Category: Digital Signals

Dash Mounted ADS-B With an RTL-SDR Blog V3

Reddit user [Bobcalamarie] recently [posted] about how he uses his car dash mounted Android tablet along with an RTL-SDR Blog V3 and a magnetic mount antenna while sitting in traffic to track aircraft overhead.

We’ve seen something similar to this once before when [Signals Everywhere] uploaded a video showing off ADS-B reception (among other things) to a dash-mounted Windows tablet and an Android head unit.

The software used by Bobcalamarie is the Android [Avare ADS-B] software which can be found in the Google Play Store. However, other applications exist for Windows, Linux, and other operating systems as well. Some software such as [Virtual Radar Server] even allows you to set-up alerts for specific types of aircraft. Which while we wouldn’t condone it, it might come in handy for someone in traffic.

What would you do if you had an SDR installed in your vehicle? We would love to hear what you have to say in the comments below.

Dash Mounted ADS-B Reception

Using a LimeSDR and RTL-SDR to Transfer a Text File Over the Air

Over on his blog nuclearrambo has been working on a project that uses a LimeSDR and RTL-SDR to transfer a small CSV text file over the air.

The transmitting side consists of a GNU Radio flowchart that encodes the text file into a binary string, modulates that binary string with Binary Phase Shift Keying (BPSK), and then transmits it using the LimeSDR.

The receiving side uses an RTL-SDR, and is based on another GNU Radio flowgraph that uses a polyphase clock sync block to synchronize the sampling time, a costas loop for fine frequency correction, an LMS DD equalizer block to compensate for multipath effects, and finally demodulation blocks that recover the bits and text file from the BPSK signal.

His results showed that he can almost recover the entire file except for the first few bytes of data which is always lost since it takes time for the clock sync and costas loop block to converge. The post goes into further detail about what each of the blocks do and some of the signal theory math behind everything. The GNU Radio GRC file is also provided if you want to try it out yourself.

LimeSDR Transmitting a CSV file to a RTL-SDR with BPSK modulation.
LimeSDR Transmitting a CSV file to a RTL-SDR with BPSK modulation.

An Introduction to Pagers with the HackRF PortaPack and an RTL-SDR

Over on YouTube user HackedExistence has uploaded a video explaining how POCSAG pager signals work, and he also shows some experiments that he's been performing with his HackRF PortaPack and an old pager.

The Portapack is an add on for the HackRF SDR that allows the HackRF to be used without the need for a PC. If you're interested in the past we reviewed the PortaPack with the Havok Firmware, which enables many TX features such as POCSAG transmissions.

POCSAG is a common RF protocol used by pagers. Pagers have been under the scrutiny of information security experts for some time now as it is common for hospital pagers to spew out unencrypted patient data [1][2][3] into the air for anyone with a radio and computer to decode.

In the video HackedExistence first shows that he can easily transmit to his pager with the HackRF PortaPack and view the signals on the spectrum with an RTL-SDR. Later in the video he explains the different types of pager signals that you might encounter on the spectrum, and goes on to dissect and explain how the POCSAG protocol works.

Intro to Pagers - POCSAG with HackRF

SignalsEverywhere: Decoding HD Radio with an RTL-SDR

Corrosive (KR0SIV) from the SignalsEverywhere YouTube channel has uploaded a new video that explains and shows HD radio being decoded with an RTL-SDR.

If you are in the USA, you might recognize HD (Hybrid Digital) Radio (aka NRSC-5) signals as the rectangular looking bars on the frequency spectrum that surround common broadcast FM radio signals. These signals only exist in the USA and they carry digital audio data which can be received by special HD Radio receivers. Back in June 2017 we posted about how [Theori] was able to piece together a full HD Radio software audio decoder that works in real time. Later developments saw additional data such as traffic data and weather info extracted from HD Radio too.

Corrosive's video also shows a comparison between analog and HD Radio audio. We note that the "HD" doesn't stand for high definition, so audio quality is not really better than the analog stream. He also notes that the HD Radio data stream can contain multiple audio channels, and often they are not the same as the analog station it surrounds. One example he shows is a Simulcast AM radio station being rebroadcast via HD Radio.

HD Radio RTL-SDR Decoding vs Analog Radio

Decoding the ARES Train Protocol with an RTL-SDR

Over on YouTube user JellyImages has uploaded a video demonstrating his Windows based ARESrcvr software. ARES is a railway control communications protocol used by some trains in the USA. His code connects to an RTL-SDR dongle, and demodulates the ARES protocol, providing decoded packets to ATSCMon via UDP on localhost.

