Remote ADS-B Install Listens In On All The Aircraft Transmissions With RTL-SDR Trio, Phones Home On Cellular

When installing almost any kind of radio gear, the three factors that matter most are the same as in real estate: location, location, location. An unobstructed location at the highest possible elevation gives the antenna the furthest radio horizon as well as the biggest bang for the installation buck. But remote installations create problems, too, particularly with maintenance, which can be a chore.

So when [tsimota] got a chance to relocate one of his Automatic Dependent Surveillance-Broadcast (ADS-B) receivers to a remote site, he made sure the remote gear was as bulletproof as possible. In a detailed write up with a ton of pictures, [tsimota] shows the impressive amount of effort he put into the build.

The system has a Raspberry Pi 3 with solid-state drive running the ADS-B software, a powered USB hub for three separate RTL-SDR dongles for various aircraft monitoring channels, a remote FlightAware dongle to monitor ADS-B, and both internal and external temperature sensors. Everything is snuggled into a weatherproof case that has filtered ventilation fans to keep things cool, and even sports a magnetic reed tamper switch to let him know if the box is opened. An LTE modem pipes the data back to the Inter, a GSM-controlled outlet allows remote reboots, and a UPS keeps the whole thing running if the power blips atop the 15-m building the system now lives on.

Nobody appreciates a quality remote installation as much as we do, and this is a great example of doing it right. Our only quibble would be the use of a breadboard for the sensors, but in a low-vibration location, it should work fine. If you’ve got the itch to build an ADS-B ground station but don’t want to jump in with both feet quite yet, this beginner’s guide from a few years back is a great place to start.

The Death Of A Weather Satellite As Seen By SDR

What is this world coming to when a weather satellite that was designed for a two-year mission starts to fail 21 years after launch? I mean, really — where’s the pride these days?

All kidding aside, it seems like NOAA-15, a satellite launched in 1998 to monitor surface temperatures and other meteorologic and climatologic parameters, has recently started showing its age. This is the way of things, and generally the decommissioning of a satellite is of little note to the general public, except possibly when it deorbits in a spectacular but brief display across the sky.

But NOAA-15 and her sister satellites have a keen following among a community of enthusiasts who spend their time teasing signals from them as they whiz overhead, using homemade antennas and cheap SDR receivers. It was these hobbyists who were among the first to notice NOAA-15’s woes, and over the past weeks they’ve been busy alternately lamenting and celebrating as the satellite’s signals come and go. Their on-again, off-again romance with the satellite is worth a look, as is the what exactly is going wrong with this bird in the first place.

Continue reading “The Death Of A Weather Satellite As Seen By SDR”

Hackaday Podcast 030: Seven Years Of RTL-SDR, 3D Printing Optimized For The Eye, Sega Audiophile, Swimming In Brighteners

Hackaday Editors Mike Szczys and Elliot Williams curate the awesome hacks from the past week. On this episode, we marvel about the legacy RTL-SDR has had on the software-defined radio scene, turn a critical ear to 16-bit console audio hardware, watch generative algorithms make 3D prints beautiful, and discover why printer paper is so very, very bright white.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Direct download (58 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 030: Seven Years Of RTL-SDR, 3D Printing Optimized For The Eye, Sega Audiophile, Swimming In Brighteners”

RTL-SDR: Seven Years Later

Before swearing my fealty to the Jolly Wrencher, I wrote for several other sites, creating more or less the same sort of content I do now. In fact, the topical overlap was enough that occasionally those articles would get picked up here on Hackaday. One of those articles, which graced the pages of this site a little more than seven years ago, was Getting Started with RTL-SDR. The original linked article has long since disappeared, and the site it was hosted on is now apparently dedicated to Nintendo games, but you can probably get the gist of what it was about from the title alone.

An “Old School” RTL-SDR Receiver

When I wrote that article in 2012, the RTL-SDR project and its community were still in their infancy. It took some real digging to find out which TV tuners based on the Realtek RTL2832U were supported, what adapters you needed to connect more capable antennas, and how to compile all the software necessary to get them listening outside of their advertised frequency range. It wasn’t exactly the most user-friendly experience, and when it was all said and done, you were left largely to your own devices. If you didn’t know how to create your own receivers in GNU Radio, there wasn’t a whole lot you could do other than eavesdrop on hams or tune into local FM broadcasts.

Nearly a decade later, things have changed dramatically. The RTL-SDR hardware and software has itself improved enormously, but perhaps more importantly, the success of the project has kicked off something of a revolution in the software defined radio (SDR) world. Prior to 2012, SDRs were certainly not unobtainable, but they were considerably more expensive. Back then, the most comparable device on the market would have been the FUNcube dongle, a nearly $200 USD receiver that was actually designed for receiving data from CubeSats. Anything cheaper than that was likely to be a kit, and often operated within a narrower range of frequencies.

Today, we would argue that an RTL-SDR receiver is a must-have tool. For the cost of a cheap set of screwdrivers, you can gain access to a world that not so long ago would have been all but hidden to the amateur hacker. Let’s take a closer look at a few obvious ways that everyone’s favorite low-cost SDR has helped free the RF hacking genie from its bottle in the last few years.

Continue reading “RTL-SDR: Seven Years Later”

A Briefcase Pentesting Rig For The Discerning Hacker

In the movies, the most-high tech stuff is always built into a briefcase. It doesn’t whether whether it’s some spy gear or the command and control system for a orbiting weapons platform; when an ordinary-looking briefcase is opened up and there’s an LCD display in the top half, you know things are about to get interesting. So is it any surprise that hackers in the real-world would emulate the classic trope?

