Over on Hackaday we've seen an interesting post about the non-profit "Watch Duty" wildfire reporting smart phone app for Californians. Several populated regions of California are extremely prone to wildfires, and it's important that residents get timely notifications about nearby wildfires so they can evacuate early and/or prepare their defensible spaces.
Often by the time official notifications have gone out, it is too late. To solve this, the approach Watch Duty takes is to have volunteers monitoring public safety radio channels, and ADS-B aircraft positions in order to gather information in real time. Once critical information is established, the watch duty volunteer can push out a notification via the smart phone app.
The volunteers make use of receiver stations that consist of multiple RTL-SDR dongles with each dongle monitoring a different EMS radio system, and one additional RTL-SDR is used for ADS-B aircraft monitoring of helicopters and fire fighting aircraft. The stations appear to uplink radio data to the volunteers via a cellular modem or Starlink.
Earlier in the year Popular Science and Wired reported on Watch Duty as well, but did not mention the use of RTL-SDRs.
A Watch Duty monitoring station with multiple RTL-SDR Blog V3 dongles.
It also appears that the Twitter account for ADS-B Exchange @ADSBexhchange itself has been suspended too, as well as various other flight tracking Twitter bots that were using data from ADS-B Exchange. Elon Musk's tweet indicates that legal action is being taken against "Sweeney & organizations who supported harm to my family". It is unclear if this implies that legal action will be taken against ADS-B Exchange.
Elon Musk's Real-Time Doxxing Tweet
ADS-B (Automatic Dependent Surveillance–Broadcast) is a radio signal that is required to be broadcast by all aircraft for the purposes of air traffic control and collision avoidance. The ADS-B signal provides real time unencrypted location information that anyone with a low cost radio receiver like an RTL-SDR and cheap computer like a Raspberry Pi can receive, decode and turn into a live map of aircraft in the surrounding area.
ADS-B Exchange is an ADS-B aggregator that collects ADS-B data received from volunteers all over the world that are running RTL-SDR and other SDR dongles or radios operating as ADS-B receivers. Compared to more commercial flight tracking services like FlightAware and FlightRadar24 (who also make use of volunteer stations), ADS-B Exchange guarantees that they will not censor the tracking of military, police or private jets. This has generated debate in the past over whether this philosophy is either more moral or less moral.
ADS-B Exchange has been key to projects like "Dictator Alert" which tracks the real time location of the private jets of known dictators.
The Organized Crime and Corruption Reporting Project (OCCRP) has also made use of ADS-B Exchange data in the past to uncover the role that US civilian aircraft contractors are playing in the East African "kill chain".
Media have also used ADS-B Exchange to track the movements of the military aircraft like Black Hawk Helicopters and CBP Predator drones that were used to monitor crowds during the George Floyd protests.
Previously Elon Musk indicated that he would not ban the account following his private jet, however after the stalker altercation he appears to have rapidly changed his tune. Even without the Twitter bot, private jets can easily be tracked via ADS-B Exchange so any dedicated person could still gather this information without too much hassle. So it seems likely that legal action will be taken against ADS-B Exchange as per Elon's tweet. Other ADS-B data aggregators like FlightRadar24 and FlightAware should be safe from legal action as they do censor private aircraft upon request. Hopefully ADS-B exchange has prepared for this legal battle, which was probably an inevitable unfortunate outcome from their policy. If not from private jet owners, then the military or police would likely eventually take action if the data ever became a problem.
Over on YouTubem channel NotaRubicon Productions has uploaded a video describing how a KrakenSDR was used to find the location of a person jamming a repeater site. Amateur radio enthusiasts can utilize VHF or UHF repeater towers, which receive signals from lower power handheld or other radios, and retransmit that signal at high power on a slightly different frequency over a much wider area. Unfortunately malicious people can jam these repeaters by transmitting at the same time as other users, effectively denying use of the repeater by legitimate users.
If you weren't already aware, KrakenSDR is our 5-channel coherent radio based on RTL-SDRs, and it can be used for applications like radio direction finding. We successfully crowd funded the device on Crowd Supply, and the device is currently available for sale on Crowd Supply, Mouser and direct from our website krakenrf.com.
In this video I read the story of how we caught the jammer that had been jamming our GMRS repeater for months, and how by using the KrakenSDR Radio Direction Finder (RF locator), we were at his house in 1 hour.
The KrakenSDR can track a signal being transmitted from 100Mhz to 1Ghz - so I can track ham repeater jammers, GMRS repeater jammers, ham-radio transmitters, GMRS radios - pretty much any transmitter with a signal strong enough for you to receive.
