Tagged: rtl-sdr

WWV and WWVH Special Messages to Broadcast!

Starting from Monday September 16th and continuing through to October 1st, both WWV and WWVH shortwave time signal transmission stations will broadcast a special message from the Department of Defense to mark the centennial of WWV. These messages will be heard on 2.5, 5, 10, and 15 MHz. In addition from September 28 to October 2 a special WWV event will occur:

The world’s oldest radio station, WWV, turns 100 years on October 1, 2019, and we are celebrating!

From September 28 through October 2, 2019, the Northern Colorado ARC and WWV ARC, along with help from RMHam, FCCW, and operators from across the country, are planning 24-hour operations of special event station WW0WWV on CW, SSB and digital modes. Operations will shift between HF bands following normal propagation changes and will include 160m and 6m meteor scatter. We will be operating right at the WWV site and face a challenging RF environment.

WWV is a [NIST] operated HF station based in Fort Collins, Colorado. It continuously broadcasts a continuous Universal Coordinated Time signal in addition to occasional voice announcements. It has been on the air since 1919 but began continuous broadcasts in 1945 from it’s final site in Fort Collins, Colorado. WWVH is a similar time signal, but based in Hawaii.

The WWV Transmit Building

The WWV time signal can be used to automatically set RF enabled clocks to the correct time. [Andreas Spiess] on YouTube recently uploaded a video where he emulates this signal in order to control clocks within his home. This is a great watch if you’d like to learn more about how these time signals work.

The time format itself is actually pretty simple and it’s possible to emulate with a number of devices from an Arduino to Raspberry Pi and of course Software Defined Radio.

#287 Remote Controller for Clocks (IKEA and others, DCF77, WWVB, MSF, JJY)

Testing a PCB Patch Antenna and Radiosonde QFH Antenna for Inmarsat and Iridium Reception

Over on his YouTube channel Tech Minds has been testing some antennas for Inmarsat and Iridium L-Band satellite reception. Inmarsat is a satellite service that runs on geostationary satellites, and one can be received from almost anywhere in the world. There are various services, but the ones that are easily decodable are STD-C EGC and AERO. EGC contains text information search and rescue (SAR) and coast guard messages as well as news, weather and incident reports, and AERO is a form of satellite ACARS, and typically contains short messages from aircraft.

In the first video Tech Minds tests what appears to be an as of yet unreleased prototype PCB patch antenna being designed by NooElec. The PCB patch antenna is combined with a SAWBird Inmarsat LNA and an RTL-SDR. With it he's able to receive STD-C and AERO signals.

In the second video Tech Minds tests an L-Band QFH antenna salvaged from a Vaisala weather balloon radiosonde. The QFH is designed for GPS frequencies, but can potentially be used at the slightly higher Inmarsat and Iridium frequencies. Tech Minds combines the QFH antenna with a SAWBird Inmarsat LNA, but unfortunately finds that reception is too weak for any AERO decoding to be possible. However, when used on the higher Iridium frequencies the antenna works well, and he's able to decode packets with Iridium Toolkit.

New Inmarsat Antenna from NooElec

Testing A QFH Antenna For Inmarsat And Iridium

RTL-SDR Blog L-Band Patch Antenna Preview

We note that over the last several months we have been working on our own L-band patch antenna that will cover Inmarsat, GPS and Iridium frequencies all in one. We expect manufacturing to be completed near the end of the month, or early next month.

The antenna is a ceramic patch, and will come in a waterproof enclosure. It will be possible to easily mount the antenna on a window or elsewhere using the standard suction cup and bendy legs tripod included with our dipole kits. Target price is US$39.95 including the suction cup, tripod, 2M coax and shipping, but we may have it initially on sale for a lower price.

This is cheaper than buying an Inmarsat & Iridium LNA, but a bit more than the SDR-Kits patches that they brought out a few weeks ago. Although performance of our patch is much better. Keep an eye out for the initial information post coming in the next few days.

RTL-SDR Blog L-Band Patch Preview (RTL-SDR for Scale)
RTL-SDR Blog L-Band Patch Preview (RTL-SDR for Scale)

A Wall Mounted SatNOGS Ground Station Monitor

If you weren't already aware,  SatNOGS is an open source project that aims to make it easy for volunteers to build and run RF ground stations (typically based on RTL-SDR hardware) that automatically monitor satellite data, and upload that data to the internet for public access. This is very useful for low budget cubesats launched by schools/small organizations that don't have the resources for a worldwide monitoring network as data can be collected from all over the world no matter where the satellite is.

Over on the SatNOGS Libre Space forums, user cshields have posted about his near wall mounted SatNOGS monitoring station. With the station he's able to monitor the status of his SatNOGS station via an LCD screen and see the location of satellites that next in the queue to be received. There are also some status lights and LCD text screen for monitoring the SatNOGS rotator hardware.

The station consists of a Raspberry Pi 4, 7" LCD display, 500 GB SSD, RTL-SDR Blog V3, and an Arduino with 16x2 LCD and NeoPixel. cshields post covers the full details of the build.

[Also seen on Hackaday]

SatNOGS Ground Station Monitor
SatNOGS Ground Station Monitor

Significantly Improving RTL_TCP’s Performance with Ring Buffers

Thank you to an anonymous contributor for bringing to attention a two part blog post by Stephen Blinick. Stephen's post details how the performance of rtl_tcp can be significantly improved by modifying to code to use a ring buffer instead of using semaphore based locking. If you weren't aware, rtl_tcp is a program that allows you to run your RTL-SDR remotely, and connect to it over a network connection.

