Classifying Crystals With An SDR Dongle

When it comes to radio frequency oscillators, crystal controlled is the way to go when you want frequency precision. But not every slab of quartz in a tiny silver case is created equal, so crystals need to be characterized before using them. That’s generally a job for an oscilloscope, but if you’re clever, an SDR dongle can make a dandy crystal checker too.

The back story on [OM0ET]’s little hack is interesting, and one we hope to follow up on. The Slovakian ham is building what looks to be a pretty sophisticated homebrew single-sideband transceiver for the HF bands. Needed for such a rig are good intermediate frequency (IF) filters, which require matched sets of crystals. He wanted a quick and easy way to go through his collection of crystals and get a precise reading of the resonant frequency, so he turned to his cheap little RTL-SDR dongle. Plugged into a PC with SDRSharp running, the dongle’s antenna input is connected to the output of a simple one-transistor crystal oscillator. No schematics are given, but a look at the layout in the video below suggests it’s just a Colpitts oscillator. With the crystal under test plugged in, the oscillator produces a huge spike on the SDRSharp spectrum analyzer display, and [OM0ET] can quickly determine the center frequency. We’d suggest an attenuator to change the clipped plateau into a sharper peak, but other than that it worked like a charm, and he even found a few dud crystals with it.

Fascinated by the electromechanics of quartz crystals? We are too, which is why [Jenny]’s crystal oscillator primer is a good first stop for the curious.

Continue reading “Classifying Crystals With An SDR Dongle”

Cat Compels Raspberry Pi Flight Tracker

[Simon Aubury] owns a cat. Or perhaps it is the other way around, we can never really tell. One morning around 6AM, the cat — we don’t know its name — heard a low-flying aircraft and to signal its displeasure at the event, decided to jump onto [Simon’s] face as he slept. Thanks to the well-known mind control abilities of cats, [Simon] decided he had to know what plane was causing this scenario to recur. So he did what any of us what do. He used a Raspberry Pi and a software defined radio dongle to decode the ADS-B signals coming from nearby aircraft.

Picking up the signals and capturing them is easy thanks to the wide availability of USB radios and a program called Dump1090. However, the data is somewhat jumbled and not in a cat-friendly format. [Simon] turned to Apache Kafka — a tool for building real-time data pipelines — to process the data.

Continue reading “Cat Compels Raspberry Pi Flight Tracker”

Tracking CubeSats for $25

CubeSats are tiny satellites which tag along as secondary payloads during launches. They have to weigh in at under 1.33 kg, and are often built at low cost. There’s even open source designs for these little spacecrafts. Over 800 CubeSats have been launched over the last few years, with many more launches scheduled in the near future.

[Thomas Cholakov] coupled a homemade cloverleaf antenna to a software-defined radio to track some of these satellites. The antenna is built out of copper-clad wire cut to the correct length to receive 437 MHz signals. Four loops are connected together and terminated to an RF connector.

This homebrew antenna is connected into a RTL-SDR dongle. The dongle picks up the beacon signals sent by the satellites and provides the data to a PC. Due to the motion of the satellites, their beacons can be easily identified by the Doppler shift of the frequency.

[Thomas] uses SDR Console to receive data from the satellites. While the demo only shows basic receiving, much more information on decoding these satellites can be found on the SDR Satellites website.

This looks like a fun weekend project, and probably the cheapest aerospace related project possible. After the break, watch the full video explaining how to build and set up the antenna and dongle.

Continue reading “Tracking CubeSats for $25”

Cheap Stuff To Hack: A Router With An SDR For $13

The history of consumer electronics is littered with devices that are relatively uninteresting at first, but become spectacular platforms for hardware exploitation once a few select people figure out how everything ticks. The Linksys WRT54G was just a router until someone figured out how to put a complete Linux system on them. Those RTL-SDR dongles were just for capturing over the air TV until someone realized they were actually a software-defined radio. The CueCat was just dot-com boom marketing garbage until… well, we picked up a lot of CueCats regardless.

Now there’s a new device sitting on the shelves at Walmart just waiting for some Linux hackers to have a go. It’s the Tzumi MagicTV, a device that allows you to watch over-the-air television on your phone. What’s inside? It’s a WiFi router, an RTL-SDR, and a battery pack in one tiny package. The best part? It costs $13, and apparently Walmart is just blowing them out.

