RTL-SDR

130 Articles

Art For Planespotters

December 31, 2015 by 6 Comments

We don’t know art, but we know what we like. And this gizmo by [Johan Kanflo] is right up our alley.

First, [Johan] gutted an old Macintosh Classic computer and stuffed a Raspberry Pi inside. Now this is not really a new idea, but [Johan] did a very nice job with the monitor and his attention to detail shows in the rebuilt floppy-drive eject mechanism. He gives it back that characteristic “schlurp” noise.

Then he outfitted the Raspberry Pi with an RTL dongle running dump1090 software to listen to the ADS-B radio signals. The data extracted from the SDR is piped off to an MQTT server with all sorts of data about the airplanes overhead. Another script subscribes to the MQTT topic and figures out which is the closest and runs an image search for the plane type in question, publishing the results back to another MQTT topic. One final script subscribes to this last topic and displays the relevant images on the screen. Pshwew!

The end result is a Macintosh Classic that’s continually updated with whatever planes are closest to being overhead. We’re not at all sure if this is fine art, or part of the useful arts, or maybe even none of the above. But we really like the nice case job and think that using MQTT as a back-end for coordinating multiple concurrent Python scripts (on the same computer) is pretty cool.

Improving WiFi Throughput With FM Radio

November 11, 2015 by 16 Comments

WiFi networking is one of those things that is reasonably simple to use, but has a lot of complex hidden features (dare we say, hacks) that make it work, or work better. For example, consider the Distributed Coordination Function (DCF) specified in the standard. Before a station can send, it has to listen for a certain time period. If the channel is clear, the station sends. If not, it has to delay a random amount of time before trying again. This is a form of Carrier Sense Multiple Access (CSMA) channel management.

Unfortunately, listening time is dead time when–at least potentially–there is no data transmitted on the network. DCF allows you to use various handshaking packets to do virtual carrier detection and ready/clear to send, but these are also less efficient use of bandwidth. There are other optional coordination functions available in the WiFi standard, but they all have their drawbacks.

[Aleksandar Kuzmanovic] at Northwestern University and two of his students have recently published a paper with a new way to coordinate multiple unrelated wireless networks using ubiquitous FM broadcast radio signals called WiFM. Instead of trying to synchronize to the WiFi data channel, this new scheme selects a strong FM radio station that broadcasts Radio Data Service (RDS) data (the data that populates the song titles and other information on modern radios).

Continue reading “Improving WiFi Throughput With FM Radio”

Etch-A-SDR

October 4, 2015 by 3 Comments

What do you get if you cross a software defined radio (SDR) and an iconic children’s drawing toy that we are sure is a trademarked name? If you are [devnulling], you wind up with the Etch-A-SDR. The box uses an Odroid C1, a Teensy, and the ubiquitous RTL-SDR.

The knobs work well as control knobs (as you can see in the video below). When you are bored listening to the radio, you can reset the box and go into Etch-a… um, drawing mode. The knobs work like you’d expect and you can even erase the screen with a vigorous shake.

Continue reading “Etch-A-SDR”

Reverse Engineering Traffic Lights With Software Defined Radio

September 20, 2015 by 32 Comments

Construction crews tearing up the street to lay new internet fiber optic cable created a unique opportunity for [Bastian Bloessl]. The workers brought two mobile traffic lights to help keep the road safe while they worked. [Bastian] had heard that these lights use the 2 meter band radios, so he grabbed his RTL-SDR USB stick and started hacking. Mobile traffic lights are becoming more common in Europe. They can be controlled by a clock, traffic volume via an on-board camera, wire or radio. They also transmit status data, which is what [Bastian] was hoping to receive.

A quick scan with GQRX revealed a strong signal on 170.760 MHz. Using baudline and audacity, [Bastian] was able to determine that Audio Frequency Shift Keying was used to modulate the data. He created a simple receiver chain in GNU radio, and was greeted with a solid data stream from the lights. By watching the lights and looking at the data frames, [Bastian] was able to determine which bits contained the current light status. A quickly knocked up web interface allowed him to display the traffic light status in real-time.

It’s a bit scary that the data was sent in plaintext, however this is just status data. We hope that any command data is sent encrypted through a more secure channel.

Continue reading “Reverse Engineering Traffic Lights With Software Defined Radio”

Reverse Engineering An Obsolete Security System

September 15, 2015 by 32 Comments

[Veghead] recently went to a surplus warehouse filled with VHS editing studios, IBM keyboards, electronic paraphernalia from 40 years ago, and a lot of useless crap. His haul included a wooden keypad from an old alarm system that exuded 1980s futurism, and he figured it would be cool to hook this up to an alarm system from 2015. How did he do that? With software defined radio.

