Tagged: rtl2832

DragonOS Updated: Now with OP25 Installed and many new YouTube Tutorials

Last month we posted about Aaron's "DragonOS" project, which is a ready to install Linux ISO aimed to make getting started with SDR software easy by providing several programs preinstalled, as well as providing multiple video tutorials. Recently he's updated the build, this time basing it on Lubuntu 18.04 allowing for Legacy and UEFI support, along with disk encryption. The OS supports RTL-SDRs as well as the HackRF and bladeRF and probably supports most other SDRs via the SoapySDR interface.

In terms of software he's also added OP25 and bladeRF support. Other programs pre-installed include rtl_433, Universal Radio Hacker, GNU Radio, Aircrack-ng, GQRX, Kalibrate, hackrf, wireshare, gr-gsm, rtl-sdr, HackRF, IMSI-catcher, Zenmap, inspectrum, qspectrumanalyzer, LTE-Cell-Scanner, CubicSDR, Limesuite, ShinySDR, SDRAngel, SDRTrunk, Kismet, BladeRF.

His DragonOS YouTube tutorial channel is also growing fast, with several tutorials showing you how to use DragonOS to perform tasks like listen to trunked mobile radios, use QSpectrumAnalyzer with a HackRF, receive NOAA APT weather satellite images, retrieve cellular network information via a rooted Samsung Galaxy S5, create a ShinySDR server with rtl_433 and how to capture and replay with a HackRF.

DragonOS running CubicSDR
DragonOS running CubicSDR

OpenEar Now Supports TETRA, DMR, POCSAG, ADS-B

Back in March we posted about "OpenEar" which was a newly released Windows TETRA decoder for RTL-SDR dongles. Back then the author "moneriomaa" noted that he planned to add several new modes. In the release that is currently available, OpenEar now supports TETRA, DMR, Pocsag, ADS-B as well as standard AM and NFM modes. We tested the software, and all modes appear to decode as advertised. In the future the author plans to add more modes such as MPT-1327 and AERO.

In the previous post we added an update noting that OpenEar appeared to be violating the GPL licence of OsmocomTETRA, and the author noted that he would remove the TETRA functionality until licencing was resolved. As TETRA decoding is back in the recent releases we assume these legal issues have been solved.

In the current release you also need to provide your own rtlsdr.dll file, which can be obtained from your SDR# folder, or directly from the Osmocom windows release (rename librtlsdr.dll to rtlsdr.dll).

Latest OpenEar Version
Latest OpenEar Version

The K-180WLA: A New Low Cost Battery Powered Active Loop Antenna

We've recently seen a few submissions about a new low cost active magnetic loop antenna called the K-180WLA which sells for around US$50 - US$60 over on eBay and Aliexpress. While it appears to be very similar to the well known MLA-30 loop, it's main defining feature is that it's power feeder is battery powered via a built in Lithium ion cell which would make it useful for portable operation. It also advertises a wide usable frequency range of 0.1 - 180 MHz with an amplified gain of 20 dB. They note it can also be pushed up to 450 MHz with reduced gain of 8.9 dB. The battery run time or power draw is not advertised. They write:

  • The P.BOX feed box has a built-in 3.7V 18650 flat-head lithium battery with integrated power supply module. It is the only active antenna that does not require an external power supply and integrates a charge management chip. The MICRO USB charging port is compatible with the 5V charging head of Android phones. And charging cable, very easy to use.
  • UHF low-noise preamplifier is used. The gain flatness is very good within the ultra-wide operating frequency of 0.1-180MHZ. It provides a gain of about 20DB, even when working to 450MHZ gain, there is still about 8.9DB.
  • The receiving frequency covers long wave, medium wave, short wave, FM broadcasting band and VHF aviation band. The small ring diameter 55CM is simple to set up. It can be set up outside the window, balcony, terrace and roof. Lovers erected.
  • All the screws of the antenna are made of 304 stainless steel, and the preamplifier box is fully waterproof, which can be used for long-term outdoor wind and rain.
  • Suitable models include Desheng S-2000 PL-660 PL-880 ICOM R71E YAESU FRG-8800 and all short-wave receivers, especially for SDR receivers.

