Receiving SMOG-P and ATL-1 Nano Satellites with an RTL-SDR

Thank you to Zoltan Doczi (HA7DCD) for submitting his tutorial that shows how to receive signals from the SMOG-P and ATL-1 nano satellites which were launched via Rocket Lab back in late 2019.

SMOG-P is a Hungarian nano satellite developed by BME University. It's payload consists of an on board spectrum analyzer that is designed to measure electromagnetic pollution (electrosmog) from space, and to also monitor the DVB-T spectrum. It currently holds the title of the world's smallest satellite in operation.  ATL-1 is another Hungarian satellite this time developed by ATL Ltd. Its mission is to test a new thermal isolation material in space and to monitor the DVB-T spectrum.

To receive telemetry from these satellites you can use a Raspberry Pi, RTL-SDR, Yagi, and optionally an LNA and filter. In his post Zoltan shows how to install the SMOG-P decoder, and provides a script that automatically decodes, uploads packets to the BME University server, and archives old IQ files and packets.

We note that if you wish to receive these satellites, now is the time to do so as these nano satellites are in a very low orbit and only have an orbital lifespan of only 6-8 months total.

SMOG-P and ATL-1 Satellite Ground Station Receiver Setup
SMOG-P and ATL-1 Satellite Ground Station Receiver Setup
Tweet
Share374
Reddit
Vote
Email
374 Shares

YouTube Tutorial: Building a Passive IMSI Catcher with an RTL-SDR

Thank you to M Khanfar for submitting his YouTube tutorial on how to build a passive IMSI catcher with an RTL-SDR. He writes:

In this video im processes of easy step by step building a passive IMSI catcher. The purpose of this video is to be educational - to highlight the ease of which these devices can be built, and to practically show how privacy is already being compromised today ! easy step by step install and running under virtual machine Ubuntu 18.04 and cheap SDR dongle! .

Intro
An IMSI catcher is a device commonly used by law enforcement and intelligence agencies around the world to track mobile phones. They are designed to collect and log IMSI numbers, which are unique identifiers assigned to mobile phone subscriptions. Under certain circumstances, IMSI numbers can be linked back to personal identities, which inherently raises a number of privacy concerns.

The purpose of this video is to be educational - to highlight the ease of which these devices can be built, and to practically show how privacy is already being compromised . Nothing in this video is necessarily new, and those with less than honest intentions are most certainly already using these (or similar) devices.

This video walks through the processes of building a passive IMSI catcher, which is distinctly different from traditional IMSI catchers in that it does not transmit nor does it interfere with cellular networks in any way.

Traditional IMSI catchers are illegal in most jurisdictions due to the fact that they transmit on cellular frequencies (which requires a license), and that they essentially perform a man-in-the-middle attack between a phone and mobile base station (which breaks all sorts of anti-hacking laws). A passive IMSI catcher does neither of these.

How it works
The passive IMSI catcher works by capturing IMSI numbers when a phone initializes a connection to a base station. The IMSI is only disclosed during this initial connection. In an effort to protect privacy, all subsequent communication to that base station is done with a random Temporary Mobile Subscriber Identity (TMSI) number.

This means you will only collect IMSI numbers for devices as they move between base stations. Traditional IMSI catchers work differently, by spoofing a legitimate base station and forcing subscribers to connect to itself. They have the added ability to collect data about stationary devices, and can potentially have a more targeted range.

The only hardware required is a PC and SDR receiver that supports GSM frequencies. Generally this means 850/900/1,800/1,900 MHz. Most of the inexpensive RTL2832U based receivers have an upper-frequency range of about 1,700 MHz. You can get by with one of these, but of course, you won't be able to listen to stations at 1,800 or 1,900 MHz.

--- you can easy search GSM towers around you and show its frequencies then select specific tower then access its HLR data, then you can locate tower location in google map when you have specific data collected from SDR in terminal like :
MCC,MNC,LAC,CELLID , then you can easy add these data in this website: https://cellidfinder.com/cells  then locate it on map, and you can use IMSI number that you sniff to collect details info from database that have access with subscription to full database from this website :https://www.numberingplans.com

Building a Passive IMSI Catcher

 
 
Tweet1
Share70
Reddit2
Vote
Email
73 Shares

SWLing Blog: Building a Homemade YouLoop (Noise-Cancelling Passive Loop) Antenna

Over on the SWLing Post Blog Thomas has uploaded an excellent tutorial showing how you can build your own YouLoop (aka a Noise-Cancelling Passive Loop). If you've been following our previous posts you'll know that we recently started selling the "YouLoop" which is designed and produced by Youssef from Airspy. The YouLoop is a passive loop antenna designed for HF reception, but also works well up until VHF. The main catch is that you need to use it with a receiver with a low noise figure front end, like the Airspy HF+ Discovery (SDRplay units should work well too). The RTL-SDR Blog V3 in direct sampling mode does somewhat work with it to an extent, but RTL-SDRs relying on upconverters for HF will probably see poor results.

