Introducing RTL-SDR: a $20 SDR

March 20, 2012, 8:04 am

If you don’t want to spend $1,200+ for a USRP SDR to use GNU Radio the crew at OsmoSDR want to help. In addition to their other amazing work, Osmocom team members (notably Steve Markgraf) have been hacking away on an alternative least-cost solution they call rtl-sdr.

So what is rtl-sdr? It is a creative form of using consumer-grade DVB-T USB receivers, turning them into fully-fledged software defined radios.

Those DVB-T receivers supported by rtl-sdr are based on the Realtek RTL2832U chipset plus a tuner IC like the Elonics E4000.

The RTL2832U has some undocumented commands/registers, by which it can be placed into a mode where it simply forwards the unprocessed raw baseband samples (up to 2.8 MS/s 8-bit I+Q) via high-speed USB into the PC, where they are routed into GNU Radio.

At a street price of about USD 20 to USD 25, they are undoubtedly the most capable low-cost SDR hardware that can be bought. So now there is really no more excuse for anyone to not learn GNU Radio. You don’t have to buy a USRP, not even a FCDP or an OsmoSDR: A USD 20 device is all that’s needed for receiving signals like GSM, GMR, DECT, TETRA, APCO25 and many others.

Visit the rtl-sdr page at Osmocom for complete details and links to hardware suppliers.

↧

RTL-SDR GNU Radio update

March 31, 2012, 9:00 am

≫ Next: Dongle Shootout: Funcube vs RTL SDR

≪ Previous: Introducing RTL-SDR: a $20 SDR

While we await the arrival of the Ezcap dongle from DealExtreme we found this video from Balint Seeber. He’s made using this device with GNU Radio even easier by coding up a source block for use with GNU Radio Companion.

GNU Radio Companion (GRC) is a graphical tool for creating signal flow graphs and generating flow-graph source code. Instead of using GNU Radio from the command line, GRC allows you to drag and drop various signal inputs/outputs and DSP building blocks onto a flowgraph to design your own radio receivers, transmitters and supporting components. (Note that transmitting is not possible with the Ezcap dongle.)

Thanks to Balint Seeber for this outstanding code contribution to the growing RTL-SDR user community!

For all the details and downloads on the Gr-Baz code project visit the Gr-Baz Spenchwiki.

↧

Dongle Shootout: Funcube vs RTL SDR

April 27, 2012, 8:00 am

≫ Next: Receiving Oregon Scientific sensors with RTL-SDR

≪ Previous: RTL-SDR GNU Radio update

Kanal von MegaOscarVideos from Germany presents a two-part video comparision of the Funcube dongle and a RTL-SDR DVB-T dongle, in this case a Hama Nano version. The two devices are connected to the same antenna and using identical test systems from a geostationary INMARSAT satellite to compare received signal to noise ratios (SNR).

Here in Part II Kanal compares reception of identical test signals from geostationary UHF military satellite downlinks in the 240 – 270 MHz range to compare received signal to noise ratios (SNR). The test was conducted with the two devices connected to the same antenna with no preamp.

Kanal reports: “Most of these satellite downlinks are encrypted data links except for the illegal Pirates from Brazil or occasionally other unintended uplinks or harmonics making it into the uplink.”

“The FCD was used ‘live’ in these videos while the DVB-T IQ stream (1MHz bandwith) was prerecorded a few minutes before the video in order to avoid having to switch the dongles and reconfigure software back and forth and thus save some time in the video.”

↧

Receiving Oregon Scientific sensors with RTL-SDR

April 30, 2012, 8:00 am

≫ Next: RTL-SDR spectrum analyzer on the Beaglebone

≪ Previous: Dongle Shootout: Funcube vs RTL SDR

Kevin Mehall got his RTL-SDR dongle and wasted no time in developing a decoder using GNU Radio for the 433MHz transmissions of Oregon Scientific remote temperature sensors (v1 protocol). These devices transmit on 433.9 MHz sending data packets containing the temperature data every 30 seconds. The transmitter uses On-off keying and the 32 data bits are manchester encoded. He uses the GNU Radio osmosdr block to capture signals from the dongle. This project uses GNU Radio from the command line, not the Gnuradio-Companion GUI.