    Note:

    The antenna is equipped with a dual SMA male adapter cable, an SMA to 3.5 plug adapter cable, and an S2000 BNC adapter, which means that your radio can be used with SMA female, BNC, and 3.5 jacks. Requires additional accessories. Receivers and radios with other interfaces need their own adapters.

We've ordered a unit and plan to compare it against the MLA-30, Wellbrook and YouLoop (with optional HF amplifier that is to be released soon) in a future post. This loop is also being discussed over on the SWLing Post Blog.

The K-180WLA Loop Antenna
The K-180WLA Loop Antenna

Receiving SMOG-P and ATL-1 Nano Satellites with an RTL-SDR

Thank you to Zoltan Doczi (HA7DCD) for submitting his tutorial that shows how to receive signals from the SMOG-P and ATL-1 nano satellites which were launched via Rocket Lab back in late 2019.

SMOG-P is a Hungarian nano satellite developed by BME University. It's payload consists of an on board spectrum analyzer that is designed to measure electromagnetic pollution (electrosmog) from space, and to also monitor the DVB-T spectrum. It currently holds the title of the world's smallest satellite in operation.  ATL-1 is another Hungarian satellite this time developed by ATL Ltd. Its mission is to test a new thermal isolation material in space and to monitor the DVB-T spectrum.

To receive telemetry from these satellites you can use a Raspberry Pi, RTL-SDR, Yagi, and optionally an LNA and filter. In his post Zoltan shows how to install the SMOG-P decoder, and provides a script that automatically decodes, uploads packets to the BME University server, and archives old IQ files and packets.

We note that if you wish to receive these satellites, now is the time to do so as these nano satellites are in a very low orbit and only have an orbital lifespan of only 6-8 months total.

SMOG-P and ATL-1 Satellite Ground Station Receiver Setup
SMOG-P and ATL-1 Satellite Ground Station Receiver Setup

YouTube Tutorial: Building a Passive IMSI Catcher with an RTL-SDR

Thank you to M Khanfar for submitting his YouTube tutorial on how to build a passive IMSI catcher with an RTL-SDR. He writes:

In this video im processes of easy step by step building a passive IMSI catcher. The purpose of this video is to be educational - to highlight the ease of which these devices can be built, and to practically show how privacy is already being compromised today ! easy step by step install and running under virtual machine Ubuntu 18.04 and cheap SDR dongle! .

Intro
An IMSI catcher is a device commonly used by law enforcement and intelligence agencies around the world to track mobile phones. They are designed to collect and log IMSI numbers, which are unique identifiers assigned to mobile phone subscriptions. Under certain circumstances, IMSI numbers can be linked back to personal identities, which inherently raises a number of privacy concerns.

The purpose of this video is to be educational - to highlight the ease of which these devices can be built, and to practically show how privacy is already being compromised . Nothing in this video is necessarily new, and those with less than honest intentions are most certainly already using these (or similar) devices.

This video walks through the processes of building a passive IMSI catcher, which is distinctly different from traditional IMSI catchers in that it does not transmit nor does it interfere with cellular networks in any way.

Traditional IMSI catchers are illegal in most jurisdictions due to the fact that they transmit on cellular frequencies (which requires a license), and that they essentially perform a man-in-the-middle attack between a phone and mobile base station (which breaks all sorts of anti-hacking laws). A passive IMSI catcher does neither of these.

How it works
The passive IMSI catcher works by capturing IMSI numbers when a phone initializes a connection to a base station. The IMSI is only disclosed during this initial connection. In an effort to protect privacy, all subsequent communication to that base station is done with a random Temporary Mobile Subscriber Identity (TMSI) number.

This means you will only collect IMSI numbers for devices as they move between base stations. Traditional IMSI catchers work differently, by spoofing a legitimate base station and forcing subscribers to connect to itself. They have the added ability to collect data about stationary devices, and can potentially have a more targeted range.

The only hardware required is a PC and SDR receiver that supports GSM frequencies. Generally this means 850/900/1,800/1,900 MHz. Most of the inexpensive RTL2832U based receivers have an upper-frequency range of about 1,700 MHz. You can get by with one of these, but of course, you won't be able to listen to stations at 1,800 or 1,900 MHz.

