Tagged: rtl-sdr

March 29, 2018

Using a Transmit/Receive Switch to Protect an SDR from a Transmit Radio

A question that comes up often is how to combine an RTL-SDR, or any other RX only SDR with a transmit capable amateur radio. It's not possible to connect the RX only SDR together with the TX radio via a standard splitter because the TX radio's power will most likely blow up the SDR with it's powerful output. To solve this problem you need either a manual switch that will switch out the SDR when transmitting which requires absolute discipline to not accidentally transmit in the wrong switch position, or an automatic relay switch.

Over on YouTube channel HamRadioConcepts has given a good overview and demonstration of the MFJ-1708SDR Transmit/Receive automatic relay switch, which is a good product that solves this issue. It is also a fairly budget friendly option, coming in at only US$79.95 over on the MFJ website. HamRadioConcepts notes that the switch automatically grounds out the SDR whenever the PTT on the radio is pressed, and also has a fail safe that will automatically detect a transmission and ground the SDR if PTT is disconnected.

MFJ-1708SDR Transmit/Receive Switch For SDR Receivers

Watch this video on YouTube

March 28, 2018

Explaining and Demonstrating Jam and Replay Attacks on Keyless Entry Systems with RTL-SDR, RPiTX and a Yardstick One

Thank you to Christopher for submitting to us an article that he's written for a project of his that demonstrates how vulnerable vehicle keyless entry systems are to jam and replay attacks. In the article he explains what a jam and replay attack is, the different types of keyless entry security protocols, and how an attack can be performed with low cost off the shelf hardware. He explains a jam and replay attack as follows:

The attacker utilises a device with full-duplex RF capabilities (simultaneous transmit and receive) to produce a jamming signal, in order to prevent the car from receiving the valid code from the key fob. This is possible as RKEs are often designed with a receive band that is wider than the bandwidth of the key fob signal (refer Figure 3, right). The device simultaneously intercepts the rolling code by using a tighter receive band, and stores it for later use. When the user presses the key fob again, the device captures the second code, and transmits the first code, so that the user’s required action is performed (lock or unlock) (Kamkar, 2015). This results in the attacker possessing the next valid rolling code, providing them with access to the vehicle. The process can be repeated indefinitely by placing the device in the vicinity of the car. Note that if the user unlocks the car using the mechanical key after the first try, the second code capture is not required, and the first code can be used to unlock the vehicle.

In his demonstrating the attack he uses the RTL-SDR to initially find the frequency that they keyfob operates at and to analyze the signal and determine some of it's properties. He then uses a Raspberry Pi running RPiTX to generate a jamming signal, and the YardStick One to capture and replay the car keyfob signal.

Jam and Replay Hardware: Raspberry Pi running RpiTX for the Jamming and a Yardstick One for Capture and Replay.

March 27, 2018

An Intro to RTL-SDR: Technical DSP Concepts Explained

Over on his blog Ajoo has posted a very comprehensive introduction to the technical concepts behind RTL-SDR, as well as any other SDR in existence. His post first goes through the basic communications theory and mathematical concepts required to understand the technical concepts behind software defined radio. He then goes on to specifically discuss the RTL-SDR and how it works internally, mentioning what the major components do and providing useful block diagrams.

In part II of his introduction he moves on to the software. Here he starts to explain a bit about librtlsdr and how the RTL-SDR drivers and codebase is put together. Further on he explains higher level software such as rtl_test, rtl_fm, rtl_sdr, the pyrtlsdr wrapper and how it could be used to demodulate FM.

If you're looking at diving deeper into SDR theory then Ajoo's posts are excellent starting points. Note that the theory explanations come at about an undergraduate University level of complexity, and thus these posts are mostly for people wanting a deeper understanding of SDR. To simply use an RTL-SDR to receive signals such a deep level of understanding is not required.

In a future post which is not yet available, Ajoo will introduce GNU Radio and show how to demodulate FM signals. It appears his goal is to work his way to an understanding of how GPS L1 signals work.

One of Ajoo's block diagrams explaining the RTL-SDR behavioral model.

March 27, 2018

New SDR# Plugin: Toolbar Menu Plugin

Eddie Mac has just released another useful plugin for SDR# called "Toolbar Plugin". This is an accessibility improvement plugin that simply puts many of the plugin controls on the SDR# toolbar. This eliminates the need to constantly open and close plugin panels on the left.

The plugin includes controls for setting the demodulation mode, changing the FFT display settings, a direct frequency entry text box, frequency stepper buttons, an SNR level meter, squelch controls, analog/digital preset buttons, screen grabber controls, and time slot selectors for the TETRA decoder plugin. The analog/digital preset buttons are quite interesting as they allow you to set presets for either analog or digital signals. For example for a digital signal you could set the preset to use NFM demodulation, and to launch the DSD+ application automatically.

More information about this and Eddie's other plugins can be found on his site, and on this forum post.

