Tagged: rtl2832

Evaluating LoRaWAN Security with an RTL-SDR

Over on their blog Trend Micro have uploaded a post describing how they evaluated the security of LoRaWAN communications using an RTL-SDR. LoRaWAN is a wireless communications technology that allows for Internet of Things (IoT) connectivity at a much lower cost compared to cellular infrastructure. However, as described in their post LoRaWAN incorporates very little security, making connected devices an easy target for hackers.

The researchers at Trend Micro used an RTL-SDR together with the LoRaPWN software tool which is an improved version of the LoRa Craft Project. With LoRaPWN the researchers were able to intercept uplink and downlink packets. Then when combined with a brute force dictionary attack, they were then able to recover the encryption keys allowing them to decode the data.  Finally they were also able to demonstrate a denial of service attack which results in a device being unable to send further data.

For more information the technical paper (pdf) describing their full setup and tests is available, as well as an older post describing possible LoRaWAN attacks. There is also a YouTube video from "The Things Conference" which we have embedded below. In the video researcher Sebastian Dudek presents some of his findings on LoRaWAN security.

An RTL-SDR Blog V3 Intercepting LoRaWAN packets.
LoRaPWNing: Practical radio attacks on LoRaWAN - Sebastian Dudek (Trend Micro)

Scanner School Podcast + Webinar: This is Why You Need an SDR

Scanner School is an online site providing tutorials, podcasts and reviews all about the radio scanning hobby. They are currently planning a Webinar for February 23, 2021 titled "Why Every Scanner User Needs an SDR: The #1 Underrated Tool that should be in your setup". You can sign up to the webinar here. In addition to the upcoming webinar they have also already released episode 165 of their podcast titled "This is Why You Need an SDR". The topics covered in the podcast are listed below.

  • An SDR means that anything normally handled by the hardware of the radio is now handled by the computer, and the physical hardware serves as an interface.
  • The only limitation on the SDR hardware you buy is the frequency range and the amount of RF it can digest.
  • SDR receivers have come a long way since they were first hacked into existence.
  • SDRs used to be difficult to set up, but that’s no longer true.
  • You don’t need advanced computer skills to run SDR software.
  • SDR software can run on PC, Linux, Mac, Raspberry PI, and even Android.
  • An SDR is more flexible and less expensive than a traditional radio.
  • You can turn a $30 USB stick into something as powerful as an SDS200 in an afternoon.
  • All you need to get started is an SDR USB stick, a computer, and the free starter software SDR Sharp.
  • Once you get set up with FM broadcast stations, aviation, and other analog systems, Phil’s SDR course will go into how to set up digital reception.
  • If you download DSD+ Fast Lane or Unitrunker you can monitor trunking systems.

Analyzing Frozen Air Traffic in the Hudson Valley

Thank you to Steve Bossert (K2GOG) for submitting his article on analyzing traffic from his RTL-SDR based ADS-B receiver during the recent heavy snow storms at his location in the Hudson Valley. His graphs show a huge drop off in air traffic and ADS-B packets received during the storms.

Aside from these results, Steve's post goes on to explain how he gathers and stores these analytics and an example of using the Graphs1090 software for producing nice plots of the aircraft receive. One important tip that he mentions is to be careful when constantly logging ADS-B data to the SD card as the card can easily get corrupted over time since there are read/write cycle limits.

Air traffic graphs showing the effect of the latest snow storm on air traffic

Building an 11.2 GHz Radio Telescope with an Airspy and 1.2m TV Satellite Dish

In the past we've posted several times about how 1.42 GHz Hydrogen Line amateur radio telescopes used with RTL-SDRs or other SDRs for Hydrogen line observations of the galaxy. Recently Hackaday ran a post highlighting a project from "PhysicsOpenLab" describing an 11.2 GHz radio telescope that uses an Airspy SDR as the receiver.

Celestial bodies emit radio waves all across the radio spectrum and typically observations can be made anywhere between 20 MHz to 20 GHz. Choosing an optimal frequency it is a tradeoff between antenna size, directivity and avoiding man made noise. For these reasons, observations at 10-12 GHz are most suitable for amateur radio telescopes.

The posts by PhysicsOpenLab are split into two. The first post highlights the hardware used which includes a 1.2m prime focus dish, and 11.2 GHz TV LNB, a wideband amplifier, a SAW filter, a bias tee, and the Airspy SDR. The LNB converts the 11.2 GHz signal down to 1.4 GHz which can be received by the Airspy. Once at 1.4 GHz it's possible then to use existing commercial filters and amplifiers designed for Hydrogen line observations.

The second post explains the GNU Radio based software implementation and the mathematical equations required to understand the gathered data. Finally in this post they also graph some results gathered during a solar and lunar transit.

Finally they note that even a 1.2m dish is quite small for a radio telescopic, but it may be possible to detect the emissions from the Milky Way and other celestial radio sources such as nebulae like Cassiopeia A, Taurus A and Cygnus A a radio galaxy.

A 11.2 GHz 1.2m Amateur Radio Telescope with GNU Radio and Airspy

SDR++ Recent Updates: Plugins, Multi-VFO, Multi-Platform, Native RTL-SDR and More!

