Over on YouTube Black Hills Information Security (aka Paul Clark) has uploaded a one hour long presentation that shows how to use a software defined radio to reverse engineer digital signals using GNU Radio.
One of the most common uses of Software Defined Radio in the InfoSec world is to take apart a radio signal and extract its underlying digital data. The resulting information is often used to build a transmitter that can compromise the original system. In this webcast, you'll walk through a live demo that illustrates the basic steps in the RF reverse engineering process, including:
- tuning - demodulation - decoding - determining bit function - building your own transmitter - and much, much more!
The NanoVNA is an open source VNA project by @edy555 and ttrftech that has recently become extremely affordable at less than US$50 for a fully assembled unit thanks to Chinese manufacturing (or a little more if you order it via Amazon).
Ohan Smit had recently been playing with the NanoVNA and came across a software package from Rune B. Broberg (5Q5R) called NanoVNASaver. NanoVNASaver is an open source program that can be used to read and plot data from the NanoVNA. It has some nice features like the ability to display multiple charts, increase the resolution up to 10k points, measure cable length via TDR calculations, save Touchstone files and more.
Testing our RTL-SDR.COM BCFM Bandstop filter with a NanoVNA and the NanoVNASaver Software.
Later in the same post Ohan also includes an update about his experiments with some new experimental NanoVNA firmware that extends the maximum frequency range from the previous maximum of 900 MHz up to 1500 MHz. Results show that while it can work up to 1500 MHz, accuracy rapidly degrades above 900 MHz.
Recently Chinese manufacturers have begun producing a low cost wide band (100 kHz - 30 MHz) magnetic loop HF antenna known as the MLA-30. The loop can be found on eBay for under US$45 with free shipping. In the past wide band HF loop antennas have not been cheap, normally costing $300+ dollars from manufacturers like Wellbrook.
RF signals are electromagnetic waves that consist of an electric and magnetic component. A magnetic loop antenna mostly receives the magnetic portion of the wave. This is useful as most unwanted interference from modern electronic devices is generated in the electric component only. So, a magnetic loop antenna may be preferable in city and suburban environments over other antennas like wires and miniwhips. Magnetic loops are also directional, and can be rotated to avoid interference.
One of the biggest costs to a magnetic loop antenna is the shipping, because a large hula hoop sized piece of metal needs to be sent. The MLA-30 cuts costs on shipping by providing a folded up thin loop wire and no physical support for the loop. You are expected to provide your own support, or simply hang the loop wire on something. If you like you can also replace the included loop wire with a larger loop.
The MLA-30 comes with 10m of RG174 coax, is bias tee powered, and comes as a set with a bias tee injector that is powered over 5V USB. We tested our own unit with the RTL-SDR Blog V3, Airspy and SDRplay bias tee's and found that they all worked well instead of the included bias tee. So if you have one of those SDRs using the loop is as simple and neat as plugging it in and turning on the bias tee.
In terms of build quality, the unit is sturdy and the PCB is fully potted and protected against rain/weather. It is yet to be seen how the external screw terminals holding on the loop will age over a longer period of time however.
So how does the very cheap MLA-30 compare to higher end magnetic loop antennas? Below are some reviews by various hams and SWLs. The general consensus is that it works well for the price, but as you'd expect, falters on handling very strong signals and produces a higher noise floor compared to the more expensive loops, especially in the higher HF bands. But overall we'd say that it's probably still better than using a miniwhip, especially in suburban/city environments, and is probably the best compact HF antenna that you can get on a budget.
What's included in the MLA-30 set. Photo from David Day's Review.
MLA-30 Magnetic Loop Antenna Review and Comparison by David Day (N1DAY)
In this review David compares the MLA-30 against a 30-ft ground loop and a Wellbrook ALA1530-LF. His results show that while the loop is capable of receiving the same signals that the two comparison loops can, the SNR is much lower. He also notes that the much thinner loop wire used on the MLA-30 seems to result in a much deeper null, and that IMD was a problem for him.
Inside the MLA-30 Active Loop Antenna by Matt (M0LMK)
This post is a complete teardown of the antenna. As the PCB is fully potted Matt had to boil down the epoxy in order to get to the actual PCB. He notes that the PCB is a simple single amplifier design with the exposed pot working as a gain control.
Cheap Chinese Magnetic Loop Antenna (MegaLoop aka MAGALoop) MLA-30 by John
First hour battle of the antennas W6LVP loop VS MLA 30 loop test by OfficialSWLchannel
This is a YouTube video where OfficialSWLchannel compares his MLA-30 against a W6LVP loop. He notes that his initial testing shows that the MLA-30 performs as well as the W6LVP loop.
First hour battle of the antennas W6LVP loop VS MLA 30 loop test
MLA-30 Loop vs 80M EFHW by Matthew Payne
In this YouTube video Matthew compares his MLA-30 against a 80M end fed halfwave antenna with an SDRplay RSP1a.
MLA-30 Loop vs 80M EFHW
MLA-30 Magnetic Loop Modifications by Scanner and Sdr Radio
In this video the Scanner and Sdr Radio YouTube channel uses an RSPduo to compare the MLA-30 against a Wellbrook loop. His results show that the MLA-30 definitely has a higher noise floor compared to the Wellbrook, but still receives signals decently although chasing weak signals it's not good enough. He also shows how to improve the MLA-30 by replacing the cheap coax that it comes with, noting that the modification reduced his noise.
In addition to the plugins it also automatically installs the RTL-SDR drivers, and the RTL-SDR (R820T) special interface which has the ability to use decimation and has individual controls for each of the three gain stages. You can also use it to automatically install the LimeSDR and PlutoSDR interfaces.
