Tagged: rtlsdr

Sn0ren Tests out the KrakenSDR

Over on his YouTube channel, sn0ren has uploaded a video showing his experience with the KrakenSDR. If you weren't already aware, KrakenSDR is our 5-channel coherent radio based on RTL-SDRs, and it can be used for applications like radio direction finding. It can currently be purchased from Crowd Supply or Mouser.

In the video, sn0ren explains radio direction finding in general and then goes on to show how to set up and use KrakenSDR. Sn0ren writes:

Wireless communication is inherently anonymous. There is no way of knowing who transmitted a signal if they do not identify. And there is no way of knowing where that signal is transmitted from. Unless you actively track it down. KrakenSDR is a radio direction finding device that uses an array of antennas and synchronised receivers to track down the position of a given radio transmission and lead you directly to its physical location.

Track Down Radio Transmitters / KrakenSDR

Running RTL-SDR in your Browser via an HTML5 App

Thank you to Jacobo Tarrio for writing in and sharing his latest project, an HTML5-based RTL-SDR application that runs directly in your browser. Jacobo writes that he'd previously created a Chrome app called FM Radio Receiver for Chrome (which we also posted about previously), but unfortunately, Google stopped supporting Chrome apps.

Jacobo goes on to write:

Last year I started working on it again. I took the original source code, modernized it to use modern TypeScript and HTML5 APIs, and then transformed it deeply to turn Radio Receiver into a general-purpose RTL-SDR application (with a waterfall and everything), which is available at https://radio.ea1iti.es/.
 
You don't need to install anything -- it runs straight on your browser. (Well, you still need to do the usual RTL-SDR driver setup, but other than that...)
 
It supports any computers or Android phones with the Chrome, Edge, or Opera browsers. Unfortunately, it cannot run on iPhone or iPad, or on the Firefox or Safari browsers.
 
For hardware, it works well with the RTL-SDR Blog V3 and V4 sticks (with support for direct sampling on the V3 and for the built-in upconverter on the V4), as well as other R820-based sticks.
 
The source code is available on GitHub under the Apache 2.0 license.
RTL-SDR running in an HTML5 web browser app
RTL-SDR running in an HTML5 web browser app

EM Eye: Eavesdropping on Security Camera via Unintentional RF Emissions

Researchers from the University of Michigan and Zhejiang University have recently published their findings on how it's possible to eavesdrop and wirelessly recover images from security cameras via RF unintentionally leaking from the camera electronics.

EM side-channel attacks aka receiving and decoding data from the unintentional RF transmissions from electronics are nothing new.  In the past, we've posted how some laptops unintentionally broadcast audio from the microphone via RF, how a tool called TempestSDR can be used to spy on monitors/TV's via RF leakage, how encryption keys can be stolen from PCs via unintentional RF, and even how Disney is looking to use RF leakage for RF fingerprinting.

In their research, the team discovered that security cameras leak enough sensitive RF that an image can be recovered from the leakage over a distance. In their tests, they used a USRP B210 SDR as the receiver and tested twelve cameras including four smartphones, six smart home cameras, and two dash cams. They found that eight of the twelve leaked strongly enough for the reception of images through windows, doors, and walls. Cameras like the Xiaomi Dafang and Wyze Cam Pan 2 performed the worst, allowing for images to be recovered from distances of 500cm and 350cm respectively.

The team has not only released a paper on the topic but has also released the full code as open-source software on GitHub. The software is based on a modified version of TempestSDR, so it may also work for other supported SDRs, like the HackRF and RTL-SDR.

EM Eye: How Attackers Can Eavesdrop on Camera Videos

SDRSharp 1915 Released: RTL-SDR Crashes Fixed

Thank you to SDR# author Youssef for updating SDR# (SDRSharp) and fixing a recent bug that was causing RTL-SDR units to crash whenever the frequency was changed. We are putting this post out to inform everyone who was having this issue to please update their SDRSharp version to 1915 which can be downloaded from airspy.com/download. Our guide at www.rtl-sdr.com/QSG can be used to walk you through the installation procedure for RTL-SDR dongles in SDR#.

The new update brings the RTL-SDR control menu down to the sidebar making it much easier to control the gain and sample rate settings. Other recent changes have also brought improvements to the RDS decoder which will be useful for DXers.

Please remember to show your appreciation to Airspy for allowing RTL-SDR users on their platform by checking out their range of higher end softwire defined radio products at airspy.com.

SDR# 1915
SDR# 1915

Installing and Using SDRTrunk on Linux for Live Trunk Tracking with an RTL-SDR

SDRTrunk is a cross platform Java based piece of software that can be used for following trunked radio conversations. In addition to trunk tracking it also has a built in P25 Phase 1 decoder. Compared to Unitrunker SDRTrunk is an all-in-one package, and currently it supports most trunking system control channels, but unlike Unitrunker it still misses out on some systems EDACS and DMR.

Over on his YouTube channel AVT Marketing has uploaded an excellent 6-part video series that shows how to install SDRTrunk and the Java runtime environment on Ubuntu Linux. The sections covered include, installing Java, setting the Java environment variables, installing other SDRTrunk prerequisites such as Apache Ant and the JMBE audio codec for decoding P25, and finally actually using and setting up SDRTrunk. Like all of AVT’s other videos, this is an excellent tutorial that takes you through the entire process from the very beginning so is useful for beginners as well.

