Рубрика «Блоги»

GammaRF: Distributed Radio Signal Collection and Analysis with RTL-SDR and HackRF

Thank you to Josh for submitting news about his project called GammaRF. GammaRF is an client-server program that is used to aggregate signal information via the internet from distributed SDRs. Currently the RTL-SDR and HackRF SDRs are supported.

ΓRF (“GammaRF”, or “GRF”) is a radio signal collection, storage, and analysis system based on inexpensive distributed nodes and a central server. Put another way, it is a distributed system for aggregating information about signals, and a back-end infrastructure for processing this collected information into coherent “products”.

Nodes utilize inexpensive hardware such as RTL-SDR and HackRF radios, and computers as small and inexpensive as Intel NUCs. Each node runs modules which provide various radio monitoring functionality, such as monitoring frequencies for “hits”, watching power levels, keeping track of aircraft (through ADS-B), and more. Nodes are distributed geographically and their data is combined on the server for hybrid analysis.

A web-based system allows users to view information from and about each station in its area. Below shows the server landing page. Markers are placed at each station’s last known location (stations can be mobile or stationary.)

GammaRF Server Landing Page
GammaRF Server Landing Page

From the currently implemented modules it appears that you can monitor ADS-B, scan and monitor the power of a set of frequencies, forward the output from trunk-recorder (a P25 call recorder), scan the spectrum and monitor power levels, monitor a single frequency for activity, take a picture of a swath of RF spectrum, and collect 433 MHz ISM data. Some example applications might include:

  • Monitoring ham radio activity on repeaters in a city
  • Creating timelines of emergency services activity in an area
  • Distributed tracking of satellites and other mobile emitters
  • Monitoring power at a frequency, for example as a mobile node traverses an area (e.g. signal source location)
  • Building direction finding networks (e.g. for fox hunts)
  • Spectrum enumeration (finding channels and guessing modulation) [under development]
Monitoring Activity of an Amateur Radio Repeater
Monitoring Activity of an Amateur Radio Repeater via the 'scanner' Module

Listening to the Sound of Molecules via Nuclear Magnetic Resonance and an RTL-SDR

Over on YouTube user aonomus has uploaded a video showing how he's used an RTL-SDR to observe and listen to the radio signal generated via a chemistry lab's nuclear magnetic resonance machine. To do this he simply taps the RF output of the NMR machine which allows the RTL-SDR to listen to the signal and play it as audio. In the video he shows the sound of a sample of chloroform in acetone-d6. The demo has no real scientific purpose other than to hear the sound of the molecule. Normally the RF output goes straight into a spectrum analyzer for visual analysis.

Nuclear magnetic resonance is a technique used in chemistry for the analysis of chemicals, as well as in MRI medical imaging machines. Very basically, it works by applying a chemical sample to a strong magnetic field, exciting it with a strong pulse of RF, and listening to the echo. An echo will only occur when the radio waves are transmitted at the chemicals resonant frequency. The frequencies used are typically between 60 to 800 MHz.

A few years ago I came up with a demonstration for some high school students interested in chemistry. This demo is a modern take on a classic NMR experiment, using a low cost software defined radio to observe the FID signal as audio. In short, this demo allows you to hear the proton FID echo from the liquid sample inside the NMR magnet.

Nuclear Magnetic Resonance Demonstration Using Software Defined Radio

A Step by Step Tutorial to Receiving GOES-16 Images with an RTL-SDR, Raspberry Pi and Goestools

Aleksey Smolenchuk (lxe) has recently uploaded a step-by-step guide to setting up a GOES weather satellite receiver with an RTL-SDR dongle, Raspberry Pi and the goestools software.  GOES 15/16/17 are geosynchronous weather satellites that beam high resolution weather  images and data. In particular they send beautiful 'full disk' images which show one side of the entire earth. Compared to the more familiar and easier to receive low earth orbit satellites such as NOAA APT and Meteor M2 LRPT, the geosynchronous GOES satellites require slightly more effort as you need to set up a dish antenna, use a special LNA, and install Linux software.

Aleksey's tutorial first shows where to purchase the required hardware and notes that the total cost of the system is around $185. Next he goes on to show the hardware connection order, and then how to install and configure the goestools decoding software onto a Raspberry Pi.

Aleksey's RTL-SDR Based GOES Receiver setup
Aleksey's RTL-SDR Based GOES Receiver setup

Russian RTL-SDR USB Filter Video Review

Over on YouTube, Alexander from the Russian channel РАДИОБЛОГ с Александром Никитенко has uploaded a video review of a Russian USB filter product, designed for USB SDR dongles. The video is narrated in Russian, however you can use the YouTube auto-translate feature to get somewhat understandable subtitles. The actions he takes in the video are also easy to understand.

