Reverse Engineering a Different Kind of Bus

Radio enthusiasts have a long history of eavesdropping on non-broadcast stations–police, fire, and public transportation frequencies, for example. These days, though, a lot of interesting communications are digital. When [bastibl] wanted to read data displayed on bus stop signs, he turned to software defined radio. He used gr-fosphor to monitor the radio spectrum as buses drove by and discovered a strong signal near 151 MHz (see photo below).

That, however, was just the start. Using a variety of tools, he figured out the modulation scheme, how the data framing worked, and even the error correction scheme. Armed with all the information, he built a GNU Radio receiver to pick up the data. A little number crunching and programming and [bastibl] was able to recover data about  individual buses including their position and schedule.

Continue reading “Reverse Engineering a Different Kind of Bus”

Spectrum Painting on 2.4 GHz

Give a software-defined radio (SDR) platform to a few thousand geeks, and it’s pretty predictable what will happen: hackers gotta hack. We’re only surprised that it’s happening so soon. Spectrum Painter is one of the first cool hacks to come out of the rad1o badge given out at the CCCamp 2015. It makes it dead-simple to send images in Hellschreiber mode on a few different SDR hardware platforms.

What we especially like about the project is its simplicity. Don’t get us wrong, we’re tremendous fans of GNURadio and the GNURadio Companion software radio hacking environment. But if you just want to do something simple, like send a picture of a smiley-face, the all-capable GNURadio suite is overkill.

Continue reading “Spectrum Painting on 2.4 GHz”

Decoding Satellite-based Text Messages with RTL-SDR and Hacked GPS Antenna

[Carl] just found a yet another use for the RTL-SDR. He’s been decoding Inmarsat STD-C EGC messages with it. Inmarsat is a British satellite telecommunications company. They provide communications all over the world to places that do not have a reliable terrestrial communications network. STD-C is a text message communications channel used mostly by maritime operators. This channel contains Enhanced Group Call (EGC) messages which include information such as search and rescue, coast guard, weather, and more.

Not much equipment is required for this, just the RTL-SDR dongle, an antenna, a computer, and the cables to hook them all up together. Once all of the gear was collected, [Carl] used an Android app called Satellite AR to locate his nearest Inmarsat satellite. Since these satellites are geostationary, he won’t have to move his antenna once it’s pointed in the right direction.

Hacked GPS antenna
Hacked GPS antenna

As far as antennas go, [Carl] recommends a dish or helix antenna. If you don’t want to fork over the money for something that fancy, he also explains how you can modify a $10 GPS antenna to work for this purpose. He admits that it’s not the best antenna for this, but it will get the job done. A typical GPS antenna will be tuned for 1575 MHz and will contain a band pass filter that prevents the antenna from picking up signals 1-2MHz away from that frequency.

To remove the filter, the plastic case must first be removed. Then a metal reflector needs to be removed from the bottom of the antenna using a soldering iron. The actual antenna circuit is hiding under the reflector. The filter is typically the largest component on the board. After desoldering, the IN and OUT pads are bridged together. The whole thing can then be put back together for use with this project.

Once everything was hooked up and the antenna was pointed in the right place, the audio output from the dongle was piped into the SDR# tuner software. After tuning to the correct frequency and setting all of the audio parameters, the audio was then decoded with another program called tdma-demo.exe. If everything is tuned just right, the software will be able to decode the audio signal and it will start to display messages. [Carl] posted some interesting examples including a couple of pirate warnings.

If you can’t get enough RTL-SDR hacks, be sure to check out some of the others we’ve featured in the past. And don’t forget to send in links to your own hacking!

CCCamp 2015 rad1o Badge

Conference badges are getting more complex each year. DEFCON, LayerONE, Shmoocon, The Next Hope, Open Hardware Summit, The EMF, SAINTCON, SXSW Create, The Last Hope, TROOPERS11, ZaCon V and of course the CCC, have all featured amazing badges over the years. This years CCCamp 2015 rad1o badge is taking things several notches higher. The event will run from 13th through 17th August, 2015.