You can find the source code and docs at Kevin Mehall’s GitHub page.

↧

RTL-SDR spectrum analyzer on the Beaglebone

February 20, 2013, 8:00 am

≫ Next: RTL-SDR scanner

≪ Previous: Receiving Oregon Scientific sensors with RTL-SDR

Alexandru Csete, amateur radio operator OZ9AEC, has developed this spectrum analyzer running on a Beaglebone dev board. He calls the project the rtlizer, designed to be a simple real-time spectrum analyzer that uses an RTL2832U DVB-T receiver (RTL-SDR USB stick) and runs on a Beaglebone, or any other device with librtlsdr and Gtk+ installed.

You can find more details including a link to the rtlizer project code at Csete’s OZ9AEC website.

↧

RTL-SDR scanner

February 23, 2013, 6:00 am

≫ Next: RTL-SDR monitors ADS-B with ADSB# and adsbScope

≪ Previous: RTL-SDR spectrum analyzer on the Beaglebone

RTLSDR scan
Al from Ear to Ear Oak has released this open source cross platform Python frequency scanning GUI for the OsmoSDR rtl-sdr library.

The software scans a range of frequencies and plots the result, allowing you to find signals to investigate. The RTL dongle has a maximum bandwith of about 2.8MHz but with this you can scan the full range of the dongle, allowing you to see signals with ease. For example the screen capture shows my local FM radio stations.

Al has posted the code for this project on GitHub.

↧

RTL-SDR monitors ADS-B with ADSB# and adsbScope

March 23, 2013, 8:00 am

≫ Next: Tutorial: receiving ACARS with RTL-SDR

≪ Previous: RTL-SDR scanner

adsb-sharp
Automatic Dependent Surveillance-Broadcast (ADS-B) is a radio communications system used by aircraft worldwide to transmit position and identification information. It uses a frequency of 1090 MHz, sending data using a modulation scheme called Pulse Position Modulation (PPM). To monitor this system you could purchase a dedicated ADS-B receiver for several hundred dollars, or design your own in software for an SDR platform. But if you own a RTL-SDR dongle, you already have all the hardware you need and we’ve found some free programs which will get you monitoring ADS-B in minutes.

ADSB# is an open source project from the crew at SDR#. It allows you to access your RTL-SDR dongle with prearranged parameters to receive raw data traffic from aircraft transmitting ADS-B data. The ADSB# code is available in both Windows executable and source.

Once you have ADSB# operational, you’ll need a way to convert its raw hex data output into usable information. Enter ADSBscope. ADSBscope can be downloaded from the developer sprut.de in a zip file containing everything you need for a Windows installation (including Delphi source code.) ADSBscope is an excellent GUI which acts as a client on your computer taking output from the SDR# (server) and presenting it in listing and map format.

You’ll want to read Henry Forte’s excellent 15 page PDF QuickStart Guide for the details on using these outstanding programs.

For more information on ADS-B tech and its security vulnerabilities, see Andrei Costin and Auŕelien Francillon’s interesting paper entitled Ghost in the Air (Traffic). There’s also good information to be found in these materials from Eurocontrol air traffic management training.

↧

Tutorial: receiving ACARS with RTL-SDR

April 17, 2013, 7:00 am

≫ Next: RTL-SDR dsd tutorial: monitoring P25 digital voice

≪ Previous: RTL-SDR monitors ADS-B with ADSB# and adsbScope

PlanePlotterRawSignal
This posting on RTL-SDR.com provides a good explanation of how to receive and decode the aeronautical digital communications known as Aircraft Communications Addressing and Reporting System (ACARS) generally found on 131.55 MHz. Their technique uses the RTL-SDR dongle tuned by SDR# which feeds into the decoding program. The tutorial also contains links to several videos demonstrating the use of RTL-SDR with the PlanePlotter and acarsd decoding programs.

