Tagged: rtl2832

Solving a Frequency Hopping CTF Challenge with Aliasing

At this years BSides Ottawa security conference, Clayton Smith was tasked with setting up a wireless "Capture the Flag" (CTF) competition. CTF competitions generally consist of a mystery signal that participants need to figure out how to decode with an SDR such as an RTL-SDR. 

One CTF that Clayton set up was a frequency hopping challenge with several levels of difficulty. The signal consisted of a narrow band FM signal that constantly hopped between multiple fixed frequencies. The idea was to use whatever means possible to piece together that signal again so that the speech audio could be copied.

The first level had the audio signal hopping very slowly, so the speech could be pieced together manually by listening by ear to each channel it transmitted on. Subsequent levels had the signal hopping much faster, so they required some DSP work to piece everything back together.

In his post Clayton writes about three possible GNU Radio based DSP solutions to the problem. The first method he describes is an interesting method that abuses the effects of aliasing. Aliasing is a problem in SDRs when a signal can be folded on top of another, creating interference. However, this approach makes use of aliasing to purposely fold the hopping channels into one frequency, resulting in speech that can be copied.

The rest of his post explains two other methods that could be used as well. The second method involves treating the entire band consisting of the hopping signals as a single FM signal, then filtering it with a DC block. The third approach uses FFT to detect which channel is active with the highest power, then shifting that channel by it's offset.

Spectrum of the frequency hopping CTF challenge.
Spectrum of the frequency hopping CTF challenge.

Clayton also set up another CTF with gr-paint. The idea was to read text on a "painted" waterfall with ever decreasing text spacing that would eventually be too small to read on standard SDR programs like GQRX. Instead, the solution was to open the IQ data in a tool like Inspectrum or Baudline which has much higher FFT resolution. 

Gr-Painted spectrum with decreasing text.
Gr-Painted spectrum with decreasing text spacing.

Astrophiz Podcast Interviews Steve Olney: Capturing the 2019 Vela Pulsar Glitch with an RTL-SDR

Back in May 2019 we posted about Steve Olney's HawkRAO amateur radio astronomy station which was the only station in the world to capture the 2019 Vela Pulsar "glitch" which he did so using his RTL-SDR as the radio. The astronomy focused podcast "Astrophiz" recently interviewed Steve in episode 95 where he talks about his amateur radio background, his home made radio telescope, his RTL-SDR and software processing setup, and the Vela glitch.

A pulsar is a rotating neutron star that emits a beam of electromagnetic radiation. If this beam points towards the earth, it can then be observed with a large dish or directional antenna and a radio, like the RTL-SDR. The Vela pulsar is the strongest one in our sky, making it one of the easiest for amateur radio astronomers to receive.

Pulsars are known to have very accurate rotational periods which can be measured by the radio pulse period. However, every now and then some pulsars can "glitch", resulting in the rotational period suddenly decreasing. Glitches can't be predicted, but Vela is one of the most commonly observed glitching pulsars.

The HawkRAO amateur radio telescope run by Steve Olney is based in NSW, Australia and consists of a 2 x 2 array of 42-element cross Yagi antennas. The antennas feed into three LNAs and then an RTL-SDR radio receiver. 

Astrophiz 95: Steve Olney: From Ham Radio to Radio Astronomy - "The 2019 Vela Glitch" 

Feature Interview: This amazing interview features Steve Olney who has established the Hawkesbury Radio Astronomy Observatory in his backyard. Steve has constructed a Yagi antenna array, coupled it with a receiver and observed a pulsar 900 LY away and generated data that has enabled him to be the only person on the planet to observe Vela’s 2019 glitch in radio waves as it happened.

If you're interested in learning more about Vela, Astrophiz podcast episode 93 with Dr. Jim Palfreyman discusses more about the previous 2016 Vela glitch and why it's important from a scientific point of view.

Reverse Engineering and Controlling a Pan-Tilt Camera Servo with an RTL-SDR and Arduino

The ZIFON YT-500 is a pan-tilt tripod designed for mounting small cameras and smart phones. It also comes with an RF based 433 MHz wireless remote control that allows you to remotely control the positioning.

However, Konstantin Dorohov wanted to be able to control the camera positioning from his PC rather than through the remote control, so he set out to reverse engineer and clone the 433 MHz wireless control signal.

To do this he first used an RTL-SDR and SDR# to record the signals generated by each button press of the remote. He then opens the audio files in Audacity which allows him to inspect the signal's structure and determine some important information such as the preamble + payload timing and ON/OFF pattern. 

Knowing this information he was then able to use an Arduino with a 433 MHz transmitter connected to replicate the signal exactly. His post contains the sample code that he used.

Reverse Engineering the Pan/Tilt Servo with an RTL-SDR, and replicating the signal with an Arduino.
Reverse Engineering the Pan/Tilt Servo with an RTL-SDR, and replicating the signal with an Arduino.

SignalsEverywhere Reviews our RTL-SDR Blog L-Band Active Patch Antenna Kit

Over on the SignalsEverywhere YouTube channel Corrosive from the SignalsEverywhere channel has uploaded a review of our RTL-SDR Blog L-Band Active Patch antenna. Our patch antenna can be used for applications such as Inmarsat, Iridium and GPS reception. 

