RTLion is a software framework for RTL-SDR dongles that currently supports various features such as a power spectrum plot and frequency scanning. The software can run on a Raspberry Pi 3 and all features are intended to be accessed via an easy to use web browser interface, or via an Android app. The software can also be run with Docker, making it useful for IoT applications.
Over on YouTube M Khanfar has uploaded a comprehensive tutorial video explaining how to setup and run the RTLion server software on a Linux computer. He goes on to demonstrate and explain how to use the server via the web interface and also via the RTLion Android app.
Just noting that Amazon US warehouses have now been restocked with most of our products including RTL-SDR Blog V3 dongles, Broadcast AM and FM Filters, coax adapters, wideband LNA and our metal case upgrade for the SDRplay RSP1A. Amazon ships domestically within the USA, and shipping is free with Prime or orders over $25.
Please visit our store at www.rtl-sdr.com/store for links to the products on Amazon, or to purchase via our global shipping warehouse in China. Some customers may also be interested in our Aliexpress store. Aliexpress orders ship with Aliexpress Shipping which can be better for some countries.
Other product updates below:
FlightAware Prostick+: Due to popular demand, we have restocked out China based shipping warehouse with the FlightAware Prostick+ ADS-B optimized RTL-SDR.
KerberosSDR: Our coherent 4-tuner RTL-SDR called KerberosSDR is back in stock at the Othernet store, and within the next few months will be releasing new software updates.
Active L-Band Patch Antenna: Our patch antenna for Inmarsat and Iridium satellites has been redesigned and is in the final process of prototyping. Production is due to begin within the next month, and it will take about two more months. The new version is larger in size, but has a big improvement in terms of SNR.
ADS-B Optimized LNA: Our optimized ADS-B LNA will also be back in stock at the China based shipping warehouse by the end of this week. Due to pandemic related supply issues there are some minor component changes and slight changes to the pass band width, but overall performance is equal if not better.
NanoVNA V2 S-A-A-2 Original HCXQS Manufactured: We are waiting on the new stock from the manufacturer and expect to be back in stock in a week or so. We are also working on a high quality enclosure that should be ready in 1-2 months.
Also as a reminder, please remember to follow us on Facebook and Twitter. As we get closer to Christmas we plan to run a number of competitions and giveaways on these platforms.
A few weeks ago we posted about the recently uploaded talks listed on the Defcon YouTube channel. However, there is a second YouTube channel dedicated to talks presented as part of the Defcon Aerospace Village which was also held virtually. A number of these talks involve software defined radios and RTL-SDRs and so may be of interest to readers. We have listed a few interesting talks below, but the full list can be found on their YouTube channel.
A Deeper Dive into ILS and ADS-B Spoofing - Harshad Sathaye discusses weaknesses in the security of the Instrument Landing System and ADS-B and how these can be spoofed.
Introduction to ACARS - Alex Lomas explains aircraft ACARS text messages in detail and discusses receiving them with an RTL-SDR
Low-Cost VHF Receiver - Alan Tart, Fabian Landis show how to build a low cost VHF airband receiver from an RTL-SDR, Raspberry Pi and the RTLSDR-Airband software.
Over on his YouTube channel TechMinds has uploaded a new video showing how to use RF amplifiers to extend the transmit range of transmit capable SDRs like the LimeSDR, HackRF and PlutoSDR. Whilst they are transmit capable, most low cost SDRs like those mentioned above can only transmit at very low power levels typically much less than 30 mW. In the video TechMinds tests a wideband SPF5189Z and filtered 2.4 - 2.5 GHZ CN0417 based amplifier, and shows the output power obtained using an inline power meter.
He also notes that these wideband amplifier will also amplify harmonics so filtering is recommended. At the same time we note that you should only transmit if you are licenced to do so (for example with a ham radio licence), especially if you are amplifying the output.
The Organized Crime and Corruption Reporting Project (OCCRP) have recently run a story about how they have used ADS-B aircraft data to uncover the role that US civilian aircraft contractors are playing in the East African "kill chain". The investigation began over concerns that while civilian contractors do not pull the trigger, they may be becoming too involved in the process of determining exactly who will be killed in combat via data collection and analysis through their high tech surveillance aircraft. In the article they also note how many of these civilian contractors hide their true owners behind a chain of multiple LLC companies, thus reducing any accountability for their actions.
OCCRP also supports the Dictator Alert project which we have posted about in the past. In a related article titled "Mapping the Secret Skies: Lessons Learned From Flight Data" Emmanuel Freudenthal who helped setup the Dictator Alert project discusses how censorship free ADS-B tracking is helping journalists uncover new stories. In the article he notes how he uses uncensored ADS-B data together with the leaked Paradise Papers to reveal the true owners of aircraft hidden behind multiple LLC and shell companies. Regarding the "kill chain" article Emmanuel's post also explains how the story came to be:
An upcoming OCCRP story focuses on U.S. surveillance flights over Somalia. The U.S. military operates out of a small air base at Manda Bay just over the border in Kenya. We had a tip that it would be worth checking on planes in the area, so we set up an antenna nearby, which fed us information about planes taking off and landing from the base.
We eventually had to take down the antenna due to security concerns. But we managed to collect data on a number of planes that had been purchased by obscure shell companies and modified with advanced surveillance equipment before being sent to Kenya.