↧

RTL-SDR dsd tutorial: monitoring P25 digital voice

April 21, 2013, 11:00 am

≫ Next: Tutorial: Kali Linux with GNU Radio, GQRX and RTL-SDR dongle

≪ Previous: Tutorial: receiving ACARS with RTL-SDR

dsd
The crew over at RTL-SDR.com has posted a simple tutorial on using the RTL-SDR dongle and free SDR# and Digital Speech Decoder software (dsd) to monitor P25 digital radio voice comms. They describe, “Digital radio voice communications are becoming more commonly used in the radio spectrum. This is due to the various improvements offered over traditional analogue voice radio systems. Unfortunately for radio scanner hobbyists, digital radio is difficult to receive, as special radio scanners which can be expensive are required to decode the digital audio. Additionally, digital radio systems can be encrypted making it impossible for communications to be decoded by a hobbyist. However, most users of digital radio do not bother to encrypt their systems as it can introduce lag and extra battery drain in portable radios.

The most common digital speech codec is APCO P25, which dsd is able to decode. Dsd is also capable of decoding other common digital codecs such as DMR/MOTOTRBO and ProVoice which no hardware scanner is currently capable of.”

One part of this project that isn’t open source is their use of Virtual Audio Cable software to route the SDR# output to the DSD.

↧

Tutorial: Kali Linux with GNU Radio, GQRX and RTL-SDR dongle

May 22, 2013, 7:38 am

≫ Next: Tracking low earth satellites using RTL-SDR

≪ Previous: RTL-SDR dsd tutorial: monitoring P25 digital voice

If you’ve tried to install GNU Radio from binaries without success, this video from NeedSec is for you. He demonstrates how to intall GNU Radio on Kali Linux from source, and confirms operation of the RTL-SDR dongle using GQRX radio receiver software.

WE GAVE IT A TRY: We’ve tried installing GNU Radio on various flavors of Linux, along with the associated libraries and dependencies needed for using the RTL-SDR dongle, with varying degrees of success. Usually the GNU Radio install goes OK, but the RTL-SDR dongle source does not appear among the list of available blocks in Gnuradio-Companion. The same goes for the OP25 decoder block for receiving APCO25 digital transmissions. The hangups usually relate to the lack of integration between 1the Linux distro, GNU Radio and the dependencies needed for the dongle and OP25 libraries.

We followed the steps outlined in this video on a fresh install of Kali and are pleased to report that IT WORKS! GQRX and GNU Radio both recognized several different RTL-SDR dongles, a Funcube dongle and a USRP1 SDR without a problem. Note that as stated in the video, the install process is very lengthy. The on-screen prompt warns “This will take a long time.” Note it says “will”, not might. Our install took over three hours, but this just proves that good things come to those who wait. (The Kali graphical install option which we used was also one of the most user friendly Linux installs we’ve experienced. For novices, it should be noted that you’ll need to know the actual drive designator for the HD on which Kali is being installed (i.e., “/dev/sda” or “/dev/sdb”, etc.) as you’ll be asked to type this in when the Grub bootloader is being installed. Failure to do so will give you a non-bootable install!)

THE BOTTOM LINE: If you want to get up and running with GNU Radio and the RTL-SDR dongle, this is the route to go. Painless, flawless. It just works. And since Kali is from the creators of the BackTrack pen testing distro, you also get a cool Linux distro with security tools preinstalled.

↧

Tracking low earth satellites using RTL-SDR

August 6, 2013, 5:01 pm

≫ Next: RTL-SDR spectrum analyzer for BeagleBone Black using ViewRF software

≪ Previous: Tutorial: Kali Linux with GNU Radio, GQRX and RTL-SDR dongle

staellite traker

Travis Goodspeed has been experimenting with remote satellite tracking over the internet. His setup uses a satellite dish originally used with a mobile earth station on maritime vessels. Movement of the dish is accomplished with servos and an EiBotBoard” wired into a BeagleBone. Travis describes further, “My initial build using an RTL-SDR dongle. Data processing is done on my server, with the BeagleBone forwarding data from rtl_tcp. To avoid offending the FCC and ham radio operators everywhere, I disabled the dish’s 1.5GHz transmitter and use only the 1.6GHz downlink antenna. If I can justify the extra weight, I’d like to drop the RTL-SDR in favor of a USRP2 over Gigabit Ethernet in order to get greater bandwidth and sensitivity.

