Improving A Software Defined Radio With A Few Bits Of Wire

May 14, 2012 by 23 Comments

Impressed by the recent advances in the software defined radio scene, [Jason] picked up a $20 USB TV tuner dongle to check out his local airwaves. Unfortunately, the antenna included with the little USB dongle is terrible at receiving any signal other than broadcast TV. [Jason] wanted to improve his reception, so he got some wire and made his own discone antenna.

The discone antenna is ideally suited for [Jason]’s setup – properly constructed, it’s able to receive over the entire 64 to 1700 MHz band the RTL-SDR dongle is able to read. To construct his antenna, [Jason] checked out [VE3SQB]’s list of antenna design programs, got the dimensions of his antenna, and set to work attaching wire to PVC pipe.

The antenna is a massive improvement over the stock antenna included with the TV tuner dongle. After mounting his discone at the far end of his back yard, [Jason] started picking up a few blips from the transponders of passing aircraft.

Putting A Software Defined Radio On A Mac

May 12, 2012 by 12 Comments

A few months ago [Antti Palosaari] discovered cheap USB TV tuners could be used as a software-defined radio. Since then, we’ve seen these TV tuners receive signals from GPS satellites and even the signals between air traffic control and passenger aircraft. Like everything cool, Mac support for these drivers is slightly terrible so [hpux735] wrote his own Cocoa app to support these amazing dongles.

[hpux735]’s driver is a port of the osmocom driver, repackaged as a native Cocoa app so the terribly fickle libusb and other dependencies aren’t needed. All the code is up on GitHub, ready for you to start playing around with SDR.

As far as tutorials for those wading into the deep waters of software-defined radio, a number of how-to guides have popped up over the last month to get SDR noobs up and running quickly. Here’s a few of the best ones we’ve seen:

[braingram] put up an Instructable for Ubuntu users.

For people who have a Windows box lying around [balint] put up a getting started guide.

There’s a slightly more thorough Windows guide here.

Most of the development in the TV tuner SDR community is happening on the RTLSDR subreddit, and there’s more than enough info there to do just about anything with these TV tuner dongles. If you come up with a novel use for one of these dongles, send it in on the tip line.

Playing Air Traffic Controller With Software Defined Radio

April 16, 2012 by 20 Comments

Being an air traffic controller is a very cool career path – you get to see planes flying around on computer screens and orchestrate their flight paths like a modern-day magician. [Balint] sent in a DIY aviation mapper so anyone can see the flight paths of all the planes in the air, with the added bonus of not increasing your risk of heart attack or stroke.

[Balint]’s Aviation Mapper uses software defined radio to overlay RADAR and ACARS messages from aircraft and control towers in an instance of Google Earth running in a web browser. After grabbing all the radio data from a software defined radio, [Balint]’s server parses everything and chucks it into the Google Earth framework. There’s a ton of info, pictures, and explanations of the inner machinations of the hardware on [Balint]’s official project page.

Right now, Aviation Mapper only displays planes within 500 km of Sydney airspace, but [Balint] is working on expanding the coverage with the help of other plane spotters. If you’re willing to help [Balint] expand his coverage, be sure to drop him a line.

Of course, [Balint] is the guy who gave us a software radio source block for those cheap USB TV tuner dongles. Just a few days ago we saw these dongles receiving GPS data, so we’re very impressed with what these little boxes can do in the right hands. [Balint] says his Aviation Mapper application will work with any GNU Radio receiver, so it’s entirely possible to copy his work with a handful of TV tuner dongles.

After the break, there’s two videos of [Balint] sitting at the end of the runway near the Sydney airport watching arrivials come in right above his head and on his laptop. It’s very cool, but we’d be interested in an enterprising hacker in the New York City area copy [Balint]’s work.

Continue reading “Playing Air Traffic Controller With Software Defined Radio”

Software Defined Radio From A USB TV Capture Card

March 20, 2012 by 48 Comments

With a simple digital TV USB capture card, you can build your own software defined radio or spectrum analyzer. While it may not be as cool as [Jeri Ellsworth]’s SDR, it’s still very useful and only requires $20 in hardware.

The only piece of hardware required for this build is a USB FM/DTV capture device with the Realtek RTL2832U chipset. So far, two USB sticks have been tested and the unit with the largest frequency range (64 – 1700 MHz) is available direct from China for $20.

