Tagged: rtl2832u

Hunting for Space Radio Pirates on the US Military Fleet Satcom Satellites

In the 70's and 80's the US government launched a fleet of satellites called "FLTSATCOM", which were simple radio repeaters up in geostationary orbit. This allowed the US military to easily communicate with each other all over the world. However, the technology of the time could not implement encryption. So security relied entirely on only the US militaries technological advantage at being the only ones to have radio equipment that could reach these satellites.

Of course as time progressed equipment which could reach the 243 - 270 MHz range of the satellites became common place, and the satellites began picking and repeating terrestrial broadcasts of things like cordless phones. These days the satellites are often hijacked by Brazilian radio pirates, who use the satellites for long range communications.

A common hobby of RTL-SDR users is to listen to these pirates. All you need is a simple antenna and to be based in a region where the satellites cover both your ground station and the pirates.

Over on YouTube the "saveitforparts" channel has uploaded an entertaining video overviewing the pirate phenomenon, and showing how it's possible to listen in using a cheap Baogeng scanner and RTL-SDR. He uses a homemade Yagi and cleverly makes use of an old security camera motorized PTZ mount to accurately aim the antenna. Once the Yagi antenna is aimed at the satellite, pirates can be heard on the radio.

Searching For Space Pirates On Old Military Satellites

On a previous post, we showed an interview by SignalsEverywhere and an anonymous Brazilian radio pirate who explains how and why they do what they do. If you search our blog for 'satcom' you'll also find several previous posts including examples of receiving SSTV from pirates.

Visualizing RF Fields in Augmented Reality with a tinySA-Ultra or RTL-SDR and Android Smartphone

The tinySA-Ultra is an affordable handheld spectrum analyzer that can be purchased for around US$130 on Aliexpress and authorized resellers such as R&L Electronics in the USA.

Recently on YouTube Manahiyo has used his tinySA-Ultra, and combined it with an RF EMC probe and an Android smartphone to create an augmented reality RF display. This is useful for measuring and visualizing the RF power around electronic devices for example. The code is entirely open source and released on GitHub

Manahiyo has also released an identical version that works with RTL-SDR dongles on GitHub as well.

In the past we've also posted about Manahiyo's previous work, in which he implemented a very similar augmented reality project using an RTL-SDR.

Augmented Reality EMC Probe with a tinySA-Ultra
[RadioFieldAR -tinySA-] Visualize radio wave strength. [電波可視化]

Listening in on Hollywood Reality TV Show Wireless Microphones with an RTL-SDR

Over on Reddit user u/mknlsn has posted an interesting use for his RTL-SDR. He happens to live next door to a Hollywoood reality TV show production and was able to use his RTL-SDR to listen in on the wireless microphones fitted to the cast. The wireless microphones used by the production appear to be simple analogue FM modulated, without any sort of security.

We remind readers to check local laws on this sort of use, especially if recording audio, as some countries and US states may have differing laws on what can be recorded, or even listened to live. This would likely be considered private communications, so recording and sharing would definitely be illegal in most regions. 

Recently we also posted about Frugal Radio using an Airspy SDR to listen in on wireless microphones from outside a theatre show.

Wireless microphones picked up by RTL-SDR

Hacking Beepers at a Fish & Chip Shop with an RTL-SDR and HackRF

Over on YouTube Paul from "Tall Paul Tech" has uploaded a video showing how he was able to reverse engineer the wireless protocol used by a simple restaurant beeper (aka 'burger pager') notification system that is used to let customers know when their food is ready.

By reading the label on the base unit, Paul found that the beeper system transmits at 433 MHz. He was then able to record it's transmissions with an RTL-SDR. Then using Inspectrum, he was able to determine the bit string and the symbol period.

From there he was able to use a GNU Radio program to replicate the signal, allowing him to use a HackRF to activate the beepers on demand.

In the past we've posted similar stories [1][2][3].

Hacking A Fish & Chip Shop

SDRDue Updated: Passive Radar Software for RTL-SDRs

Thank you to Daniel Kaminski for writing in and sharing with us news that he has recently updated his SDRDue Passive Radar software for RTL-SDRs. The major update is that thanks to NVIDIA CUDA GPU processing, the ambiguity function can now be calculated extremely quickly, allowing for very high frame rates. Daniel writes:

Last time I was playing with my Passive Radar. I finally created an ambiguity library which is a really fast 70 frame/s analyzing a continuous string of data 2*1024*1024 bits per frame. This allowed me to record signals from slowly moving cars in real-time. I used a normal TV antenna without any modifications in one dongle mode. To support the library I created a Passive Radar program with all the parameters available for tuning. The code is open and available on GitHub. The movie is available on my website Passive radar | Web page od Daniel M. Kamiński (umcs.pl).

SDR Due Passive Radar
SDR Due Passive Radar

Job’s Radio Telescope Observes Maser W3(OH)

Over the past few years we've seen a lot of interesting observations coming from Job's Radio Telescope, which is Job Geheniau's 1.5m dish connected to an RTL-SDR (with additional filters and LNAs). He has done things like mapped the galaxy via the Hydrogen line, observed red supergiant stars, imaged a supernova remnant, detected a Pulsar, and measured the basis for the dark matter hypothesis.

In his most recent work Job has managed to detect the W3 star forming region at the Hydroxyl (OH) frequency of 1665.405 MHz.

