RTL-SDR

136 Articles

Cloverleaf Satellite Antenna Mounted on a Pole

Tracking CubeSats For $25

June 1, 2018 by 11 Comments

CubeSats are tiny satellites which tag along as secondary payloads during launches. They have to weigh in at under 1.33 kg, and are often built at low cost. There’s even open source designs for these little spacecrafts. Over 800 CubeSats have been launched over the last few years, with many more launches scheduled in the near future.

[Thomas Cholakov] coupled a homemade cloverleaf antenna to a software-defined radio to track some of these satellites. The antenna is built out of copper-clad wire cut to the correct length to receive 437 MHz signals. Four loops are connected together and terminated to an RF connector.

This homebrew antenna is connected into a RTL-SDR dongle. The dongle picks up the beacon signals sent by the satellites and provides the data to a PC. Due to the motion of the satellites, their beacons can be easily identified by the Doppler shift of the frequency.

[Thomas] uses SDR Console to receive data from the satellites. While the demo only shows basic receiving, much more information on decoding these satellites can be found on the SDR Satellites website.

This looks like a fun weekend project, and probably the cheapest aerospace related project possible. After the break, watch the full video explaining how to build and set up the antenna and dongle.

Continue reading “Tracking CubeSats For $25”

Cheap Stuff To Hack: A Router With An SDR For $13

May 30, 2018 by 41 Comments

The history of consumer electronics is littered with devices that are relatively uninteresting at first, but become spectacular platforms for hardware exploitation once a few select people figure out how everything ticks. The Linksys WRT54G was just a router until someone figured out how to put a complete Linux system on them. Those RTL-SDR dongles were just for capturing over the air TV until someone realized they were actually a software-defined radio. The CueCat was just dot-com boom marketing garbage until… well, we picked up a lot of CueCats regardless.

Now there’s a new device sitting on the shelves at Walmart just waiting for some Linux hackers to have a go. It’s the Tzumi MagicTV, a device that allows you to watch over-the-air television on your phone. What’s inside? It’s a WiFi router, an RTL-SDR, and a battery pack in one tiny package. The best part? It costs $13, and apparently Walmart is just blowing them out.

Right now, there aren’t too many details on what’s going on inside the Tzumi MagicTV box, however, the discussion over on the RTLSDR subreddit has revealed enough to give us a good idea of what’s going on. The router inside the MagicTV is a TP-Link TL-WR703N, the exact same WiFi router that took the WRT54G’s place as the king of hackable routers a few years ago. The SDR chip is the same as the Astrometa DVB-T2, one of the common TV tuners on-a-stick. Other than that, there are TX and RX pins on the board, SSH is open, no one knows the password, but as of this writing, a few people are putting John the Ripper to work trying to break into this box.

What is the end goal of cracking this Linux box wide open? Well, it’s a WiFi router and an SDR, so if you want to make your own Flightaware ADS-B logger, that could be on the table. Of course, you could actually use it for its intended purpose and pull down over-the-air TV to your local network, but that seems so pedestrian after getting root on a $13 box from Walmart.

Thanks [Adam] for the tip!

Spoofing Cell Networks With A USB To VGA Adapter

April 23, 2018 by 85 Comments

RTL-SDR brought cheap and ubiquitous Software Defined Radio (SDR) to the masses, opening up whole swaths of the RF spectrum which were simply unavailable to the average hacker previously. Because the RTL-SDR supported devices were designed as TV tuners, they had no capability to transmit. For the price they are still an absolutely fantastic deal, and deserve to be in any modern hacker’s toolkit, but sometimes you want to reach out and touch someone.

GSM network broadcast from a VGA adapter

Now you can. At OsmoDevCon [Steve Markgraf] released osmo-fl2k, a tool which allows transmit-only SDR through cheap USB 3.0 to VGA adapters based on the Fresco Logic FL2000 chip. Available through the usual overseas suppliers for as little has $5 USD, these devices can be used unmodified to transmit low-power FM, DAB, DVB-T, GSM, UMTS and GPS signals.

In a demonstration on the project page, one of these USB VGA adapters is used to broadcast a GSM cellular network which is picked up by the adjacent cell phones. Another example shows how it can be used to broadcast FM radio. A GitHub repository has been set up which includes more examples. The signals transmitted from the FL2000 chip are obviously quite weak, but the next step will logically be the hardware modifications necessary to boost transmission to more useful levels.