Back in July 2020 we first posted about the alpha release of "SDR++" which back then was a new project by "Whatsthegeek" that was determined to bring an open source, cross platform, C++ based GUI general receiver program for various SDRs including the RTL-SDR to the community. Over the past few months the author has been working hard on updating the software, and it's look a lot more mature today. Recently he has released the following updates as mentioned on his Reddit post:

As some of you might remember, I posted back in june about my SDR++ project. During the past 6 months, I've been hard at work to make it into usable software! The versions I released in june and july were extremely buggy and unusable. All of those issues have now been fixed. It's now simple to build and install. Here's a small rundown of the features it now has:

  • Fully modular architecture (plugins)
  • Multi-VFO
  • Support for most SDRs through dedicated modules or SoapySDR
  • Both baseband and audio recording with a level meter and volume adjust
  • Multiple bandplans available (very easy to write your own)
  • Switchable waterall colormap
  • Low CPU usage (lower than GQRX, CubicSDR, SDRConsole and in some cases SDR#)
  • Full waterfall update when zooming or changing min/max level

Also, SDR++ now runs on Windows, Linux, OSX and BSD!
Do note that it still has a few quirks and misses some features (see https://github.com/AlexandreRouma/SDRPlusPlus/projects/2 for the todo list)
In addition to what's in the todo list, decoders for common satellites will be written very soon. They will allow decoding of Meteor and NOAA with no external software needed!

I'd like to thank Airspy, Analog Devices, SDRplay and Howard Su for sending samples of their hardware for development! Would never have been able to add support for their hardware without it!

I hope this software will be useful to the community :)

SDR++ GUI

Releases for Debian Linux and Windows can be found over on the GitHub Releases page

We note that over on Twitter Whatsthegeek (@ryzerth) has been releasing further updates. He notes that some of the latest code updates for SDR++ add a native RTL-SDR module including bias tee support, and that it is also now available as a package for Arch Linux users over on the user Repository. However these latest updates are not yet available as binaries on the releases page.

In a recent tweet he also demonstrates the very useful looking multi-vfo feature allowing him to decode three AERO signals with Jaero simultaneously on a single RTL-SDR dongle.

SDR-Server: An Advanced Open Source RTL-SDR Streaming Server

Developer @dernasherbrezon has recently released a new program called "sdr-server" which is a streaming server. Unlike the more basic rtl_tcp server, sdr-server has some more advanced features like being able to serve multiple clients a slice of the bandwidth simultaneously. When compared to SpyServer, another advanced RTL-SDR compatible streaming server, sdr-server has similar features, however, sdr-server is open source. Some of the key features include:

  • Share available RF bandwidth between several independent clients:
    • Total bandwidth can be 2016000 samples/sec at 436,600,000 hz
    • One client might request 48000 samples/sec at 436,700,000 hz
    • Another client might request 96000 samples/sec at 435,000,000 hz
  • Several clients can access the same band simultaneously
  • Output saved onto disk or streamed back via TCP socket
  • Output can be gzipped (by default = true)
  • Output will be decimated to the requested bandwidth
  • Clients can request overlapping RF spectrum
  • Rtl-sdr starts only after first client connects (i.e. saves solar power &etc). Stops only when the last client disconnects
  • MacOS and Linux (Debian Raspberrypi)
How bandwidth slices can be shared with sdr-server.

SDRSharp Upgraded to .NET5 with New Plugin SDK For Developers

The popular SDR# (SDRSharp) software has recently been updated to version 1788, and now runs on the .NET5 SDK. Most of the upgrades are behind the scenes, but generally the new version appears to be more memory efficient and loads faster. The new version also brings more theme and layout customizations and as explained further below an improved plugin SDK for developers. 

In order to install the latest version you will need to download .NET5 runtime from Microsoft which may not already be on your system. For RTL-SDR users you can then run install-rtlsdr.bat then start the software as usual.

One of the most exciting new developments is the new .NET 5 plugin SDK that is now available. This allows third party developers to easily code up plugins for SDR#. While a plugin SDK already existed before, the new version appears to make development much simpler, and also comes with a few examples to help get developers started quickly. The result is that we should start to see more plugins appearing in the future with more features.

SDR# .NET5 Plugin SDK Example Code

One plugin called Scytale-C for Inmarsat STD-C channel decoding has already been updated to the new SDK. The developer notes that the plugin now works great with the SDR# "slicer" feature, which allows users to decode multiple STD-C signals within the received bandwidth at the same time. 

We've also recently seen reports of Twitter users having success with running this new SDR# version on WINE under Linux. Unfortunately direct USB still doesn't work under WINE, but it would still function via SpyServer or rtl_tcp.

Sparse Array Beamforming with a Phase Coherent 21-Channel RTL-SDR Array

Thank you to Laakso Mikko a PhD student at Aalto University School of Electrical Engineering for submitting news about his research group's latest paper involving a 21-channel phase coherent RTL-SDR system. Laakso writes that he an his colleagues have built a (massive) multichannel receiver array from RTL-SDRs to use in low-budget research. The paper presented at EUSIPCO2020 can be found at IEEE, and for free on their research portal (direct pdf link). The code is also entirely open source and available on GitHub.

Phase coherent SDRs enable interesting applications such as radio direction finding (RDF), passive radar and beam forming.

We introduce a modular and affordable coherent multichannel software-defined radio (SDR) receiver and demonstrate its performance by direction-of-arrival (DOA) estimation on signals collected from a 7 X 3 element uniform rectangular array antenna, comparing the results between the full and sparse arrays. Sparse sensor arrays can reach the resolution of a fully populated array with reduced number of elements, which relaxes the required structural complexity of e.g. antenna arrays. Moreover, sparse arrays facilitate significant cost reduction since fewer expensive RF-IF front ends are needed. Results from the collected data set are analyzed with Multiple Signal Classification (MUSIC) DOA estimator. Generally, the sparse array estimates agree with the full array.

Mikko notes that his next paper on applying deep neural nets to the problem of near-field localization will be presented at this years VTC2021 conference, so we are looking forward to that paper too. 

21 element array connected to a 21-input phase coherent RTL-SDR array