Samy Kamkar is famous in the wireless and hardware information security scene for his research on various security exploits including methods to defeat rolling code security, and using a children's toy to open wireless garage doors. In a recent Hackster.io Hackster Café interview Samy talks about various security related topics including software defined radios.
Samy Kamkar first became notorious for software and hardware security exploits – including SkyJack, a custom drone that could take control of other UAVs, and OpenSesame, a hacked child's toy that can open remote-controlled garage doors. He now brings this deep experience to Openpath, the touchless access control company he co-founded in 2016. From security celebrity to founder, we sit down for a chat with Samy on this episode of Hackster Café (new episodes every Tuesday at 10am Pacific).
Thank you to Wayne Campbell for submitting news about the release of the latest 0.5.0 iteration of his RTL-SDR compatible 'rsadsb' software package that plots ADS-B aircraft positions on a terminal based display. Wayne has also created a blog post describing how to set up a Raspberry Pi based portable ADS-B setup with his software.
The package consists of two separate programs 'dump1090_rs' and 'radar' (aka adsb_deku). The dump1090_rs program is a rust implementation of the dump1090 ADS-B decoder and 'radar' is the terminal based map. A quickstart guide for setting up both programs is also available.
The software can run on a Raspberry Pi and works well displayed on a portable touchscreen. It appears that the terminal display is very responsive with zoom controls for the radar display, a coverage map, and a tidy list of all detected aircraft.
If you're interested in terminal based displays, we've posted about a similar terminal based ADS-B plotter called 'coole-radar' in the past, as well as a terminal based spectrum analyzer display called retrogram.
In December of last year we posted about a video demonstrating the many features that the SDRAngel software comes standard with. Recently they've added a new feature which are 3D maps that can be used to visualize signal data.
In the latest video demonstration they show these 3D maps projecting NOAA weather satellite images onto a 3D globe and at the same time tracking the NOAA satellites over the globe as it produces imagery. They also show the software visualizing a 3D model of aircraft on the globe, using live ADS-B data to show aircraft maneuvers when taking off, cruising and landing. With multiple SDRs they also show how the visualization can be combined with air traffic voice. Finally they also show marine vessels being visualized via live AIS data. There appear to be a wide range of vessel 3D models implemented.
Over on Reddit we've discovered an interesting program called 'Turbine' that has recently been open sourced by the author. This program connects to a wideband capable SDR such as a HackRF and captures and streams all frequencies in a trunked radio system. Users can then browse the recordings online. On his reddit post u/norasector introduces Turbine, and his application for it called 'NoraSector'.
I am open sourcing the SDR code for NoraSector, which currently captures and streams the radio systems for both King and Snohomish County, WA. It uses a HackRF One to capture every channel concurrently, and can even process multiple systems at the same time, provided they are within the same bandwidth that is captured by the SDR and there's adequate reception. I plumb the output through a WebRTC streaming infrastructure I built to stream audio to clients over the web with very low latency. My goal was to give complete access to an entire system to anyone over the web, just as they would have if they were using a handheld scanner, and with comparable latency.
Turbine is a bit different other SDR software out there. It's written entirely in Go, and was built explicitly to only use a single SDR rather than bonding multiple SDRs together.
Turbine works by tuning known control frequencies and then tuning all voice frequencies it learns from them. Voice transmissions are encoded using the Opus audio codec for compatibility with WebRTC and blasted out as frames over UDP. It also includes a functional-but-janky built-in visualization web server to look at each stage of the DSP pipeline for each frequency, which was crucial for debugging as I was building it.
Right now, it only supports legacy Motorola SmartZone systems (which is what is used near me), but it shouldn't be a large lift to make it support P25. The code is heavily influenced by op25 and GNURadio (and in some places just outright copying them). I built it in Go because a) it's what I'm most familiar with and b) the sheer density of GNURadio made it hard for me to piece things together how I wanted. Go's concurrency model is a natural fit for doing many concurrent operations on the byte stream, and I haven't had issues with garbage collection pausing execution in a detrimental way.
Turbine isn't intended for use with lower sample rate SDRs like the RTLSDR. It has a driver for it, but doesn't support bonding multiple SDRs together. If an entire system fits within the 2MHz sample rate, it would probably be fine. You should be able to fire it up with a RTLSDR but it will not be able to capture very much. It currently only officially supports the HackRF One, but adding other SDRs should be relatively trivial. Note that the HackRF I am using is the model with the upgraded TCXO, as I found that the built-in oscillator was not accurate enough.