The result is a tremendous performance improvement in rtl_tcp according to Stephen. Before the changes he noted that his Raspberry Pi 3B+ could only support a sample rate of 1.92 MSPS over WiFi, and even that had 1-2 seconds of lag. After the ring buffer changes his Pi 3B+ can handle the maximum sample rate of 3.2 MSPS with zero lag. On his Pi Zero W he can achieve a sample rate of 1.92 MSPS over WiFi with minimal lag, whereas before he could only achieve 0.92 MSPS with huge 5-10 second of lag.

The patch is available as a pull request over on the Osmocom GitHub.

Unfortunately this patch might not be included in the official upstreamed Osmocom drivers because Stephen submitted the patch as a pull request to the GitHub, and Osmocom only accept patches via their mailing list. If anyone reading this is familiar with the Osmocom patch submission requirements, we'd like to encourage you to help submit this patch for consideration.

Ring Buffer Patch for rtl_tcp
Ring Buffer Patch for rtl_tcp

RadarBox Optimized ADS-B Antenna + RTL-SDR Bundle 15% Off Sale

Over in our store we're currently selling a RadarBox branded bundle that includes an ADS-B optimized antenna with 10 meters of coax, and an ADS-B optimized RTL-SDR dongle. RadarBox24 is an ADS-B aggregation flight tracking service similar to other services like FlightRadar24 and FlightAware. The set is RadarBox branded, but it can be used with any tracking service, or just for your own ADS-B station.

The bundle is now on sale with 15% off! This brings the price of this bundle down to $42.45 plus shipping. The sale will last until 19 September and only while stocks last.

To purchase please visit our store and scroll down to find the RadarBox bundle Add to Cart button.

The antenna has 7 dBi gain, 50 (+-5) Ohm impedance, and is made from fiberglass and aluminum. It is fully waterproof and outdoor rated with 10 meters of coax cable and includes mounting clamps. The RadarBox RTL-SDR is specifically optimized for 1090 MHz ADS-B reception with it's built in filter and low noise amplifier.

The bundle ships out once per week and tracking is provided 1-2 days after shipping.

RadarBox Bundle: Includes 1x Outdoor ADS-B Antenna, 1x ADS-B Optimized RTL-SDR
RadarBox Bundle: Includes 1x Outdoor ADS-B Antenna AND 1x ADS-B Optimized RTL-SDR

Using a HackRF SDR to Sniff RF Emissions from a Cryptocurrency Hardware Wallet and Obtain the PIN

At last years Chaos Communication Congress (35C3) Conference, leveldown security presented their findings on multiple security vulnerabilities present in cryptocurrency hardware wallets.  Cryptocurrency is a type of digital asset that relies on computers solving cryptographic equations to keep the network trusted and secure. Popular cryptocurrencies include Bitcoin, Ethereum and Ripple. To access your cryptocurrency funds on a computer, a software application called a wallet is used.

However, if a computer holding a wallet is compromised, it is possible that the wallet could be opened by a hacker and funds transferred out. To improve security, hardware wallets are available. These are USB keys that require you to enter a PIN on the key before the funds can be accessed. If the USB key is not inserted and activated by the PIN, the wallet cannot be opened.

All electronic devices including hardware cryptocurrency wallets unintentionally emit RF signals. One possible attack against a hardware wallet is to analyze these RF emissions and see if any information can be obtained from them.  The team at leveldown found that the Ledger Blue cryptocurrency wallet in particular has a flaw where each PIN number button press emits a strong RF pulse. By using a HackRF and machine learning to analyze the unintentional RF output of each button press, the team was able to retrieve the PIN number with only RF sniffing from more than 2 meters away.

To do this they created a GNU Radio flowchart that records data from the HackRF whenever an RF pulse is detected. A small Arduino powered servo then presses the buttons on the wallet hundreds of times, allowing hundreds of RF examples to be collected. Those RF samples are then used to train a neural network created in Tensorflow (a popular machine learning package). The result is a network that performs with 96% accuracy.

If you're interested in exploring other unintentional RF emissions from electronics, check out our previous post on using the TempestSDR software to spy on monitors/TVs with unintentionally emitted RF, and the various other posts on our blog on this topic.

Andreas Spiess Explains Software Defined Radio in YouTube Video

Over on YouTube Andreas Spiess has uploaded a video titled "How does Software Defined Radio (SDR) work under the Hood?". The video is an entertaining introduction to how software defined radio works and begins from the beginning by explaining how basic analogue radios work with components such as modulators, demodulators, frequency generators, mixers and filters. After the basics he goes on to explain the digitization of radio signals that occurs in SDRs, and gives an introduction ADCs and how IQ sampling works.

Later in the video Andreas shows various applications for SDRs, discusses various SDRs on the market like RTL-SDR, HackRF, SDRplay, LimeSDR and PlutoSDR and introduces GNU Radio Companion and other SDR programs from our big list of software post.

#286 How does Software Defined Radio (SDR) work under the Hood? SDR Tutorial

Hacking Iridium Satellites With Iridium Toolkit

Over on YouTube TechMinds has uploaded a video showing how to use the Iridium Toolkit software to receive data and audio from Iridium satellites with an Airspy. Iridium is a global satellite service that provides various services such as global paging, satellite phones, tracking and fleet management services, as well as services for emergency, aircraft, maritime and covert operations too. It consists of multiple low earth orbit satellites where there is at least one visible in the sky at any point in time, at most locations on the Earth.

The frequencies used by the older generation Iridium satellites are in the L-band, and the data is completely unencrypted. That allows anyone with an RTL-SDR or other SDR radio to decode the data with the open source Iridium Toolkit. If you're interested in how Iridium Toolkit was developed, see this previous post about Stefan "Sec" Zehl and Schneider's 2016 talk.

In the video Tech Minds shows decoding of various data, including an audio call and the satellite tracks and heat map of Iridium satellites.

Hacking Iridium Satellites With Iridium Toolkit