Tagged: rtl-sdr

A Guide to Using RPiTX and an RTL-SDR to Reverse Engineer and Control ASK/OOK Devices

Erhard E. has been experimenting with capturing, analyzing, reverse engineering and then transmitting new ASK/OOK signals with his RTL-SDR and Raspberry Pi running RPiTX. Erhard has written a very informative guide/tutorial (pdf) that explains how he did it for wireless doorbell and for remote control toy cars. RPiTX is software for the Raspberry Pi which allows it to transmit almost any signal via modulation of a GPIO pin. RPiTX related posts have been featured on this blog several times in the past.

First Erhard records a copy of the doorbell signal using his RTL-SDR and then views the waveform in Audacity. He then writes that you’ll need to find the waveform characteristics either manually using Audacity, or by using the rtl_433 decoder. In the tutorial he uses rtl_433 which automatically gives his the pulse width, gap width and pulse period.

Next in order to actually generate the signal using RPiTX he uses the waveform characteristics that he found out and manually creates a .ft hex file that describes the signal to be generated. Then using using the rpitx command, the .ft file can be transmitted.

Later in the tutorial he also shows how he performed the same reverse engineering process with a cheap RC car toy (forward/reverse commands only), which uses OOK encoding on the wireless controller.

The tutorial can be downloaded in PDF form here.

Showing the Pulse Width, Gap Width and Symbol Period of a signal in Audacity.
Showing the Pulse Width, Gap Width and Symbol Period of a signal in Audacity.

Simulating GPS with LimeSDR and Receiving it with an RTL-SDR

In previous posts we showed how Phillip Hahn had been trying to use his RTL-SDR as a GPS receiver on a high powered rocket in order to overcome the COCOM limits which prevent commercial GPS devices from operating when moving faster than 1,900 kmph/1,200 mph and/or higher than 18,000 m/59,000 ft.

In order to test future flights with the RTL-SDR GPS receiver, Phillip has been simulating GPS rocket trajectory signals and using his LimeSDR. The RTL-SDR then receives the simulated GPS signals which are then fed into SoftGNSS for decoding. The simulation simulates the Japanese SS-520-4 rocket which is a 32′ long, 2′ diameter small high powered rocket capable of putting loads like cubesats into orbit affordably. Using the simulated data Phillip is able to calculate the trajectory and see all the motor burns in the velocity profile.

While Phillip intends to use the RTL-SDR on a similar rocket in the future, he notes that the simulation does not take into account problems such as thermal noise, or RF interference, rocket jerk, satellite occlusion and vibration problems.

LimeSDR Simulated GPS Rocket Trajectory Received with RTL-SDR.
LimeSDR Simulated GPS Rocket Trajectory Received with RTL-SDR.

Radio For Everyone new Posts: RTL-SDR Accessories, 5 Easy Mods, FAQ, Legal/Moral Issues and Portable SDR

Akos from the radioforeveryone.com blog (previously sdrformariners/rtlsdrforeveryone) has recently added several new posts. The first new post is a beginners guide to RTL-SDR accessories. In this post he shows and links to his reviews of various RTL-SDR accessory products such as upconverters, baluns, filters, preamps and adapters.

In the second post he shows a guide to 5 easy mods that can be performed on RTL-SDR dongles which will improve their performance. The mods include using a ground plane, using a wire antenna, extending the coax, removing the IR and LED diodes, and putting the dongle into a metal tin.

In the third post he discusses portable software defined radio and shows exactly what products and software you need to set up a an Android or Raspberry Pi based mobile SDR station.

In the remaining new posts Akos has created an RTL-SDR FAQ and a guide to understanding the legal and moral issues of SDR. Finally the last new post we saw is where Akos tests a cooled RTL-SDR V3 vs a stock V3. His results appear to show that the cooled dongle achieves slightly more (avg. 3.73%) position reports.

Akos' guide to RTL-SDR Accessories.
Akos’ guide to RTL-SDR Accessories.

Decapping the R820T and RTL2832U Chips

Over on YouTube the electronupdate channel has posted a video showing the decapping of the R820T and RTL2832U chips. Decapping is the process of removing the plastic packaging on integrated circuit chips, thus exposing the internal circuits printed on the silicon die for viewing. In the video he shows microscope images of each of the decapped chips and explains a bit about what each part of the chip does.

Over on his blog he’s also posted the full decapped images of the R820T and RTL2832U for viewing.

