Direction Finding And Passive Radar With RTL-SDR

To say that the RTL-SDR project revolutionized hacker’s capabilities in the RF spectrum would be something of an understatement. It used to be that the bar, in terms of both knowledge and hardware, was so high that only those truly dedicated were able to explore the radio spectrum. But today anyone with $20 can pick up an RTL-SDR device, combine it with a wide array of open source software, and gain access to a previously invisible world.

That being said, RTL-SDR is usually considered an “Economy Ticket” to the world of RF. It gets your foot in the door, but experienced RF hackers are quick to point out you’ll need higher-end hardware if you want to start doing more complex experiments. But the KerberosSDR may soon change the perception of RTL-SDR derived hardware. Combining four R820T2 SDRs on a custom designed board, it allows for low-cost access to high concept technologies such as radio direction finding, passive radar, and beam forming. If you get bored with that, you can always just use it as you would four separate RTL-SDR dongles, perfect for applications that require monitoring multiple frequencies such as receiving trunked radio.

KerberosSDR (which was previously known as HydraSDR) is a collaborative effort between the Othernet engineering team and the folks over at RTL-SDR.com, who earlier in the year put out a call for an experienced developer to come onboard specifically for this project. Tamás Peto, a PhD student at Budapest University of Technology and Economics, answered the call and has put together a system which the team plans on releasing as open source so the whole community can benefit from it. In the videos after the break, you can see demonstrations of the direction finding and passive radar capabilities using an in-development version of KerberosSDR.

As for the hardware, it’s a combination of the RTL-SDR radios with an onboard GPIO-controlled wide band noise source for calibration, as well as an integrated USB hub so it only takes up one port. Everything is wrapped up in a shielded metal enclosure, and the team is currently experimenting with a header on the KerberosSDR PCB that would let you plug it directly into a Raspberry Pi or Tinkerboard.

The team hopes to start final hardware production within the next few months, and in the meantime has set up a mailing list so interested parties can stay in the loop and be informed when preorders start.

If you can’t wait until then, we’ve got a detailed write-up on DIY experiments with passive radar using RTL-SDR hardware, and you can always use your browser if you want to get your radio direction finding fix.

Continue reading “Direction Finding And Passive Radar With RTL-SDR”

Read Home Power Meters With RTL-SDR

[k-roy] hates electricity. Especially the kind that can be lethal if you’re not careful. Annoyed by the constant advertisements for the popular Sense Home Energy monitors (which must be installed in the main breaker box by an electrician), [k-roy] set out to find a cheaper and easier way. He wondered how the power company monitored his meter, and guessed correctly that it must be transmitting the information wirelessly. Maybe he could just listen in?

Using a cheap RTL-SDR, it didn’t take long for [k-roy] to tap into this transmission and stumbled across the power readings for his entire neighborhood using a simple command:

~/gocode/bin/rtlamr -msgtype=idm --format=json -msgtype=scm+

Ironically, the hardest part wasn’t snooping on everyone’s power and water usage patterns in the neighborhood, it was trying to figure out which meter was his. In the end, he was able to make some nice graphical layouts of the data with PHP.

We’ve seen some righteous power meter hacks in our time, but this one stands out for its simplicity and elegance. Be sure to check out [k-roy’s] blog for more details, and [rtlamr’s] github for the program used to read the meters.

Thanks to [Jasper J] for the tip!

Attack Some Wireless Devices With A Raspberry Pi And An RTL-SDR

If you own one of the ubiquitous RTL-SDR software defined radio receivers derived from a USB digital TV receiver, one of the first things you may have done with it was to snoop on wide frequency bands using the waterfall view present in most SDR software. Since the VHF and UHF bands the RTL covers are sometimes a little devoid of signals, chances are you homed in upon one of the ISM bands as used by plenty of inexpensive wireless devices for all sorts of mundane control tasks. Unless you reside in the depths of the wilderness, ISM band sniffing will show a continuous procession of chirps; short bursts of digital data. It is surprising, the number of radio-controlled devices you weren’t aware were in your surroundings.

Some of these devices, such as car security keys, are protected by rolling encryption schemes to deter would-be attackers. But many of the more harmless devices simply send a command in the open without the barest of encryption. The folks at RTL-SDR.com put up a guide to recording these open data bursts on a Raspberry Pi and playing them back by transmitting them from the Pi itself.