ATSCMon allows you to view train telemetry data, and see on a rail map where that control indication came from. It appears that ATSCMon actually already supports ARES decoding via audio piping, but the decoder by JellyImages is a cleaner solution that doesn't require audio piping. In the past we've posted about one other YouTube user whose uploaded videos on using ATSCMon to monitor trains [Post 1][Post 2].

JellyImages also notes that his software only supports the ARES protocol which is used mostly around former Burlington Northern (BN) territory in the USA.

YouTube Video: Reverse Engineering with SDR

Over on YouTube Black Hills Information Security (aka Paul Clark) has uploaded a one hour long presentation that shows how to use a software defined radio to reverse engineer digital signals using GNU Radio.

One of the most common uses of Software Defined Radio in the InfoSec world is to take apart a radio signal and extract its underlying digital data. The resulting information is often used to build a transmitter that can compromise the original system. In this webcast, you'll walk through a live demo that illustrates the basic steps in the RF reverse engineering process, including:

- tuning
- demodulation
- decoding
- determining bit function
- building your own transmitter
- and much, much more!

Reverse Engineering with SDR

WWV and WWVH Special Messages to Broadcast!

Starting from Monday September 16th and continuing through to October 1st, both WWV and WWVH shortwave time signal transmission stations will broadcast a special message from the Department of Defense to mark the centennial of WWV. These messages will be heard on 2.5, 5, 10, and 15 MHz. In addition from September 28 to October 2 a special WWV event will occur:

The world’s oldest radio station, WWV, turns 100 years on October 1, 2019, and we are celebrating!

From September 28 through October 2, 2019, the Northern Colorado ARC and WWV ARC, along with help from RMHam, FCCW, and operators from across the country, are planning 24-hour operations of special event station WW0WWV on CW, SSB and digital modes. Operations will shift between HF bands following normal propagation changes and will include 160m and 6m meteor scatter. We will be operating right at the WWV site and face a challenging RF environment.

WWV is a [NIST] operated HF station based in Fort Collins, Colorado. It continuously broadcasts a continuous Universal Coordinated Time signal in addition to occasional voice announcements. It has been on the air since 1919 but began continuous broadcasts in 1945 from it’s final site in Fort Collins, Colorado. WWVH is a similar time signal, but based in Hawaii.

The WWV Transmit Building

The WWV time signal can be used to automatically set RF enabled clocks to the correct time. [Andreas Spiess] on YouTube recently uploaded a video where he emulates this signal in order to control clocks within his home. This is a great watch if you’d like to learn more about how these time signals work.

The time format itself is actually pretty simple and it’s possible to emulate with a number of devices from an Arduino to Raspberry Pi and of course Software Defined Radio.

#287 Remote Controller for Clocks (IKEA and others, DCF77, WWVB, MSF, JJY)

Mike Tests out L-Band STD-C and AERO with a Low Cost Modified GPS Antenna

SDR-Kits.net have begun selling low cost GPS antennas that are modified to receive the Inmarsat satellite frequencies between 1535 MHz to 1550 MHz. They also have a version for Iridium satellites that receives 1610 MHz to 1630 MHz. The antennas are powered by a 3-5V bias tee, so they should work fine with SDRplay, Airspy and RTL-SDR Blog V3 units.

Mike Ladd from SDRplay has recently sent us a guide to receiving AERO and STD-C messages on L-band with the SDR-Kits antenna and an SDRPlay unit running SDRUno (Megaupload link).

AERO messages are a form of satellite ACARS, and typically contain short messages from aircraft. It is also possible to receive AERO audio calls. STD-C aka FleetNET and SafetyNET is a marine service that broadcasts messages that typically contain text information such as search and rescue (SAR) and coast guard messages as well as news, weather and incident reports. Some private messages are also seen. To decode AERO Mike uses JAERO, and for STD-C he uses the Tekmanoid STD-C decoder.

Mike has also created a very handy bank of frequencies for the SDRUno frequency manager which can be downloaded from here.

We note that if you're interested in waiting, at the end of September we will have an L-band patch antenna set available too. Our antenna will work from 1525 up to 1637 MHz. Prototypes have shown have shown good Inmarsat, Iridium and GPS reception. More details coming next month when manufacturing gets closer to finishing up.

Screenshot of the Tekmanoid Decoder from Mikes Tutorial
Screenshot of the Tekmanoid Decoder from Mikes Tutorial