Tagged: rtl2832u

Using a KerberosSDR to Monitor Air Traffic Control Voice, ADS-B, ACARS & VDL2 Simultaneously on a Raspberry Pi 3B+

The KerberosSDR is our 4-channel phase coherent capable RTL-SDR unit that we previously crowdfunded back in 2018.  With a 4-channel phase coherent RTL-SDR interesting applications like radio direction finding, passive radar and beam forming become possible. KerberosSDR is currently available from the Othernet store and Hacker Warehouse for US$149.95.

Although the KerberosSDR was mostly created to help unlock projects requiring phase coherency, we've had interest from multiple users asking for information on how to use the KerberosSDR as a tool for monitoring multiple separate signals at once.

Doing this is actually very simple. If you ignore the extra circuitry to make the KerberosSDR phase coherent, the KerberosSDR is at it's core just 4 separate RTL-SDR dongles connected to a quality USB hub. So if you're not using our coherent demo software, then plugging a KerberosSDR into a PC or single board PC will result in four RTL-SDR dongles that can be accessed individually.

The tutorial below could also be done with four individual RTL-SDR dongles, but you would also want to have a reliable powered USB hub.

Example Aviation Radio Monitor

Below we show an example tutorial of how the KerberosSDR could be used as a 4-channel aviation monitor for monitoring air traffic control, ADS-B, ACARS and VDL2 simultaneously on a single Raspberry Pi 3B+. The video below shows a demo.

KerberosSDR Monitoring Air Traffic Control Voice, ADS-B, ACARS & VDL2 on a Raspberry Pi 3 B+

The first step is to simply burn the latest Raspbian Buster to an SD Card, and set up your WiFi wpa_supplicant file as you would on any standard Raspbian install. Also add a blank file called "SSH" or "SSH.txt" to the boot directly to enable an SSH connection. Alternatively you could set this up with a monitor. We used Raspbian Buster Lite, as we are not intending to use the desktop GUI.

Next use PuTTY or your preferred terminal software to connect to your Raspberry Pi via SSH. You may need to use your routers config software/page to find the IP address of the Raspberry Pi. The default SSH port is 22.

Finally, update the repos on your install before continuing with the software installation process.

sudo apt update
sudo apt install librtlsdr-dev rtl-sdr

KerberosSDR Hardware Setup

Here we connected a single quarterwave ground plane antenna tuned to the airband frequencies to three input ports on the KerberosSDR via a cheap RF TV splitter. The fourth antenna input was to a RadarBox ADS-B antenna.

The KerberosSDR and Raspberry Pi are powered via two official Raspberry Pi 5V plug packs, and the KerberosSDR is connected to the Pi via a single short high quality USB cable.

Setup Topology
Setup Topology

Installing RTL-Airband

RTLSDR-Airband is an efficient command line based scanner program for the RTL-SDR. It works by rapidly scanning over a set of frequencies and looking for active signals, and playing the active AM or FM transmission. When an active signal is found it can be configured to stream the audio to an Icecast server, record to a file, or to play directly to your speakers. Alternatively you can also configure it to stream multiple channels simultaneously. If set up to stream to an Icecast server you can listen to the scanned audio from any device on your network with an internet browser.

Here we will use RTL-Airband to scan the air traffic control voice bands which are used by air traffic controllers and pilots to communicate by voice with one another. The transmissions are in AM and are found between 118–136.975 MHz.

First install the pre-requisites, and then install RTL-Airband.

sudo apt-get install -y build-essential libmp3lame-dev libshout3-dev libconfig++-dev libraspberrypi-dev librtlsdr-dev

wget -O RTLSDR-Airband-3.0.1.tar.gz https://github.com/szpajder/RTLSDR-Airband/archive/v3.0.1.tar.gz
tar xvfz RTLSDR-Airband-3.0.1.tar.gz
cd RTLSDR-Airband-3.0.1
make PLATFORM=rpiv2
sudo make install

Next install an Icecast server onto your Raspberry Pi. This will allow us to connect to the Pi via a web browser to listen in to the audio.

sudo apt-get install icecast2 -y

The install steps will ask you to input admin passwords of your choice, make sure you remember or write these down.

Now edit the rtl_airband.conf file with:

sudo nano /usr/local/etc/rtl_airband.conf

Paste in the configuration below making sure to set the actual frequencies used by air traffic control and airlines in your particular area by adding or removing frequencies from the "freqs" line.

Also be sure to set the "index" to whatever antenna input you have used (0 - 3) on your KerberosSDR for your VHF air band antenna. You may want to experiment with the gain value, but for now you can leave it as default.

If you are using another template for the config file, ensure that the "correction" value is set to 0 as the KerberosSDR uses a TCXO and requires no PPM correction.

