Category: RTL-SDR

Searching for giga-Jansky fast radio bursts from the Milky Way with a global array of low-cost radio receivers (RTL-SDRs)

A few days ago a University research paper titled “Searching for giga-Jansky fast radio bursts from the Milky Way with a global array of low-cost radio receivers” was uploaded to the Cornell University Library. In this paper authors Dan Maoz of Tel-Aviv University and Abraham Loeb of Harvard suggest that citizen science enabled mobile phones and RTL-SDR dongles placed around the world could be used to detect fast radio bursts (FRBs) originating from within our own galaxy. The abstract reads:

If fast radio bursts (FRBs) originate from galaxies at cosmological distances, then their all-sky rate implies that the Milky Way may host an FRB on average once every 30-1500 years. If FRBs repeat for decades or centuies, a local FRB could be active now. A typical Galactic FRB would produce a millisecond radio pulse with ~1 GHz flux density of ~3E10 Jy, comparable to the radio flux levels and frequencies of cellular communication devices (cell phones, Wi-Fi, GPS). We propose to search for Galactic FRBs using a global array of low-cost radio receivers. One possibility is to use the ~1GHz communication channel in cellular phones through a Citizens-Science downloadable application. Participating phones would continuously listen for and record candidate FRBs and would periodically upload information to a central data processing website, which correlates the incoming data from all participants, to identify the signature of a real, globe-encompassing, FRB from an astronomical distance. Triangulation of the GPS-based pulse arrival times reported from different locations will provide the FRB sky position, potentially to arc-second accuracy. Pulse arrival times from phones operating at diverse frequencies, or from an on-device de-dispersion search, will yield the dispersion measure (DM) which will indicate the FRB source distance within the Galaxy. A variant of this approach would be to use the built-in ~100 MHz FM-radio receivers present in cell phones for an FRB search at lower frequencies. Alternatively, numerous “software-defined radio” (SDR) devices, costing ~$10 US each, could be plugged into USB ports of personal computers around the world (particularly in radio quiet regions) to establish the global network of receivers.

‘Fast radio bursts’ or FRBs are very brief pulses of extremely strong radio waves which have the transmit power of 500 million suns, though by the time they reach the earth they can only be picked up by radio telescopes. Radio astronomers have so far been mystified by the cause of these FRBs, and research has been hampered by the fact that the source of FRBs is notoriously difficult to pinpoint because they are unpredictable, and their energy appears to originate from all over the sky and not from a single point. Many scientists think that most FRBs must originate from outside of our galaxy, and in 2016 one was finally pinpointed as coming from a dwarf galaxy 2.5 billion light years away from earth. But the authors of the paper speculate from the rate of how often FRBs are seen, that our Milky Way galaxy could host its own local FRB event once every 30 – 1500 years.

If an FRB occurs within our own galaxy then they speculate that the received power could be strong enough to be detected by consumer level mobile phones or RTL-SDR radios, meaning that no large radio telescope dish is required for detection. By continuously monitoring for FRBs on mobile phones and/or RTL-SDRs spread around the world, a local FRB source could one day be pinpointed thanks to the high resolving power of multiple detectors spread apart.

[Also discussed at cfa.harvard.edu/news/2017-07]

The Very Large Array in Mexico was used to pinpoint an FRB in 2016.
The Very Large Array in Mexico was used to pinpoint an FRB in 2016.
Illustration of an FRB. Certain frequencies arrive faster than others.
Illustration of an FRB. Certain frequencies arrive faster than others.

Soft66IP: Network Connected RTL-SDR with rtl_tcp

Previously from JA7TDO who is a RTL-SDR builder in Japan we’d seen the Soft66RTL and Soft66Q which are both modified RTL-SDR units that are capable of receiving HF as well. To receive HF the Soft66RTL used an upconverter circuit and the newer Soft66Q uses an implementation of the direct sampling mod. Both units come with a preselection filter for the HF bands.