After pulling apart the alarm panel, [Veghead] found only a single-sided board with a 9V battery connector. There were no screw terminals for an alarm loop, meaning this entire system was wireless – an impressive achievement for the mid-80s hardware. A quick search of the FCC website showed this alarm panel was registered to two bands, 319MHz and 340MHz, well within the range of an RTL-SDR USB TV tuner dongle.

After capturing some of the raw data and playing it back in Audacity, [Veghead] found a simple OOK protocol that sends two identical binary patterns for each key. A simple program takes the raw bit patterns for each key press and codes them into a map for each of the twelve buttons.

Although the radio still works, [Veghead] found the waveforms captured by his RTL-SDR were an abomination to RF. All the components in this security system are more than 30 years old at this point, and surely some of the components must be out of spec by now. Still, [Veghead] was able to get the thing working again, a testament to the usefulness of a $20 USB TV tuner.

Thanks [Jose] for sending this one in

RTLSDR

Decoding Satellite-based Text Messages With RTL-SDR And Hacked GPS Antenna

August 21, 2015 by 19 Comments

[Carl] just found a yet another use for the RTL-SDR. He’s been decoding Inmarsat STD-C EGC messages with it. Inmarsat is a British satellite telecommunications company. They provide communications all over the world to places that do not have a reliable terrestrial communications network. STD-C is a text message communications channel used mostly by maritime operators. This channel contains Enhanced Group Call (EGC) messages which include information such as search and rescue, coast guard, weather, and more.

Not much equipment is required for this, just the RTL-SDR dongle, an antenna, a computer, and the cables to hook them all up together. Once all of the gear was collected, [Carl] used an Android app called Satellite AR to locate his nearest Inmarsat satellite. Since these satellites are geostationary, he won’t have to move his antenna once it’s pointed in the right direction.

Hacked GPS antenna
Hacked GPS antenna

As far as antennas go, [Carl] recommends a dish or helix antenna. If you don’t want to fork over the money for something that fancy, he also explains how you can modify a $10 GPS antenna to work for this purpose. He admits that it’s not the best antenna for this, but it will get the job done. A typical GPS antenna will be tuned for 1575 MHz and will contain a band pass filter that prevents the antenna from picking up signals 1-2MHz away from that frequency.

To remove the filter, the plastic case must first be removed. Then a metal reflector needs to be removed from the bottom of the antenna using a soldering iron. The actual antenna circuit is hiding under the reflector. The filter is typically the largest component on the board. After desoldering, the IN and OUT pads are bridged together. The whole thing can then be put back together for use with this project.

Once everything was hooked up and the antenna was pointed in the right place, the audio output from the dongle was piped into the SDR# tuner software. After tuning to the correct frequency and setting all of the audio parameters, the audio was then decoded with another program called tdma-demo.exe. If everything is tuned just right, the software will be able to decode the audio signal and it will start to display messages. [Carl] posted some interesting examples including a couple of pirate warnings.

If you can’t get enough RTL-SDR hacks, be sure to check out some of the others we’ve featured in the past. And don’t forget to send in links to your own hacking!

Hackaday Links Column Banner

Hackaday Links: Summer, 2015

June 21, 2015 by 26 Comments

[Elia] was experimenting with LNAs and RTL-SDR dongles. If you’re receiving very weak signals with one of these software defined radio dongles, you generally need an LNA to boost the signal. You can power an LNA though one of these dongles. You’ll need to remove a few diodes, and that means no ESD protection, and you might push the current consumption above the 500mA a USB port provides. It does, however, work.

We’ve seen people open up ICs with nitric acid, and look inside them with x-rays. How about a simpler approach? [steelcityelectronics] opened up a big power transistor with nothing but a file. The die is actually very small – just 1.8×1.8mm, and the emitter bond wire doesn’t even look like it’ll handle 10A.

Gigantic Connect Four. That’s what the Lansing Makers Network built for a Ann Arbor Maker Faire this year. It’s your standard Connect Four game, scaled up to eight feet tall and eight feet wide. The disks are foam insulation with magnets; an extension rod (with a magnet at the end) allows anyone to push the disks down the slots.

[Richard Sloan] of esp8266.com fame has a buddy running a Kickstarter right now. It’s a lanyard with a phone charger cable inside.

Facebook is well-known for the scientific literacy of its members. Here’s a perpetual motion machine. Comment gold here, people.

Here’s some Hackaday Prize business: We’re giving away stuff to people who use Atmel, Freescale, Microchip, and TI parts in their projects. This means we need to know you’re using these parts in your projects. Here’s how you let us know. Also, participate in the community voting rounds. Here are the video instructions on how to do that.