Over on his YouTube channel Tech Minds has uploaded a video showing how it's possible to receive and decode GPS signals with an RTL-SDR. To do this he uses one of our RTL-SDR Blog V3 dongles and a GPS patch antenna which is powered via the bias tee on the dongle.
On the software side he uses GNSS-SDRLIB and RTKLIB to decode the GPS signal. The result of the two programs is your current GPS coordinates which can be plotted on a map. Unfortunately in the video Tech Minds was unable to get the Google Maps display to work, but you can easily type the coordinates into Google maps yourself.
With an RTL-SDR, an appropriate satellite antenna and LNA it is possible to receive visible light images from geostationary satellites such as GOES/Himawari and GK-2A. However, in a 24 hour cycle there will only be one or two images that show the Earth fully illuminated by the sun. The rest of the day parts or all of the Earth will be dark with not even clouds visible. To get around this the satellites also use an Infrared (IR) camera which can see clouds at all times. However, these images are greyscale and not very visually appealing.
To fix this aesthetic issue there is now a recently released multiplatform tool called "Sanchez" which will combine a high resolution underlay image with the greyscale IR image in order to create a more beautiful image. The software is command line based and can run on a batch of collected images.
DEFCON 2020 was held online this year in and the talks were released a few days ago on their website and on YouTube. If you weren't already aware Defcon is a major yearly conference all about information security, and some of the talks deal with wireless and SDR topics. We found two very interesting SDR and wireless related talks that we have highlighted below. The first talk investigates using commercial satellite TV receivers to eavesdrop on satellite internet communications. The second discusses using a bladeRF or USRP to detect fake 4G cellphone basestations. Slides for these talks are available on the Defcon Media server under the presentations folder.
DEF CON Safe Mode - James Pavur - Whispers Among the Stars
Space is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look at the considerations an attacker may take when targeting satellite broadband communications networks. Using $300 of widely available home television equipment I show that it is possible to intercept deeply sensitive data transmitted on satellite links by some of the world's largest organizations.
The talk follows a series of case studies looking at satellite communications affecting three domains: air, land, and sea. From home satellite broadband customers, to wind farms, to oil tankers and aircraft, I show how satellite eavesdroppers can threaten privacy and communications security. Beyond eavesdropping, I also discuss how, under certain conditions, this inexpensive hardware can be used to hijack active sessions over the satellite link.
The talk concludes by presenting new open source tools we have developed to help researchers seeking to improve satellite communications security and individual satellite customers looking to encrypt their traffic.
The talk assumes no background in satellite communications or cryptography but will be most interesting to researchers interested in tackling further unsolved security challenges in outer space.
DEF CON Safe Mode - James Pavur - Whispers Among the Stars
DEF CON Safe Mode - Cooper Quintin - Detecting Fake 4G Base Stations in Real Time
4G based IMSI catchers such as the Hailstorm are becoming more popular with governments and law enforcement around the world, as well as spies, and even criminals. Until now IMSI catcher detection has focused on 2G IMSI catchers such as the Stingray which are quickly falling out of favor.
In this talk we will tell you how 4G IMSI Catchers might work to the best of our knowledge, and what they can and can't do. We demonstrate a brand new software project to detect fake 4G base stations, with open source software and relatively cheap hardware. And finally we will present a comprehensive plan to dramatically limit the capabilities of IMSI catchers (with the long term goal of making them useless once and for all).
Thank you to John D for writing in and letting us know that Wired magazine has recently run an article about the "Nyansat" project. Nyansat aims to bring low cost open source satellite ground stations to the masses. The goal is to democratize citizen access to space by allowing for easier collection of satellite data, or even for collaborative citizen science radio astronomy projects such as the detection of space debris or undocumented satellites. John writes:
While most people think of a satellite ground station as a giant dish mounted on top of a building in the desert, technically any radio receiver that tunes into a satellite's signal can be called a ground station. Somewhere between the giant dish and the GPS chip in your phone is a ground station that uses a directional antenna to pull in the faint signals. So unless you're only interested in geosynchronous satellites, the antenna needs to be aimed at the satellite, and that's where NyanSat comes in.
The design of the NyanSat consists of a pan-tilt head, an Inertial Measurement Unit (IMU) for precise azimuth and elevation measurements, a motor-driver board, an optional OLED display, an optional GPS module, and is powered by an ESP32. Full source code is available in their git repo, found at https://github.com/RedBalloonShenanigans/antenny. The NyanSat's software is written in micropython specifically for the ESP32, but obviously could be ported if desired.
Mounting an antenna, adding an RTL-SDR, and actually tuning in a satellite, is still up to the builder.
One of the goals of the NyanSat project is to eventually build up a network of ground stations that can collaborate to contribute frequently updated satellite ephemeris information.