As an example, take a look at the NightPi by [Sekhan]. This all-in-one mobile penetration testing rig has everything you need to peek and poke where you aren’t supposed to, all while maintaining the outward appearance of an regular briefcase. Well, admittedly a rather utilitarian aluminum briefcase…with antennas sticking out. OK, so it might not be up to 007’s fashion standards, but it’s still pretty good.

[Sekhan] has crammed a lot of gear into the NightPi beyond the eponymous Raspberry Pi 3B+. There’s an RFID reader, an RTL-SDR dongle, an external HDD, plus the 12V battery and 5V converter to power everything. All told, it cost about $500 USD to build, though that figure is going to vary considerably depending on what your parts bins look like.

To keep things cool, [Sekhan] has smartly added some vent holes along the side of the briefcase, and a couple of fans to get the air circulating. With these cooling considerations, we imagine you should be able to run the NightPi with the lid closed without any issue. That could let you hide it under a table while you interact with its suite of tools from your phone, making the whole thing much less conspicuous. The NightPi is running Kali Linux with a smattering of additional cools to do everything from gathering data from social media to trying to capture keystrokes from mechanical keyboards with the microphone; so there’s no shortage of things to play with.

If you like the idea of carrying around a Pi-powered security Swiss Army knife but aren’t too concerned with how suspicious you look, then the very impressive SIGINT tablet we covered recently might be more your speed. Not that we think you’d have any better chance making it through the TSA unscathed with this whirring briefcase full of wires, of course.

Mobile SIGINT Hacking On A Civilian’s Budget

Signals Intelligence (SIGINT) refers to performing electronic reconnaissance by eavesdropping on communications, and used to be the kind of thing that was only within the purview of the military or various three letter government agencies. But today, for better or for worse, the individual hacker is able to pull an incredible amount of information out of thin air with low-cost hardware and open source software. Now, thanks to [Josh Conway], all that capability can be harnessed with a slick all-in-one device: the RadioInstigator.

In his talk at the recent 2019 CircleCityCon, [Josh] (who also goes by the handle [CrankyLinuxUser]) presented the RadioInstigator as an affordable way to get into the world of wireless security research beyond the traditional WiFi and Bluetooth. None of the hardware inside the device is new exactly, it’s all stuff the hacking community has had access to for a while now, but this project brings them all together under one 3D printed “roof” as it were. The end result is a surprisingly practical looking device that can be used on the go to explore huge swaths of the RF spectrum at a cost of only around $150 USD.

So what has [Josh] packed into this wireless toybox? It will probably come as little surprise to find out that the star of the show is a Raspberry Pi 3 B+, combined with a touch screen display and portable keyboard so the user can interface with the various security tools installed.

To help the RadioInstigator surf the airwaves there’s an RTL-SDR and a 2.4 Ghz nRF24LU1+ “Crazyradio”, both broken out to external antenna connectors on the outside of the device. There’s even an external SMA connector hooked up to the Pi’s GPIO pin, which can be used for low-power transmissions from 5 KHz up to 1500 MHz with rpitx. Everything is powered by a beefy 10,000 mAh battery pack which should give you plenty of loiter time to perform your investigations.

[Josh] has also written several Bash scripts which will get a trove of radio hacking tools installed on the Pi automatically, either by pulling them in through the official repositories or downloading the source and compiling them. Getting the software environment into a known-good state can be a huge time sink, so even if you don’t build your own version of the RadioInstigator, his scripts are still worth checking out.

You can do some pretty incredible things with nothing more than a Pi and an RTL-SDR, but we can’t help but notice there’s still plenty of room inside the RadioInstigator for more gear. It could be the perfect home for a Mult-RTL setup, or maybe even a VGA adapter for spoofing cell networks.

Continue reading “Mobile SIGINT Hacking On A Civilian’s Budget”

A DIY EMC Probe From Semi-Rigid Coax And An SDR

Do you have an EMC probe in your toolkit? Probably not, unless you’re in the business of electromagnetic compatibility testing or getting a product ready for the regulatory compliance process. Usually such probes are used in anechoic chambers and connected to sophisticated gear like spectrum analyzers – expensive stuff. But there are ways to probe the electromagnetic mysteries of your projects on the cheap, as this DIY EMC testing setup proves.

As with many projects, [dimtass]’ build was inspired by a video over on EEVblog, where [Dave] made a simple EMC probe from a length of semi-rigid coax cable. At $10, it’s a cheap solution, but lacking a spectrum analyzer like the one that [Dave] plugged his cheap probe into, [dimtass] went a different way. With the homemade probe plugged into an RTL-SDR dongle and SDR# running on a PC, [dimtass] was able to get a decent approximation of a spectrum analyzer, at least when tested against a 10-MHz oven-controlled crystal oscillator. It’s not the same thing as a dedicated spectrum analyzer – limited bandwidth, higher noise, and not calibrated – but it works well enough, and as [dimtass] points out, infinitely hackable through the SDR# API. The probe even works decently when plugged right into a DSO with the FFT function running.

Again, neither of these setups is a substitute for proper EMC testing, but it’ll probably do for the home gamer. If you want to check out the lengths the pros go through to make sure their products don’t spew signals, check out [Jenny]’s overview of the EMC testing process.