We are selling the loop in our store for $34.95 including free shipping to most countries. Batch 2 is currently in preorder, but is almost sold out and should begin shipping soon. Batch 3 will also be available for preorder soon and is about 2 weeks away from shipping. We also expect there to be a high quality pre-amp available for sale in a few months too which will help those with higher noise figure radios or longer feed line runs. 

Alternatively, as the YouLoop is a relatively simple and openly shared design it is possible to homebrew your own if you want to. Over on the popular SWLing Post blog, author Thomas has written up a full tutorial on hombrewing your own. The parts you need include coax cable, a BN-73-302 wideband 2-hole ferrite core, magnet wire, heat shrink tubing and electrical tape. The guide takes you through the process of winding the balun and constructing the loop using simple tools and a soldering iron.

Tweet1
Share98
Reddit
Vote
Email
99 Shares

Radwave Updates: Browse SETI Spectrum Data on your Android Device

Back in February 2019 we first posted about Radwave, an Android SDR App for RTL-SDR dongles. It has some interesting features not found in other Apps like the ability to easily zoom, pause and rewind the spectrum at any time.

The author has decided to make use of these spectrum browsing enhancements by providing access to full SETI (Search for Extraterrestrial Intelligence) spectrum data sets which can be browsed via the app for a small fee. From a post on our forums the author of Radwave writes:

I've been developing Radwave, which is an RTL-SDR Android app for exploring the spectrum. I recently added some new functionality, allowing users to interactively explore full resolution SETI data hosted in the cloud - no SDR needed. You can see a preview of it here https://youtu.be/8ZJFzKcWejA and download it from https://play.google.com/store/apps/deta ... ve.android

This data comes from Breakthrough Listen. These datasets are quite large, and Radwave does all the bulk downloading, processing and hosting of the datasets, allowing you to easily navigate your way through the spectrum. If you find something cool, you can tag it and share it.

Currently there are three datasets available in the first bundle ($10 USD): Voyager 1 and two 'Oumuamua collections (surveys of the the first observed interstellar object in our solar system). The data is big, and is hosted in AWS. That gets pricey, so I'll be adding more collections to this first bundle as funding permits. If there are certain datasets you're interested in seeing, definitely let me know.

 

radwave intro 20200225

Tweet
Share20
Reddit
Vote
Email
20 Shares

Starlink Doppler Reflections Caught with an RTL-SDR

Over on YouTube William IU2EFA has been uploading multiple short "meteor scatter" videos. This involves using an RTL-SDR to briefly receive distant radio stations via the RF signal reflecting off the ionized trail left by meteors entering the atmosphere. However, in a similar fashion satellites orbiting the earth can also reflect distant radio stations. 

In one of his latest videos William caught a train of Starlink satellites reflecting the signal from the Graves radar in France. To do this he uses a 10 element VHF Yagi, and an RTL-SDR running with HDSDR and SpectrumLab. In the video you can see and hear the change in frequency caused by the doppler shift.

Starlink is a SpaceX project aiming to bring ubiquitous satellite internet to the entire world. Currently 358 Starlink satellites are in orbit, and the end goal is to have 12000.

IU2EFA Starlink radar Graves doppler reflection

Tweet1
Share96
Reddit
Vote
Email
97 Shares

The SWLing Post Reviews the YouLoop Passive Loop Antenna

Over on the SWLing (Short Wave Listening) Post blog Thomas has just uploaded his review of the YouLoop in a post titled "The Airspy Youloop is a freaking brilliant passive loop antenna". If you weren't aware, we are currently selling this loop in our store for US$34.95 incl. free worldwide shipping to most countries. Sales are currently in pre-order as our first batch of units ordered sold out within a day, but we're soon going to receive the second batch in the next few days. 

Thomas is a seasoned shortwave listener who has used many antennas, and in the review he notes that he is extremely impressed with the performance. In his review he tests the antenna in a location that is swimming with RFI and places the loop in the middle of a bedroom. Although the situation is not ideal, Thomas was surprised at the number of signals he was able to receive.