When they're in stock, the project's sponsor, Red Balloon Security, has occasionally been offering a kit containing a custom PCB that is pre-populated with the ESP32 and motor driver; a pan-tilt gimbal; an IMU; and an RTL-SDR. They've been selling them for $1.00(!), just to get them out in the hands of people. Keep your eye open in case they get another batch in.
The Red Balloon store lists the kit as currently out of stock so we suggest keeping an eye on their store just in case any of the $1 kits come back in stock.
NyanSat will also present a live twitch demo at this years online DefCon conference on Friday Aug 7 6:30-8PM EDT and Sat Aug 8 6:30-8PM EDT. On Sun Aug 9 12:30 EDT they will hold another event where they judge the best work of the Nyansat community.
The SatNOGS project which we have covered many times before on this blog is quite similar with it's own open source antenna rotator design, however the Nyansat design looks a bit easier to build as it doesn't require 3D printed parts. Although critically from their demos we haven't seen what sort of sized antennas the gimbal chosen by Nyansat is capable of moving.
The Bullseye LNB that we have in our store is great for receiving the QO-100 amateur geostationary radio satellite which is available in some parts of the world. However it cannot be used to transmit to the satellite. Over on his YouTube channel Tech Minds shows us how to build a transmit helix antenna that connects to the Bullseye or other suitable LNB, resulting in a dual feed antenna.
The antenna that was built is based on DO8PAT's "Ice Cone Feed" design. The design requires some 3D printed parts for the mount and housing, as well as a copper wire helix, metal reflector and copper matching strip. The Bullseye fits onto the back of the helix mount. Once mounted on a dish Tech Minds shows that he was able to make contact with a friend via the QO-100 satellite with good signal strength.
Thank you to M Khanfar for submitting his video that shows a step-by-step tutorial on building your own SSB receiver in Windows GNU Radio for QO-100 satellite reception. His tutorial includes adding several tuning sliders in the GNU Radio GUI as well.
QO-100 / Es'hail-2 is a geostationary satellite at at 25.5°E (covering Africa, Europe, the Middle East, India, eastern Brazil and the west half of Russia/Asia) providing broadcasting services. However, as a bonus it has allowed amateur radio operators to use a spare transponder. Uplink is at 2.4 GHz and downlink is at 10.5 GHz. We note that we are selling a "bullseye" LNB in our store which allows most SDR dongles to be able to receive the signal with high frequency accuracy.
DragonOS is a ready to use Linux OS image that includes various SDR programs preinstalled and ready to use. The creator Aaron also runs a YouTube channel that has multiple tutorial videos demonstrating software built into DragonOS.
In his latest video Aaron explores Iridium reception with an RTL-SDR Blog V3, RTL-SDR Blog Active L-Band Patch Antenna and Iridium Toolkit/gr-iridium. Iridium is a satellite constellation that provides services such as global paging, satellite phones, tracking and fleet management services, as well as services for emergency, aircraft, maritime and covert operations too.
In the video he shows how to edit the config file to turn the bias tee on, how to record Iridium data, how to install the AMBE voice decoder, and finally how to decode the Iridum data with Iridium toolkit and play voice recordings.
DragonOS LTS Decoding Iridium satellites with the Iridium toolkit (gr-iridium, RTL-SDR)
As part of his Masters in Design Studies studies Daniel Tompkins created an art installation called "signs of life" which was focused around his interest in weather satellite reception with an SDR.
FM radio headphones were given out at the door. Each set was tuned beforehand to receive a broadcast from my pre-programmed station.
Visitors were then invited to walk around the room, contemplating the artifacts of the exhibit. A V-dipole at one end of the room captures the broadcast and displays a real-time spectrogram of the radio waves on a small display.
Across the room, a satellite dish points back, creating an alignment across the projected GOES-16 "full-disk" image animation of the Earth. Along the back wall, a few dozen images show demodulated signals from the NOAA 15/18/19 satellites as they passed over Cambridge, Massachusetts in the months of October and November 2018.
The experience demonstrated my interest in tapping into an invisible (wireless) environment of digital information. A USB, software-defined radio (SDR) dongle helped me reach the satellites.
In listening to the transmission, the visitors are engaging in a shared experience, but are somehow still alone and unable to communicate while wearing their headphones. The performance of the exhibition is designed to be a place which simulates the real disconnection of techno-humanity. The "reflecting pool" of the earth spinning on the floor might provide a metaphorical reflection of humanity and progress.
Daniel Tompkins GOES-16/NOAA Art Installation
This installation reminds us of the "Holypager" live art piece which used a HackRF to receive and print out live pager messages with an aim to demonstrate the amount of personal data being sent publicly over pagers. Another related art piece was the "Ghosts in the Air Glow" project by Amanda Dawn Christie, which saw the HAARP Auroral research facility used to transmit various art pieces to be received from all over the world by people with HF radios.
