sdr

302 Articles

THP Entry: SatNOGS

June 13, 2014 by 10 Comments

NOGS Here’s an interesting thought: it’s possible to build a cubesat for perhaps ten thousand dollars, and hitch a ride on a launch for free thanks to a NASA outreach program. Tracking that satellite along its entire orbit would require dozens of ground stations, all equipped with antennas, USB TV tuners, and a connection to the Internet. It’s actually more expensive to build and launch a cubesat than it costs to build a network of ground stations to get reasonably real-time telemetry from a cubesat. The future is awesome and weird, it seems.

This is the observation the guys behind SatNOGS have made. They’re developing a platform for a completely open source ground station network, with the idea being people an institutions along every longitude and latitude would build a simple satellite tracking antenna mount, connect it to the Internet, and become part of an open source Near Space Network, capable of receiving telemetry from any one of the small cubesats whizzing around in low earth orbit.

Despite being what is probably one of the most ambitious and far-reaching projects in open source hardware, the design of the system is relatively simple: the hardware is a 3D printed alt-az mount, capable of pointing a pair of antennas anywhere in the sky. The stepper motor driver board is based on the Arduino, and the computer running each antenna node is powered by a BeagleBone Black or a WR703N router. The antenna receiver is, of course, an RTL-SDR dongle, capable of listening to all the common cubesat bands. Even the software is derived from open source projects. Tracking a satellite across the sky can be calculated with GPredict, and the team is working on an observation scheduling and management system that combines multiple ground stations for coverage across the globe.

It’s a great idea, crowdsourcing satellite tracking from people around the globe, and something that could be used by hundreds of institutions lucky enough to launch a small cube of electronics into orbit.

SpaceWrencherThe project featured in this post is an entry in The Hackaday Prize. Build something awesome and win a trip to space or hundreds of other prizes.

ISEE-3: On Track To Come Home

June 8, 2014 by 15 Comments
map
Intended trajectory from ICE team in 1986 (blue), 2001 ephemeris of ISEE-3 (white) and current ephemeris (red/green). Click to embiggen.

When last we heard of the progress of commanding the derelict ISEE-3 satellite into stable orbit between the Earth and the sun, the team had just made contact with the probe using the giant dish in Arecibo, sent a few commands, and started gathering data to plot where the spacecraft is and where it will be. A lot has happened in a week, and the team is now happy to report the spacecraft is alive and well, and much, much closer to the intended trajectory than initially believed.

Before last week, the best data on where ISEE-3 was heading was from a 13-year-old data set, leaving the project coordinators to believe a maneuver of about 50-60  m/s was necessary to put the spacecraft into the correct orbit between the Earth and the sun. With new data from Arecibo, that figure has been reduced to about 5.8 m/s, putting it extremely close to where the original ICE navigation team intended it to go, all the way back in 1986. This also gives the team a bit of breathing room; the original planned maneuver to capture the spacecraft required nearly a third of the available fuel on board. The new plan only requires the spacecraft expend about 5% of its fuel stores. This, of course, brings up the idea of continuing the planned mission of the rebooted ISEE-3 beyond the Earth-Sun L1 point, but that is very much putting the cart before the horse.

Of course, getting ranging data of the spacecraft is only a small part of what has happened with the ISEE-3 part this week. Thanks to the ‘away team’ sent to Arecibo to install hardware and attempt to make contact with the satellite, both transceivers are working, telemetry is being downloaded from the probe, and work has begun on refining the exact position of ISEE-3 to compute where and when the spacecraft needs to make its maneuver.

Regular Hackaday feature and software defined radio god [Balint] was on hand with the away team at Arecibo to install his company’s SDR unit on the largest dish on the planet. His happy dance of the first data from ISEE-3 made the blog rounds, but the presentation (PDF) and photo gallery tell the story of working on the largest dish on the planet much better.

There’s still a lot of work to be done by the ISEE-3 team as they figure out how best to capture the spacecraft and prepare for the burn in the following week. They should have the exact orbit of ISEE-3 nailed down early this week, and after that, ISEE-3 could on a path back home in less than two weeks.

Building A Software Defined Radio With A Teensy

April 25, 2014 by 21 Comments

[Rich, VE3MKC] has been wanting to get into Software Defined Radio for a while now, but didn’t want to go the usual PC route. He initially thought the Raspberry Pi would be the best platform for a small, embedded device that could manipulate audio, but after discovering the ARM-powered Teensy 3.0, had an entirely different project in mind.

[Rich] is using a SoftRock SDR to take RF from an antenna and downconvert it into the audio range. Doing DSP for SDR is fairly computationally intensive, but he found a Teensy 3.0 with the audio adapter board was more than up to the task.