The decapped R820T tuner die.
The decapped R820T tuner die.
SOFTWARE DEFINED RADIO TEARDOWN: R820/RTL2832U DECAP

3D Printing an RTL-SDR Cooler Block

Over on the 3D printing sharing site Thingiverse, user “Way” has uploaded a 3D printer design for an RTL-SDR cooler block. The block works by allowing a PC cooling fan to blow air efficiently over the dongle body, removing any heat generated.

Cooling a dongle helps to avoid the L-Band problem, which is when R820T/2 units get hot and stop working about ~1.3-1.5 GHz. Generally passive cooling is enough (like with the thermal pad and metal cases used on our V3 dongles), but further cooling can apparently help increase sensitivity slightly although we are unsure if there is any statistically significant difference.

“Way” has made two designs, one to fit a 40 x 40 mm fan, and another to fit a 50 x 50 mm fan. The fan simply screws to the top of the block, and the dongle is placed at the bottom. Air is ducted over the dongle body and escapes out the back.

RTL-SDR 3D Printed Cooler
RTL-SDR 3D Printed Cooler

Analyzing HF Over the Horizon Radar in GNU Radio

Over the Horizon radar is typically used at HF frequencies and is used to detect targets from hundreds to thousands of kilometers away from the radar station. On HF they are very common and can be easily heard as continuous or bursty buzzing sounds.

Over on his blog Daniel Estevez writes how he was inspired by Balint Seebers GRCon16 talk to perform his own investigations into HF OTH radar. Daniel first analyzed a recorded IQ signal of a presumed Russian radar in Audacity, and noticed that it consisted of 15 kHz wide pulses repeated at 50 Hz intervals. He then used GNU Radio and the Quadrature Demod block to FM demodulate the pulse and see how the frequency changes over time. From this he was able to determine the original transmitted radar pulse characteristics

Next he performs pulse compression, which is essentially a cross correlation of the received pulse and transmitted pulse which was determined from the characteristics found earlier. The signal being received at Daniels location is distorted, because it will arrive from multiple paths, since the signal will bounce of multiple layers of the ionosphere. With this pulse compression technique Daniel is able to determine the time of flight for the different multi-path components of the received pulse. By graphing all the results over time he was able to obtain this image illustrating relative propagation distance over time.

Check out Daniels post for the full details and his code.

Ionosphere Propagation Graph
Ionosphere Propagation Graph

30% Off Outernet L-Band RTL-SDR DIY Kits – $70 for RTL-SDR, LNA, Antenna, CHIP and Battery

Outernet is an L-band satellite service that aims to be a “library in the sky”. They are constantly transmitting data such as up to date news, weather updates, Wikipedia pages, books, ISS APRS repeats and much more. Their DIY receiver kit consists of a lithium battery pack, L-band patch satellite antenna, LNA with built in filter, C.H.I.P mini Linux computer and an RTL-SDR E4000 or V3.

The DIY kit is normally priced at $99 USD, but right now they are running a 30% off Christmas promotion, bringing the price down to $69.30 USD. If you don’t need the battery pack, the sale price is then only $55.30 USD. This seems like a very good deal as normally just the patch antenna and Outernet LNA would be almost $50 USD in total.

To get the discount you must purchase directly from their store and use the coupon 30OFF. The promotion ends 31 December 2016 at 11:59 PM CST so get in quick.

The Outernet items you get for $70 USD.
The Outernet items you get for $70 USD.

Windows Version of the Fully Exposed RTL-SDR Driver now Available

Last week we posted about Milen Rangelov’s (gat3way) new RTL-SDR driver which has exposed filter and gain settings for the R820T/2 chip. This should let you tweak for optimal reception much better. Previously the driver was only available for Linux, however, now over on SourceForge user randaller has ported this driver to Windows.

To use the driver in SDR# simply unzip all the files into the SDR# folder, then while using the dongle in SDR# open the librtlsdr_wincontrol.exe file to open the control interface. The interface also has the ability to directly write values to a register, which together with the newly released register datasheet, can be useful for experimenting with the R820T2 chip.

The description reads:

Unpack all files to SDRSharp folder, start SDR# playback, then run controller exe file.
Do not forget to allow software to use UDP/32323 port in your firewall.

You may use this rtlsdr.dll with osmocom or other software, of course.
It is fully compatible to original one.

There are UDP server on 32323 port inside of rtlsdr.dll. It accepts and answers \n-terminated strings and accept two easy commands: get and set register. Examples:
g 5\n – will return value of R5
s 7 10 15\n – will set four lowest bits (mask 0x0f) of R7 with value 10
s 12 174 255\n – will write complete byte to R12
All values should be decimal.
You may use this feature to develop own gui controller with beauty knobs.

 

The driver GUI.
The driver GUI.