steve has constructed a Yagi antenna array, coupled it with a receiver and observed a pulsar 900 LY away and generated data that has enabled him to be the only person on the planet to observe Vela’s 2019 glitch in radio waves as it happened.

If you're interested in learning more about Vela, Astrophiz podcast episode 93 discusses more about the Vela glitch and why it's important from a scientific point of view.

Reverse Engineering and Controlling a Pan-Tilt Camera Servo with an RTL-SDR and Arduino

The ZIFON YT-500 is a pan-tilt tripod designed for mounting small cameras and smart phones. It also comes with an RF based 433 MHz wireless remote control that allows you to remotely control the positioning.

However, Konstantin Dorohov wanted to be able to control the camera positioning from his PC rather than through the remote control, so he set out to reverse engineer and clone the 433 MHz wireless control signal.

To do this he first used an RTL-SDR and SDR# to record the signals generated by each button press of the remote. He then opens the audio files in Audacity which allows him to inspect the signal's structure and determine some important information such as the preamble + payload timing and ON/OFF pattern. 

Knowing this information he was then able to use an Arduino with a 433 MHz transmitter connected to replicate the signal exactly. His post contains the sample code that he used.

Reverse Engineering the Pan/Tilt Servo with an RTL-SDR, and replicating the signal with an Arduino.
Reverse Engineering the Pan/Tilt Servo with an RTL-SDR, and replicating the signal with an Arduino.