How The KrakenRF Located Our Repeater Jammer In 1 Hour. Overview of the KrakenSDR Radio Locator
Thank you to Viol for submitting news about the latest update of his uSDR software. uSDR (aka microSDR) is a lightweight general purpose multimode program for Windows that supports the RTL-SDR, Airspy, BladeRF, HackRF and LimeSDR radios. Viol highlights the latest features in the new update below:
Airspy HF+ Discovery frontend support
ExtIO*.dll interface support. Copy ExtIO*.dll and all dependencies to the root folder and have a fun
ExtIO_USRP.dll and all dependencies for USRP B210 included. Just install Zadig libusb driver and go
LimeSDR multiple frontends switch fixed
FM demodulator with inverted audio spectrum
DCS decoder
additional C/C++ source examples for remote IQ passband processing TCP client
advanced IQ file playback options
display hold peak spectrum mode, zoomable and panable plot, customized colors
As always all descriptions, screenshots and binaries could be found on
This is just a quick note to say that the RTL-SDR Blog V3 silver dongles are back in stock at Amazon USA after having taken a bit longer to arrive than usual. Currently only the individual dongle and separate multipurpose dipole antenna sets are in stock, and we expect the dongle+antenna bundled sets to be back in stock in January 2023.
International customers can continue to order from our webstore and associated marketplaces via our store page at www.rtl-sdr.com/store.
RTL-SDR Blog V3 (Silver)
Upcoming 2023 Black RTL-SDR Blog V3 Dongles (Cosmetic Redesign)
We also want to give a heads up and note that in the next few months you might start seeing black RTL-SDR Blog V3 dongles in our stores, marketplaces and resellers. Going into 2023 we will be making a cosmetic change to our dongles (note that there is no changes to the highly tuned circuitry). There are two reasons for this cosmetic change.
The first is to try and better differentiate our original product from all the clones that have been popping up recently. Manufacturers of fake RTL-SDR Blog V3 clones have been getting closer and closer to copying our external design exactly. The internal circuitry of the clones however have often been poorly implemented, with broken features and poor performance. This results in a higher support burden, and damage to our brand when the clones inevitably perform poorly.
The second reason is for regulatory compliance with the FCC. Devices like this must have a FCC regulatory statement printed on the body, we have to add the UKCA logo for Brexit UK, and increase the size of the compliance logos as well. Moving forward this will eliminate any possible regulatory problems with Amazon or bulk imports, which are becoming stricter every year.
The new enclosure design uses a special black plating that like our silver models retains full electrical conductivity (normally electrical conductivity is not possible with most black plating's, but we investigated many solutions and finally found an appropriate one). Maintaining electrical conductivity ensures that shielding of the circuitry from interfering signals works properly. The text is also laser etched on, ensuring that it cannot be erased.
New black redesign of the RTL-SDR Blog V3 dongle. Coming in 2023. (Front)New black redesign of the RTL-SDR Blog V3 dongle. Coming in 2023. (Rear)
DEF CON is a yearly conference with a focus on information security. At this years DEF CON 30 conference various talks on RF related topics were presented. In the past few weeks talks have been uploaded to YouTube for all to watch. Below we highlight a few we found interesting. The list of all main talks can be found on the Defcon YouTube channel, and talks from the RF Village can be found on the RF Hackers Sanctuary YouTube page.
J9 - Biohacking Using SDR When You Don’t Know What You’re Doing
Security Researcher and BioHacker J9 presented an interesting and entertaining talk about how she used an SDR to listen in and decode a wireless pH sensor pill she ingested as part of a medical test.
What would you do if you were implanted with a medical device that broadcasts every 12 seconds?
Starting with loads of curiosity and very little knowledge about RF, how to use a software defined radio (SDR), and no knowledge of how to decode captured RF signals, I embarked on an adventure to teach myself something new. Jumping head first into the RF CTF helped greatly!
This presentation starts with cocaine and ketamine (in a controlled medical setting) and includes a near-death experience and new skills attained by building on the work of those who came before me. The end result of this adventure led me to the US Capitol to sit down with Senate staffers about the security and exploitability of medical devices.
DEF CON 30 RF Village - J9 - Biohacking Using SDR When You Don’t Know What You’re Doing
Erwin Karincic - Have a SDR? - Design and make your own antennas
In this talk Erwin Karincic explains how to design and make custom PCB antennas using home based or low cost techniques.
Most Software Defined Radios (SDRs) process a wide range of frequencies usually ranging from few MHz to multiple GHz where different antennas are used to pick up signals in a specific subset of that range. All applications using SDR require antennas to operate efficiently at very specific frequencies. Most inexpensive commercial antennas are designed either for wider ranges with lower gain over the entire range or very specific known frequencies with higher gain. The problem occurs when the researcher performs an assessment of a device and requires the use of specific frequency for which an antenna with high gain is not readily available. Most security researchers within wireless domain have outlined that their specific attack or exploit could be executed at higher range if antenna had better gain at that specific frequency. This talk focuses on bridging that gap by providing a way for researchers to create their own patch antennas without deep electrical engineering experience.
DEF CON 30 RF Village - Erwin Karincic - Have a SDR? - Design and make your own antennas
Andrew Logan - Tracking Military Ghost Helicopters over Washington DC
In this talk Andrew explains how ADS-B receivers, combined with ATC communications, public announcements and crowd sourced visual identification have helped track the activity of military helicopters operating over the Washington DC area.