Now JA7TDO has managed to come out with a new modified RTL-SDR which he calls the Soft66IP. The Soft66IP appears to have the same specifications at the Soft66Q except without the additional preselection filter. Instead, its defining feature is that it is built together which what we assume is a Linux enabled wireless router, or some other networked single board PC. This allows you to easily get set up with rtl_tcp for streaming the radio over your network, or the internet. It seems that the unit comes preloaded with the rtl_tcp software installed, making it almost plug and play. JA7TDO advertises the features as:

  • RTL-SDR based
  • 3kHz to 1.7GHz (15MHz to 24MHz is over sampling)
  • 10/100Mbps Ethernet
  • DHCP
  • Wifi(option)
  • cheap price

Streaming the radio over a network might be advantageous as it allows you to place the unit near the antenna, avoiding long coax or USB cable runs. But rtl_tcp is quite bandwidth heavy, so it can have trouble streaming at higher sample rates. However, whatever single board PC is used on the Soft66IP may also be capable of running other more efficient streaming software such as OpenWebRX, or more specialized applications such as networked ADS-B decoders as well.

JA7TDO is selling the Soft66IP for a pre-order price of $80 USD which includes worldwide shipping. Shipping starts on March 1. After the pre-order phase the price may rise to $96 USD.

The Soft66IP, networked RTL-SDR.
The Soft66IP, networked RTL-SDR.

Reverse Engineering Signals with the Universal Radio Hacker Software

Thanks to RTL-SDR.com reader M Kizan who notified us about a Python based digital signal reverse engineering software program called ‘Universal Radio Hacker’ which is developed by Johannes Pohl. The software supports hardware interfaces for SDRs such as the RTL-SDR and HackRF and can be run on Windows, MacOS and Linux.

The Universal Radio Hacker is a software for investigating unknown wireless protocols. Features include

  • hardware interfaces for common Software Defined Radios
  • easy demodulation of signals
  • assigning participants to keep overview of your data
  • customizable decodings to crack even sophisticated
  • encodings like CC1101 data whitening
  • assign labels to reveal the logic of the protocol
  • fuzzing component to find security leaks
  • modulation support to inject the data back into the system

Inspectrum and Waveconverter are two similar programs for analyzing digital signals, however Universal Radio Hacker seems to be the most advanced.

Johannes has also uploaded four tutorial videos to YouTube which show the software in action. In the videos he uses Universal Radio Hacker to reverse engineer a wirelessly controlled power socket, and then in the last video he uses the software to transmit the reverse engineered signals via a HackRF.

Universal Radio Hacker - 01: Record a signal

Listening to February 2017 HAARP Experiments with an HF Capable SDR

This year at the end of February HAARP (High Frequency Active Auroral Research Program) scientists are planning to run several experiments that involve transmission. HAARP is a high power ionospheric research radio transmitter in Alaska, which typically transmits in the 2.7 – 10 MHz frequency region. The transmissions are powerful enough to create artificial auroras in the sky. Due to a lack of funding HAARP research was shut down in May 2013, and then later given to the University of Alaska Fairbanks (UAF) in 2015.

UAF plans to activate HAARP again at the end of Feburary, so it seems that it would be interesting to receive the waveforms with an HF capable SDR such as the RTL-SDR v3, or with an upconverter like the SpyVerter. Under some conditions the signal could propagate all over the world. It seems that the researchers are also interested in reception reports from listeners and they plan to post updates closer to the dates of transmission. The full press release reads:

The University of Alaska Fairbanks Geophysical Institute is planning its first research campaign at the High Frequency Active Auroral Research Program facility in Gakona.

The High Frequency Active Auroral Research Program facility near Gakona includes a 40-acre grid of towers to conduct research on the ionosphere. The facility was built and operated by the U.S. Air Force until August 2015, when ownership was transferred to UAF’s Geophysical Institute.

At the end of February, scientists will use the HAARP research instrument to conduct multiple experiments, including a study of atmospheric effects on satellite-to-ground communications, optical measurements of artificial airglow and over-the-horizon radar experiments.

