Motherboard Article: Creating an IMSI Catcher with an RTL-SDR

Motherboard, an online technology magazine has recently run an article titled "With $20 of Gear from Amazon, Nearly Anyone Can Make This IMSI-Catcher in 30 Minutes". The article describes how an RTL-SDR together with the IMSI-Catcher Linux software can be used to collect IMSI numbers from cellphones connected to a nearby cell tower. The IMSI is a unique number assigned to each SIM card and collecting this data could be used to identify if someone is in the area covered by the cell tower.

The IMSI-Catcher software only works with the older 2G GSM signals which are now being phased out in some countries and are relatively unused in others. Also unlike more advanced IMSI-Catchers which create a fake cell tower signal, the RTL-SDR based IMSI-Catcher can only collect IMSI numbers when the cellphone first connects to the cell tower.

One of our older posts with a YouTube tutorial video explains the RTL-SDR IMSI Catcher in more detail. 

IMSI-Catcher Python Script
IMSI-Catcher Python Script
Tweet23
Share116
Reddit
Vote
Email
139 Shares

Measuring Broadcast FM Multipath Distortion with an RTL-SDR

Over on GitHub user jj1bdx has just released a new tool called rtl_power-fm-multipath which can be used for estimating broadcast FM multipath distortion with an RTL-SDR. Broadcast FM multipath is caused when a signal is received from multiple directions due to it reflecting off and refracting through physical objects like buildings and terrain. As the reflected/refracted signals will be delayed it can cause echo like distortions in the RF signal which can cause issues like poor digital decoding, poor FM audio reception and ghosting in analogue video.

The multipath distortion estimation method works by measuring the ratio of the strength of direct/reflected radio waves which results in the desired/undesired (D/U) ratio. This measurement method was proposed by Komiya87 and JushinFM who both wrote papers in Japanese describing the method. In summary the methodology is:

  • Measure the maximum peak strength for +-50kHz spectrum of the target FM station
  • Obtain the maximum value (Lmax) and minimum value (Lmin) within the spectrum
  • Obtain the ratio of the maximum and minimum values L = Lmax / Lmin (note: Lmax and Lmin are real values (not in dB), and L must be > 1)
  • The estimated D/U ratio R = (L+1) / (L-1) (in the real value, not in dB)

The rtl_power-fm-multipath program is based on rtl_power and works by using rtl_power to record power measurements for 5 minutes, then sending the data to a peakhold function which computes the maximum power value for each frequency, and then calculations the distortion ratio.

An example of Multipath Distortion on a DAB+ Signal. From Gough Lui's post https://goughlui.com/2015/03/28/trip-to-hk-cn-2014-part-5-rtl-sdr-more-radio-ais-night-photos/
An example of Multipath Distortion on a DAB+ Signal. From Gough Lui's post at https://goughlui.com/2015/03/28/trip-to-hk-cn-2014-part-5-rtl-sdr-more-radio-ais-night-photos
Tweet1
Share100
Reddit
Vote
Email
101 Shares

Es’hail-2: First Geostationary Satellite with Amateur Radio Transponders Successfully Deployed

Today SpaceX have successfully launched and deployed the Es'hail-2 satellite which is now in geostationary orbit. This launch is special for amateur radio enthusiasts because it is the first geostationary satellite that contains an amateur radio transponder on it. The satellite is positioned at 25.5°E which is over Africa. It will cover Africa, Europe, the Middle East, India, eastern Brazil and the west half of Russia/Asia. Unfortunately, North America, Japan, most of South America, Australia and NZ miss out.

Coverage of Es'hail 2
Coverage of Es'hail 2

The satellite has a two bandwidth segments, a 250 kHz narrow band for modes like SSB, FreeDV, CW, RTTY etc, and a 8 MHz wide band for digital amateur TV (DATV) modes like DVB-S and DVB-T.

The downlink frequencies are at 10 GHz so a low cost TV LNB could be used as the antenna. For receiving the narrowband modes, an RTL-SDR or similar SDR could be used, and for the 8 MHz DATV modes a standard DVB-S2 set top box can be used to receive and decode the video. For uplink, the transmission frequency is at 2.4 GHz.

According to the commissioning order of the satellite, it is expected that the AMSAT transponders will be activated only after all tests have been passed, and after other higher priority commercial telecommunications systems have been activated. This is expected to take about 1-2 months.

2018: Es'hail-2 and its amateur radio payload - Graham Shirville (G3VZV) & Dave Crump (G8GKQ)

Tweet
Share438
Reddit
Vote
Email
438 Shares

An Overview of Aircraft Communication Modes from HF to UHF

Over on YouTube icholakov has uploaded an informative video that gives an overview of the main communication modes that aircraft use from HF to UHF. In the video he also gives examples of those modes being received and decoded with an SDR.

The modes that he explains and demonstrates are VHF voice, VHF ATIS automated weather, ACARS short data messages, HF voice, HF automatic weather, HF data selective calling (SELCAL), HF data link (HFDL) and UHF ADS-B aircraft positioning.

2018: Monitoring airplane communications (aviation radio signal monitoring via sdr)

Tweet2
Share84
Reddit
Vote
Email
86 Shares

Setting up Air Traffic Control Audio Sharing with Broadcastify, RTL-Airband, RTL-SDR and a Raspberry Pi

Over on YouTube Fuzz The Pi Guy has uploaded a video tutorial showing how to set up a Broadcastify air traffic control audio feed with RTL-Airband and an RTL-SDR running on a Raspberry Pi. This allows you to publicly share your received air traffic control audio online via sites like Broadcastify.