Finally, don't forget to also set the Icecast server password that you set up in the previous step, making sure to leave the username as "source".

type = "rtlsdr";
index = 2;
gain = 32;
correction = 0;
mode = "scan";
freqs = ( 118.1, 118.7, 119.5 );
labels = ( "Tower A", "Tower B", "Tower Control")$
outputs: (
type = "icecast";
server = "";
port = 8000;
mountpoint = "stream.mp3";
name = "Airband Voice";
genre = "ATC";
description = "My local airport - aggregated feed";
username = "source";
password = "kerberos";
send_scan_freq_tags = false;

Next set up the Icecast server if required using the instructions here. If the default port and number of source is fine for you, you can leave everything as default.

Now to start RTL-Airband run:

sudo rtl_airband -f

To listen to the scanned audio, browse to http://RASPI_IP_ADDRESS:8000/stream.mp3 on any device connected to the same network

Installing dump1090

Leave the RTL-Airband PuTTy window open, and open a new instance of PuTTy and once again connect to the Raspberry Pi in a new session. We will install the FlightAware branch of dump1090, as this is the most up to date version. dump1090 allows you to track aircraft that are transmitted ADS-B.

sudo apt-get install build-essential debhelper librtlsdr-dev pkg-config dh-systemd libncurses5-dev libbladerf-dev
git clone https://github.com/flightaware/dump1090
cd dump1090
dpkg-buildpackage -b

Now we can run dump1090 with the following line. Make sure to set the "--device 3" flag to the antenna input that you have connected your ADS-B antenna to. In our case we connected it to the last SMA input which is input 3.

./dump1090 --device 3 --interactive --net

Now to view the data on a map, you can install Virtual Radar Server on any Windows PC on the same network. Once installed, add an "AVR or Beast Raw Feed" receiver, with the IP address of your Raspberry Pi and Port 30002.

Installing ACARSDeco2

Again, leave both PuTTy windows open, and open a new PuTTy SSH terminal and connect again. Here we'll install ACARSDeco2 which is a multiband ACARS decoder. ACARS is an acronym for Aircraft Communications Addressing and Reporting System which is a digital communications system that aircraft use to send and receive short messages to and from ground stations. Most messages are unreadable telemetry data intended for computers, but often you will see messages about weather, wind, dangerous cargo warnings, fuel loading information and more.

ACARSDeco2 is not an open source program, so you'll need to first download the compressed file from http://xdeco.org/?page_id=30 on a PC. Make sure to get the Raspberry Pi 2/3 version of ACARSdeco2 for Stretch.

Now use a program like WinSCP to transfer the .tgz file to the Raspberry Pi. In WinSCP select SCP as the file transfer protocol, log in with "pi/raspberry" and drag the file over to the Pi's home folder.

Then back on the Raspberry Pi, simply move the file into it's own folder, and extract the files.

mkdir acarsdeco2
mv acarsdeco2_rpi2-3_debian9_20181201.tgz acarsdeco2
cd acarsdeco2
tar -xvzf acarsdeco.tgz

Now you can run the program with the following command. Make sure to specify the ACARS frequencies used in your area if they are different. Also here we used antenna input 1 for the ACARS antenna and specified that with "--device-index 1". If you are running Virtual Radar Server on your Windows PC as explained in the dump1090 install, you can enter the Windows VRS server IP address, so that location data will be sent back to the ACARSdeco2 server.

./acarsdeco2 --device-index 1 --freq 131550000 --freq 131450000 --gain 34 --http-port 8081 --vrs-url

Now on your Windows PC, open a browser and open PI_IP_ADDR:8081 to view the incoming ACARS messages.

Installing dumpvdl2

Again, leave both PuTTy windows open, and open a new PuTTy SSH terminal and connect again. Here we will install dumpvdl2 which is a VDL2 decoder. VDL2 is a replacement for the aging ACARS system which is being phased out in some areas. In some areas VDL2 is now more common than ACARS, and in some areas it's the opposite.

First install pre-requisites.

sudo apt-get install build-essential cmake git libglib2.0-dev pkg-config librtlsdr-dev

Dumpvdl2 requires libacars to work, so install libacars first:

git clone https://github.com/szpajder/libacars 
cd libacars
mkdir build 
cd build 
cmake ../ 
sudo make install 
sudo ldconfig

Finally, install dumpvdl2

git clone https://github.com/szpajder/dumpvdl2.git
cd dumpvdl2
mkdir build
cd build
cmake ../
sudo make install

Now to run dumpvdl2:

dumpvdl2 --rtlsdr 2 --gain 35

dumpvdl2 has no webserver so it can only be viewed from the terminal window.

