Category: Digital Signals

Running GR-GSM and IMSI Catcher on a Raspberry Pi 4 with Dragon OS

DragonOS is a ready to use Ubuntu Linux image that comes preinstalled with multiple SDR software packages. The creator Aaron also runs a YouTube channel showing how to use the various packages installed. 

In his latest video Aaron tests his Pi64 image with GR-GSM and IMSI Catcher running with the GNU Radio 3.10 platform on a Raspberry Pi 4. He tests operation with an RTL-SDR and LimeSDR.

GR-GSM is a GNU Radio based program capable of receiving and analyzing mobile GSM data. We note that it cannot decode actual messages without additional information about the encryption key, but it can be interesting to investigate the metadata. GSM is mostly outdated these days, but still used in some areas by some older phones and devices. IMSI Catcher is a script that will record all detected GSM 'IMSI' numbers received by the mobile tower which can be used to uniquely identify devices.

Short video setting up and testing GR-GSM on DragonOS Pi64 w/ GNU Radio 3.10 and the RTL-SDR. The current DragonOS Pi64 build has GNU Radio 3.8 and all the necessary tools to accomplish what's shown in this video. If you'd like to test the build shown in this video, it's temporarily available here until I finish and put it on Source Forge.

https://drive.google.com/drive/u/1/fo...

A LimeSDR and DragonOS Focal's Osmo-NITB-Scripts was used to create the GSM900 lab environment. The RTL-SDR was able to see and decode the GSM900 network and although only briefly shown in the video, the IMSI Catcher script works.

Here's the fork used for this video and for testing. There's also a pull request on the main GR-GSM repo for this code to be added.

https://github.com/bkerler/gr-gsm

DragonOS Pi64 Testing GR-GSM + IMSI Catcher w/ GNU Radio 3.10 (RTLSDR, Pi4, LimeSDR, OSMO-NITB)

Troubleshooting TV Reception with Spektrum and an RTL-SDR

Thank you to "Double A" for submitting his latest YouTube tutorial video that shows how to use an RTL-SDR together with the Spektrum software to optimize TV reception by comparing TV antennas, repositioning antennas and detecting interference.

Double A's video first shows how to setup the RTL-SDR and how to install and use the Spektrum analyzer software. He then compares a popular highly rated phased array TV antenna against cheaper log periodic TV antenna, with the results showing that the phased array works a lot better at most TV frequencies even with accurate positioning. He goes on to show how he scans for FM, 5G and local electronics interference and the effect of an FM filter can help.

Improve Antenna TV Reception and Detect Interference using the RTL-SDR USB as a Spectrum Analyzer

DAB+ Decoder Welle.io Version 2.4 Released and YouTube Demonstration Video

Version 2.4 of the RTL-SDR compatible DAB/DAB+ decoder called welle.io has recently been released for download on GitHub. The main changes include various bug fixes, the addition of Windows 11 support, and the return of the Android APK (but only with rtl_tcp support).

The author has also released a new YouTube video tour, demonstrating the software in action, and explaining all the features.

Showing welle.io a SDR to listen DAB/DAB+.

Demonstrating the New 3D Maps in SDRAngel

In December of last year we posted about a video demonstrating the many features that the SDRAngel software comes standard with. Recently they've added a new feature which are 3D maps that can be used to visualize signal data.

In the latest video demonstration they show these 3D maps projecting NOAA weather satellite images onto a 3D globe and at the same time tracking the NOAA satellites over the globe as it produces imagery. They also show the software visualizing a 3D model of aircraft on the globe, using live ADS-B data to show aircraft maneuvers when taking off, cruising and landing. With multiple SDRs they also show how the visualization can be combined with air traffic voice. Finally they also show marine vessels being visualized via live AIS data. There appear to be a wide range of vessel 3D models implemented.

Turbine: Capture and Stream all Frequencies in a Trunked Radio System with a HackRF

Over on Reddit we've discovered an interesting program called 'Turbine' that has recently been open sourced by the author. This program connects to a wideband capable SDR such as a HackRF and captures and streams all frequencies in a trunked radio system. Users can then browse the recordings online. On his reddit post u/norasector introduces Turbine, and his application for it called 'NoraSector'.

I am open sourcing the SDR code for NoraSector, which currently captures and streams the radio systems for both King and Snohomish County, WA. It uses a HackRF One to capture every channel concurrently, and can even process multiple systems at the same time, provided they are within the same bandwidth that is captured by the SDR and there's adequate reception. I plumb the output through a WebRTC streaming infrastructure I built to stream audio to clients over the web with very low latency. My goal was to give complete access to an entire system to anyone over the web, just as they would have if they were using a handheld scanner, and with comparable latency.