--- you can easy search GSM towers around you and show its frequencies then select specific tower then access its HLR data, then you can locate tower location in google map when you have specific data collected from SDR in terminal like :
MCC,MNC,LAC,CELLID , then you can easy add these data in this website: https://cellidfinder.com/cells  then locate it on map, and you can use IMSI number that you sniff to collect details info from database that have access with subscription to full database from this website :https://www.numberingplans.com

Building a Passive IMSI Catcher

 
 

SWLing Blog: Building a Homemade YouLoop (Noise-Cancelling Passive Loop) Antenna

Over on the SWLing Post Blog Thomas has uploaded an excellent tutorial showing how you can build your own YouLoop (aka a Noise-Cancelling Passive Loop). If you've been following our previous posts you'll know that we recently started selling the "YouLoop" which is designed and produced by Youssef from Airspy. The YouLoop is a passive loop antenna designed for HF reception, but also works well up until VHF. The main catch is that you need to use it with a receiver with a low noise figure front end, like the Airspy HF+ Discovery (SDRplay units should work well too). The RTL-SDR Blog V3 in direct sampling mode does somewhat work with it to an extent, but RTL-SDRs relying on upconverters for HF will probably see poor results.

We are selling the loop in our store for $34.95 including free shipping to most countries. Batch 2 is currently in preorder, but is almost sold out and should begin shipping soon. Batch 3 will also be available for preorder soon and is about 2 weeks away from shipping. We also expect there to be a high quality pre-amp available for sale in a few months too which will help those with higher noise figure radios or longer feed line runs. 

Alternatively, as the YouLoop is a relatively simple and openly shared design it is possible to homebrew your own if you want to. Over on the popular SWLing Post blog, author Thomas has written up a full tutorial on hombrewing your own. The parts you need include coax cable, a BN-73-302 wideband 2-hole ferrite core, magnet wire, heat shrink tubing and electrical tape. The guide takes you through the process of winding the balun and constructing the loop using simple tools and a soldering iron.

Radwave Updates: Browse SETI Spectrum Data on your Android Device

Back in February 2019 we first posted about Radwave, an Android SDR App for RTL-SDR dongles. It has some interesting features not found in other Apps like the ability to easily zoom, pause and rewind the spectrum at any time.

The author has decided to make use of these spectrum browsing enhancements by providing access to full SETI (Search for Extraterrestrial Intelligence) spectrum data sets which can be browsed via the app for a small fee. From a post on our forums the author of Radwave writes:

I've been developing Radwave, which is an RTL-SDR Android app for exploring the spectrum. I recently added some new functionality, allowing users to interactively explore full resolution SETI data hosted in the cloud - no SDR needed. You can see a preview of it here https://youtu.be/8ZJFzKcWejA and download it from https://play.google.com/store/apps/deta ... ve.android

This data comes from Breakthrough Listen. These datasets are quite large, and Radwave does all the bulk downloading, processing and hosting of the datasets, allowing you to easily navigate your way through the spectrum. If you find something cool, you can tag it and share it.

Currently there are three datasets available in the first bundle ($10 USD): Voyager 1 and two 'Oumuamua collections (surveys of the the first observed interstellar object in our solar system). The data is big, and is hosted in AWS. That gets pricey, so I'll be adding more collections to this first bundle as funding permits. If there are certain datasets you're interested in seeing, definitely let me know.

 

radwave intro 20200225

Starlink Doppler Reflections Caught with an RTL-SDR

Over on YouTube William IU2EFA has been uploading multiple short "meteor scatter" videos. This involves using an RTL-SDR to briefly receive distant radio stations via the RF signal reflecting off the ionized trail left by meteors entering the atmosphere. However, in a similar fashion satellites orbiting the earth can also reflect distant radio stations. 

In one of his latest videos William caught a train of Starlink satellites reflecting the signal from the Graves radar in France. To do this he uses a 10 element VHF Yagi, and an RTL-SDR running with HDSDR and SpectrumLab. In the video you can see and hear the change in frequency caused by the doppler shift.

Starlink is a SpaceX project aiming to bring ubiquitous satellite internet to the entire world. Currently 358 Starlink satellites are in orbit, and the end goal is to have 12000.

IU2EFA Starlink radar Graves doppler reflection