Alternative Tools

Stations in the USA could replace one program with dump978, which decodes UAT positional data from smaller aircraft. If you live near a glider range, a FLARM decoder could also be used. You could also run an AIS receiver if you live near a water way.

Further Steps

If setting this up as a permanent station, you might want to go ahead and create a startup script that runs these programs on boot. Then you won't need to open up PuTTy terminals to start all the programs. The easiest way to do this is to use the @reboot code in crontab to run your script. Be sure to use sudo crontab -e for running RTL-Airband as this requires root.

Increasing L-Band Active Patch SNR by using it as a Feed for a Satellite Dish

Recently RTL-SDR.COM reader Bert has been experimenting with our active L-band patch antenna product. He's written in to share that he's found that using it as a feed for a satellite dish works well to improve SNR on those weaker 10500 AERO signals which Bert found that he could not decode from his location due to insufficient SNR. Our active L-band patch antenna receives signals from 1525 - 1637 MHz and can be used for signals from Inmarsat, Iridium and GPS satellites.

To use the patch as a feed Bert used a 40mm drain pipe and mounted the antenna on the end of the pipe. The drain pipe fits perfectly into the LNB holder, and once mounted the distance and polarization rotation can easily be adjusted for best SNR. He also found that adding a secondary sub-reflector about 17x17cm in size helped to boost SNR by about 3-5 dB too.

Build steps to use the Active L-band Patch with a Satellite Dish
Build steps to use the Active L-band Patch with a Satellite Dish

Bert has tested the active L-band patch as a feed on a 65cm satellite dish and a smaller 40cm dish, both with good results.

SNR Results
SNR Results

DSDPlusUI: A Graphical User Interface for DSD+

Over on Twitter Annunaki (@StupotSinders) has been teasing some screenshots of a GUI for DSD+ that he's been developing over the past few weeks. And now he has released the software which is called "DSDPlusUI". DSD+ is mostly command line based, so a GUI could be useful for newbies. The software can be downloaded from the DSDPlusUI groups.io page.

DSD+ (aka Digital Speech Decoder) is a free closed source program that is compatible with RTL-SDR and various other SDRs which is used to decoder digital speech protocols such as P25 P1, DMR, NXDN and more. DSD+ Fastlane is a paid upgrade which allows subscribers to receive the latest updates to the software early. 

DSD+ GUI by Annunaki
DSD+ GUI by Annunaki

RadarBox Optimized ADS-B Antenna + RTL-SDR Bundle Sale $39.95 + Shipping

Over in our store we're currently selling a RadarBox branded bundle that includes an ADS-B optimized antenna with 10 meters of coax, AND an ADS-B 1090 MHz optimized RTL-SDR dongle. RadarBox24 is an ADS-B aggregation flight tracking service similar to other services like FlightRadar24 and FlightAware. The set is RadarBox branded, but of course can be used with any tracking service, or just for your own private ADS-B station.

The bundle is now on sale for US$39.95 + shipping! The sale will last until stock runs out and this sale is only available from us. At other places like Amazon it is currently selling for US$64.95.

To purchase please visit our store and scroll down to find the RadarBox bundle "Add to Cart" button.

The antenna has 7 dBi gain, 50 (+-5) Ohm impedance, and is made from fiberglass and aluminum. It is fully waterproof and outdoor rated with 10 meters of coax cable and includes mounting clamps. The RadarBox RTL-SDR is specifically optimized for 1090 MHz ADS-B reception with it's built in filter and low noise amplifier.

The bundle ships out once per week and tracking is provided 1-2 days after shipping.

RadarBox Bundle: Includes 1x Outdoor ADS-B Antenna, 1x ADS-B Optimized RTL-SDR
RadarBox Bundle: Includes 1x Outdoor ADS-B Antenna AND 1x ADS-B Optimized RTL-SDR

Receiving and Decoding NFC with an RTL-SDR and GNURadio

Having been inspired by an NFC activated coffee machine at his work, back in 2017 Jean Christophe Rona uploaded a blog post showing how he used an RTL-SDR and GNU Radio to sniff and decode NFC (Near-Field Communication) tags. His post first goes into detail showing how NFC works and goes on to create a GNU Radio flow graph with custom GNU Radio block for decoding the NFC Miller code. The final result was him being able to demodulate the coffee machine to tag communication. We note that in Jeans experiments he used a standard RTL-SDR dongle with the HF driver hack in order to receive the NFC frequency of 13.56 MHz, but these days it should also be possible to simply use direct sampling on an RTL-SDR Blog V3 unit.

More recently Martin Schaumburg (5ch4um1 on YouTube), wrote in and wanted to share his video showing his replication of Jean's experiments. Martin's video shows him using a simple coiled up wire antenna on his RTL-SDR to receive NFC communication from an NFC reader to NFC tag, and he shares a few tips on getting the software to work.