To work properly the YouLoop requires a low noise figure radio like the recommended Airspy HF+ discovery, but Thomas notes that he's also had excellent success with the SDRplay RSPdx running in HDR mode.

YouLoop Portable Passive Magnetic Loop Antenna for HF and VHF
YouLoop Portable Passive Magnetic Loop Antenna for HF and VHF
Tweet
Share54
Reddit
Vote
Email
54 Shares

A Homemade Boat Computer with RTL-SDR for Weather Fax, NavTex and more

Over on Hackaday we've seen a post about [mgrouch]'s "boat computer" which consists of a Raspberry Pi 4, HDMI display, and a whole slew of sensors and receivers useful for a marine environment including an RTL-SDR.

The built in equipment includes a GNSS receiver, orientation sensors, AIS receiver, 4G and WiFi, lightning EMI sensor and alarm, optional autopilot integration, rudder angle sensor, connections to boat instruments like wind, depth, speed, temperature, barometric and humidity sensors, an Iridium receiver, and finally an RTL-SDR for receiving weather fax, NavTex, satellite weather, AIS, RTL 433, morse code and more. It really is an "all-in-one" device.

His blog post explains in detail how each of the components work in the system, and in particular for the RTL-SDR he shows how you can use the boat computer to receive FM via GQRX, and NavTex via the Java based Frisnit Navtex decoder. Navtex is a marine radio service that transmits at 518 kHz or 490 kHz. It provides text data regarding weather forecasts, weather warnings, navigational information, and urgent maritime safety messages. For his antenna he writes that he uses a 10 kHz - 30 MHz Mini Whip antenna that he purchased on Aliexpress.

mgrouch's Boat Computer with RTL-SDR
mgrouch's Boat Computer with RTL-SDR
Tweet
Share184
Reddit
Vote
Email
184 Shares

A Comprehensive Lab Comparison between Multiple Software Defined Radios

Librespace, who are the people behind the open hardware/source SatNOGS satellite ground station project have recently released a comprehensive paper (pdf) that compares multiple software defined radios available on the market in a realistic laboratory based signal environment. The testing was performed by Alexandru Csete (@csete) who is the programmer behind GQRX and Gpredict and Sheila Christiansen (@astro_sheila) who is a Space Systems Engineer at Alexandru's company AC Satcom. Their goal was to evaluate multiple SDRs for use in SatNOGS ground stations and other satellite receiving applications. 

The SDRs tested include the RTL-SDR Blog V3, Airspy Mini, SDRplay RSPduo, LimeSDR Mini, BladeRF 2.0 Micro, Ettus USRP B210 and the PlutoSDR. In their tests they measure the noise figure, dynamic range, RX/TX spectral purity, TX power output and transmitter modulation error ratio of each SDR in various satellite bands from VHF to C-band.

The paper is an excellent read, however the results are summarized below. In terms of noise figure, the SDRplay RSPduo with it's built in LNA performed the best, with all other SDRs apart from the LimeSDR being similar. The LimeSDR had the worst noise figure by a large margin.

In terms of dynamic range, the graphs below show the maximum input power of a blocking signal that the receivers can tolerate vs. different noise figures at 437 MHz. They write that this gives a good indication of which devices have the highest dynamic range at any given noise figure. The results show that when the blocking signal is at the smallest 5 kHz spacing the RSPduo has poorest dynamic range by a significant margin, but improves significantly at the 100 kHz and 1 MHz spacings. The other SDRs all varied in performance between the different blocking signal separation spacings.

Overall the PlutoSDR seems to perform quite well, with the LimeSDR performing rather poorly in most tests among other problems like the NF being sensitive to touching the enclosure, and the matching network suspected as being broken on both their test units. The owner of Airspy noted that performance may look poor in these tests as the testers used non-optimized Linux drivers, instead of the optimized Windows drivers and software, so there is no oversampling, HDR or IF Filtering enabled. The RSPduo performs very well in most tests, but very poorly in the 5 kHz spacing test.

The rest of the paper covers the TX parameters, and we highly recommend going through and comparing the individual result graphs from each SDR test if you want more information and results from tests at different frequencies. The code and recorded data can also be found on the projects Gitlab page at https://gitlab.com/librespacefoundation/sdrmakerspace/sdreval.

Tweet
Share602
Reddit
Vote
Email
602 Shares