The USB filter is designed by Maxim who runs a small company called ExpElectroLab. Back in August we posted about another ExpElectroLab product which was the SDR# tuning knob. Since then we've seen that a few people outside of Russia have been able to order the product by contacting him at eel.radiohelp@gmail.com, and have been happy with it.

When using USB SDR dongles, the USB cable can pick up lots of interference from the PC and monitors, providing a direct path for this interference to enter the RTL-SDR. A USB filter can be used to remove this interference. There are several USB filters on the market designed for improving USB audio devices, but this is the first one we've seen designed for SDRs in particular. 

In the video Alexander tests an RTL-SDR with and without the USB filter connected. With the USB filter not connected, the SDR# display shows several spikes of interference in the spectrum, and once the filter is connected these spikes disappear. He also tests it on a USB powered shortwave radio, and the filter appears to remove the hiss caused by the power supply.

Фильтр для SDR-приёмника и не только.

RadioForEveryone: RTL-SDR Max USB Cable Length, Dongles Image Gallery, Ham-it-up Plus Review

Recently Akos has uploaded three new posts on his RadioForEveryone blog. The first post is a review of the "Ham-It-Up Plus", which is a US$65 upconverter that allows you to listen to HF on RTL-SDR dongles without direct sampling. Compared to the non-plus Ham-It-Up, the plus version includes a TCXO and the noise source circuit is populated. In his post Akos reviews the history of the Ham It Up generations and discusses the connectors and power options. He also reviews the performance and finds that the Plus seems to have better SNR.

In the second post Akos has uploaded his collection of various images of different RTL-SDR dongle brands. The images include circuit board photos so you can easily compare the differences in design between brands.

Finally the third post is an experiment to determine the maximum USB cable length that can be used with RTL-SDRs. His results show that the maximum is 9 meters which is actually more than the USB2.0 spec which states 5m as the maximum. We note that longer than 9m cable runs can also be achieved by using active repeater USB cables or USB hubs.

Testing RTL-SDR max coax length
Testing RTL-SDR max coax length

Measuring the SWR of FPV Antennas with an RTL-SDR

FPV stands for 'First Person View', and is a term used to describe the hobby of flying remote controlled aircraft entirely via the view from a wireless camera that transmits live video to the pilots screen or video goggles.

Part of the FPV hobby is to not only enjoy flying, but also to tweak the wireless video equipment for maximum range and reliability. This involves measuring the SWR characteristics of FPV antennas. SWR is a metric that describes how well the impedance of an antenna is matched with the receiver at a certain frequency. Poor SWR results in additional signal loss on top of cable and connector loss. We note that SWR is only one antenna metric, and doesn't take into account radiation pattern and antenna gain which is often more important, but it is the easiest metric to measure and control, and should give you some idea as to if an antenna was designed and tuned properly.

As FPV hobbyists are often not hams or radio professionals, most don't have access to the equipment required to measure SWR. So over on his YouTube channel bonafidepirate shows how he's been using a cheap RTL-SDR, noise source and RF Bridge to measure the SWR of his FPV antennas. The process is similar to the one shown in our tutorial, but he uses the Spektrum software which allows you to measure SWR entirely within the software itself.

In the video bonafidepirate goes over the required hardware, software and the setup, and then demonstrates several SWR scans of different FPV antennas.

DIY VSWR Meter for FPV, Lets test some antennas!

Connecting an RTL-SDR Panadapter to a uBITX Transceiver

The uBITX is a US$129 HF SSB/CW QRP transceiver kit that works from 3 MHz to 30 MHz with up to 10W TX power. It's a fully analogue radio, but it can be combined with an RTL-SDR to create a panadapter display thanks to a tutorial released by KD8CEC.

The method requires that you use the custom CEC firmware, or modify other firmware,  as this appears to change the output frequency at the tap point. The tap point is made accessible by soldering on an extra SMA connector for the RTL-SDR to connect to. The rest of the work is entirely performed in the uBITX software manager, Omni-Rig and SDR-Console V3.

uBITX with RTL-SDR Panadapter
uBITX with RTL-SDR Panadapter

Stealing a Tesla Model S in Seconds by Cloning its Wireless Keyfob

Recently wired.com ran a story that explains how research hackers from KU Leuven university in Belgium have been able to clone a Tesla car key fob within seconds. With the cloned keyfob they are then able to open the Tesla's door, start the engine and drive away. The researchers believe this attack could also work on cars sold by McLaren and Karma, as well as Triumph motorcycles.

Like most automotive keyless entry systems, Tesla Model S key fobs send an encrypted code, based on a secret cryptographic key, to a car's radios to trigger it to unlock and disable its immobilizer, allowing the car's engine to start. After nine months of on-and-off reverse engineering work, the KU Leuven team discovered in the summer of 2017 that the Tesla Model S keyless entry system, built by a manufacturer called Pektron, used only a weak 40-bit cipher to encrypt those key fob codes.