Recordings are stored either as raw I/Q data or as a simple signal strength indicator from the Power Spectral Density (PSD) function. In the near future, I hope to automatically adjust the aim of the dish in realtime based upon the signal quality feedback.”

You can find project details and more photos on Travis’ blog.

↧

RTL-SDR spectrum analyzer for BeagleBone Black using ViewRF software

September 7, 2013, 4:03 pm

≫ Next: Detecting the Perseids meteor shower using RTL-SDR

≪ Previous: Tracking low earth satellites using RTL-SDR

Stephen Ong previously released this video demonstrating the use of RTL-SDR dongle with the BeagleBone dev board to function as a spectrum analyzer. The software making this possible is known as ViewRF and Stephen has now released the instructions and code links for this project.

↧

Detecting the Perseids meteor shower using RTL-SDR

October 9, 2013, 6:27 pm

≫ Next: Receiving, decoding and decrypting GSM with RTL-SDR

≪ Previous: RTL-SDR spectrum analyzer for BeagleBone Black using ViewRF software

Amateur radio operation EB3FRN demonstrates how he used an RTL-SDR dongle tuned to a distant VHF transmitter as a passive radar receiver to view the echoes produced by the meteor’s ionization. The signal he received was from the Graves radar system on 143.050 MHz, using a VHF ground plane connected to the dongle. He displayed the scatters using Baudline.

Via RTL-SDR.com.

↧

Receiving, decoding and decrypting GSM with RTL-SDR

October 17, 2013, 10:09 am

≫ Next: EFERGY E2 Classic FSK decoding using RTL-SDR and R-Pi

≪ Previous: Detecting the Perseids meteor shower using RTL-SDR

Domi007 has been experimenting with using the RTL-SDR dongle to receive and analyze GSM signals for research and academic purposes. He has posted a four parttutorial explaining his use of GNU Radio companion, Wireshark and other open source software to receive and analyze and decode GSM packets.

The above link is for part one of this four part tutorial, with the remaining three sections below:
Part II
Part III
Part IV.

As the author points out, everything he describes is for educational purposes. You should only decode your own data, never that of others or that you don’t have permission to decode!

Via RTL-SDR.com.

↧

EFERGY E2 Classic FSK decoding using RTL-SDR and R-Pi

November 15, 2013, 4:10 pm

≫ Next: R-Pi and RTL-SDR = AFSK transmission between two Linux boxes

≪ Previous: Receiving, decoding and decrypting GSM with RTL-SDR

eferg_4
Nathaniel Elijah has posted the a complete working prototype of an EFERGY E2 CLASSIC Transmission decoder using a Raspberry Pi and RTL-SDR USB Dongle. The EFERGY E2 Classic is an electrical usage monitor which displays information received from associated wireless energy sensors. Nathaniel writes, “It is now possible to capture those 10s to 20s power consumption samples or Efergy E2 Transmission raw data through use of a RTL-SDR USB dongle connected to a Raspberry Pi. The R-Pi runs on a Fedora Linux OS with the C code decoding software installed.”

Visit the RTL-SDR Projects blog for project details and source code links.

↧

R-Pi and RTL-SDR = AFSK transmission between two Linux boxes

November 19, 2013, 10:00 am

≫ Next: Decoding FLEX pagers using RTL-SDR and Linux

≪ Previous: EFERGY E2 Classic FSK decoding using RTL-SDR and R-Pi

This video depicts the successful transmission of AFSK data via a radio link between two Linux machines using a R-Pi and an RTL-SDR dongle. The crew at Kprod posted this cool RTL-SDR project on their blog. They use minimodem to do the encoding in a FLAC or in a WAV format, then use the R-Pi as a transmitter. The RTL-SDR is setup to receive the signal and send the audio to minimodem for decoding.

