Fail of the Week: Tracking Meteors with Weather Radio

It’s not hard to detect meteors: go outside on a clear night in a dark place and you’re bound to see one eventually. But visible light detection is limiting, and knowing that meteors leave a trail of ions means radio detection is possible. That’s what’s behind this attempt to map meteor trails using broadcast signals, which so far hasn’t yielded great results.

Passing jet’s Doppler signature

The fact that meteor trails reflect radio signals is well-known; hams use “meteor bounce” to make long-distance contacts all the time. And using commercial FM broadcast signals to map meteor activity isn’t new, either — we’ve covered the “forward scattering” technique before. The technique requires tuning into a frequency used by a distant station but not a local one and waiting for a passing meteor to bounce the distant signal back to your SDR dongle. Capturing the waterfall display for later analysis should show characteristic patterns and give you an idea of where and when the meteor passed.

[Dave Venne] is an amateur astronomer who turns his eyes and ears to the heavens just to see what he can find. [Dave]’s problem is that the commercial FM band in the Minneapolis area that he calls home is crowded, to say the least. He hit upon the idea of using the National Weather Service weather radio broadcasts at around 160 MHz as a substitute. Sadly, all he managed to capture were passing airplanes with their characteristic Doppler shift; pretty cool in its own right, but not the desired result.

The comments in the post on [Dave]’s attempt had a few ideas on where this went wrong and how to improve it, including the intriguing idea of using 60-meter ham band propagation beacons. Now it’s Hackaday’s turn: any ideas on how to fix [Dave]’s problem? Sound off in the comments below.

Using SDR to Take Control of Your Home Security System

[Dan Englender] was working on implementing a home automation and security system, and while his house was teeming with sensors, they used a proprietary protocol which was not supported by the open source system he was trying to implement. The problem with home automation and security systems is the lack of standardization – or rather, the large number of (often incompatible) standards used to ensure consumers get tied in to one specific system. He has shared the result of his efforts at getting the two to talk to each other via his project decode345.

The result enabled him to receive signals from Honeywell’s 5800 series of wireless products and interface them with OpenHAB — a vendor and technology agnostic open source automation software. OpenHAB offers “bindings” that allow a wide variety of systems and hardware to be integrated. Unfortunately for [Dan], this exhaustive list does not yet include support for the (not very popular) 345MHz protocol used by the Honeywell 5800 system, hence his project. Continue reading “Using SDR to Take Control of Your Home Security System”

GSM Sniffing on a Budget with Multi-RTL

If you want to eavesdrop on GSM phone conversations or data, it pays to have deep pockets, because you’re going to need to listen to a wide frequency range. Or, you can just use two cheap RTL-SDR units and some clever syncing software. [Piotr Krysik] presented his work on budget GSM hacking at Camp++ in August 2016, and the video of the presentation just came online now (embedded below). The punchline is a method of listening to both the uplink and downlink channels for a pittance.

[Piotr] knows his GSM phone tech, studying it by day and hacking on a GnuRadio GSM decoder by night. His presentation bears this out, and is a great overview of GSM hacking from 2007 to the present. The impetus for Multi-RTL comes out of this work as well. Although it was possible to hack into a cheap phone or use a single RTL-SDR to receive GSM signals, eavesdropping on both the uplink and downlink channels was still out of reach, because it required more bandwidth than the cheap RTL-SDR had. More like the bandwidth of two cheap RTL-SDR modules.

Getting two RTL-SDR modules to operate in phase is as easy as desoldering a crystal from one and slaving it to the other. Aligning the two absolutely in time required a very sweet hack. It turns out that the absolute timing is retained after a frequency switch, so both RTL-SDRs switch to the same channel, lock together on a single signal, and then switch back off, one to the uplink frequency and the other to the downlink. Multi-RTL is a GnuRadio source that takes care of this for you. Bam! Hundreds or thousands of dollar’s worth of gear replaced by commodity hardware you can buy anywhere for less than a fancy dinner. That’s a great hack, and a great presentation.
Continue reading “GSM Sniffing on a Budget with Multi-RTL”

An Amateur Radio Repeater Using An RTL-SDR And A Raspberry Pi

An amateur radio repeater used to be a complex assemblage of equipment that would easily fill a 19″ rack. There would be a receiver and a separate transmitter, usually repurposed from commercial units, a home-made logic unit with a microprocessor to keep an eye on everything, and a hefty set of filters to stop the transmitter output swamping the receiver. Then there would have been an array of power supply units to provide continued working during power outages, probably with an associated bank of lead-acid cells.

More recent repeaters have been commercial repeater units. The big radio manufacturers have spotted a market in amateur radio, and particularly as they have each pursued their own digital standards there has been something of an effort to provide repeater equipment to drive sales of digital transceivers.

