Tagged: rtl2832u

A Pocket DATV Transmitter and Receiver with Raspberry Pi, LimeSDR Mini and RTL-SDR

Over on YouTube user Evariste Okcestbon has uploaded a video showing his simple pocket DATV system that consists of a LimeSDR running on a Raspberry Pi Zero transmitting live camera images via DATV which is received by an RTL-SDR running on a Raspberry Pi 3.

If you didn't already know, DATV stands for Digital Amateur Television and is a digital mode somewhat similar to digital over the air TV signals that can be used by hams for transmitting their own TV signals on the ham bands. The LimeSDR Mini is a $139 US transmit and receive capable SDR that is currently crowdfunding and available for pre-order on Crowdsupply. It is expected to ship at the end of February 2018.

Evariste uses a range of software packages on each Raspberry Pi. He writes the following in the video description:

Description of a minimal Digital Tv chain : Transmitter and Receiver.

Hardware used on Tx : PiZero,Picam,LimeSDR Mini

Hardware used on Rx : Raspberry Pi 2, RTL-SDR,Monitor

Software used on Tx : avc2ts,dvb2iq,limetx

Software used on Rx : rtl_sdr,leandvb,kisspectrum,ts2es,hello_video

Softwares available on https://github.com/F5OEO
Special Thx to G4GUO, F4DAV and LimeSDR

Evariste is also the author of Rpidatv which allows you to transmit DATV directly from the GPIO pins of a Raspberry Pi without the need for any transmit capable SDR.

An RTL-SDR Based Optical Laser Interferometer Implementation

Thanks to PhD student Lucas Riobó of the University of Buenos Aires, Argentina for submitting his very interesting work on creating a "High-speed real-time heterodyne interferometer" with a low cost RTL-SDR dongle. This is a new application for the RTL-SDR that we have not yet seen.

Interferometers are tools that combine two separate electromagnetic waves (e.g. radio or light) and analyze the interference pattern created by their combination. One usage for example is creating a radio telescope interferometer using multiple small radio dishes. The result is that you can get the same resolution as a much larger dish without the cost of needing to build a huge dish. This has been done before with RTL-SDR's and Pulsar detection.

The paper and concept is fairly complex for someone without a background in optical science, but basically it seems that Lucas has created an optical interferometer that interfaces with an RTL-SDR dongle via a wideband optoelectronic front-end. This allows the optical data to be translated into an RF signal which can then easily be analysed with the low cost RTL-SDR. A system like this reduces costs and allows for much easier data acquisition and processing on the PC. He writes:

As you may know, optical Interferometry is a family of techniques in which the superposition of electromagnetic waves (in the optical range of the spectrum), cause the phenomenon of interference in order to extract information. In this work, we implement an optical heterodyne interferometer. This interferometer, the waves (laser beams) that superpose have a frequency shift f0 between them. When the beams interfere, the intensity from the combination of the beams (interferogram) is a sinusoid signal at a frequency f0 (i.e. a carrier signal). In this work, one of the beams reflects over a sample that has a mechanical deformation. Therefore, this information is encoded in the phase of the carrier signal.

We applied the RTL-SDR dongle to demodulate the carrier signal to extract the phase information. Instead of using an antenna, we put a photodiode with a transimpedance amplifier (TIA). Thus, since the signal obtained from the photodiode and the TIA is proportional to the interferogram, the phase/frequency recovery techniques are the same as those used in telecommunications systems (i.e. we can use many demodulation algorithms developed by the community).

The OSA paper linked in the above text is behind a paywall, but Lucas has also shared with us a related paper research paper published in the University of Buenos Aires' Revista Elektron journal. Lucas also writes that you can freely contact him at [email protected] if you would like further information about the project.

The RTL-SDR Laser Interfereometer with Optoelectronic Front End and RTL-SDR
The RTL-SDR Laser Interfereometer with Optoelectronic Front End and RTL-SDR

Reverse Engineering for a Secure Future: Talk by Samy Kamkar

During the Hackaday superconference held during November 2017, Samy Kamkar presented a talk on how he reverse engineers devices, and in particular passive entry and start systems in vehicles. In the talk he also explains what tools he uses which includes SDRs like the HackRF One and RTL-SDR dongle and explains the methodology that he takes when looking at how to reverse engineer any new device. Samy is most famous for writing the Samy MySpace computer worm and also popularizing the "RollJam" wireless car door vulnerability. The talk blurb reads:

In this talk Samy Kamkar shares the exciting details on researching closed systems & creating attack tools to (demonstrate) wirelessly unlocking and starting cars with low-cost tools, home made PCBs, RFID/RF/SDR & more. He describes how to investigate an unknown system, especially when dealing with chips with no public datasheets and undisclosed protocols. Learn how vehicles communicate with keyfobs (LF & UHF), and ultimately how a device would work that can automatically detect the makes/models of keyfobs nearby. Once the keyfobs have been detected, an attacker could choose a vehicle and the device can wirelessly unlock & start the ignition. Like Tinder, but for cars.

Samy Kamkar: Creating Vehicle Reconnaissance & Attack Tools -- Hackaday Superconference 2017

Unknown Signal Reverse Engineering and Decoding AFSK Signals Tutorial

Over on his blog "ele y ciencia" has written up two very useful blog posts - one on how to decode AFSK signals from scratch and the other on how to reverse engineer any unknown digital signal. The blog is written entirely in Spanish, but Google translate does a decent enough job at getting the message across (in Chrome right click anywhere on the page and select Translate to English or use the Google translate webpage).