There's a running joke around Washington D.C. that the "State Bird" is the helicopter. Yet 96% of helicopter noise complaints from 2018-2021 went unattributed: D.C. Residents can not tell a news helicopter from a black hawk. Flight tracking sites remove flights as a paid service to aircraft owners and government agencies; even in the best case these sites do not receive tracking information from most military helicopters due to a Code of Federal Regulations exemption for "sensitive government mission for national defense, homeland security, intelligence or law enforcement." This makes an enormous amount of helicopter flights untraceable even for the FAA and leaves residents in the dark.
What if we could help residents identify helicopters? What if we could crowd source helicopter tracking? What if we could collect images to identify helicopters using computer vision? What if we could make aircraft radio as accessible as reading a map? What if we could make spotting helicopters a game that appeals to the competitive spirit of Washingtonians? And what if we could do all of this... on Twitter?
DEF CON 30 - Andrew Logan - Tracking Military Ghost Helicopters over Washington DC
Terminal Armament, one of our resellers of RTL-SDR V3 dongles in the USA has created a companion product called the SDR Special Tool Kit (SDR-STK) which is a tactical ruggedized enclosure for two RTL-SDR V3 dongles. The SDR-STK consists of a two port USB hub enclosed in a water-resistant housing, and a rugged screw on USB-A cable. Two SMA connectors protrude out the top. The design is open source with designs and software due to be released on their GitHub in time.
The RTL-SDR dongle has long been the standard for an entry-level software defined radio. And while we do love it, the USB dongle form-factor is simply not suited for rigorous outdoor use. This is why we've developed the SDR-STK.
The SDR-STK is a ruggedized two-port USB hub specifically designed to fit two standard RTL-SDR dongles, and provide a durable, water-resistant housing. Having two dongles also grants capabilities not available with just one; these go beyond simply increasing the bandwidth. With one receiver acting as a tuner, you can have the second one preforming other tasks such as wide-band scanning, listening to a trunked radio control channel, or simply receiving other information such as ADS-B packets.
The SDR-STK isn't just a one-off hardware product. In the coming weeks while the pre-order is active, we will be releasing various software utilities for the SDR-STK on our GitHub, as well as the PCB schematic files. We're firm believers in Open-Source hardware software, and we hope to use this launch to kickstart several other communication related products and projects such as better Android SDR applications, and other SIGINT tools.
The SDR-STK includes itself, and a custom 1.5 foot USB Type A Male cable. Antennas and RTL-SDR's are not included unless specified or ordered in conjunction with the SDR-STK.
The RTL-SDR Just Got Better - Terminal Armament SDR-STK
Thank you to Chris G for writing in and sharing with us his software VGA ADC controller for the RTL-SDR. AGC or 'automatic gain control' is an algorithm that attempts to automatically adjust the gain on the RTL-SDR in order to maximize the signal to noise ratio. The built in hardware AGC's on the RTL-SDR are intended for wideband TV signals, and work poorly with the narrower signals that SDR users typically deal with. However, it's possible that a software AGC implementation could be used instead.
Initially, I wanted to see how well things would work if I could manually control the VGA gain to avoid A/D overload within the 2832 chip.
I liked how things worked so I said: let's make things automatic! I implemented two variants of my AGC. One variant (my favorite) is an implementation of an AGC by Harris and Smith. It is an LMS algorithm that has equal transient response to a sudden increase in input signal magnitude and a sudden decrease in signal magnitude.
Since I'm doing this stuff in software, I operate on blocks of IQ data rather than operating on a sample by sample basis.
Initially, I observed limit cycles for at least two reasons:
The (approximately) 3.5dB step size in VGA gain adjust.
The fact that when I receive a block of IQ data, another block is in transit.
This resulted me adjusting the gain while a block of data was in transit.
For item 1, I allow the deadband go be settable.
For item 2, I allow a "blanking time" to be settable. For my use case, If the AGC just made an adjustment, I skip making an adjustment while the next black is in transit.
Here is output of my 'get agcinfo' command.
-------------------------------------------- AGC Internal Information -------------------------------------------- AGC Emabled : Yes AGC Type : Harris Blanking Counter : 0 ticks Blanking Limit : 1 ticks Lowpass Filter Coefficient: 0.800 Deadband : 1 dB Operating Point : -12 dBFs IF Gain : 11 dB /_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Signal Magnitude : 27 RSSI (After Mixer) : -24 dBFs /_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Note that my setpoint and gain adjustment works in decibels. That way, I treat the AGC as a linear system (it's actually uses an LMS algorithm) to simplify processing.
Now, I have used the same algorithm for my HackRF software.
I should mention that I implemented a pretty nice software squelch system for the rtl-sdr (and HackRF of course) if you have any interest in that.
I've thought about adding an I2C DAC whose output is connected to the VGA analog gain control line, but I really hate to butcher my v3 dongle. Having 1dB (or less) gain resolution would be nice though.
Another thing that I noticed is that, when writing to the tuner registers, the I2C repeater is enabled and you hear a spike in the demodulated audio. This may also occur (I haven't done that experiment) when disabling the repeater. Maybe not......