↧

Decoding FLEX pagers using RTL-SDR and Linux

November 26, 2013, 10:00 am

≫ Next: RTL-SDR + SDR Radio + Funcube Sat

≪ Previous: R-Pi and RTL-SDR = AFSK transmission between two Linux boxes

Superkuh2 demonstrates how to decode FLEX pager radio traffic. He uses gr-pager and zarya’s implementation of it on the Linux platform with the RTL-SDR dongle.

This script runs at a 250 KS/s sample rate and decodes one 12.5 KHz channel only. Internally it uses gnuradio’s optfir to generate low pass taps stopping at 12.5 KHz to use witih a frequency xlating FIR filter. It then passes what’s left to gr-pager’s flex_demod.

Here I show such an activity with the osmocom gr-fosphor visualization tacked on to patchvonbraun’s gnuradio multimode receiver for context.

For more detail on this process, visit SuperKuh’s website.

↧

RTL-SDR + SDR Radio + Funcube Sat

November 27, 2013, 10:20 pm

≫ Next: Decoding radio-controlled bus stop displays

≪ Previous: Decoding FLEX pagers using RTL-SDR and Linux

SDR-RadioV2andFuncubeDashboard-Settings
Amateur radio operator N4JTC has written a blog post about his experiences using the RTL-SDR dongle to receive the Funcube Satellite.

With the recent record number of cubesat launches this month most Amateur Radio enthusiasts been busy, myself included. There hasn’t been a better time to get into receiving these satellites. With the inexpensive hardware, free software, a ton of information and an active community it is “easy” and quite a thrill to get into this hobby.

I will focus on one satellite and one method of receiving and decoding in this post. There are so many ways to do this but I think this method is the least expensive and provides really good results.

↧

Decoding radio-controlled bus stop displays

November 29, 2013, 7:12 pm

≫ Next: Rtl_fm Guide: The long lost documentation

≪ Previous: RTL-SDR + SDR Radio + Funcube Sat

bus_dest
Oona Räisänen (a/k/a Windytan) is a self-taught signals and electronics hacker from Helsinki, Finland, who is fascinated by mysteries, codes and ciphers, and vintage tech. She’s previously written regarding the use of digital transmissions carried on FM broadcast subcarriers as a means of supplying data to digital information signs used at bus stops.

Her research revealed that these remote controlled transit signs are on a system called IBus made by the Swedish company Axentia. The signals use a proprietary protocol known as Data Radio Channel or DARC. Her efforts have thusfar revealed that the data is sent “using a 16,000 bps data stream that uses level-controlled minimum-shift keying (L-MSK), which can be thought of as a kind of offset-quadrature phase-shift keying (O-QPSK) where consecutive bits are sent alternating between the in-phase and quadrature channels.” It appears that some of the decoded data is human readable, containing a list of terminal stations and similar data.

Oona used a RTL2838 DVB stick for receiving the signals. This is fascinating stuff. We hope to read further details on this reversing process in her future posts.

For the latest details visit Windytan’s absorptions blog.

(Here’s a link to United States Patent 6,307,890 for High density FM subcarrier modulation with standardized network layer which may be of interest.)

↧

Rtl_fm Guide: The long lost documentation

December 2, 2013, 12:00 pm

≫ Next: Nooelec RTL-SDR giveaway at AmateurRadio.com

≪ Previous: Decoding radio-controlled bus stop displays

rtlsdr
Kyle Keen has written up documentation on his Rtl_fm utility, which enhances RTL-SDR operation on older PCs.

Rtl_fm is a little utility I wrote for the RTL-SDR project. The program was made to fill a gap in software defined radio: all the computers weaker than a Pentium 4. Basically, an Atom processor processor does not have enough oomph to demodulate something as simple as narrow band FM using the standard tools. (Recently a high performance FM demodulator was released, Simple FM but it works only passably on newer Atoms.) So rtl_fm was written with one goal, efficiency, in mind.

Rtl_fm is one of the user-level packages which comes as part of the rtl-sdr codebase.

Visit KK Blog for the documentation.

↧