Eavesdropping On Cosmonauts With An SDR

Usually when we hear about someone making contact with astronauts in orbit, it’s an intentional contact between a ham on the ground and one of the licensed radio amateurs on the ISS. We don’t often see someone lucky enough to snag a conversation between ground controllers and a spacecraft en route to the ISS like this.

For [Tysonpower], this was all about being in the right place at the right time, as well as having the right equipment and the know-how to use it properly. Soyuz MS-12 launched from Baikonur on March 14 with cosmonaut [Aleksey Ovchinin] and NASA astronauts [Nick Hague] and [Kristina Koch] onboard, destined for the ISS after a six-hour flight. The lucky bit came when [Tysonpower] realized that the rendezvous would happen when the ISS was in a good position relative to his home in Cologne, which prompted him to set up his gear for a listening session. His AirSpy Mini SDR was connected to a home-brew quadrifilar helical (QFH) “eggbeater” antenna on his roof. What’s nice about this antenna is that it’s fixed rather than tracking, making it easy to get on the air with quickly. After digging around the aviation bands at about 121 MHz for a bit, [Tysonpower] managed to capture a few seconds of a conversation between [Ovchinin] and Moscow Flight Control Center. The commander reported his position and speed relative to the ISS a few minutes before docking. The conversation starts at about 1:12 in the video below.

We think it’s just cool that you can listen in on the conversations going on upstairs with a total of less than $50 worth of gear. Actually talking to the hams aboard the ISS is another matter, but not a lot more involved really.

Continue reading “Eavesdropping On Cosmonauts With An SDR”

This SDR Uses A Tube

When you think of a software defined radio (SDR) setup, maybe you imagine an IC or two, maybe feeding a computer. You probably don’t think of a vacuum tube. [Mirko Pavleski] built a one-tube shortwave SDR using some instructions from [Burkhard Kainka] which are in German, but Google Translate is good enough if you want to duplicate his feat. You can see a video of [Mirko’s] creation, below.

The build was an experiment to see if a tube receiver could be stable enough to receive digital shortwave radio broadcasts. To avoid AC line hum, the radio is battery operated and while the original uses an EL95 tube, [Mirko] used an EF80.

Continue reading “This SDR Uses A Tube”

Lime SDR (and Pluto, Too) Sends TV

If you have experienced software defined radio (SDR) using the ubiquitous RTL SDR dongles, you are missing out on half of it. While those SDRs are inexpensive, they only receive. The next step is to transmit. [Corrosive] shows how he uses DATV Express along with a Lime SDR or a Pluto (the evaluation device from Analog Devices) to transmit video. He shows how to set it all up in the context of ham radio. An earlier video shows how to receive the signal using an SDR and some Windows software. The receiver will work with an RTL SDR or a HackRF board, too. You can see both videos, below.

The DATV Express software has plenty of options and since SDR if frequency agile, you ought to be able to use this on any frequency (within the SDR range) that you are allowed to use. At the end, he mentions that to really put these on the air you will want a filter and amplifier since the output is a bit raw and low powered.

Continue reading “Lime SDR (and Pluto, Too) Sends TV”

Peering Into a Running Brain: SDRAM Refresh Analyzed from Userspace

Over on the Cloudflare blog, [Marek] found himself wondering about computer memory, as we all sometimes do. Specifically, he pondered if he could detect the refresh of his SDRAM from within a running program. We’re probably not ruining the surprise by telling you that the answer is yes — with a little more than 100 lines of C and help from our old friend the Fast Fourier Transform (FFT), [Marek] was able to detect SDRAM refresh cycles every 7818.6 ns, lining right up with the expected result.

The “D” in SDRAM stands for dynamic, meaning that unless periodically refreshed by reading and writing, data in the memory will decay. In this kind of memory, each bit is stored as a charge on a tiny capacitor. Given enough time (which varies with ambient temperature), this charge can leak away to neighboring silicon, turning all the 1s to 0s, and destroying the data. To combat this process, the memory controller periodically issues a refresh command which reads the data before it decays, then writes the data back to fully charge the capacitors again. Done often enough, this will preserve the memory contents indefinitely. SDRAM is relatively inexpensive and available in large capacity compared to the alternatives, but the drawback is that the CPU can’t access the portion of memory being refreshed, so execution gets delayed a little whenever a memory access and refresh cycle collide.

Chasing the Correct Hiccup

[Marek] figured that he could detect this “hiccup,” as he calls it, by running some memory accesses and recording the current time in a tight loop. Of course, the cache on modern CPUs would mean that for a small amount of data, the SDRAM would never be accessed, so he flushes the cache each time. The source code, which is available on GitHub, outputs the time taken by each iteration of the inner loop. In his case, the loop typically takes around 140 ns.

Hurray! The first frequency spike is indeed what we were looking for, and indeed does correlate with the refresh times.

The other spikes at 256kHz, 384kHz, 512kHz and so on, are multiplies of our base frequency of 128kHz called harmonics. These are a side effect of performing FFT on something like a square wave and totally expected.

As [Marek] notes, the raw data doesn’t reveal too much. After all, there are a lot of things that can cause little delays in a modern multitasking operating system, resulting in very noisy data. Even thresholding and resampling the data doesn’t bring refresh hiccups to the fore. To detect the SDRAM refresh cycles, he turned to the FFT, an efficient algorithm for computing the discrete Fourier transform, which excels at revealing periodicity. A few lines of python produced the desired result: a plot of the frequency spectrum of the lengthened loop iterations. Zooming in, he found the first frequency spike at 127.9 kHz, corresponding to the SDRAMs refresh period of 7.81 us, along with a number of other spikes representing harmonics of this fundamental frequency. To facilitate others’ experiments, [Marek] has created a command line version of the tool you can run on your own machine.