The .exe is a simple installer and you can select what plugins you want during the install. The installer automatically puts the SDRSharp folder in the C: drive.
Starting from Monday September 16th and continuing through to October 1st, both WWV and WWVH shortwave time signal transmission stations will broadcast a special message from the Department of Defense to mark the centennial of WWV. These messages will be heard on 2.5, 5, 10, and 15 MHz. In addition from September 28 to October 2 a special WWV event will occur:
The world’s oldest radio station, WWV, turns 100 years on October 1, 2019, and we are celebrating!
From September 28 through October 2, 2019, the Northern Colorado ARC and WWV ARC, along with help from RMHam, FCCW, and operators from across the country, are planning 24-hour operations of special event station WW0WWV on CW, SSB and digital modes. Operations will shift between HF bands following normal propagation changes and will include 160m and 6m meteor scatter. We will be operating right at the WWV site and face a challenging RF environment.
WWV is a [NIST] operated HF station based in Fort Collins, Colorado. It continuously broadcasts a continuous Universal Coordinated Time signal in addition to occasional voice announcements. It has been on the air since 1919 but began continuous broadcasts in 1945 from it’s final site in Fort Collins, Colorado. WWVH is a similar time signal, but based in Hawaii.
The WWV Transmit Building
The WWV time signal can be used to automatically set RF enabled clocks to the correct time. [Andreas Spiess] on YouTube recently uploaded a video where he emulates this signal in order to control clocks within his home. This is a great watch if you’d like to learn more about how these time signals work.
The time format itself is actually pretty simple and it’s possible to emulate with a number of devices from an Arduino to Raspberry Pi and of course Software Defined Radio.
#287 Remote Controller for Clocks (IKEA and others, DCF77, WWVB, MSF, JJY)
Over on his YouTube channel Tech Minds has been testing some antennas for Inmarsat and Iridium L-Band satellite reception. Inmarsat is a satellite service that runs on geostationary satellites, and one can be received from almost anywhere in the world. There are various services, but the ones that are easily decodable are STD-C EGC and AERO. EGC contains text information search and rescue (SAR) and coast guard messages as well as news, weather and incident reports, and AERO is a form of satellite ACARS, and typically contains short messages from aircraft.
In the first video Tech Minds tests what appears to be an as of yet unreleased prototype PCB patch antenna being designed by NooElec. The PCB patch antenna is combined with a SAWBird Inmarsat LNA and an RTL-SDR. With it he's able to receive STD-C and AERO signals.
In the second video Tech Minds tests an L-Band QFH antenna salvaged from a Vaisala weather balloon radiosonde. The QFH is designed for GPS frequencies, but can potentially be used at the slightly higher Inmarsat and Iridium frequencies. Tech Minds combines the QFH antenna with a SAWBird Inmarsat LNA, but unfortunately finds that reception is too weak for any AERO decoding to be possible. However, when used on the higher Iridium frequencies the antenna works well, and he's able to decode packets with Iridium Toolkit.
New Inmarsat Antenna from NooElec
Testing A QFH Antenna For Inmarsat And Iridium
RTL-SDR Blog L-Band Patch Antenna Preview
We note that over the last several months we have been working on our own L-band patch antenna that will cover Inmarsat, GPS and Iridium frequencies all in one. We expect manufacturing to be completed near the end of the month, or early next month.
The antenna is a ceramic patch, and will come in a waterproof enclosure. It will be possible to easily mount the antenna on a window or elsewhere using the standard suction cup and bendy legs tripod included with our dipole kits. Target price is US$39.95 including the suction cup, tripod, 2M coax and shipping, but we may have it initially on sale for a lower price.
This is cheaper than buying an Inmarsat & Iridium LNA, but a bit more than the SDR-Kits patches that they brought out a few weeks ago. Although performance of our patch is much better. Keep an eye out for the initial information post coming in the next few days.
RTL-SDR Blog L-Band Patch Preview (RTL-SDR for Scale)
If you weren't already aware, SatNOGS is an open source project that aims to make it easy for volunteers to build and run RF ground stations (typically based on RTL-SDR hardware) that automatically monitor satellite data, and upload that data to the internet for public access. This is very useful for low budget cubesats launched by schools/small organizations that don't have the resources for a worldwide monitoring network as data can be collected from all over the world no matter where the satellite is.
Over on the SatNOGS Libre Space forums, user cshields have posted about his near wall mounted SatNOGS monitoring station. With the station he's able to monitor the status of his SatNOGS station via an LCD screen and see the location of satellites that next in the queue to be received. There are also some status lights and LCD text screen for monitoring the SatNOGS rotator hardware.
The station consists of a Raspberry Pi 4, 7" LCD display, 500 GB SSD, RTL-SDR Blog V3, and an Arduino with 16x2 LCD and NeoPixel. cshields post covers the full details of the build.
The result is a tremendous performance improvement in rtl_tcp according to Stephen. Before the changes he noted that his Raspberry Pi 3B+ could only support a sample rate of 1.92 MSPS over WiFi, and even that had 1-2 seconds of lag. After the ring buffer changes his Pi 3B+ can handle the maximum sample rate of 3.2 MSPS with zero lag. On his Pi Zero W he can achieve a sample rate of 1.92 MSPS over WiFi with minimal lag, whereas before he could only achieve 0.92 MSPS with huge 5-10 second of lag.
Unfortunately this patch might not be included in the official upstreamed Osmocom drivers because Stephen submitted the patch as a pull request to the GitHub, and Osmocom only accept patches via their mailing list. If anyone reading this is familiar with the Osmocom patch submission requirements, we'd like to encourage you to help submit this patch for consideration.