It’s not the most refined of attack because all it does is take the recorded file and retransmit it with the [F5OEO] RPiTX software. But they do demonstrate it in action with a wireless lightbulb, a door bell, a wireless relay, and a remote-controlled switched socket. Since the data in question is transmitted as OOK, or on-off keying, the RPiTX AM mode stands in for the transmitter.

You can see it in action in the video below the break. Now, have you investigated the ISM band chirps in your locality?

Continue reading “Attack Some Wireless Devices With A Raspberry Pi And An RTL-SDR”

19 RTL-SDR Dongles Reviewed

Blogger [radioforeveryone] set out to look at 19 different RTL-SDR dongles for use in receiving ADS-B (that’s the system where airplanes determine their position and broadcast it). Not all of the 19 worked, but you can read the detailed review of the 14 that did.

Granted, you might not want to pick up ADS-B, but the relative performance of these inexpensive devices is still interesting. The tests used Raspberry PI 3s and a consistent antenna and preamp system. Since ADS-B is frequently sent, the tests were at least 20 hours in length. The only caveat: the tests were only done two at a time, so it is not fair to directly compare total results across days.

Continue reading “19 RTL-SDR Dongles Reviewed”

One Transistor RTL-SDR Upconverter

Even if you haven’t used one, you’ve probably seen the numerous projects with the inexpensive RTL-SDR USB dongle. Originally designed for TV use, the dongle is a software defined radio that many have repurposed for a variety of radio hacking projects. However, there’s one small issue. By default, the device only works down to about 50 MHz or so. There are some hacks to change that, but the cleanest way to get operation is to add an upconverter to shift the frequency you want higher. Sounds complicated? [Qrp-Gaijin] shows how to do it with a single transistor. You can see some videos of the results, below.

Actually, [Qrp-Gaijin] built an earlier version but wasn’t satisfied with the performance. He found that his original oscillator was driving an overtone crystal at its fundamental frequency. The device worked, but only because the oscillator was putting out harmonics, including the third harmonic at the actual needed frequency (49.8 MHz).

Continue reading “One Transistor RTL-SDR Upconverter”

An Amateur Radio Repeater Using An RTL-SDR And A Raspberry Pi

An amateur radio repeater used to be a complex assemblage of equipment that would easily fill a 19″ rack. There would be a receiver and a separate transmitter, usually repurposed from commercial units, a home-made logic unit with a microprocessor to keep an eye on everything, and a hefty set of filters to stop the transmitter output swamping the receiver. Then there would have been an array of power supply units to provide continued working during power outages, probably with an associated bank of lead-acid cells.

More recent repeaters have been commercial repeater units. The big radio manufacturers have spotted a market in amateur radio, and particularly as they have each pursued their own digital standards there has been something of an effort to provide repeater equipment to drive sales of digital transceivers.

But what if you fancy setting up a simple repeater and you have neither a shed full of old radios or a hotline to the sales department of a large Japanese manufacturer? If you are [Anton Janovsky, ZR6AIC], you make your own low-powered repeater using an RTL-SDR, a low-pass filter, and a Raspberry Pi.

[Anton]’s repeater is a clever assemblage through pipes of rtl_sdr doing the receiving, csdr demodulating, and [F5OEO]’s rpitx doing the transmitting. As far as we can see it doesn’t have a toneburst detector or CTCSS to control its transmission so it is on air full-time, however we suspect that may be a feature that will be implemented in due course.

With only a 10 mW output this repeater is more of a toy than a useful device, and we’d suggest any licensed amateur wanting to have a go should read the small print in their licence schedule before doing so. But it’s a neat usage of a Pi and an RTL stick, and with luck it’ll inspire others in the same vein.

We’ve touched on the Pi as a transmitter before, from a straightforward broadcast FM unit to crossing continents with WSPR, and even transmitting digital TV in another [F5OEO] hack.

Improving The RTL-SDR

The RTL-SDR dongle is a real workhorse for radio hacking. However, the 28.8 MHz oscillator onboard isn’t as stable as you might wish. It is fine for a lot of applications and, considering the price, you shouldn’t complain. However, there are some cases where you need a more stable reference frequency.

[Craig] wanted a stable solution and immediately thought of a TCXO (Temperature Compensated “Xtal” Oscillator). The problem is, finding these at 28.8 MHz is difficult and, if you can find them, they are relatively expensive. He decided to make an alternate oscillator using an easier-to-find 19.2 MHz crystal.

Continue reading “Improving The RTL-SDR”