The rad1o Badge contains a full-featured SDR (software defined radio) transceiver, operating in a frequency range of about 50 MHz – 4000 MHz, and is software compatible to the HackRF One open source SDR platform. The badge uses a Wimax transceiver which sends I/Q (in-phase/quardrature-phase) samples in the range of 2.3 to 2.7 GHz to an ARM Cortex M4 CPU. The CPU can process the data standalone for various applications such as FM radio, spectrogram display, RF controlled power outlets, etc., or pass the samples to a computer using USB 2.0 where further signal processing can take part, e.g. using GnuRadio. The frequency range can be extended by inserting a mixer in the RF path. Its got an on-board antenna tuned for 2.5GHz, or an SMA connector can be soldered to attach an external antenna. There’s a Nokia 6100 130×130 pixel LCD and a joystick, which also featured in the earlier CCCamp 2011 badge known as the r0ket.

A 3.5mm TRRS audio connector allows hooking up a headphone and speaker easily. The LiPo battery can be charged via one of the USB ports, while the other USB port can be used for software updates and data I/O to SDR Software like GnuRadio. Check out the project details from their Github repository and more from the detailed wiki which has information on software and hardware. There’s also a Twitter account if you’d like to follow the projects progress.

This years Open Hardware Summit also promises an awesome hackable badge. We’ll probably feature it before the OHS2015 conference in September.

Thanks to [Andz] for tipping us off about this awesome Badge.

Building your own SDR-based Passive Radar on a Shoestring

Let’s start off with proof. Below is an animation of a measurement of airplanes and meteors I made using a radar system that I built with a few simple easily available pieces of hardware: two $8 RTL software defined radio dongles that I bought on eBay, and two log-periodic antennas. And get this, the radar system you’re going to build works by listening for existing transmissions that bounce off the targets being measured!

I wrote about this in a very brief blog posting a few years ago. It was mainly intended as a zany little side story for our radio telescope blog, but it ended up raising a lot of interest. Because this has been a topic that keeps attracting inquiries, I’m going to explain how I did the experiment in more detail.

It will take a few posts to show how to build a radar capable of performing these types of measurements. This first part is the overview. In later postings I will go through more detailed block diagrams of the different parts of a passive radar system, provide example data, and give some Python scripts that can be used to perform passive radar signal processing. I’ll also go through strategies to determine that everything is working as expected. All of this may sound like a lot of effort, but don’t worry, making a passive radar isn’t too complicated.

Let’s get started!

Continue reading “Building your own SDR-based Passive Radar on a Shoestring”

Simple Superheterodyne SW Receiver Harks Back Almost 100 years

Early radio receivers worked on a principle called Tuned Radio frequency (TRF), patented in 1916. They weren’t very easy to use, requiring each stage to be tuned to the same frequency (until ganged capacitors made that a bit easy). The Superheterodyne design, devised in 1918, was superior, but more expensive at that time. Cost considerations led adoption of the Superhet design to lag behind TRF until almost 1930. Since then, until quite recently, the Superhet design has been at the heart of a majority of commercial radio receivers. Direct Conversion Receivers were devised around 1930, but required elaborate phase locked loops which restricted their use in commercial receivers. The point of all this background is that the Superhet design has served very well for more than 90 years, but will soon be rendered redundant once Software defined Radio (SDR) becomes ubiquitous. Which is why this study of the simple Superheterodyne shortwave receiver deserves closer study.

[Dilshan] built this two transistor and two IF transformer based superheterodyne radio designed to receive 13m to 41m bands. The whole build is assembled on a breadboard, making it easy to teach others to experiment. [Dilshan] offers very useful insights into antenna, rod coil and IF transformer parameters. To dive in to Radio architecture, check this post on Amateur Radio. And if you would like to get a closer look at Antique Radios, check this post on Restoring Antique Radios.

Using The Red Pitaya As An SDR

The Red Pitaya is a credit-card sized board that runs Linux, has Ethernet, and a good bit of RAM. This sounds a lot like a Raspberry Pi and BeagleBone Black, but the similarities end there. The Red Pitaya also has two RF inputs, two RF outputs, and a load of digital IOs, all connected to an Xilinx SoC that includes an FPGA. [Pavel] realized the Pitaya had all the components of a software-defined radio, and built an implementation to prove it.

The input for the SDR taps directly into one of the high impedance inputs with a simple loop antenna made out of telephone cable. The actual software-defined part of this radio borrows heavily from an Xilinx application note, while everything is controlled by either SDR# or HDSDR.

[Pavel] included a pre-built SD card image with all his software, so cloning this project is simply a matter of copying an SD card and building an antenna. The full source is also available, interesting if you would like to muck about with FPGAs and SDRs.