RTLSDR NFC decoding reader to tag communication with a rtl-sdr and gnuradio.

Update 13 January 2020: Martin has added a second video with some additional information and tests.

RTLSDR decoding NFC, or: how to get two signals for the price of one.

Tracking down a Water Leak with RTLAMR

Earlier in the year Clayton discovered that his water bill had suddenly gone up one month. Suspecting a leaky appliance he set out to discover what it was by using an RTL-SDR and the rtlamr decoder. The rtlamr decoder is able to decode water meters that transmit usage data wirelessly via the Itron ERT protocol which is typically found in the unlicensed 900 - 920 MHz band in the USA and Canada.

Clayton wrote a simple Python script to plot the usage data extracted by rtlamr, and after a week determined that water was being consumed at 10 liters an hour even while away from home. Suspecting a leak in the toilets he turned off their valves and the next day saw that the reading remained constant when away, indicating that he'd found the leak.

A water leak graphed by decoding an Itron ERT water meter with RTL-SDR
A water leak graphed by decoding an Itron ERT water meter with RTL-SDR

Meteor M N2-2 Has Failed but Recovery May be Possible

UPDATE: It has now been confirmed by Roscosmos that the satellite was struck by what is presumed to be a micrometeorite which caused a leak of thermal transfer gas, and hence a sudden orbit change. It seems unlikely that the satellite will begin operations again as the satellite cannot operate it's camera sensors without thermal cooling. Data is being transmit currently on the X-Band, however, it appears to be a stored image only, rather than live images.

On December 18, 2019, an abnormal situation was recorded on the Meteor-M spacecraft No. 2-2 associated with an external impact (presumably a micrometeorite) on its structure. As a result, he changed the parameters of the orbit and switched to a non-oriented flight mode with high angular velocities.

In accordance with the inherent logic of operation, the device stopped fulfilling the target task and automatically switched to energy-saving mode when the on-board systems that were not involved in ensuring its functioning (including all on-board target equipment) are turned off.

After entering into the zone of Russian ground-based controls with the Meteor-M spacecraft No. 2-2, communication was established and work began to restore its operability: damping angular velocities, transferring to the standard orientation, receiving telemetric and target information.

Currently, work is underway with the satellite under the program of the chief designer. Meteor-M No. 2-2 is in an oriented flight; regular control sessions are conducted with it to receive telemetric information and information from target equipment.

Happysat's Notes:

Depressurization caused gas that was inside and used for heat transfer to leak out.

Resulting in some devices onboard overheating, while others did stop working.

Batteries are working under harsh thermal conditions.

Experts analyzing MSU-MR images during the incident to confirm collision.

------------------------- Original Post -------------------------

On December 18 Meteor M N2-2 suffered a failure that appears to have changed it's orbit. Roscosmos is quiet on the issue, but speculation by R4UAB is that there was a depressurization or on board explosion. However, Happysat who appears to be in contact with Roscosmos insiders has noted that on December 20 the orbit has been stabilized, and that they are working on recovering the operation of the satellite. Currently the LRPT signal and all sensors remain OFF.

Meteor M N2-2 is a Russian weather satellite that was successfully launched into orbit on July 5 2019. Like with the NOAA and Meteor M N2 satellites, it is possible to receive weather satellite images from this satellite with an RTL-SDR (when it is operational).

The older but still operational Meteor M2 satellite has failed several times in it's history too, each time with the satellite entering an unstable tumble. However, each time the satellite was recovered back into full operation after a few days.

The Meteor-M2 Satellite
The Meteor-M N2-2 Satellite

PiSDR Updated to Version 3.0: Now Supports the Airspy HF+

PiSDR is a Raspberry Pi distribution that is pre-loaded with multiple programs for various software defined radios. It currently supports RTL-SDR, LimeSDR, PlutoSDR, Airspy, and as of the most recent update the Airspy HF+. The currently pre-installed software packages include SDR Angel, Soapy Remote, GQRX, GNURadio, LimeUtil, and LimeVNA.

Recently version 3.0 was released, and this new version adds a few new features like Desktop shortcuts, Raspberry Pi 4 support, Airspy HF+ support and documentation.

The latest image can be downloaded from the PiSDR website at https://pisdr.luigifreitas.me. It can be burned to an SD card in the same way that you would with a standard Raspbian installation. This is a great image to start from if you're experimenting with RTL-SDRs on a Raspberry Pi, as it means that you don't need to go through all the steps of installing the drivers and software like GQRX and GNU Radio which can take a long time to install.

PiSDR Running a SDRAngel with a LimeSDR
PiSDR Running a SDRAngel with a LimeSDR