The researchers found that once they gained two codes from any given key fob, they could simply try every possible cryptographic key until they found the one that unlocked the car. They then computed all the possible keys for any combination of code pairs to create a massive, 6-terabyte table of pre-computed keys. With that table and those two codes, the hackers say they can look up the correct cryptographic key to spoof any key fob in just 1.6 seconds.

The attack hardware consists of a Yardstick One dongle, a Proxmark RFID/NFC radio, and a Raspberry Pi connected to the 6TB hard drive containing the database of pre-computed keys. All together the cost of such a system is under $600.

The actual attack works by first bringing the RFID antenna and radio near the car and recording vehicles identifier code which is periodically transmitted by the car. Then the antenna is brought near to the owners keyfob and impersonates the car using the identifier code. This tricks the keyfob into sending out encrypted response codes which are then decrypted by the 6TB lookup table on the hard drive. The Yardstick One is then used to transmit the final unlock code at 433.92 MHz.

Tesla have since responded by noting that cars sold after June 2018 have improved encryption and aren't vulnerable to this attack, and that owners of cars manufactured earlier are able to enable an option that requires a PIN code to be entered. Owners could also take extra precautions such as using an RFID blocking pouch. Tesla vehicles also have built in GPS tracking which may deter thieves.

The video below shows the attack in action, and a short overview paper by the researchers can be found here.

COSIC researchers hack Tesla Model S key fob

RadarBox24 Release their XRange RTL-SDR ADS-B Receiver

The team at radarbox24.com recently wrote in and wanted to share some new developments including news about their recently released RadarBox XRange receiver, which is an RTL-SDR based ADS-B receiver. Radarbox24 are an ADS-B aggregation flight tracking website, similar to sites like flightaware.com and flightradar24.com.

The RadarBox XRange receiver costs $649.95 USD and is available on their store. The box appears to include a full computing unit as well as a custom RTL-SDR receiver, and a built in filter and LNA as well. It is sold as a set that includes receiver, power supply, antenna and cabling. Compared to setting up an ADS-B receiver on your own by purchasing an RTL-SDR, ADS-B LNA/Filter, Antenna and Raspberry Pi separately, the XRange is well over three times more expensive. But it may have some value as an easy to set up and ready to go ADS-B receive system. They write:

1- We have release the brand new RadarBox app for iOS and Android where data sharers are able to see what what their own stations receive using the MyStation feature.

2- We've released the brand new RadarBox XRange receiver, RTL SDR based whcih is being sold and placed all over the world to increase network coverage.

3- Our RadarBox24.com flight tracking portal reached 3 millions viewers per month and, together with our apps, is growing really fast by providing an easy way for Raspberry Pi owners or users with our XRange and Micro RadarBox receivers to share flight data with us and benefit from a free Business account.

More information:
- Link to our Store where users can buy the XRange receiver and accessories below:

- Link to a real-time listing of newly added stations (Raspberry pi, XRange and all other supported receivers)

- Link for users to install our software on their Raspberry Pi receivers and start sharing data with us (we get up to 5 new added units added to our network daily):

- Link to our worldwide station ranking:

- Link to our MyStation, available to data sharers, where they can monitor their own station aircraft, stats and received aircraft listing:
Example for Texas, US: https://www.radarbox24.com/stations/EXTRPI009148
Example for Sweden: https://www.radarbox24.com/stations/EXTRPI006084
Example for Doha Qatar: https://www.radarbox24.com/stations/PGANRB300567

- The MyStation feature is also available on the Android and iOS apps so users can monitor their stations remotely.

XRange Receiver Set
XRange Receiver Set

Reviews and Assembly Videos of our SDRplay RSP1A Metal Enclosure Upgrade Set

Over on YouTube we've seen several reviews and installation videos of our SDRplay RSP1A metal enclosure + portable antenna set that we released for sale back in July of this year. The set comes with a metal enclosure, carry case, and a bonus 7m portable wire antenna spool and telescopic antenna. It costs US$29.95 including shipping and is available on our store or via Amazon.

The first review is by Tysonpower. His review is in German, but English subtitles are available on YouTube. In the review he notes that interference appears to be reduced with the metal case, and notes that the SDR is better protected against bumps.

[EN subs] RSP1A Metallgehäuse - ShortReview

We've also seen a review by Danny Shortwave And Radio DX which also shows the assembly process and shows how easy it is to transfer the PCB from the plastic case to the metal case.

Metal Case Upgrade for SDRPlay RSP1 and RSP1A from Amazon

Finally the third video by Koptervision also shows an unboxing, review and assembly timelapse.

SDRPlay Metal Case Upgrade - Unboxing and Assembly

Сентябрь 2018
Пн Вт Ср Чт Пт Сб Вс
« Авг