But what if you fancy setting up a simple repeater and you have neither a shed full of old radios or a hotline to the sales department of a large Japanese manufacturer? If you are [Anton Janovsky, ZR6AIC], you make your own low-powered repeater using an RTL-SDR, a low-pass filter, and a Raspberry Pi.

[Anton]’s repeater is a clever assemblage through pipes of rtl_sdr doing the receiving, csdr demodulating, and [F5OEO]’s rpitx doing the transmitting. As far as we can see it doesn’t have a toneburst detector or CTCSS to control its transmission so it is on air full-time, however we suspect that may be a feature that will be implemented in due course.

With only a 10 mW output this repeater is more of a toy than a useful device, and we’d suggest any licensed amateur wanting to have a go should read the small print in their licence schedule before doing so. But it’s a neat usage of a Pi and an RTL stick, and with luck it’ll inspire others in the same vein.

We’ve touched on the Pi as a transmitter before, from a straightforward broadcast FM unit to crossing continents with WSPR, and even transmitting digital TV in another [F5OEO] hack.

The Tiny Radio Telescope

Radio telescopes are one of the more high-profile pieces of scientific apparatus. There is an excitement to stories of radio astronomers of old probing the mysteries of the Universe on winter nights in frigid cabins atop massive parabolas, even if nowadays their somewhat more fortunate successors do the same work from the comfort of their labs using telescopes that may be on the other side of the world.

You might think if you look at the Arecibo Observatory, Lovell Telescope, or other famous pieces of apparatus, that this is Big Science, out of reach for mere mortals such as yourself without billion-dollar research programs. Maybe [Paul Scott] and [Allen Versfeld]’s Tiny Radio Telescope project will change that view.

The NRAO published a radio telescope design a few years ago for use mainly as an educational tool, the Itty Bitty Telescope. It used a satellite TV dish and LNB feeding a signal meter as a simple telescope to detect the Sun, and black body radiation from the surrounding objects. It’s a simple design for kids to get their heads around, and [Scott] and [Allen] have set out to turn it into something more useful with an RTL-SDR instead of a signal meter and a motorised mount for automated observations.

This is one of those projects on that moves slowly but you know will eventually deliver on its promise. With a 1m dish and a consumer LNB it’s never going to make a discovery that will rock the world, but that’s not the point. It may be science that the astrophysicists moved on from decades ago, but it’s still quite an achievement that the radio sky can be imaged using such mundane equipment.

We’ve featured backyard radio astronomy before a few times, from this UHF school science project to another satellite TV based telescope. Keep them coming!

A thank you to Southgate ARC for the prod.

Emulating A Remote Control Ceiling Fan Transmitter In An FPGA

[Joel] has a remote control ceiling fan. It’s nothing special, the controller has a low-power 350MHz transmitter and a Holtek encoder to send commands by keying the transmitter’s output. Desiring something a little better, he set about reverse engineering the device’s protocol and implementing it on a Lattice iCE40 FPGA.

To decode the device’s packets he reached for his RTL-SDR receiver and took a look at it in software. GQRX confirmed the presence of the carrier and allowed him to record a raw I/Q file, which he could then supply to Inspectrum to analyse the packet structure. He found it to be a simple on-off keying scheme, with bits expressed through differing pulse widths. He was then able to create a Gnu Radio project to read and decode them in real time.

Emulating the transmitter was then a fairly straightforward process of generating a 350MHz clock using the on-board PLL and gating it with his generated data stream to provide modulation. The result was able to control his fan with a short wire antenna, indeed he was worried that it might also be doing so for other similar fans in his apartment complex. You can take a look at his source code on GitHub if you would like to try something similar.

It’s worth pointing out that a transmitter like this will radiate a significant amount of harmonics at multiples of its base frequency, and thus without a filter on its output is likely to cause interference. It will also be breaking all the rules set out by whoever the spectrum regulator is where you live, despite its low power. However it’s an interesting project to read, with its reverse engineering and slightly novel use of an FPGA.

Wireless remote hacking seems to be a favorite pastime here in the Hackaday community. We’ve had 2.4GHz hacks and plenty of wireless mains outlet hacks.

The Terrible Devices Of The Internet Of Wrongs

Last week was Bsides London, and [Steve Lord] was able to give a talk about the devices that could pass for either a terrible, poorly planned, ill-conceived Internet of Things Kickstarter, or something straight out of the NSA toolkit. [Steve] built the Internet of Wrongs, devices that shouldn’t exist, but thanks to all this electronic stuff, does.

Continue reading “The Terrible Devices Of The Internet Of Wrongs”