In the video Corrosive shows what the kit comes with, and first demonstrates the antenna working indoors. He also shows how signal SNR can be improved for indoor reception simply by adding a larger ground plane to the back of the antenna and clamping it on with the mounting screw. Later he shows what reception is like outdoors, and shows it being used to decode from STD-C Inmarsat and Iridium signals.

If you're interested in this antenna we also previously posted about TechMinds review video.

The antenna is available for sale on our web store, or from Amazon.

RTL SDR Blog L-Band Inmarsat/Iridium Satellite Service Patch Antenna

Coole-Radar: A Retro Terminal Based Radar Display for ADS-B Aircraft Data

John Wiseman has been working on a cool old-school retro styled aircraft ADS-B radar that runs entirely within a terminal window. So no GUI desktop should be required. The project, called "coole-radar", is available as open source code on GitHub.

It takes decoded ADS-B data via a Virtual Radar Server webpage, so it should be fairly easy to set up together with an RTL-SDR and dump1090 that feeds Virtual Radar Server. The latest version displays a radar screen with decay-like effect, a list of currently detected aircraft, and a pixelated screen of the aircraft image downloaded from the internet.

A Homebrew All-In-One RTL-SDR with Screen and Control Knobs Running on a Mini PC

Over on YouTube user Pablo Sala (KI7OJL) has uploaded a video that shows a neat all-in-one receiver build based on an RTL-SDR. Pablo's build runs on a Pipo x8 Mini PC which is a US$110 PC/tablet that includes a build in LCD touch screen. The build also adds several Arduino powered control knobs for tuning, mode and bank selection, squelch and volume to the base. The knobs directly interface with HDSDR, his chosen software.

The video titles are dated 2017, but the video only seems to have been uploaded recently. Unfortunately we weren't able to find much more information about this build, other than the video.

Homebrew: RTL-SDR Receiver with Arduino-powered knobs on a Pipo X8 Mini PC running HDSDR, May 2017

Networked Radio Direction Finding with KerberosSDR and RDFMapper

We've just uploaded a short Python script to GitHub that allows radio direction bearings from a KerberosSDR to be used with the RDF Mapper software created by Jonathan Musther. RDF Mapper is a (~US$25) program that was initially written for the RDF42, a kit based doppler direction finding system. RDFMapper runs on Windows/MacOS and Linux.

KerberosSDR is our experimental 4-Tuner Coherent RTL-SDR product made in collaboration with Othernet. It can be used for applications such as radio direction finding and passive radar. Currently it's available for US$149 on the Othernet store.

The RDF Mapper software allows you to upload bearings from multiple devices distributed around a city to a public RDF server, and view all the bearings on any internet connected PC. This can allow you to quickly triangulate the location of a transmitter.

Normally you would use RDFMapper combined with an RDF42 to upload bearings, but we've written a simple script that can be used to upload bearings generated by a KerberosSDR onto the server. The RDFMapper software can then be used to visualize those bearings.

The script is based on Python, and can run directly on the Pi 3/4 or Tinkerboard that is running the KerberosSDR, or on another PC that can see the KerberosSDR bearing server if you prefer.

Instructions are available on the GitHub page. Simply set unique station names for each of your distributed units, entry your lat/lon and fixed direction bearing. Then on the RDF Mapper software open the 'Web upload/download' tab and add the unique station ID name. All the other tabs for connecting to a GPS and serial port can be ignored, as those are used for the RDF42.

This script will only work for stationary KerberosSDR units as the lat/lon is fixed. If you want to try radio direction finding in a vehicle, we recommend using our Android App for a better experience. If there is interest, we may also add support for the Android app to upload to an RDFMapper server for mobile bearing uploads. 

Notes: RDFMapper runs on the system's default browser and it needs to run in either Chrome or Firefox to work. IE does not work. It also appears that Jonathan processes orders manually, so we just want to note that there may be a delay between payment and receiving the software.

RDF Mapper Software. Data from networked units.
RDF Mapper Software. Plotting bearing data from networked units.

TechMinds Reviews our RTL-SDR Blog L-Band Patch Antenna + Horn & Dish Mod

Over on YouTube the TechMinds YouTube channel has uploaded a review of our RTL-SDR Blog L-Band patch antenna which we recently released. TechMinds tests the antenna on a STD-C Inmarsat channel with the Scytale-C decoder, and on various AERO ACARS transmissions with JAERO. Later in the video he also tests the patch antenna on Iridium reception using the Iridium Toolkit software. In all tests the patch is able to suitably receive the signal with either an RTL-SDR or Airspy SDR.

We also wanted to make a note about an additional tip regarding polarization that many people using the antenna seem to have missed. As Inmarsat signals are LHCP polarized, it is important to not only point the antenna towards the satellite, but also to rotate the antenna to match the polarization until maximum SNR is achieved. The rotation can make the difference between strong signals and nothing received at all.

RTL-SDR Active L-Band Patch Antenna For Inmarsat / Iridium / GPS

We've also recently seen a user 'Bert' who has needed to boost the signal strength as he was running the patch inside and at a location in northern Europe with poor reception of Inmarsat. To boost it he simply added a metal horn over the patch made from an old aluminum box, and also a back plate reflector. He notes that this improved his SNR on AERO 10500 from 8 - 9 dB, up to 12 - 14 dB. He also tested using the patch on a dish antenna, and found very good results too.

Aluminum Horn Added to L-Band Patch
Aluminum Horn Added to L-Band Patch
L-Band Patch Antenna on Dish
L-Band Patch Antenna on Dish