Members of the public can follow one of the experiments in real time. Chris Fallen, assistant research professor in space physics, will be conducting National Science Foundation-funded research to create an “artificial aurora” that can be photographed with a sensitive camera. Observers throughout Alaska will have an opportunity to photograph the phenomenon, which is sometimes created over HAARP during certain types of transmissions.

Under the right conditions, people can also listen to HAARP radio transmissions from virtually anywhere in the world using an inexpensive shortwave radio. Exact frequencies of the transmission will not be known until shortly before the experiment begins, so follow @UAFGI on Twitter for an announcement.

For more details on the dates and times of Fallen’s experiments, as well as information on how to observe, visit https://sites.google.com/alaska.edu/gakonahaarpoon/. Information is also available at the HAARP website, the UAF http://gi.alaska.edu/haarp-0 and the official UAF HAARP Facebook page, https://www.facebook.com/UAFHAARP/.

Operation of the HAARP research facility, including the world’s most capable high-power, high-frequency transmitter for study of the ionosphere, was transferred from the U.S. Air Force to UAF in August 2015.

On their Google sites page they write how to participate:

Anybody who wants to participate and follow HAARP experiments should follow the official and unofficial announcements linked at the top of this page. There are two main ways to participate in the campaign: by listening to the radio transmissions from HAARP itself or by photographing artificial auroras created by HAARP. Amateur (Ham) radio operators can also use temporary ionosphere irregularities created by HAARP to open new propagation modes for their own transmissions.

A shortwave radio and knowledge of the time and frequency of the HAARP transmissions provides opportunities to “listen in” since the radio wave energy often (but not always) propagates very large distances, sometimes worldwide! Shortwave radios capable of receiving frequencies in the same range that HAARP can transmit, between approximately 2.7 and 10 MHz (2700 and 10,000 kHz) allow anyone to hear HAARP transmissions provided long-distance radio propagation conditions are sufficient and the radio is tuned to one of the frequencies where HAARP is transmitting. Ham radio operators also have an opportunity to reflect (or “bounce”) their own transmissions, typically in the HF, VHF or UHF bands, off ionosphere irregularities created above HAARP during high-power experiments. This creates propagation modes that would normally only be possible during certain space weather events such as aurora.

The video below shows one of the last scheduled HAARP transmissions from when it was still under the control of the US Air Force.

Oddity Station, HAARP, multiple waveforms and frequencies, June 04, 2014

[First seen on swling.com]

 

Building a DIY Carbon Fibre Yagi Antenna with 3D Printed Parts for 20€

Over on his blog author Manuel a.k.a ‘Tysonpower’ has written about a DIY Carbon Fibre Yagi antenna that he’s built for only 20€. The antenna is very lightweight thanks to a 12mm diameter carbon fibre pipe which is used as the main boom. It also uses 3D printed parts that clamp onto the carbon fibre pipe and hold the metal elements in place. The advantage of the carbon fibre pipe over a PVC one is not only is it lightweight and much easier to hold, but it also stronger, and much less bendy and floppy. The metal elements are welding rods which he found on eBay, and the carbon fibre pipe was sourced cheaply from China with Aliexpress. 

A Yagi is a directional antenna with high gain towards the direction it is pointing. You’ll need to hand point the Yagi in the general direction of the satellite as it passes over, but you can expect much higher SNR readings compared to something like a QFH or Turnstile.

Manuel designed his antenna for 2M satellites (NOAA, Meteor M2, ISS etc), and was able to achieve over 36 dB SNR with an RTL-SDR.com V3 receiver, FM Trap and LNA4ALL on NOAA 18 at a 34° max. pass. He writes that the design is easily modifiable for other frequencies too.