If this technique seems familiar, it may be because it’s similar the the Rowhammer attack we covered back in 2015, which can actually change data in SDRAM on vulnerable machines by rapidly accessing adjacent rows. As [Marek] points out, the fact that you can make these kinds of measurements from a userspace program can have profound security implications, as we saw with the meltdown and spectre attacks. We have to wonder what other vulnerabilities are lying inside our machines waiting to be discovered.

Thanks to [anfractuosity] for the tip!

Lessons Learned From A 1-Day RTL-SDR Enclosure Project

[ByTechLab] needed an enclosure for his R820T2 based RTL-SDR, which sports an SMA connector. Resolving to design and 3D print one in less than a day, he learned a few things about practical design for 3D printing and shared them online along with his CAD files.

The RTL-SDR is a family of economical software defined radio receivers, and [ByTechLab]’s’ enclosure (CAD files available on GrabCAD and STL on Thingiverse) is specific to his model. However, the lessons he learned are applicable to enclosure design in general, and a few of them specifically apply to 3D printing.

He started by making a basic model of the PCB and being sure to include all large components. With that, he could model the right voids inside the enclosure to ensure a minimum of wasted space. The PCB lacks any sort of mounting holes, so the model was also useful to choose where to place some tabs to hold the PCB in place. That took care of the enclosure design, but it also pays to be mindful of the manufacturing method so as to play to its strengths. For FDM 3D printing, that means most curved shapes and rounded edges are trivial. It also means that the biggest favor you can do yourself is to design parts so that they can be printed in a stable orientation without any supports.

This may be nothing that an experienced 3D printer and modeler doesn’t already know, but everyone is a novice at some point and learning from others’ experiences can be a real timesaver. For the more experienced, we covered a somewhat more in-depth guide to practical 3D printed enclosure design.

[ByTechLab]’s desire for a custom enclosure was partly because RTL-SDR devices come in many shapes and sizes, as you can see in this review of 19 different units (of which only 14 actually worked.)

Your USB Serial Adapter Just Became a SDR

To say that the RTL-SDR project was revolutionary might be something of an understatement. Taking a cheap little USB gadget and using it as a Software Defined Radio (SDR) to explore the radio spectrum from the tens of megahertz all the way into gigahertz frequencies with the addition of nothing more than some open source tools may go down as one of the greatest hacks of the decade. But even in the era of RTL-SDR, what [Ted Yapo] has manged to pull off is still pretty incredible.

With a Python script, a length of wire attached to the TX pin, and a mastery of the electron that we mere mortals can only hope to achieve, [Ted] has demonstrated using a common USB to serial adapter as an SDR transmitter. That’s right, using the cheap little UART adapter you’ve almost certainly got sitting in your parts bin right now and his software, you can transmit in the low megahertz frequencies and even up into VHF with some trickery. The project is still very much experimental, and though this may be the first time, we’re willing to bet this isn’t the last time you’ll be hearing about it.

The basic idea is that when sending certain characters over the UART serial line, they can combine with the start and stop bits to produce a square wave burst at half the baud rate. [Ted] found that sending a string of 0x55 at 19200 baud would generate a continuous square wave at 9600 Hz, and if he turned the baud rate all the way up to 2,000,000 where these USB adapters top out, that signal was transmitted at 1 MHz, right in the middle of the AM dial.

A neat trick to be sure, but alone not terribly useful. The next step was to modulate that signal by sending different characters over UART. [Ted] explains at great length his experiments with multi-level quantization and delta-sigma schemes, and each step of the way shows the improvement of the transmitted audio signal. Ultimately he comes up with a modulation scheme that produces a impressively clean signal, all things considered.

This alone is impressive, but [Ted] isn’t done yet. He realized that this method of transmission was generating some strong frequency harmonics which extended far beyond the theoretical maximum 1 MHz frequency of his UART SDR. In his experimentation he found he was able to pick up a signal from all the way out to 151 MHz, though it was too poor to be of any practical use. Dialing back the expectations a bit, he was able to successfully control a cheap 27 MHz RC toy using the 43rd harmonic of a 631 kHz signal at a range of about 10 feet with a FT232RL adapter, which he notes produces the cleanest signals in his testing.

[Ted] is still working on making transmissions cleaner and stronger by adding filters and amplifiers, but these early accomplishments are already very promising. His work reminds us of a low frequency version of the USB to VGA adapter turned GHz SDR transmitter, and we’re very eager to see where it goes from here.

Continue reading “Your USB Serial Adapter Just Became a SDR”

SDR Is At the Heart of This Soup-Can Doppler Radar Set

Want to explore the world of radar but feel daunted by the mysteries of radio frequency electronics? Be daunted no more and abstract the RF complexities away with this tutorial on software-defined radar.

Taking inspiration from our own [Gregory L. Charvat], whose many radar projects have graced our pages before, [Luigi Freitas]’ plunge into radar is spare on the budgetary side but rich in learning opportunities. The front end of the radar set is almost entirely contained in a LimeSDR Mini, a software-defined radio that can both transmit and receive. The only additional components are a pair of soup can antennas and a cheap LNA for the receive side. The rest of the system runs on GNU Radio Companion running on a Raspberry Pi; the whole thing is powered by a USB battery pack and lives in a plastic tote. [Luigi] has the radar set up for the 2.4-GHz ISM band, and the video below shows it being calibrated with vehicles passing by at known speeds.

True, the LimeSDR isn’t exactly cheap, but it does a lot for the price and lowers a major barrier to getting into the radar field. And [Luigi] did a great job of documenting his work and making his code available, which will help too. Continue reading “SDR Is At the Heart of This Soup-Can Doppler Radar Set”