Decoding Satellite-based Text Messages with RTL-SDR and Hacked GPS Antenna

[Carl] just found a yet another use for the RTL-SDR. He’s been decoding Inmarsat STD-C EGC messages with it. Inmarsat is a British satellite telecommunications company. They provide communications all over the world to places that do not have a reliable terrestrial communications network. STD-C is a text message communications channel used mostly by maritime operators. This channel contains Enhanced Group Call (EGC) messages which include information such as search and rescue, coast guard, weather, and more.

Not much equipment is required for this, just the RTL-SDR dongle, an antenna, a computer, and the cables to hook them all up together. Once all of the gear was collected, [Carl] used an Android app called Satellite AR to locate his nearest Inmarsat satellite. Since these satellites are geostationary, he won’t have to move his antenna once it’s pointed in the right direction.

Hacked GPS antenna
Hacked GPS antenna

As far as antennas go, [Carl] recommends a dish or helix antenna. If you don’t want to fork over the money for something that fancy, he also explains how you can modify a $10 GPS antenna to work for this purpose. He admits that it’s not the best antenna for this, but it will get the job done. A typical GPS antenna will be tuned for 1575 MHz and will contain a band pass filter that prevents the antenna from picking up signals 1-2MHz away from that frequency.

To remove the filter, the plastic case must first be removed. Then a metal reflector needs to be removed from the bottom of the antenna using a soldering iron. The actual antenna circuit is hiding under the reflector. The filter is typically the largest component on the board. After desoldering, the IN and OUT pads are bridged together. The whole thing can then be put back together for use with this project.

Once everything was hooked up and the antenna was pointed in the right place, the audio output from the dongle was piped into the SDR# tuner software. After tuning to the correct frequency and setting all of the audio parameters, the audio was then decoded with another program called tdma-demo.exe. If everything is tuned just right, the software will be able to decode the audio signal and it will start to display messages. [Carl] posted some interesting examples including a couple of pirate warnings.

If you can’t get enough RTL-SDR hacks, be sure to check out some of the others we’ve featured in the past. And don’t forget to send in links to your own hacking!

21 thoughts on “Decoding Satellite-based Text Messages with RTL-SDR and Hacked GPS Antenna

  1. Interesting, but intercepting and disclosing messages like this seems like it would be a violation of the Communications act of 1934. I don’t know where the author lives, but if you live in the states you might want to think twice about posting the results of this sort of monitoring. Or not – I’m not a lawyer…

    1. Actually,
      America is a fraction of the worlds population and landmass. Interestingly, the US political narrative seems to encourage the rest of the world to submit to the most irrational notions of a broken justice system.

      In my country, anything that is broadcast over RF is considered public domain. However, re-broadcasting the content may be considered copyright infringement. Thus, if the data it is for research it certainly falls under a fair-use exemption.

    2. Maybe This (Ask Google): ELECTRONIC COMMUNICATIONS PRIVACY ACT UNITED STATES CODE TITLE 18. CRIMES AND CRIMINAL PROCEDURE PART I–CRIMES CHAPTER 119–WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS

    3. Inmarsat C provide broadcast messages known as Enhanced Group Calls (EGC). EGC is the system for broadcasting messages via Inmarsat C and it supports two services: SafetyNET and FleetNET.

      SafetyNET is a free service of maritime safety information and search and rescue related information via the Inmarsat EGC system. SafetyNET receiving capability is part of the mandatory equipment required to be carried by certain ships.SafetyNET messages can be directed to all ships in an entire ocean satellite region, to fixed NAVAREAs/METAREAs , so is not private communications.

      FleetNET is a commercial service and allows information to be sent to a virtually unlimited number of predesignated mobile terminals simultaneously, irrespective of their position. To receive EGC FleetNET messages, ships should have an Enhanced Data ID (ENID) downloaded into the terminal by a FleetNET service provider using a poll command. The service may be used by shipping companies, organisations distributing news, commercial weather providers, etc.

      The link guide appears to provide information on receiving only SafetyNET EGC , you will require non-free SIGINT software to receive private data.

  2. I would be very careful about those “anything that is broadcast over RF is considered public domain” claims. Public domain only means that it is exempt from copyright, However, that doesn’t mean that the content is free for your taking and doing whatever you want with it. The communication’s content is most likely protected by the communication secrecy. This has zero to do with the “broken justice system” of the US you are alluding to but is a part of the ITU (International Telecommunication Union) charter since 1932 at least. And most world countries are members of ITU (and thus implement this concept).

    So feel free to monitor over the air communications as much as you want, but publishing content of a communication not meant for you could get you prosecuted and in the best case you get a large fine. It legally equivalent to you opening and reading your neighbour’s mail, for example.

    1. I did check the messages that were posted in the original article and those actually look like public information broadcasts/warnings. So those would be fair game from the communication secrecy point of view, because they are meant for public consumption anyway.

      1. Whenever sarcasm isn’t indicated hard to judge if sarcasm was the intent or if we are reading an example of Poe’s law valid in a topic other than religious fundamentalism. With the point is about of divulging to the public transmission that where not meant for the public, the mode of transmission doesn’t matter. In the event Newt Gingrich was using A1A the result most likely still would have been ban on monitoring cell phone conversations and the prohibition of receivers capable of covering those bands. I don’t recall that the users of Improved Mobile Telephone Service didn’t receiving those protections.

        1. I’m saying this isn’t 1932 and a lot has changed, both in terms of what transmission is used for as well as the political makeup of the world.
          I really don’t think we can hold people all that much to what their forefathers signed in 1932, think of who was running russia and germany and all the many countries in the world. Should we consider things decreed by stalin and hitler valid too?

          But I assume there was re-ratification and renewal and all that. But quoting 1932 treaties seems silly.

          1. Sorry, but some laws and treaties are simply “good enough” and need little or no modification. Suppose there is a law stating something to the effect of “Thou shall not kill”, then there is no reason to re-ratify or renew that.

            Some countries have “odd” laws that have never been revoked. Those are “silly” and might be shoved aside in court. Or not.

    2. Anything that is broadcast-ed over RF and can be heard with a normal FCC approved radio and antenna is free game, hence why on youtube you can easily find broadcasts of shortwave radio programs even just general radio. The only time you will hit a legal issue with any RF is if you are trying to transmit.

  3. It’s legal to recieve *anything* over RF in the US, if it’s not encrypted, and as long as you don’t act on it if it’s a private system (ie tell other people not present, post it online, do something with that knowledge).
    If you own it, or have permission, you can also legally break the encryption on RF transmissions!

  4. As an amateur radio operator I can say that he’s right, it’s legal to receive pretty much anything you just can’t publish it. Now I wouldn’t push it and try to spy on government agencies, but that’s just stupidity. Benign stuff like this is fine as far as I know. We Hams have our own satellites in the sky. We also listen to all kinds of non ham transmissions. Why do you think all of these radios we buy have extra wide band receive that goes FAR outside any of the ham spectrum? Because. Listening is fun.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s