All The Goodies You Need For Your RTL-SDR

When the RTL2832-based USB digital TV sticks were revealed to have hidden capabilities that made the  an exceptionally cheap software-defined radio receiver, it was nothing short of a game-changing moment for the home radio experimenter. The RTL might not be the best radio available, but remains a pretty good deal for only $10 from your favourite online supplier.

Having bought your RTL SDR, you will soon find yourself needing a few accessories. A decent antenna perhaps, an HF upconverter, and maybe an attenuator. To help you, [IgrikXD] has come up with a repository containing open-source implementations of all those projects and more. There’s an HF upconverter handily in both SMD and through-hole versions, as well as a wideband active antenna. A resonant antenna for a single band will always out-perfom a wideband device if your interest lies on only one frequency, but when your receiver has such a wide range as that of the RTL it’s irresistible to look further afield so the wideband antenna is a useful choice.

The RTL SDR is a device that just keeps on giving, and has featured innumerable times here since since its first appearance a few years ago. Whether you are into passive radar or using it to decode data from RF-equipped devices it’s the unit of choice, though we rather like it as a piece of inexpensive test equipment.

Via Hacker News.

Header image: Joeceads [CC BY-SA 4.0].

Revive that old Analog Cell Phone with SDR

With the latest and greatest 5G cellular networks right around the corner, it can be difficult to believe that it wasn’t so long ago that cell phones relied on analog networks. They aren’t used anymore, but it might only take a visit to a swap meet or flea market to get your hands on some of this vintage hardware. Of course these phones of a bygone era aren’t just impractical due to their monstrous size compared to modern gear, but because analog cell networks have long since gone the way of the floppy disk.

But thanks to the efforts of [Andreas Eversberg] those antique cell phones may live again, even if it’s only within the radius of your local hackerspace. His software allows the user to create a functioning analog base station for several retro phone networks used in Europe and the United States, such as AMPS, TACS, NMT, Radiocom, and C450. You can go the old school route and do it with sound cards and physical radios, or you can fully embrace the 21st century and do it all through a Software Defined Radio (SDR); in either event, calls to the base station and even between multiple mobile devices is possible with relatively inexpensive hardware.

[Andreas] has put together exceptional documentation for this project, which starts with a walk through on how you can setup your DIY cell “tower” with traditional radios. He explains that amateur radios are a viable option for most of the frequencies used, and that he had early success with modifying second-hand taxi radios. He even mentions that the popular BaoFeng handheld radios can be used in a pinch, though not all the protocols will work due to distortion in the radio.

If you want to take the easy way out, [Andreas] also explains how to replace the radios with a single SDR device. This greatly simplifies the installation, and turns a whole bench full of radios and wires into something you can carry around in your pack if you were so inclined. His software has specific options to use the LimeSDR and LimeSDR-Mini, but you should be able to use other devices with a bit of experimentation.

We’ve previously reviewed the LimeSDR-Mini hardware, as well as covered its use in setting up DIY GSM networks.

Studying Airplane Radio Reflections With SDR

A property of radio waves is that they tend to reflect off things. Metal surfaces in particular act as good reflectors, and by studying how these reflections work, it’s possible to achieve all manner of interesting feats. [destevez] decided to have some fun with reflections from local air traffic, and was kind enough to share the results.

The project centers around receiving 2.3 GHz signals from a local ham beacon that have been reflected by planes taking off from the Madrid-Barajas airport. The beacon was installed by a local ham, and transmits a CW idenfication and tone at 2 W of power.

In order to try and receive reflections from nearby aircraft, [destevez] put together a simple but ingenious setup.

ADS-B data was plotted on a map and correlated with the received reflections.

A LimeSDR radio was used, connected to a 9 dB planar 2.4 GHz WiFi antenna. This was an intentional choice, as it has a wide radiation pattern which is useful for receiving reflections from odd angles. A car was positioned between the antenna and the beacon to avoid the direct signal overpowering reflected signals from aircraft.

Data was recorded, and then compared with ADS-B data on aircraft position and velocity, allowing recorded reflections to be matched to the flight paths of individual flights after the fact. It’s a great example of smart radio sleuthing using SDR and how to process such data. If you’re thirsty for more, check out this project to receive Russian weather sat images with an SDR.

[Thanks to Adrian for the tip!]

Using AI To Pull Call Signs From SDR-Processed Signals

AI is currently popular, so [Chirs Lam] figured he’d stimulate some interest in amateur radio by using it to pull call signs from radio signals processed using SDR. As you’ll see, the AI did just okay so [Chris] augmented it with an algorithm invented for gene sequencing.

Radio transmitting, receiving, and SDR hardwareHis experiment was simple enough. He picked up a Baofeng handheld radio transceiver to transmit messages containing a call sign and some speech. He then used a 0.5 meter antenna to receive it and a little connecting hardware and a NooElec SDR dongle to get it into his laptop. There he used SDRSharp to process the messages and output a WAV file. He then passed that on to the AI, Google’s Cloud Speech-to-Text service, to convert it to text.

Despite speaking his words one at a time and making an effort to pronounce them clearly, the result wasn’t great. In his example, only the first two words of the call sign and actual message were correct. Perhaps if the AI had been trained on actual off-air conversations with background noise, it would have been done better. It’s not quite the same issue, but we’re reminded of those MIT researchers who fooled Google’s Inception image recognizer into thinking that a turtle was a gun.