Installing SDRTrunk & Java JRE on Ubuntu Linux

If you’re new to trunking: Trunking systems are typically used with handheld radio systems (e.g. those that police, security guards, workmen etc carry around). The basic idea is that each radio constantly listens to a digital control channel which tells it what frequency to switch to if a call is being made. This allows the frequency spectrum to be shared, instead of designating one fixed frequency per user which would be very inefficient. But this system makes it difficult for scanner radios to listen in to, because the voice frequency could change at any time. Therefore software like Unitrunker and SDRTrunk which can decode the control channel is required. In addition many new systems use digital audio like P25 or DMR which requires digital decoders like SDRTrunk or DSDPlus.

Detecting Car Keyfob Jamming With a Raspberry Pi and RTL-SDR

It’s been known for a while now that it is possible to break into cars using simple wireless attacks that involve jamming of the car keyfob frequency. Sammy Kamkars “rolljam” is one such example that can be built with a cheap Arduino and RF transceiver chip. One way to secure yourself against wireless attacks like this is to run a jammer detector.

A jammer detector is quite simple in theory – just continuously measure the signal strength at the car keyfob frequency and notify the user if a strong continuous signal is detected. Over on his blog author mikeh69 has posted about his work in creating a wireless jammer detector out of a Raspberry Pi and RTL-SDR dongle. He uses a Python script and some C code that he developed to create a tool that displays the signal strength on an onscreen bar graph and also conveys signal strength information via audio tones. He writes that with a pair of earphones and battery pack you can use the system while walking around searching for the source of a jammer.

Mikeh69’s post goes into further detail about installing the software and required dependencies. He also writes that in the future he wants to experiment with creating large area surveys by logging signal strength data against GPS locations to generate a heatmap. If you are interested in that idea, then it is similar to Tim Haven’s driveby noise detector system which also used RTL-SDR dongles, or the heatmap feature in RTLSDR Scanner.

[Also seen on Hackaday]

RTL-SDR + Raspberry Pi Jammer Detector.
RTL-SDR + Raspberry Pi Jammer Detector.

New RTL-SDR Drivers and SDR-Console ExtIO Available: Bias Tee Support, Direct Sampling, Tunable IF Filters and Improved Gain Profiles

Recently two branches of RTL-SDR drivers were updated. Over on GitHub racerxdl’s librtlsdr branch adds bias tee support for our V3 RTL-SDR.com dongles to rtl_adsb, rtl_fm, rtl_power and rtl_tcp.

For SDR-Console users jdow’s ExtIO and driver now has an option to enable the direct sampling mode, which is allows the HF mode on our V3 dongles to be activated. The ExtIO module can be downloaded from her Google drive.

To use Joannes drivers download the SDRconsole folder by right clicking it, and selecting download. Then copy files from the x86 (32-bit) or x64 (64 bit) folders into the SDRConsole folder, replacing any files that already exist. Run the RtlSdr Catalog.exe file, then open SDR-Console and from the definitions choose RTL-SDR(Full). Then in the Radio Configuration settings you can choose to use the Q-branch, which will automatically enable the direct sampling mode when tuned below 24 MHz.

SDRConsole with a V3 dongle and HF Direct Sampling.
SDRConsole with a V3 dongle and HF Direct Sampling.

We’ve also discovered that Joanne has been working on RTLSDR++, which is a driver upgrade that includes some pretty interesting enhancements. When running Joanne’s drivers in SDR-Console we also see options to change the IF filter bandwidths of the R820T2 tuner. This is very useful as this allows you to control the preselector on board the R820T2. You can use this to attenuate strong out of band signals. Her driver also has improved gain profiles. One gain profile is optimized to reduce IMD distortion (prevent overload and images), and the other is designed to optimize sensitivity.

RTLSDR++ Driver: New IF bandwidth settings for preselection.
RTLSDR++ Driver: New IF bandwidth settings for preselection.
RTLSDR++ Drivers: New Gain Options
RTLSDR++ Drivers: New Gain Options

In addition Joanne has also created RtlTool.exe which is a GUI replacement for rtl_test.exe and rtl_eeprom.exe. It can be used to test for lost samples on your RTL-SDR and to flash the EEPROM memory. Most RTL-SDR dongles on most PCs are stable up till 2.56 MSPS, but this tool can be used to check. It can also be used to set the dongle serial number, vendor ID and name by flashing the EEPROM which most RTL-SDRs contain.

There’s also the RtlSdr Catalog tool which also helps manage multiple dongles being connected to the PC at once. See the readme file for more information on using this tool.

All these programs can also be downloaded from Google drive. Her RTL++ driver is also open sourced and available on GitHub.

RTLTOOL
RTLTOOL

Getting started with amateur satellite reception and the RTL-SDR

Over on the hamspirit.de blog the author Jan has uploaded a post introducing the hobby of amateur satellite reception with the RTL-SDR (in German, use Google Translate). Amateur radio satellites may transmit signals like CW (morse code), voice, APRS and telemetry.

In the article Jan discusses the antennas required to receive satellites, the satellite tracking software gpredict and he introduces some amateur radio satellites that have strong transmitters and are thus easy to receive. He also shows waterfall screenshots of several amateur radio satellites that he has received.

FO-29 Doppler Effect
FO-29 Doppler Effect