To say this is a big deal is something of an understatement. For a few bucks, you’ll be able to get a device to spoof cellular networks and GPS signals. This was possible before, of course, but took SDR hardware that was generally outside the budget of the casual experimenter. If you bought a HackRF or an Ettus Research rig, you were probably responsible enough not to get into trouble with it, but that’s not necessarily the case anymore. As exciting as this technology is, we would be wise to approach it with caution. In an increasingly automated world, GPS spoofing can have some pretty bad results.

Image Source: Brannon Dorsey

Art Eavesdrops On Life And Pagers

December 24, 2017 by 32 Comments

Before cell phones, pagers were the way to communicate on the go. At first, they were almost a status symbol. Eventually, they became the mark of someone who couldn’t or wouldn’t carry a cell phone. However, apparently, there are still some users that clutch their pagers with a death grip, including medical professionals. In an art project called HolyPager, [Brannon Dorsey] intercepted all the pager messages in a city and printed them on a few old-style roll printers. The results were a little surprising. You can check out the video below.

Almost all the pages were medical and many of them had sensitive information. From a technical standpoint, [Brannon’s] page doesn’t shed much light, but an article about the project says that it and other art projects that show the hidden world or radio waves are using our old friend the RTL-SDR dongle.

Pagers use a protocol — POCSAG — that predates our modern (and well-founded) obsession with privacy and security. That isn’t surprising although the idea that private medical data is flying through the air like this is. Decoding POCSAG isn’t hard. GNU Radio, for example, can easily handle the task.

We’ve looked at pager hacking in the past. You can even run your own pager network, but don’t blame us if you get fined.

Continue reading “Art Eavesdrops On Life And Pagers”

Tiny Transmitter Tracks Targets

December 23, 2017 by 16 Comments

It is a staple of spy movies. The hero — or sometimes the bad guy — sticks a device never any bigger than an Alka Seltzer to a vehicle or a person and then tracks it anywhere it goes in the world. Real world physics makes it hard to imagine a device like that for a lot of reasons. Tiny power supplies mean tiny lifetime and low power. Tiny antennas and low power probably add up to short range. However, [Tom’s] Hackaday.io project maybe as close as you can get to a James Bond-style tracker. You can see a video of the device, below.

The little transmitter is smaller than a thumbnail — not counting the antenna and the battery — and draws very little current (180 uA). As you might expect, the range is not great, but [Tom] says with a Yagi and an RTL-SDR he can track the transmitter on 915 MHz for about 400 meters.

Continue reading “Tiny Transmitter Tracks Targets”

Read Home Power Meters With RTL-SDR

December 21, 2017 by 62 Comments

[k-roy] hates electricity. Especially the kind that can be lethal if you’re not careful. Annoyed by the constant advertisements for the popular Sense Home Energy monitors (which must be installed in the main breaker box by an electrician), [k-roy] set out to find a cheaper and easier way. He wondered how the power company monitored his meter, and guessed correctly that it must be transmitting the information wirelessly. Maybe he could just listen in?

Using a cheap RTL-SDR, it didn’t take long for [k-roy] to tap into this transmission and stumbled across the power readings for his entire neighborhood using a simple command:

~/gocode/bin/rtlamr -msgtype=idm --format=json -msgtype=scm+

Ironically, the hardest part wasn’t snooping on everyone’s power and water usage patterns in the neighborhood, it was trying to figure out which meter was his. In the end, he was able to make some nice graphical layouts of the data with PHP.

We’ve seen some righteous power meter hacks in our time, but this one stands out for its simplicity and elegance. Be sure to check out [k-roy’s] blog for more details, and [rtlamr’s] github for the program used to read the meters.

Thanks to [Jasper J] for the tip!

Grabbing Weather And Traffic Overlays From IHeartRadio

December 20, 2017 by 17 Comments

When the older of us think of radio, we think of dialing in an FM or AM station.  Giant broadcast towers strewn throughout the countryside radiated electromagnetic waves modulated with music, talk and sports across our great land. Youngsters out there might be surprised that such primitive technology still exists. Though the static of an untuned AM receiver might be equivalent to the dial tone of a 56K modem, it’s still a major part of our society.

Like all technology, radio has transitioned to faster and better ways of sending information. Today we have digital radio stations – one of the most popular being iHeartRadio. And because it’s digital, it can also send along info other than audio, such as weather and traffic information.

The guys over at [KYDronePilot] have made use of this to display real-time weather and traffic maps with an SDR and a little Python. They’re new to Python, so be sure to check out their GitHub, grab a copy of the code, and let them know if you see room for improvement.

This hack is based on recent work decoding the digital data, which is worth checking out if you’re interested in SDR, DSP, or any other radio-related acronyms.