When testing the frequency synthesizer Harris found that it could be fairly well calibrated to sit on a desired local oscillator frequency. Originally he had been testing the generator with it directly connected to the RTL-SDR, however later he added some attenuation to prevent the RTL-SDR from overloading. Despite this even with the attenuation he found that the frequency generator seemed to be fairly noisy and poor in terms of the strength of the harmonics produced. He notes that to use in a real application it will probably require good filtering.
In the video shown below Harris demonstrates the frequency generator output and harmonics using the RTL-SDR.
Last week we posted about how Matthew Miller deomnstrated that he was able to get the Windows digital speech decoder (DSD+) software running under OSX with WineSkin. DSD+ allows you to decode digital voice signals such as P25 and Motorola DMR. A few users asked how to actually use WineSkin to create a wrapper, so now Matthew has uploaded a new tutorial video showing how to use WineSkin to get DSD+ running on OSX.
In the video he shows how to download and install WineSkin, and how to create a wrapper that allows DSD+ to run on OSX. The process is relatively simple and only involves using GUI based tools.
Adam writes that the filter will be most useful for those living in urban areas that are close to radio and TV towers. The filter is built on his standard filter PCB which also has the ability to add a simple bias tee circuit for powering externally positioned LNA’s such as his LNA4ALL which are necessary for good reception at L-band with an RTL-SDR.
He is currently selling it fully assembled for 20 euros, plus 5 euros for worldwide shipping.
A while back we posted about Samy Kamkars popular “RollJam” device, which was a $32 home made device that was able to defeat rolling code based wireless security systems such as those used on modern cars.
Wireless security researcher Andrew Macpherson became interested in RollJam and has now written up a post showing how to create a similar device using the YardStickOne and RFcat wireless tools. In his post Andrew shows how he automates the replay attack side of things using a Python script and two RFcat devices. He also fully explains how rolling codes work and how to attack them using the CodeGrabbing/RollJam technique. Andrew explains the RollJam technique as follows:
Target parks their car, gets out the carAttacker launches a jammer that prevents the car from receiving the code from the remote
Target presses the remote, car does NOT lock and the attacker obtains the first keypress
Target presses the remote a second time and the attacker obtains the second keypress
Attacker then sends the first key press to lock the car, car locks as per normal
Target assumes all is well and carries on about their day
Attacker then sends the second keypress to the car, unlocking it
Profit.
Target returns to the vehicle and remote works as per normal
In the video below Andrew uses an SDR to help demonstrate the RollJam attack.
6. jam and replay rolling code rolljam codegrabbing
DSD+ (Digital Speech Decoder+) is a popular Windows tool that can be used together with an RTL-SDR to decode digital speech signals such as P25 and DMR. There is unfortunately no version for OSX.
However, recently on YouTube user Matthew Miller has uploaded a video showing DSD+ running with CubicSDR on OSX. To do this he used a utility called “Wine Skin” which creates a wrapper that allows Windows software to run on a MAC computer running OSX. This means that DSD+ can be run on directly OSX without the need to use a virtual machine with Windows installed on it.
Jupiter and its satellites like Io sometimes interact to create “radio storms” which can be heard from earth at frequencies between 3 to 30 MHz. The radio storms can be predicted and Mario uses the Windows software Radio Jupiter Pro to do this. This helps to predict when are the best times to listen for emissions. On his Raspberry Pi Mario has also written a python script that can do the predictions too.
To make the radio emissions measurements, Mario uses an RTL-SDR dongle and upconverter together with rtl_power to gather FFT frequency power results and waterfall plots. To measure the emissions Mario writes that he keeps the frequency scan running for at least several hours a night with a Raspberry Pi as the receiving computer. For his antenna the low Jupiter frequencies necessitate a large 7 meter dipole tuned for receiving at 20.1 MHz.
For the Internet of Things side of the project, Mario envisions that several amateur radio astronomers around the world could run a similar setup, with all sharing the data to an Amazon AWS data storage server. Mario has already written software that will do the scan and automatically upload the results to the server. To participate you just need to write to him to receive the AWS IoT authentication certificate files.
The internet of things is set to become the next big thing in technology. The IoT consists of multiple networked devices such as sensors and computers connected in various ways such as via wireless communication protocols. LoRa is an abbreviation of “Long Range” and is one such wireless protocol that is being used in IoT devices.
[LoRa] is a radio modulation format that gives longer range than straight FSK modulation. This is achieved by a combination of methods: it uses a spread spectrum technique called Chirp Spread Spectrum (CSS) and it uses forward error coding (in combination with whitening and interleaving).
Over at the RevSpace hackerspace, a hardware hacker called bertrik has been working with his RTL-SDR to try and reverse engineer the LoRa protocol. His goal is to make it so that anyone can receive and decode LoRa signals without needing to purchase specific hardware that supports the modulation. The reverse engineering work is not yet finished, but bertrik has already determined many parts of the protocol by looking at the signals in Audacity. He also writes that there is currently a ready made LoRa decoder available for sdrangelove, a Linux based SDR receiver application similar to GQRX and SDR#.
You might also be interested in this previous article we posted about the Z-Wave wireless networking protocol being hacked with a HackRF.
The two most important things to pay attention to when receiving AERO signals are signal SNR and frequency stability. In order to lock on to the signal, the signal’s frequency must remain relatively stable over a short period of time. For the stability test Jonti writes the following, referencing the image posted below:
You can see the old RTL dongle moves almost 3kHz within a couple minutes after being turned on, this speed is so rapid that JAERO can’t keep up with the frequency changed during this period of time. What’s odd is the old RTL dongle does some fairly crazy stuff around 20 minutes in that lasts for about 15 minutes, JAERO also can’t cope with some of that. The other thing to notice in the old RTL’s spectrograph are vertical lines, these lines I believe are caused by interference entering the dongle between the RTL dongle’s tuner and ADC (analog-to-digital converter).
The frequency stability of the new RTL dongle can only be described as amazing!!! There is not much more than 100 Hz change during the whole test.
The range of frequencies for the SDRPlay is similar to that of the old RTL dongle of about 3kHz. The difference being the transition from the lowest frequency to the highest frequency is slow. Any demodulator should not have any issue tracking this slow and steady change. The only problem you will encounter here is when you are trying to tune into a particular frequency your frequencies will be slightly different depending on the temperature of the SDRPlay.
The results of the frequency stability test on an AERO signal. Left: Standard RTL-SDR; Middle: RTL-SDR Blog Unit; Right: SDRplay.
Jonti also found that in terms of sensitivity the SDRplay was the best at receiving when a non active antenna (an active antenna is an antenna with a built in LNA) was used. The RTL-SDR dongles could not receive well at all when a non active antenna was used. When an active GPS antenna was used the SDRplay was only about 1dB more sensitive than the RTL-SDR dongles.
In his article Jonti expressed concern that the SDRplay did not see much improvement in SNR over the RTL-SDRs when an active antenna was used. Our thoughts on the sensitivity findings are that the SDRplay does not see much improvement with an active antenna because the noise figure of the system is not reduced any further by adding an additional front end LNA (the noise figure in a RF system is almost entirely determined by the first LNA in a RF chain). Adding an extra LNA could even potentially make reception worse by reducing the overall linearity of the system. An external LNA would only be beneficial if a long run of coax was used between the feed and SDR, and in Jonti’s connections he connected the feed and SDRplay with a very short cable. The RTL-SDR only works well with an active antenna because its raw sensitivity at 1.5 GHz isn’t great, and it needs the extra boost from the LNA.
