Over on YouTube user Adam Alicajic (creator of the popular LNA4ALL low noise amplifier) has uploaded a video showing the performance of a home made wideband helix antenna that he has created for receiving signals such as ones from L-Band Inmarsat satellites. See our tutorial for more information on receiving Inmarsat signals.
Adams helix antenna is built out of an old used can and is based on a 1.1 turn design. In the first of three videos he shows that the SWR of the antenna is all well below 2.0 from 1.5 GHz to 3 GHz. In the second video Adam shows the performance of the helix antenna on actual L-band signals being received with an RTL-SDR dongle. In the final video Adam compares the helix again a patch antenna and finds that the two receive with very similar performance.
SimpliSafe is a home security system that relies on wireless radio communications between its various sensors and control panels. They claim that their system is installed in over 300,000 homes in North America. Unfortunately for SimpliSafe, earlier this week Dr. Andrew Zonenberg of IOActive Labs published an article showing how easy it is for an attacker to remotely disable their system. By using a logic analyser he was able to fairly easily reverse engineer enough of the protocol to discover which packets were the “PIN entered” packets. He then created a small electronic device out of a microcontroller that would passively listen for the PIN entered packet, save the packet into RAM, and then replay it on demand, disarming the alarm.
A few days later Micheal Ossmann (wireless security researcher and creator of the HackRF SDR and YardStick One) decided to have a go at this himself, using a YARD Stick One and a HackRF SDR. First he used the HackRF to record some packets to analyze the transmission. From the analysis he determined that the protocol was an Amplitude Shift Keying (ASK) encoded signal. With this and some other information he got from the recorded signal, he could then use his Yardstick One to instantly decode the raw symbols transmitted by the keypad and perform a replay attack if he wanted to.
Next, instead of doing a capture and replay attack like Andrew did, Micheal decided to take it further and actually decode the packets. This took him a few hours but it turned out to not be too difficult. Now he is able to recover the actual PIN number entered by a home owner from a distance without having to do any transmitting. With the right antenna someone could be gathering 100’s of PINs over a distance of many miles. Also, an expensive radio is not required, Micheal notes that the gathering of PIN numbers could just as easily be done on a cheap $10-$20 RTL-SDR dongle.
Micheal notes that the SimpliSafe alarm seems to lack even the most basic cryptographic protection, and that this is a problem that is seen all too often in wireless alarm systems. Rightly so, Micheal and Andrew are not publishing their code, although it seems that anyone with some basic knowledge could repeat their results.
The Meteor M N-2 is a polar orbiting Russian weather satellite that was launched in July 2014. It transmits with the LRPT protocol which allows us to receive weather satellite images that are of a much higher resolution than the NOAA APT satellites. For a while since the launch RTL-SDR users had a good time receiving beautiful images from Meteor M-N2, but unfortunately since late last year the N2 LRPT transmitter has been turned off, due to technical problems with the IR sensors as cited by Russian meteorologists.
Fortunately for Meteor N2 enthusiasts the old Meteor M N1 satellite which was thought to be dead sprung back into life around November 2015. Recently Matthew A., a reader of our blog wrote in to let us know that while N2 is still not transmitting, N1 is still transmitting, albeit with somewhat distorted images. Matthew also mentions this link: http://homepage.ntlworld.com/phqfh1/status.htm, which contains up to date info on the status of all weather satellites. He also writes:
While transmissions are readily detectable and decodable at night, it seems that M N-1’s infrared sensors are not functioning. Yielding only black, with the typical noise bars of Red, Green, or Blue
As has been previously mentioned, Meteor MN-1’s stabilization system has obviously failed, and the horizon is clearly visible. Perhaps not of scientific value, but certainly beautiful.
We also note that there are several comments over on the Meteor-M N2 news and support website regarding receiving images from N1 and N2. It seems that sometimes N1 also has some problems with transmission, but they are usually quickly fixed.
Jonti, the programmer of JAERO has recently updated his software to version 1.04 which can now be used to decode C-Band AERO signals. Previously only L-Band (1.5 GHz) AERO signals could be decoded with JAERO. C-Band signals are much harder to receive as they are at 3.6 GHz, so require an LNB, and they are also much weaker so require a large dish (at least about 1.8 meters or larger in diameter). However, the interest in them is that C-Band AERO signals arguably contain more interesting information that the L-Band AERO data. They contain actual aircraft position data which would allow you to plot the locations of all planes using that satellite. About the information that can be received Jonti writes:
The L band Aero signals (around 1.54GHz) that everyone has been decoding lately using JAERO are the very strong signals being sent from the satellites to the airplanes, this is the information that is being sent from the GESs (ground earth stations i.e. the people on the ground) to the AESs (air earth stations i.e. the people in the airplanes). A modified 2cm GPS antenna, an LNA (Low Noise Amplifiers) or two, and an SDR receiver is enough to receive such signals.
Receiving the information going the other way around from the people in the airplanes to the people on the ground is a lot more challenging. This AES to GES information first gets transmitted from the airplanes around 1.6 GHz to the satellites which is then relayed back down to the GES people on the C-band around 3.6 GHz. that means to receive information from the airplanes the only practical option is to receive the 3.6 GHz frequencies. This is above any SDR receiver I know of. To make things worse, I believe the signals are 11dB weaker than the L band ones that everyone has been receiving. Complicating matters further the signals are transmitted in bursts and each burst is dependent on the airplane’s L band transmitter. So a weaker L band transmitter on a plane produces a weaker C-band burst transmission, likewise any frequency offset of an L band transmitter on the plane produces a frequency offset on the C-band.
