Software Defined Radio Notes

SDR

I picked up an RTL-SDR a few years ago and aside from tuning into local radio stations on my computer, haven’t really used it.

I got the idea recently to set up an ISMI catcher and this was enough motivation to dig out the radio and try again. Failed to get that set up but I did get some software running to grab ADS-B transmissions and plot them on a map.

It was a lot of fun scanning the radio spectrum and looking at interesting patterns in the data. I’ll share a few of the weird things I saw below.

RTL-SDR

There are lots of different kinds of SDRs out there. The RTL-SDR picks up 50Mhz all the way to 1700Mhz, which is enough to look at AM/MF radio stations, tv & digital tv, GSM, HAM radio, ATS-b, CB/Maritime, NOAA weather, and a bunch of other stuff.

The PlutoSDR and LimeSDR seem like interesting upgrades - they go up to 3.8 and 6Ghz respectively, which is high enough to pick up some satellite signals and to look at wifi traffic, 4G and LTE cellular signals. There are other SDRs that pick up 0-30Mhz but I imagine you’d need a pretty big antenna buried in the backyard to get a signal.

Another consideration is bandwidth. The RTL-SDR has about 2.4Mhz of bandwidth, which is enough to pick up multiple radio stations simultaneously, but probably isn’t enough to pick up a single broadcast television channel. So an upgrade would be in order if I wanted to try parsing ATSC 3.0 broadcasts. I confirmed this visually but haven’t actually attempted to decode a TV broadcast.

Antennas

Initially I was able to pick up frequencies from around 50Hz up to a few hundred Mhz. When I tried to listen to ADS-B transmissions at 1090Mhz or 978Mhz all I got was white noise. The internet is full of people who have built their own 1090mhz dipole antennas and i cut up some copper to give it a shot but i gave it up, not wanting to cut up the wire that came with my SDR.

Since I was going to have to buy equipment anyways I found a couple of log periodic antennas from Kent Electronics and those have been really useful. These are small, printed onto PCBs and they even soldered 3/8" connectors to them for me. One is tuned for 400-1000mhz, and the other for 850-6500mhz, but they both pick up frequencies outside of this range.

antennas

Sitting on my desk, either antenna seems to be able to pick up ADS-b broadcasts from about 70 miles away. They also pick up a lot of other interesting bits of spectrum above the ceiling of the telescopic dipole antenna that came with the RTL-SDR.

Software

I used SDRSharp to visualize and search the spectrum. For ADS-B parsing I used the rtl-sdr binaries and dump1090. Being on Windows made things a little weird.

rtl-tcp is the command that tunes the radio to a specific frequency and sends its data to whoever connects. I had to run this in powershell because WSL2 doesn’t do a great job of making USB devices accessible to the linux environment.

    .\rtl_tcp -a 0.0.0.0 -f 1090000000 -s 2000000 -p 4000 -g 45

With this running in powershell, I was able to run dump1090. dump1090 built with zero effort and comes with a builtin http server and a little webpage that plots all the aircraft that it finds. That one I ran in my WSL2 Kali vm.

    nc 10.0.0.46 4000 | ./dump1090 --ifile - --net --aggressive

The –aggressive flag just improves the error correction to catch mesasges with up to two bit errors. The –net flag exposes an http port on 8080 that runs a little webpage with the google maps api to plot aircraft with some stats. I had to add my own API key to the html doc to get it to load.

Interesting Bits of Spectrum

Aircraft / ADS-B / 1090Mhz

Here’s the dump1090 Ux. It keeps a buffer of all the aircraft it’s observed along with the # of messages its seen. It would be cool to take this data and keep it in a database to search and playback but there are services on the internet that do that. Plus it’s a lot of messages. The police chopper sent over 5,000 notifications on its route through the city.

Another interesting application might be to grab a screenshot of the flights over the city periodically and send it to my e-ink display. If I could pair this with tail-number lookups from the FAA, I could have a passive view into “who’s up there” sitting on my desk. That would be a fun toy.

dump1090
dump1090 chopper

GSM Cellular Traffic

Pretty sure the 850Mhz spectrum is cellphones. Not sure if it’s old ones or new ones. The spectrum here appears to be divided into channels, many of which have “tones” indicating their placement. When a call comes through or data is transmitted, the signal gets a lot stronger and consumes a wider section of bandwidth.

GSM cell traffic

UHF Television Broadcast ?

I think this is a TV channel. Approximate center of 862.9Mhz. There were other huge swaths of bandwidth like this that were larger than my SDR’s bandwidth - pretty sure those are the DTV / ATSC 3.0 broadcasts. But I didn’t invest much time here.

TV Broadcast

Other Gremlins

I didn’t grab screenshots or pics of everthing I found, but I took a few notes.

929.94Mhz - weird two-peak transmissions, there are carriers all over the place here.

952.056.4Mhz - carrier tone with periodic beeping. Maybe morse code?

960.1Mhz - hedgehog.

977.7Mhz 987.5.Mhz carrier with a sort of wide-band bloop

1.053.995Mhz - spectrum creeper. There’s a bunch around here that all creep up and down and back. They don’t stay on a frequency

1066.7Mhz - random mound of gain

There was another strange pattern mixed in the 800-900Mhz range where a tiny (50ms) ‘blip’ of data would come through on five separate frequencies simultaneously. These repeated every 30-60 seconds. Got me thinking that there could be a continuous digital broadcast happening with the data multiplexed across lots and lots of frequencies. Would be tough to find if you weren’t observing the spectrum as it happened.

Links

Antenna Info

https://turbofuture.com/misc/The-Pros-and-Cons-of-Log-Periodic-Antennas http://www.hottconsultants.com/techtips/freq-wavelength.html http://antirez.com/news/46

Gov’t Info

https://www.govinfo.gov/content/pkg/CFR-2006-title47-vol1/pdf/CFR-2006-title47-vol1-sec15-117.pdf https://www.faa.gov/nextgen/programs/adsb/

Software

Dump1090 - Super cool packages for parsing ADS-B packets. https://github.com/antirez/dump1090 https://github.com/MalcolmRobb/dump1090

RTL-SDR utilities. On windows it’s customary to download and run random binaries from FTP servers. https://www.rtl-sdr.com/using-windows-subsystem-for-linux-wsl-to-run-linux-sdr-programs-on-windows-10/ https://ftp.osmocom.org/binaries/windows/rtl-sdr/ https://airspy.com/download/

Universal Radio Hacker and Baudline - I didn’t use these but they might be useful one day https://github.com/jopohl/urh http://baudline.com/screenshots.html