So far, [Rich] is running the audio from the SoftRock to the Teensy where the audio is digitized and multiplied with a VFO, sent through a filter and then sent to the output of the headphone jack to a speaker. The volume pot on the audio adapter board is used to tune the VFO, something [Rich] be replacing with a proper encoder sometime in the future.

In the videos below, you can see [Rich] listening in on a contest with a tiny TFT display showing everybody on the air. It’s a very cool build, and even though it’s still very early in development, there’s still a whole lot of CPU cycles for the Teensy to do some very cool stuff.

Continue reading “Building A Software Defined Radio With A Teensy”

[Balint]’s GNU Radio Tutorials

April 22, 2014 by 15 Comments

Waterfall

[Balint] has a bit of history in dealing with software defined radios and cheap USB TV tuners turned into what would have been very expensive hardware a few years ago. Now [Balint] is finally posting a few really great GNU Radio tutorials, aimed at getting software defined radio beginners up and running with some of the coolest hardware around today.

[Balint] is well-known around these parts for being the first person to create a GNU Radio source block for the implausibly inexpensive USB TV tuners, allowing anyone with $20 and enough patience to wait for a package from China to listen in on everything from 22 to 2200 MHz. There’s a lot of interesting stuff happening in that band, including the ACARS messages between airliners and traffic control, something that allowed [Balint] to play air traffic controller with a minimal amount of hardware.

Right now the tutorials are geared towards the absolute beginner, starting at the beginning with getting GNU Radio up and running. From there the tutorials continue to receiving FM radio, and with a small hardware investment, even transmitting over multiple frequencies.

It’s not much of an understatement to say software defined radio is one of the most versatile and fun projects out there. [Balint] even demonstrated triggering restaurant pagers with a simple SDR project, a fun project that is sure to annoy his coworkers.

Continue reading “[Balint]’s GNU Radio Tutorials”

Hacking Rolling Code Keyfobs

March 17, 2014 by 39 Comments

Most keyfobs out there that open cars, garage doors, and gates use a rolling code for security. This works by transmitting a different key every time you press the button. If the keys line up, the signal is considered legitimate and the door opens.

[Spencer] took a look into hacking rolling code keyfobs using low cost software-defined radio equipment. There’s two pars of this attack. The first involves jamming the frequency the keyfob transmits on while recording using a RTL-SDR dongle. The jamming signal prevents the receiver from acknowledging the request, but it can be filtered out using GNU Radio to recover the key.

Since the receiver hasn’t seen this key yet, it will still be valid. By replaying the key, the receiver can be tricked. To pull off the replay, GNU Radio was used to demodulate the amplitude shift keying (ASK) signal used by the transmitter. This was played out of a computer sound card into a ASK transmitter module, which sent out a valid key.

Hacking Radio Controlled Outlets

March 10, 2014 by 5 Comments

It’s no surprise that there’s a lot of devices out of there that use simple RF communication with minimal security. To explore this, [Gordon] took a look at attacking radio controlled outlets.

He started off with a CC1111 evaluation kit, which supports the RFCat RF attack tool set. RFCat lets you interact with the CC1111 using a Python interface. After flashing the CC1111 with the RFCat firmware, the device was ready to use. Next up, [Gordon] goes into detail about replaying amplitude shift keying messages using the RFCat. He used an Arduino and the rc-switch library to generate signals that are compatible with the outlets.

In order to work with the outlets, the signal had to be sniffed. This was done using RTL-SDR and a low-cost TV tuner dongle. By exporting the sniffed signal and analyzing it, the modulation could be determined. The final step was writing a Python script to replay the messages using the RFCat.

The hack is a good combination of software defined radio techniques, ending with a successful attack. Watch a video of the replay attack after the break.

Continue reading “Hacking Radio Controlled Outlets”

Using SDR To Read Your Smart Meter

February 25, 2014 by 76 Comments

[BeMasher] was dissatisfied with the cost of other solutions to read his smart meter, so he made a project to read it himself using an rtl-sdr dongle.

Using his hacking and reverse engineering skills along with a $20 RTL-SDR dongle, [BeMasher] wrote rtlamr to automatically detect and report the consumption information reported by smart meters within range. Though designed for his Itron C1SR, [BeMasher] claims that any electronic receiver transmitter (ERT) capable smart meter should work.

[BeMasher]’s Itron C1SR smart meter broadcasts both interval data and standard consumption in the 915MHz ISM band using a Manchester encoded, frequency hopping spread spectrum protocol. [BeMasher] used the RTL-SDR dongle to do the signal capture and analysed the resulting signal in software afterwards. [BeMasher] did a great job of going through the theory and implementation of analysing the resulting data capture, so be sure to check it for an in-depth analysis.

If the RTL-SDR dongles are too limited for you taste, you might want to check out some hacker friendly SDRs with a little more punch.