To show off the design, construction and performance of his antenna he’s uploaded two videos to YouTube which we show below. The speech is in German, but even for non-German speakers the video is easily followed

[EN subs] Yagi Antenne aus Carbon bauen (140mhz, 3 Elemente) - DIY

Über 36db SNR!- Test der DIY Yagi aus Carbon

First Steps Towards Decoding HD Radio

Programmer Phil Burr wrote in and wanted to share his newest code which is a partial implementation (no audio) of the iBiquity IBOC HD Radio standard. HD Radio is a proprietary broadcast radio protocol and is used only in North America. You may have noticed it before as the rectangular sidebands on the spectrum which surround standard analogue broadcast FM signals.

The audio codec specifications are not public and is thus not implemented here, so this code has very little use outside of being a good learning tool. But Phil does write that if anyone if able to figure out how to decode the codec, then this code may be a good starting point.

Phil writes:

I wrote this because I wanted to learn about digital broadcasts. Despite the fact that the audio codec used is iBiquity’s proprietary HDC codec, I decided that writing a receiver that could decode the air interface would be a great learning experience.

iBiquity’s HDC codec is supposedly based upon some of the same technologies as HE-AAC codec so it may be possible for some audio codec gurus, given access to the raw HDC audio packets, to write a decoder for the codec.

The receiver is somewhat limited. It only decodes FM MP1 profile transmissions (which happens to includes every IBOC FM transmitter in my area). It is also somewhat limited in the Layer2 packet demultiplexing. It likely needs a strong signal in order to decode signals reasonably well. However it is just enough to get access to the main program stream.

HD Radio Sidebands Visible on the Spectrum
HD Radio Sidebands Visible on the Spectrum

A Design for a Robust, Selective and Flexible RF Front-End for Wideband Receivers

Recently Sivan Toledo wrote in wanting to share an academic paper he wrote together with Itamar Melamed, both from Tel-Aviv University in Israel. The freely available paper describes the design and evaluation of a second-generation front-end for wideband software defined radios. Their front-end helps SDRs optimize reception by providing filtering, a bias tee for mast head amplifiers and also protects the radio against damage from strong signals with an RF limiter. The abstract reads:

In this paper, we describe the design and evaluation of a second-generation front-end unit for wideband sampling radio receivers. The unit contains a surface acoustic wave (SAW) filter to protect the receiver from strong out-of-band signals, an RF limiter to protect both the filter and the receiver from physical damage due to strong signals, and a bias tee with a DC limiter to provide DC power to a masthead low-noise amplifier, if one is used. The unit allows receivers such as those of the universal software radio peripheral (USRP) N-series type to be effectively used in RF environments with weak signals and strong in-band and out-of-band interferences.

Although the front-end is designed for the USRP SDR, it should also work well with RTL-SDR dongles and other SDRs. The authors also write that their design is uploaded and available for PCB printing on CircuitHub.

Itamar and Sivans RF Front-End
Itamar and Sivans RF Front-End

Reverse Engineering Honeywell 345 MHz Home Automation Sensors with an RTL-SDR

OpenHAB is an open source home automation software program which is designed to interface and manage all the various sensors and systems in an automated house. One problem however, is that many wireless sensors and actuators utilize a proprietary communications protocol that is not supported by OpenHAB.

In his home, Dan Englender had several Honeywell 5800 series 345 MHz wireless security door sensors, all of which interface using a proprietary protocol that is not yet implemented in OpenHAB. In order to get around this, Dan decided to reverse engineer the protocol and implement a decoder into OpenHAB himself. 

Dan’s four part write up covers the RF capture & demodulation, protocol reverse engineering and implementation into OpenHAB. First he looked up the frequency and bandwidth of the signal via the FCC filing information on fcc.io. Then he captured some packets from a door sensor using his RTL-SDR and GNU Radio, and then wrote a short Python program to decode the protocol and transmit the door open/closed information to OpenHAB. In the future he hopes to optimize the decoder so that it can comfortably run on a Raspberry Pi as the GNU Radio script uses quite a bit of computing power.

The final project is called decode345 and the code is available over on his GitHub.

Honeywell 345 MHz Door Sensor
Honeywell 345 MHz Door Sensor
Custom Door Sensor Status in OpenHAB
Custom Door Sensor Status in OpenHAB

[Also seen on Hackaday]