Turning these cheap capture cards into software defined radios and spectrum analyzers was discovered by [Antti Palosaari] after sniffing the device. These cards demodulate the frequency and send all the data to the computer and is decoded via software. If you have one of these capture cards lying around, you can grab the software and load it up on your *nix box. Right now, the software only writes directly to a file, and may drop a few samples if writing to a hard disk instead of ram. Small problems, but we’re sure this project will pick up steam in the very near future.

via reddit

Sniffing 5G With Software-Defined Radio

August 18, 2025 by 3 Comments

The fifth generation mobile communications protocol (5G) is perhaps the most complicated wireless protocol ever made. Featuring wildly fast download speeds, beam forming base stations, and of course non-standard additions, it’s rather daunting prospect to analyze for the home hacker and researcher alike. But this didn’t stop the ASSET Research Group from developing a 5G sniffer and downlink injector.

The crux of the project is focused around real-time sniffing using one of two Universal Software Radio Peripheral (USRP) software-defined radios (SDRs), and a substantial quantity of compute power. This sniffed data can even be piped into Wireshark for filtering. The frequency is hard-coded into the sniffer for improved performance with the n78 and n41 bands having been tested as of writing. While we expect most of you don’t have the supported USRP hardware, they provided a sample capture file for anyone to analyze.

The other main feature of the project is an exploitation framework with numerous attack vectors developed by ASSET and others. By turning an SDR into a malicious 5G base station, numerous vulnerabilities and “features” can be exploited to with results ranging from downgrading the connection to 4G, fingerprinting and much more. It even includes an attack method we preciously covered called 5Ghull which can cause device failure requiring removal of the SIM Card. These vulnerabilities offer a unique look inside the inner workings of 5G.

If you too are interested in 5G sniffing but don’t have access to the hardware needed, check out this hack turning a Qualcomm phone into a 5G sniffer!

Real-Time Beamforming With Software-Defined Radio

August 5, 2025 by 13 Comments

It is perhaps humanity’s most defining trait that we are always striving to build things better, stronger, faster, or bigger than that which came before. Taller skyscrapers, longer bridges, and computers with more processors, all advance thanks to this relentless persistence.

In the world of radio, we might assume that a better signal simply means adding more power, but performance can also improve by adding more antennas. Not only do more antennas increase gain but they can also be electronically steered, and [MAKA] demonstrates how to do this with a software-defined radio (SDR) phased array.

The project comes to us in two parts. In the first part, two ADALM-Pluto SDR modules are used, with one set to transmit and the other to receive. The transmitting SDR has two channels, one of which has the phase angle of the transmitted radio wave fixed while the other is swept from -180° to 180°. These two waves will interfere with each other at various points along this sweep, with one providing much higher gain to the receiver. This information is all provided to the user via a GUI.

The second part works a bit like the first, but in reverse. By using the two antennas as receivers instead of transmitters, the phased array can calculate the precise angle of arrival of a particular radio wave, allowing the user to pinpoint the direction it is being transmitted from. These principles form the basis of things like phased array radar, and if you’d like more visual representations of how these systems work take a look at this post from a few years ago.

Continue reading “Real-Time Beamforming With Software-Defined Radio”

Skip The Radio With This Software-Defined Ultrasound Data Link

January 13, 2024 by 21 Comments

We know what you’re thinking: with so many wireless modules available for just pennies, trying to create a physical data link using ultrasonic transducers like [Damian Bonicatto] did for a short-range, low-bitrate remote monitoring setup seems like a waste of time. And granted, there are a ton of simple RF protocols you can just throw at a job like this. Something like this could be done and dusted for a couple of bucks, right?

Luckily, [Damian] wanted something a little different for his wireless link to a small off-grid solar array, which is why he started playing with ultrasound in an SDR framework. The design for his “Software-Defined Ultrasonics” system, detailed in Part 1, has a pair of links, each with two ultrasonic transducers, one for receiving and one for transmitting. Both connect to audio amplifiers with bandpass filters; the received signal is digitized by the ADC built into an Arduino Nano, while the transmitted signal is converted to analog by an outboard DAC.

The transducers are affixed to 3D printed parabolic reflectors, which are aimed at each other over a path length of about 150′ (46 m). Part 2 of the series details the firmware needed to make all this work. A lot of the firmware design is dictated by the constraints introduced by using Arduinos and the 40-kHz ultrasonic carrier, meaning that the link can only do about 250 baud. That may sound slow, but it’s more than enough for [Damian]’s application.

Perhaps most importantly, this is one of those times where going slower helps you to go faster; pretty much everything about the firmware on this system applies to SDRs, so if you can grok one, the other should be a breeze. But if you still need a little help minding your Is and Qs, check out [Jenny]’s SDR primer.