The first post is about decoding an AFSK protocol and explains that you need to record the signal with an RTL-SDR or other SDR, apply a low pass filter to obtain the signal envelope and then apply thresholding with the known baud rate to obtain the demodulated digital signal. The tutorial is high level and just explains the process, but doesn't show how to do it in any software. Later on in the post he goes on to show how he reverse engineered a train-land radiotelephone system and a TCM3105 modem chip which utilizes a FSK system.

In the second post he shows how to decode any unknown digital signal using just an RTL-SDR and Audacity. He starts off with finding and recording an unknown digital signal with an RTL-SDR and then reverse engineers it in a sort of manual fashion without using any tools like Universal Radio Hacker. The post goes through the full details and steps that he took, and in the end he gets data out of the signal discovering that it is data from a Fleet Management System used in his country for monitoring data such as speed and engine data from commercial vehicles like trucks and buses.

The two posts are very detailed and could be an excellent reference for those interested in reverse engineering some unknown digital signals in your area.

Decoding an Unknown "Fleet Management" signal from scratch.
Decoding an Unknown "Fleet Management" signal from scratch.

Sniffing MiniMed Insulin Pump RF Packets with an RTL-SDR

A MiniMed Insulin Pump with wireless meter

Over on GitHub we've just seen the release of a program called rtlmm made by user ps2 which decodes MiniMed RF packets with an RTL-SDR. We weren't entirely such what MiniMed was, but from Googling the name it appears that it is a product by a company called Medtronic who sell medical equipment such as portable automatic insulin pumps and glucose monitors for diabetic patients. These products have RF telemetry links that transmit to a meter which can receives data and forwards it to your phone via Bluetooth LE. Sniffing the telemetry from these sensors could allow you to build up your own data without the need of the meter.

Rtlmm was inspired by a similar program called rtlomni which is a program released a few months ago and made by F5OEO. rtlomni works with Omnipod diabetes insulin pumps and monitors which are similar products to MiniMeds offerings.

Turning an old Radiosonde into an Active L-Band Antenna

VK5QI's Radiosonde Collection
VK5QI's Radiosonde Collection

Over on his blog VK5QI has shown how he has was able to re-purpose an old radiosonde into a wideband active L-band antenna. Radiosondes are small packages sent up with weather balloons. They contains weather sensors, GPS and altitude meters and use an antenna and radio transmitter to transmit the telemetry data back down to a ground station. With a simple radio such as an RTL-SDR and the right software, these radiosondes can be tracked and the weather data downloaded in real time. Some hobbyists such as VK5QI go further and actually chase down the weather balloons and radiosondes as they return to earth, collecting the radiosonde as a prize.

VK5QI and his friend Will decided to put some of his radiosonde collection to good use by modifying one of his RS92 radiosondes into a cheap active L-band antenna. They did this by first opening and removing unnecessary components that may interfere such as the main CPU, GPS receiver, 16 MHz oscillator, SAW filters and balun. They left the battery, LDO's, LNA's and Quadrifilar Helix GPS antenna which is tuned to the GPS L-band frequency. Finally they soldered on a coax connector to a tap point on the PCB and it was ready to use.

They then connected the new antenna to a RTL-SDR V3 and fired up GQRX. They write that their results were quite promising with several Inmarsat and Iridium signals being visible in the spectrum. VK5QI also used gr-iridium with the antenna as was able to decode some Iridium signals.

Modified Radiosonde L-Band Antenna connected to a RTL-SDR V3.
Modified Radiosonde L-Band Antenna connected to a RTL-SDR V3.

Transmitting and Receiving Text Data via an MP3, FM Transmitter and RTL-SDR

Over on his YouTube channel Kris Occhipinti has uploaded some videos where he shows how he is able to send text data over FM radio frequencies by using an MP3 audio file that  encodes the text data, an FM transmitter connected to an Android phone or MP3 player to transmit the file and an RTL-SDR on the receiving side to receive the FM signal from the FM transmitter. The software used to encode the text into an MP3 is Minimodem, and on the receiving side Minimodem is also used which can easily decode the received audio. Minimodem is a command line program which can generate FSK modem tones from data.

These two videos are part of a series that Kris has been working on that includes many videos about using Minimodem to transfer data like text, files and images between computers via radio.

12 Minimodem an FM Transmitter and a USB SDR Dongle

13 Radio Data Trasmission with RTL FM and SDR

An RTL-SDR Based Ground Penetrating Radar & Metal Detector

Thanks to Dr. Celalettin Uçar from Turkey for submitting a video of the work done by a PhD student who as part of his research created an RTL-SDR based ground penetrating radar simulation and metal detector. He writes:

This apparatus (YAĞRIN) was created with rtlsdr in a phd work. We achieved detecting a metal gasoline tube from the depth of aproximately 1 meters. Furthermore, we created the time domain signal and ploted the reflaction from the metal with using the matlab (simulink) model.

A video on YouTube is linked which we display at the end of the post. They write that the system consists of a 12V DC supply, step down voltage regulator, ADF 4350 programmable signal generator, 25W power amplifier (470 MHz, 45 dBm signal power), Philips omnidirectional antennas (RX,TX), a 64 dB low noise amplifer and an RTL-SDR and computer to display the output. The software he uses is SDR# which appears to simply listen for a tone and detect any changes that occur when something metal moves near it. The PC also runs a MATLAB Simulink model which we believe helps detect metal signatures by plotting the reflection.

In the past we posted about a similar but simpler metal detector implementation by Ancient Discoveries.

RTL-SDR BASED GPR (Simulation) & METAL DETECTOR (YAĞRIN) - Dr. Celalettin UÇAR