So what’s so attractive about C-band Aero signals?
Two reasons spring to mind. The first is the challenge of receiving and demodulating it and the second is this information contains plane location information like ADS-B (Automatic dependent surveillance – broadcast) so you can produce pretty pictures of where all the planes are in the world.
Over on his blog, Twitch has uploaded a post showing how he mounted two RTL-SDR dongles into a single metal case in order to reduce noise. Twitch used a $2 aluminium metal case that he obtained from a local surplus shop and cut it down to size and added holes for switches and BNC plugs. He then mounted two RTL-SDR dongles in the case and used two MCX -> BNC pigtails to get a case mounted coax connector.
He also removed the USB plugs on the RTL-SDR’s and wired them into a USB B plug mounted to the case, making sure to wind the USB power cables through several turns of ferrite core in order to reduce USB noise. Finally he also added a power switch to the USB connections, to be able to easily power off the units when not in use.
Recently the commonly used Frequency Manager Suite Plugin for SDR# has been updated. The plugin suite works well with the RTL-SDR and includes features such as a frequency scanner and manager, a scanner metrics recorder, a scheduler, an activity logger and a frequency entry plugin. The changelog is shown below:
Frequency Manager + Scanner
New feature: you may now optionally display the descriptions of frequencies in your database on the spectrum window. You control the colors and transparency of the descriptions and their marker lines.
New feature: the Browse window now allows you to type a frequency directly into the grid, and the grid will dynamically filter your database to matching frequencies. You may type a partial frequency and all frequencies that start with the same digits will be displayed. The more digits you type, the more specific the filtering.
New feature: A checkbox in Preferences lets you control whether the Last Update field is changed when performing bulk edits. When unchecked this permits you to retain the original date and time the frequency was recorded in the database.
New feature: You may now change the font size in the Scanner Decisions window and plugin. The new size will be remembered and used the next time you start SDR#.
New article: User David Bunyan has provided a how-to article in the Appendix on how to use the scanner effectively for WFM DXing. See also the WFM DXing Databases download in the Download Here section to get pre-built databases for different regions around the world, also graciously provided by David Bunyan.
Scanner Metrics
Bug fix: fixed error in the queue manager that prevented recording activity when the date-time format on the computer was not United States.
Bug fix: fixed error that prevented SM from putting its database in the same folder as FM, if the FM database location was changed after SM was loaded.
Data Tools
New feature: default values for imports. Will automatically assign values when they are missing from the source import data.
Bug fix: Fixed culture-specific issue with Frequency values when an Eibi database is downloaded.
Bug fix: Fixed bug that caused Data Tools to change the current database in Frequency Manager + Scanner.
Bug fix: Importing an SDR# Frequency Manager data file now results in a prompt to add or replace existing data in the target FMSuite database.
The Pluginator
New feature: The Pluginator now knows many of the most popular plugins. So now you may simply select one from a list and it will be installed to Plugins.xml, as opposed to requiring you to type the configuration data for the chosen plugin.
AIS Share is an app for Android that allows you to turn an Android device into an AIS receiver by using an RTL-SDR. AIS stands for Automatic Identification System and is used by ships to broadcast their GPS locations, to help avoid collisions and aid with rescues. An RTL-SDR with the right software can be used to receive and decode these signals, and plot ship positions on a map.
AIS Share is a dual channel decoder that outputs decoded NMEA messages via UDP, so that plotting software like OpenCPN can be used to display the ships on a map. AIS Share had been around before in another form known as rtl_ais_android which we posted before, but this version of AIS Share is a newly updated and improved version that now includes a very nice GUI. The app costs about $2 and is available on the Google Play store, but there is a demo available that will work up until 1000 messages are received. You will need an RTL-SDR and a USB OTG cable to run the app.
In the future the author writes that he’d like to update the app to support things like the ability to change more dongle settings like bandwidth/sample rate and add the possibility of using the internal phone/tablet GPS. He is also open to any community suggestions.
AIS Share Receiver on the sailboat in a waterproof case.The back of the Android Tablet, showing the RTL-SDR and the antenna connection.The AIS Share main screen GUI.
https://www.youtube.com/watch?v=ApGk8P82THs (Unfortunately the video has been removed)
The ESP8266 is a $7 WiFi module that can be used to give any microcontroller access to a WiFi network. It is designed for creating Internet of Things (IoT) devices and has various features such as it’s ability to host it’s own web applications. The ESP8266 also has a I2S output with DMA support. By hooking up this I2S output pin to a short wire, YouTuber CNLohr has demonstrated that he is able to use the ESP to broadcast full color NTSC TV. This works in a similar way to how PiTX works, by using the pin to modulate a radio signal. CNLohrs code note only broadcasts color NTSC, but also provides a full web interface for controlling it.
In the first video CNLohr shows off his initial work at getting the NTSC output working and in the second video he shows color working. Later in the second video he also uses an RTL-SDR to check on the NTSC spectrum that is being output.