Turbine has only been tested to run on Linux and is very CPU-intensive; the production radio runs on a dedicated i7-11700k 8c/16t CPU and consumes about 60% of all cores decoding both systems. There are some potential optimizations that could be made that would lower CPU consumption during periods of low activity, but I built it for the worst case of having to encode every voice frequency at once.
The usual disclaimers about OSS apply. I hope you find it interesting or perhaps useful, and maybe portions can be adapted so Go can be used more in SDR projects.
Matt from the Tech Minds YouTube channel has recently uploaded a video highlighting 10 common mistakes made with software defined radio. The topics go over software choices, driver installation, coax choices, signal bandwidth, time of day, modulation type, high gain settings, low gain settings, cheap & cloned SDRs and finally antennas. This is a great video to watch if you are new to SDRs and radio in general.
10 Common Mistakes Made With Software Defined Radio
A new set of beginners tutorials for the GNU Radio platform have been released on the GNU Radio Wiki. GNU Radio is an open source development toolkit for signals processing and is commonly used to build software demodulators and decoders for Software Defined Radios including the RTL-SDR.
The tutorials lead you through topics such as understanding flowgraphs, creating custom Python blocks, using DSP blocks, GNU Radio core mechanics, modulation and demodulation and more.
We are pleased to announce a new set of beginner-level tutorials, as well as a new tutorials landing page, you can check them out here
A big thank you to NumFOCUS for sponsoring the work and to Matt from wavewalkerdsp who did the bulk of the work!
These beginner-level tutorials walk a new user through starting GRC and creating a simple flowgraph, all the way up to creating custom blocks and using tags and message passing.
We would like to create follow-up tutorials that the GNU Radio community needs so please leave feedback in the Discuss tab of the main Tutorials page, here are some suggestions:
Do you have ideas for future tutorials you’d like to see made?
What doesn’t make sense in GNU Radio, or what is hard to understand?
Where are the sticking points? What is hard to remember?
What is hard to use?
Are there any points in the current tutorials you’d like to see in more detail?
What would you change about the tutorials?
You can also access the tutorials using the Tutorials link on the left hand sidebar of the GNU Radio wiki, from any page.
GNU Radio Tutorial Topics
If you're interested in these tutorials you might also want to check out Michael Ossmann's set of video tutorials for the HackRF, which features GNU Radio usage heavily.
While we usually don't encourage politics on this blog, with the possibility of a Ukraine invasion by Russia we just wanted to issue a general warning to Ukrainian SDR owners. Last year we saw Stanislav Stetsenko a resident of Crimea arrested by the Russian Federal Security Service under suspicion of being a Ukrainian informant. The evidence against him was that he was an aviation and plane spotter hobbyist who used RTL-SDRs for listening in to aircraft communications - something of which many of us do in safety.
Back in June 2021 Stanislav was facing 25 years in prison. We still don't know what has happened to him. If anyone local has heard any updates please let us know. (UPDATE: US1GBF in the comments below knew Stanislav personally and has provided an update: Stanislav was reportedly transferred from Crimea to a Moscow prison. The Ukrainian authorities are working on the exchange of Stanislav. However, the exchange has already been postponed many times because of the refusal of the Russians to diplomacy. Work continues.)
From our website and sales statistics we know that there is a sizable RTL-SDR community in the Ukraine. We don't know what will happen if there is an invasion, but it's possible that, like in Crimea, Russian security forces will see SDR hobbyist activities as a threat, so we urge Ukrainian residents to have a plan to take down any web feeds and antennas should it come to the worst.
EDIT: This post has stirred up quite the discussion. As long as comments remain civil comments will remain open. This post is not intended to take sides. Whilst many Ukrainians in the amateur radio community already know to keep their activities safe during conflicts, we are aware of many young Ukrainian STEM students and hobbyists that may be somewhat insulated or not care about geopolitical events, who read our blog and copy activities that are safe to perform in most countries, but may not be safe in the Ukraine during times of conflict.
Crimean resident arrested for RTL-SDR use in June 2021
A common example of a data aggregator that makes use of RTL-SDRs is most of the flight tracking websites, such as FlightAware and FlightRadar24. Contributors to the service will usually set up RTL-SDR + Raspberry Pi based receivers that feed ADS-B aircraft data received from the local area to these websites. Data from contributors from all over the world are then combined onto a single map, allowing for a global live picture of aircraft traffic.
Some other examples on the list that use RTL-SDRs include Amateur Radio APRS tracking, marine traffic, police/EMS audio feeds, train traffic, weather audio feeds, satellite ground station feeds and general web based remote SDR access. Added to the list are also aggregators based on other devices for applications like lightning detection and seismic activity reporting.