Turbine is a bit different other SDR software out there. It's written entirely in Go, and was built explicitly to only use a single SDR rather than bonding multiple SDRs together.

Turbine works by tuning known control frequencies and then tuning all voice frequencies it learns from them. Voice transmissions are encoded using the Opus audio codec for compatibility with WebRTC and blasted out as frames over UDP. It also includes a functional-but-janky built-in visualization web server to look at each stage of the DSP pipeline for each frequency, which was crucial for debugging as I was building it.

Right now, it only supports legacy Motorola SmartZone systems (which is what is used near me), but it shouldn't be a large lift to make it support P25. The code is heavily influenced by op25 and GNURadio (and in some places just outright copying them). I built it in Go because a) it's what I'm most familiar with and b) the sheer density of GNURadio made it hard for me to piece things together how I wanted. Go's concurrency model is a natural fit for doing many concurrent operations on the byte stream, and I haven't had issues with garbage collection pausing execution in a detrimental way.

Turbine isn't intended for use with lower sample rate SDRs like the RTLSDR. It has a driver for it, but doesn't support bonding multiple SDRs together. If an entire system fits within the 2MHz sample rate, it would probably be fine. You should be able to fire it up with a RTLSDR but it will not be able to capture very much. It currently only officially supports the HackRF One, but adding other SDRs should be relatively trivial. Note that the HackRF I am using is the model with the upgraded TCXO, as I found that the built-in oscillator was not accurate enough.

Turbine has only been tested to run on Linux and is very CPU-intensive; the production radio runs on a dedicated i7-11700k 8c/16t CPU and consumes about 60% of all cores decoding both systems. There are some potential optimizations that could be made that would lower CPU consumption during periods of low activity, but I built it for the worst case of having to encode every voice frequency at once.

The usual disclaimers about OSS apply. I hope you find it interesting or perhaps useful, and maybe portions can be adapted so Go can be used more in SDR projects.

There have been similar projects in the past like radiocapture-rf, scaneyes, and broadcastify calls, but Turbine looks like one of the most comprehensive.

Norasector: An implementation of the Turbine Trunk Recording software

Video Tutorial: Decoding HD Radio on Windows with nrsc5-gui

Thank you to "Double A" for submitting his video that shows how to install and run the RTL-SDR compatible HD Radio decoder nrsc5-gui on a Windows machine. We've posted about nrsc5-gui and the modified nrsc5-dui software in the past, however despite being Windows compatible, it has only been simple to run on Linux.

In his video Double A shows us how to download and extract the files, how to set up the Windows mingw environment which is required to run the software, and where to place a required dll file dependency. Finally he demonstrates the software in action, running on his Windows machine.

Decoding HD Radio on Windows with RTL-SDR USB

Remoticon 2021: Smart Meter Hacking Talk

Remoticon 2021 was an online conference held in November 2021 and videos of presentations have recently been uploaded to the Hackaday YouTube channel this month. One very interesting talk was the presentation by Hash Salehi (RECESSIM) on reverse engineering electricity smart meters that are used to remotely monitor and bill home electricity usage in some neighborhoods.

In the past we've posted about Hash (RECESSIM)'s series on smart meter hacking a few times before. In this latest talk Hash summarizes his smart meter hacking experience, talking about how he went from reverse engineering the firmware, to using an SDR to capture and decode information from all the smart meters in his neighborhood, and finally to determining how to actually transmit data to his own smart meter network.

Hackaday have also posted a full writeup on his talk. This is a very in depth reverse engineering project so it is a great talk to learn from.

Remoticon 2021 // Hash Salehi Outsmarts His Smart Meter

Nils Reviews our RTL-SDR Blog L-Band Active Patch Antenna

Over on his blog Nils Schiffhauer (DK8OK) has recently uploaded a review of our RTL-SDR Blog Active L-Band Patch Antenna. This is a satellite patch antenna designed for experimenters who want to receive Inmarsat, Iridium, GPS and other GNSS signals. It covers 1525 - 1660 MHz. (Please note it does not cover GOES or other L-band weather satellites as these are much weaker signals that require a dish). The antenna comes as a set with mounting hardware and extension cable and can be purchased on our store for $49.95 including free worldwide shipping to most countries.

In his review Nils tests the patch antenna with his wideband BladeRF software defined radio showing a wide 60 MHz of bandwidth being received. He then goes on to show it being used to receive AERO, via the JAERO decoder, and STD-C via the Tekmanoid decoder.

We want to take this opportunity to pre-announce that due to rising shipping costs the price of this antenna set will be going up by $10 in early 2022. Before the price raise we will put out another post, but if you are interested in one we'd recommend picking one up soon.

Nils tests the water resistance of the antenna.