W3 is an enormous stellar nursery about 6200 light-years away in the Perseus Arm, one of the Milky Way galaxy's main spiral arms, that hosts both low- and high-mass star formation. - Source

Hydroxyl (OH) can be observed both in emission and absorption. Emission frequently manifests itself as maser emission which is of specific interest. Energy Levels of OH Diatomic molecules like OH have numerous energy levels as they not only have electronically excited levels, but they can also vibrate and rotate. Both rotation and vibration are quantized and give rise to the large number of levels. Because of the wealth of energy levels, OH can be observed at various wavelength in the optical, infrared and radio regime. - Source

Over on the RTL-SDR Facebook group (not affiliated with this blog), Job has described his experiment in more detail (link requires a Facebook account and membership). He writes: 

As you may know or not...., I have been busy the last few weeks trying to detect maser W3(OH) with my 1.5-1.9 dish. The W3 complex lies in a darkened part of the Perseus galactic arm, at a distance of ∼2.2 kpc, and is one of the most intensively studied star-forming regions in the Milky Way Galaxy. Quite a challenge! It looks like I have a hit now after all.

Adjusting the Feed, calibrating the position of the dish and a lot of trial and error and a lot of patience seem to be leading to a result after all.... For now, I will keep this as my W3(OH) registration at 1665.405 MHz. Taking into account the Vlsr of currently 17 km/s (speed of earth and rotation around the sun), the final result comes close to the correct measurement. 1665.789 MHz = -32.22 km/s. Vlsr according to my calculations in terms of location and time is 17 km/s. -32-17=49 km/s. I think and hope that -49 km/s is the correct velocity of W3(OH) also considering the reasonably clear peak in the measured values in the graph.

These W3(OH) results were done with a special 1665 bandpass filter and 2 mini circuits lna/s. I will keep measuring for a while in the coming days, but soon I will switch back to another Feed over, namely the now under construction 611 MHz Feed with associated bandpass filter to once again 'capture' pulsar B0329+54. My ultimate goal with this dish!

I was very close last six months, but after extensive research with fellow radio amateurs we unfortunately could not confirm with 100% (!) certainty that the pulsar was detected at 1420 MHz with the 1.9 dish.

Also that research continues with longer exposure times and now research at 611 MHz, there is still some soldering and drilling and sawing to be done..... But first things first. Glad with this result anyway. Takes a lot of perseverance and patience.

Job's Radio Telescope detects Maser W3(OH).
Job's Radio Telescope detects Maser W3(OH).
Job's Radio Telescope detects Maser W3(OH).
Job's Radio Telescope detects Maser W3(OH).

Tech Minds: Testing an RTL-SDR Wideband Scanner with WebUI

Over on YouTube Matt from the Tech Minds YouTube channel has put up a video demonstrating an open source program released on GitHub called "RTL SDR Scanner", or "rtl-sdr-scanner-cpp". This program is compatible with RTL-SDR and HackRF software defined radios, and allows users to record multiple analogue FM audio channels within the active bandwidth simultaneously. 

To get a wider bandwidth, you can use a HackRF as your SDR, or you can also use multiple RTL-SDR dongles, or a device like the KrakenSDR which has multiple RTL-SDRs built into it. Alternatively, you can also have the software scan a much larger swath of bandwidth, however this could result in some transmissions being missed. 

The audio is recorded as a wav file, and can be accessed through a web UI. We note that currently only FM recordings are supported but AM may be supported in the future.

RTL SDR Scanner - FULL Bandwidth Recording With WEB UI

SARCTRAC Mk3b: A $290 Satellite Antenna Rotator

In January we posted about the AntRunner, which is a $325 (incl. shipping) satellite antenna rotator shipped from China. Recently we've come across another low cost satellite rotator from Australia called the "SARCTRAC Mk3b" which was developed as part of a school amateur radio educational program. This rotator fully assembled comes in at AU$400 + AU$50 worldwide shipping (US$290 + US$40 = US$330), making it's price comparable with the AntRunner. SARCTRAC can be purchased from the sarcnet products page. Currently only the fully built unit is available, but in the future they plan to offer a cheaper kit option.

We're yet to test the SARCTRAC Mk3b, but based on an overall review of it's advertising, it appears that the SARCTRAC has some superior specifications and a superior design when compared to the AntRunner.

Unlike the AntRunner, SARCTRAC comes with all its components enclosed in a waterproof IP65 rated enclosure. Its design also makes use of a 3D position sensor with magnetometer, allowing the unit to know its orientation at all times, meaning that it should be able to automatically position itself from startup. The design also makes use of DC motors with a built in worm gear drive, so the the motors back driving is not possible. 

The system is controlled via a built in Raspberry Pi 3B+ and can communicate with the controlling PC via WiFi. Raspberry Pi's have stable WiFi connections, so we shouldn't see the connection problems that we had with the ESP32 based AntRunner.

Just like the AntRunner, SARCTRAC is only a lightweight rotator with torque specs of 50kg.cm static and 25kg.cm dynamic. So it should be able to handle counterbalanced Yagi beams, and lightweight dish antennas.

The SARCTRAC Mk3b. An Australian designed and made light duty antenna rotator.
The SARCTRAC Mk3b. An Australian designed and made light duty antenna rotator.
SARCTRAC Mk3 Satellite Antenna Rotator Controller and TRACker