Why is this article posted on this blog? ADS-B data from aircraft is most often received these days via RTL-SDR dongles due to their low cost, so it is interesting to see to what extent cheap SDRs may be affecting the world via this type of reporting.
We note that ADS-B Exchange is the only censorship free ADS-B data aggregator available. All other online flight trackers censor flights from the government as well as from some private jets that may be owned by high profile company directors or in some cases dictators. The argument for censorship is that ADS-B data collection may be made illegal otherwise.
In a previous post we also discussed how censorship free ADS-B data from ADS-B Exchange revealed how military Blackhawk helicopters and Predator drones were used for surveillance during the early Black Lives Matter protests.
The KerberosSDR is our 4-channel phase coherent capable RTL-SDR unit that we previously successfully crowdfunded back in 2018. With a 4-channel phase coherent RTL-SDR interesting applications like radio direction finding, passive radar and beam forming become possible. It can also be used as 4 separate RTL-SDRs for multichannel monitoring.
In one of our latest tests we've been able to track a weather balloon radiosonde via the direction finding ability of KerberosSDR. These balloons are launched twice daily by meteorological agencies around the world, and the radiosonde carried by the balloon transmits an RS-41 signal continuously throughout it's flight sending back telemetry such as weather information and GPS coordinates. The KerberosSDR tracks the bearing towards the balloon using only the raw signal - it does not decode. Having the actual GPS location from the RS41 data allows us to compare and confirm that the KerberosSDR is indeed tracking the bearing of the balloon.
In this test we used the excellent 4-element dipole array made by Arrow Antennas. In particular we used the 406 MHz element version as the RS-41 signal is broadcast at 403 MHz. The antenna array is mounted on the roof, the KerberosSDR is in the attic connected to a Raspberry Pi 4. Our KerberosSDR Android app is used to plot the bearings. A separate RTL-SDR running on the video recording PC is connected to it's own antenna and is used to receive and decode the RS41 signal. The free software RS41 Tracker is used to decode and map the balloon for location confirmation.
We are currently using the latest beta code in development (unreleased at the time of this post - it will be released within 1 to 2 months) which handles non-continuous intermittent signals better.
Arrow Antennas 4-Element Dipole Array Mounted on Roof
The short video below shows a timelapse of the RS41 decoder tracking a balloon which circled the south of our KerberosSDR. The red line indicates the zero degree direction of the antenna array, while the blue line indicates the estimated direction of the balloon determined via the MUSIC radio direction finding technique.
The GPS balloon map from RS41 tracker is overlayed on top of the KerberosSDR Android app map for clarity via video editing. We can see that it mostly tracks the balloon to within a few degrees. When the blue bearing line diverges this is due to the balloon's line of sight path to the antennas being obscured by terrain, buildings or trees. When this is the case a multipath signal reflecting off surrounding hills tends to become dominant.
In the second short video below the weather balloon tracked northwards. Towards the north, north west and north east we have antenna obstructions in the form of rising terrain, houses and hills, so the overall accuracy is poorer. However, it still tracks within a few degrees most of the time.
Finally the YouTube video below shows the same as the above, but in the second half includes the full screen including the KerberosSDR DoA graphs and SDR# waterfall showing signal strength.
KerberosSDR Tracking a Weather Balloon Radiosonde with Radio Direction Finding
In the future we hope to test with two or more KerberosSDR units producing multiple bearing lines on RDFMapper, hopefully resulting in cross points that can be used to estimate the actual location of the balloon.
Over on his YouTube channel "saveitforparts" has been working on creating a handheld scanner/sensor box on a budget. This is a simple and fun build which is attempting to create something like a real life Star Trek scifi tricorder that you might imagine taking with you to analyze systems on another planet. The box embeds a Raspberry Pi, USB hub, battery pack, RTL-SDR and thermal camera inside. In the video he shows how everything fits into the box and gives a quick demo of the RTL-SDR and thermal camera in action. In the future he plans to add more sensors as well.
Handheld Scanning Device with Raspberry Pi - Part 2
At the BSides OK 2020 virtual conference Cameron Mac Millan recently presented a talk titled "It’s 2020, so why am I still able to read your pager traffic?". On this blog we have posted numerous times about privacy breaches stemming from insecure wireless pager traffic. Anyone with a radio or SDR can receive and decode pager messages, and this has been known and done since the 1980's. Cameron's talk explains how paging systems work, who are the modern users of pagers, how to capture and decode pager messages and how to best log and filter through messages. He goes on to describe a number of major pager security breaches that he's personally seen. The talk preview reads:
This talk explores why pagers remain a potential threat vector in many environments despite the technology being 40 years old. This is not a the-sky-is-falling presentation: everything from paging history to how simple it is to decode pager traffic (and the associated risks) is covered without FUD.
I enjoy poking things with sticks and turn over rocks to see what crawls out from under them. One of my interests is seeing how technologies believed to be obsolete can still pose a problem for security today, and do that from the perspective of a 20-year career in infosec. When not creating tomorrow’s problems with yesterday’s technology, I can usually be found wrenching on unusual cars.
It’s 2020, so why am I still able to read your pager traffic? - Cameron Mac Millan - BSidesOK 2020