March 23, 2018

PiAware Radar – A Traditional Radar-Like Display for ADS-B, and Setting up an ADS-B Cockpit Flight Display

PiAware Radar is a Python script that connects to your PiAware server and uses the received ADS-B data to display a familiar radar-like display (green circle with rotating radius, and aircraft displayed as blips). PiAware is the software used to take ADS-B data from an RTL-SDR dongle running on a Raspberry Pi and feed flightaware.com. A radar-like display is probably not very useful, but it could be used to set up an interesting display that might impress friends. Over on his blog IT9YBG has uploaded a tutorial that shows how to set PiAware Radar up on a Raspberry Pi.

Also on his blog IT9YBG has uploaded another tutorial that shows how to set up 1090XHSI, which is a program that displays an 737 aircraft cockpit simulation using live ADS-B data. The ADS-B data updates the instrument displays in real time, giving you a view of exactly what the pilots might be seeing on their dashboard of their aircraft. We posted about this software in the past, but IT9YBG's tutorial helps make it much easier to set up.

1090 XHSI 737 Cockpit Simulation from ADS-B Data

March 23, 2018

GridTracker Now Available on Windows, Mac and Ubuntu (Debian)

In early February we posted news about the release of a program called GridTracker. GridTracker is a live mapping program for WSJT-X which is a software decoder for low power weak signal ham communications modes such as FT8, JT4, JT9, JT65, QRA64, ISCAT, MSK144 and WSPR. Although these are low power modes, the protocols are designed such that even weak signals can potentially be received from across the world. Mapping the received signals can be interesting as it may give you an idea of current HF propagation conditions.

Previously GridTracker was Windows only software. However recently GridTracker was updated to now include support for Mac and Ubuntu (Debian) operating systems as well. This is great news as it makes it much easier to set up a portable GridTracker screen on a portable computer like a Raspberry Pi.

GridTracker Mapping out Weak Signal Communications.

March 22, 2018

Radio For Everyone: Testing the RTL-SDR.com Triple Filtered ADS-B LNA, Amplified Coketenna

Akos, author of his blog 'Radio for Everyone' has recently reviewed our new RTL-SDR.com Triple Filtered ADS-B LNA. In the review he compares our ADS-B LNA against another external ADS-B LNA by Uputronics and against the FlightAware Prostick and Prostick+. The tests use the external LNA's plugged directly into the dongle in order to more fairly compare against the FlightAware dongles which have LNA's built in to the dongles themselves. From his results the RTL-SDR.com ADS-B LNA appears to have near identical results with the Uputronics LNA, and slightly better results compared to the FlightAware dongles. Akos has not yet tested the main use-case of the LNA, which is to use it at the end of a run of coax cable, however he plans to do this in a future test. Also in his second post Akos shows how to build a simple amplified Coketenna using our ADS-B LNA.

On the subject of ADS-B performance we note that there are two ways to set up a system for optimal reception (apart from the antenna). The first is to place the computing and radio devices (such as a Raspberry Pi and RTL-SDR) as close to the antenna as possible (leaving a ~1m coax run to avoid local interference from the Pi). For this type of setup it is cheaper to use a FlightAware Prostick Plus RTL-SDR dongle since this has an ADS-B LNA built into it. However, the disadvantage is that you may need to set up a Power over Ethernet system, or find a remote power source, and possibly place the Pi in a difficult to service location such as in an attic or up a mast.

The second option is to use an external ADS-B LNA close to the antenna, and run coax down to the computing device which is positioned in a more accessible location. The LNA will negate any losses in the coax cable, and with high enough gain on the LNA, using quality coax is not such a high requirement since those losses are negated by sufficient LNA gain. Both methods will yield similar excellent performance.

Tested ADS-B LNA's and ADS-B RTL-SDR Dongles

March 16, 2018

Raspberry Pi 3 B+ Released: Faster CPU, Faster Networking and Power over Ethernet

RTL-SDR dongles and other SDRs are often used on single board computers. These small credit sized computers are powerful enough to run multiple dongles, and run various decoding programs. Currently, the most popular of these small computers is the Raspberry Pi 3.

Just recently the Raspberry Pi 3 B+ was released at the usual US$35 price. It is an iterative upgrade over the now older Raspberry Pi 3 B. The 3B+ has an improved thermal design for the CPU, which allows the frequency to be boosted by 200 MHz. WiFi and Ethernet connectivity has also been improved, both sporting up to 3x faster upload and download speeds.

The Raspberry Pi 3 B+ Power over Ethernet Hat

The 3B+ also implements new Ethernet headers which allows for a cleaner Power over Ethernet (PoE) implementation via a hat. Previous PoE hats required that you connect the Ethernet ports together, whereas the new design does not. PoE allows you to power the Raspberry Pi over an Ethernet cable. The official PoE hat is not released yet, but they expect it to be out soon.

The faster processing speed should allow more processing intensive graphical apps like GQRX to run smoother, whilst the improved WiFi connectivity speeds should improve performance with bandwidth hungry applications like running a remote rtl_tcp server. PoE is also a welcome improvement as it allows you to easily power a remote Raspberry Pi + RTL-SDR combination that is placed in a difficult to access area, such as in an attic close to an antenna. Placing the Pi and RTL-SDR near to the antenna eliminates the need for long runs of lossy coax cable. If the Pi runs rtl_tcp, SpyServer or a similar server, then the RTL-SDR can then be accessed by a networked connected PC anywhere in your house, or even remotely over the internet from anywhere in the world.