The video is based on a comprehensive Radioreference text tutorial which takes you through the process from scratch. Setting it up involves installing the Raspbian OS, installing RTL-SDR, installing and setting up RTL-Airband, configuring ezstream and then ensuring that everything runs automatically on boot. It's a fairly involved setup process, but the video helps make things easier.

How To Setup Broadcastify On A Raspberry Pi Using RTL_AM For Aviation

Tweet
Share28
Reddit
Vote
Email
28 Shares

RPiTX v2 Released: Easily Record and Replay with RTL-SDR and a Raspberry Pi

RPiTX is software for the Raspberry Pi which can turn it into a 5 kHz to 1500 MHz transmitter which can transmit any arbitrary signal. In order to transmit the software does not require any additional hardware apart from a wire plugged into a GPIO pin on the expansion header. It works by modulating the GPIO pin with square waves in such a way that the desired signal is generated. However, although additional hardware isn't required, if RPiTX is to be used in any actual application a band-pass filter is highly recommended in order to remove any harmonics which could interfere and jam other radio systems.

Earlier this month RPiTX was upgraded to version 2. One of the changes is a new GUI for testing the various transmission modes. Currently it is possible to transmit a chirp, FM with RDS, USB, SSTV, Opera, Pocsag, SSTV, Freedv. There is also a spectrum painter which allows you to display an image on a SDR's waterfall.

The RPiTX V2 GUI
The RPiTX V2 GUI
Painting an Image on a SDR Waterfall Display with RPiTX v2
Painting an Image on a SDR Waterfall Display with RPiTX v2

The RPiTX v2 update also makes recording a signal with an RTL-SDR, and replaying that signal with RPiTX significantly easier. Previously it was necessary to go through a bunch of preprocessing steps (as described in our previous tutorial) in order to get a transmittable file, but now RPiTX is capable of transmitting a recorded IQ file directly. This makes copying things like 433 MHz ISM band remotes significantly easier. One application might be to use RPiTX as an internet connected home automation tool which could control all your wireless devices.

Finally, another application of the RPiTX and RTL-SDR combination is a live RF relay. The software is able to receive a signal at one frequency from the RTL-SDR, and then re-transmit it at another frequency in real time. Additionally, it is also capable of live transmodulation, where it receives an FM radio station, demodulates and then remodulates it as SSB to transmit on another frequency.

The RPiTX V2 RTL-SDR Menu
The RPiTX V2 RTL-SDR Menu
RPiTX v2 re-transmitting a broadcast FM signal live at 434 MHz.
RPiTX v2 re-transmitting a broadcast FM signal live at 434 MHz.
Tweet9
Share232
Reddit
Vote
Email
241 Shares

Video Tutorial: Installing GNU-Radio on Windows 10

Over on YouTube user Petr Horký has uploaded a helpful tutorial video showing how to install GNU Radio on Windows 10. Petr goes through the steps from installing Python, pip and other dependencies like numpy and pyqt, to installing GNU Radio itself and then ensuring that the system PATH is set correctly.

GNU Radio is a block based programming language for building digital signal processing applications (e.g. demodulators/decoders). It is very useful for experimenting with more advanced SDR concepts, and there are also many RTL-SDR compatible applications built with GNU Radio as well. GNU Radio is typically run on Linux, but can also run on Windows now too, although perhaps not every program will be compatible.

How to install GNU Radio Companion on Windows 10 (pip, environment variables)

Tweet1
Share52
Reddit
Vote
Email
53 Shares

Final Day to Pre-Order a Discounted KerberosSDR

Today is the last day to pre-order a KerberosSDR in our Indiegogo campaign! More information also available on our KerberosSDR page.

First, we'd like to thank all those who've pre-ordered a KerberosSDR unit already. The response has been overwhelming, and we've raised so much more than we originally thought. Thanks to your support, we've been able to immediately fund continued development on the open source demo software. We aim to release the software when we ship, and we'll have another update then. On the Hardware side, we've already begun ordering some components, and have started prototyping the metal enclosure that will come stock on all KerberosSDR units. We are still on track for a late December/early January shipping date.

If you haven't pre-ordered yet, get in quick as the campaign and pre-order discount ends today! Although all 600 early bird discounts have been taken, it is still possible to pre-order KerberosSDR for $125. Afterwards, the price will rise to a maximum of $150.

Over the next month of manufacturing we intend to begin releasing tutorials that show how to use the board and demo software for passive radar and direction finding experiments. We'll also show some other use cases, like how KerberosSDR could be used as four separate RTL-SDRs for monitoring multiple frequencies simultaneously.

KerberosSDR with Calibration Board Attached (Metal Enclosure with SMA connectors Not Shown)
KerberosSDR with Calibration Board Attached (Metal Enclosure with SMA connectors Not Shown)

If you weren't already aware, over the past few months we've been working with the engineering team at Othernet.is to create a 4x Coherent RTL-SDR that we're calling KerberosSDR. A coherent RTL-SDR allows you to perform interesting experiments such as RF direction finding, passive radar and beam forming. In conjunction with developer Tamas Peto, we have also had developed open source demo software for the board, which allows you to test direction finding and passive radar. The open source software also provides a good DSP base for extension.

Tweet
Share26
Reddit
Vote
Email
26 Shares