Right now, there aren’t too many details on what’s going on inside the Tzumi MagicTV box, however, the discussion over on the RTLSDR subreddit has revealed enough to give us a good idea of what’s going on. The router inside the MagicTV is a TP-Link TL-WR703N, the exact same WiFi router that took the WRT54G’s place as the king of hackable routers a few years ago. The SDR chip is the same as the Astrometa DVB-T2, one of the common TV tuners on-a-stick. Other than that, there are TX and RX pins on the board, SSH is open, no one knows the password, but as of this writing, a few people are putting John the Ripper to work trying to break into this box.

What is the end goal of cracking this Linux box wide open? Well, it’s a WiFi router and an SDR, so if you want to make your own Flightaware ADS-B logger, that could be on the table. Of course, you could actually use it for its intended purpose and pull down over-the-air TV to your local network, but that seems so pedestrian after getting root on a $13 box from Walmart.

Thanks [Adam] for the tip!

Spoofing Cell Networks with a USB to VGA Adapter

RTL-SDR brought cheap and ubiquitous Software Defined Radio (SDR) to the masses, opening up whole swaths of the RF spectrum which were simply unavailable to the average hacker previously. Because the RTL-SDR supported devices were designed as TV tuners, they had no capability to transmit. For the price they are still an absolutely fantastic deal, and deserve to be in any modern hacker’s toolkit, but sometimes you want to reach out and touch someone.

GSM network broadcast from a VGA adapter

Now you can. At OsmoDevCon [Steve Markgraf] released osmo-fl2k, a tool which allows transmit-only SDR through cheap USB 3.0 to VGA adapters based on the Fresco Logic FL2000 chip. Available through the usual overseas suppliers for as little has $5 USD, these devices can be used unmodified to transmit low-power FM, DAB, DVB-T, GSM, UMTS and GPS signals.

In a demonstration on the project page, one of these USB VGA adapters is used to broadcast a GSM cellular network which is picked up by the adjacent cell phones. Another example shows how it can be used to broadcast FM radio. A GitHub repository has been set up which includes more examples. The signals transmitted from the FL2000 chip are obviously quite weak, but the next step will logically be the hardware modifications necessary to boost transmission to more useful levels.

To say this is a big deal is something of an understatement. For a few bucks, you’ll be able to get a device to spoof cellular networks and GPS signals. This was possible before, of course, but took SDR hardware that was generally outside the budget of the casual experimenter. If you bought a HackRF or an Ettus Research rig, you were probably responsible enough not to get into trouble with it, but that’s not necessarily the case anymore. As exciting as this technology is, we would be wise to approach it with caution. In an increasingly automated world, GPS spoofing can have some pretty bad results.

Art Eavesdrops on Life and Pagers

Before cell phones, pagers were the way to communicate on the go. At first, they were almost a status symbol. Eventually, they became the mark of someone who couldn’t or wouldn’t carry a cell phone. However, apparently, there are still some users that clutch their pagers with a death grip, including medical professionals. In an art project called HolyPager, [Brannon Dorsey] intercepted all the pager messages in a city and printed them on a few old-style roll printers. The results were a little surprising. You can check out the video below.

Almost all the pages were medical and many of them had sensitive information. From a technical standpoint, [Brannon’s] page doesn’t shed much light, but an article about the project says that it and other art projects that show the hidden world or radio waves are using our old friend the RTL-SDR dongle.

Pagers use a protocol — POCSAG — that predates our modern (and well-founded) obsession with privacy and security. That isn’t surprising although the idea that private medical data is flying through the air like this is. Decoding POCSAG isn’t hard. GNU Radio, for example, can easily handle the task.

We’ve looked at pager hacking in the past. You can even run your own pager network, but don’t blame us if you get fined.

Continue reading “Art Eavesdrops on Life and Pagers”

Tiny Transmitter Tracks Targets

It is a staple of spy movies. The hero — or sometimes the bad guy — sticks a device never any bigger than an Alka Seltzer to a vehicle or a person and then tracks it anywhere it goes in the world. Real world physics makes it hard to imagine a device like that for a lot of reasons. Tiny power supplies mean tiny lifetime and low power. Tiny antennas and low power probably add up to short range. However, [Tom’s] project maybe as close as you can get to a James Bond-style tracker. You can see a video of the device, below.

The little transmitter is smaller than a thumbnail — not counting the antenna and the battery — and draws very little current (180 uA). As you might expect, the range is not great, but [Tom] says with a Yagi and an RTL-SDR he can track the transmitter on 915 MHz for about 400 meters.

Continue reading “Tiny Transmitter Tracks Targets”