Rather than train his own AI, [Chris’s] clever solution was to turn to the Smith-Waterman algorithm. This is the same algorithm used for finding similar nucleic acid sequences when analyzing genes. It allowed him to use a list of correct call signs to find the best match for what the AI did come up with. As you can see in the video below, it got the call signs right.

Continue reading “Using AI To Pull Call Signs From SDR-Processed Signals”

RTL-SDR Paves Way To Alexa Controlled Blinds

You’d be forgiven for occasionally looking at a project, especially one that involves reverse engineering an unknown communication protocol, and thinking it might be out of your league. We’ve all been there. But as more and more of the devices that we use are becoming wireless black boxes, we’re all going to have to get a bit more comfortable with jumping into the deep end from time to time. Luckily, there are no shortage of success stories out there that we can look at for inspiration.

A case in point are the wireless blinds that [Stuart Hinson] decided would be a lot more useful if he could control them with his Amazon Alexa. There’s plenty of documentation on how to get Alexa to do your bidding, so he wasn’t worried about that. The tricky part was commanding the wireless blinds, as all he had to go on was the frequency printed on the back of the remote.

Luckily, in the era of cheap RTL-SDR devices, that’s often all you need. [Stuart] plugged in his receiver and fired up the incredibly handy Universal Radio Hacker. Since he knew the frequency, it was just a matter of tuning in and hitting the button on the remote a couple times to get a good capture. The software then broke it down to the binary sequence the remote was sending out.

Now here’s where [Stuart] lucked out. The manufacturers took the easy way out and didn’t include any sort of security features, or even bother with acknowledging that the signal had been received. All he needed to do was parrot out the binary sequence with a standard 433MHz transmitter hooked up to an ESP8266, and the blinds took the bait. This does mean that anyone close enough can take control of these particular blinds, but that’s a story for another time.

We took a look at the Universal Radio Hacker a year or so back, and it’s good to see it picking up steam. We’ve also covered the ins and outs of creating your own Alexa skills, if you want to get a jump on that side of the project.

Direction Finding And Passive Radar With RTL-SDR

To say that the RTL-SDR project revolutionized hacker’s capabilities in the RF spectrum would be something of an understatement. It used to be that the bar, in terms of both knowledge and hardware, was so high that only those truly dedicated were able to explore the radio spectrum. But today anyone with $20 can pick up an RTL-SDR device, combine it with a wide array of open source software, and gain access to a previously invisible world.

That being said, RTL-SDR is usually considered an “Economy Ticket” to the world of RF. It gets your foot in the door, but experienced RF hackers are quick to point out you’ll need higher-end hardware if you want to start doing more complex experiments. But the KerberosSDR may soon change the perception of RTL-SDR derived hardware. Combining four R820T2 SDRs on a custom designed board, it allows for low-cost access to high concept technologies such as radio direction finding, passive radar, and beam forming. If you get bored with that, you can always just use it as you would four separate RTL-SDR dongles, perfect for applications that require monitoring multiple frequencies such as receiving trunked radio.

KerberosSDR (which was previously known as HydraSDR) is a collaborative effort between the Othernet engineering team and the folks over at, who earlier in the year put out a call for an experienced developer to come onboard specifically for this project. Tamás Peto, a PhD student at Budapest University of Technology and Economics, answered the call and has put together a system which the team plans on releasing as open source so the whole community can benefit from it. In the videos after the break, you can see demonstrations of the direction finding and passive radar capabilities using an in-development version of KerberosSDR.

As for the hardware, it’s a combination of the RTL-SDR radios with an onboard GPIO-controlled wide band noise source for calibration, as well as an integrated USB hub so it only takes up one port. Everything is wrapped up in a shielded metal enclosure, and the team is currently experimenting with a header on the KerberosSDR PCB that would let you plug it directly into a Raspberry Pi or Tinkerboard.

The team hopes to start final hardware production within the next few months, and in the meantime has set up a mailing list so interested parties can stay in the loop and be informed when preorders start.

If you can’t wait until then, we’ve got a detailed write-up on DIY experiments with passive radar using RTL-SDR hardware, and you can always use your browser if you want to get your radio direction finding fix.

Continue reading “Direction Finding And Passive Radar With RTL-SDR”

GSM Phone Network At EMF Camp Built on Raspberry Pi and LimeSDR

The Electromagnetic Field 2018 hacker camp in the UK will have its own GSM phone network, and as we have already covered its badge will be a fully-functional GSM phone. This is as far as we are aware a first in the world of badges, and though it may not be a first in hacker camp connectivity it is still no mean achievement at the base station side. To find out more we talked to two of the people behind the network, on the radio side Lime Microsystems‘ [Andrew Back], and on the network side Nexmo‘s developer advocate, [Sam Machin].

There are sixteen base stations spread around the site, of which each one is a Raspberry Pi 3 B+ with a LimeSDR Mini. Development of the system was undertaken prior to the release of the Raspberry Pi Foundation’s PoE board, so they take a separate 24V supply which powers the Pi through a DC-to-DC converter. This arrangement allows for a significant voltage drop should any long cable runs be required.

On the software side the base stations all run the Osmocom (Open Source Mobile Communications) cellular base station infrastructure package. It was a fine decision between the all-in-one Osmocom NITB package and the fully modular Osmocom, going for the former for its reliability. It was commented that this would not necessarily be the case at a future event but that it made sense in the present. It appears on the network as a SIP phone system, meaning that it can easily integrate with the existing DECT network. Let’s take a look at how the network operates from the user side, and the licencing loophole that makes everything possible.

Continue reading “GSM Phone Network At EMF Camp Built on Raspberry Pi and LimeSDR”