A few weeks ago (I’ve been meaning to do this post for ages, few weeks ago is give or take 2 months) there was a post on reddit regarding a new software defined radio that cost around $20. After reading a few topics on the discussion (now all avail at http://www.reddit.com/r/RTLSDR now http://rtlsdr.reddit.com) my interest was peaked. RF was a whole new world of WTF for me. I think it offers the same awe and wonder that I had putting a tape into my very first tape into my vomit brown fischer-price tape player:
The basic gist of how it all works is as follows:
* There is a common chip found in video cards known as an RTL2832U
* This chip is commonly used for specific frequencies used for Television signals (and then software decodes this so you could watch TV on your pc)
* A bunch of cool guys ™ found a way to read the data coming into the card directly with drivers
* These cards also offered some tuners that allowed tuning beyond the basic TV ranges
So there are 2 basic sections:
* RTL2832U chips – reading data
* Tuner (E4K,other) – allows changing frequencies to various ranges
With such I started hunting around in Centurion for a Video card that had these options, after phoning a few places (read 5/6) I eventually found a TV card known as a Compro VisionMate U650F. It costs around R250 from pcpalace in centurion which offers a RTL2832U as well as the E4K tuner (the best one at this stage). *update* the cheaper visionmates (without remote) go for about R100 less than this!
* I can tune to frequencies from around 55MHz to 1800Mhz
* For R250!
This was super, ordered my card and a few days later it arrived!
Following some _really_ easy guides for installing a few tools in windows:
* HDSDR, WRPlus, ExtIO, zadig ( http://spench.net/ has all the info but at time of writing was having some issues, try one of these: http://rtlsdr.org/ http://rtlsdr.reddit.com)
And on linux:
* GnuRadio (install guide: http://gnuradio.org/redmine/projects/gnuradio/wiki/InstallingGR)
Off the bat I loaded up HDSDR (after all the config and setup – zadig for drivers, extIO copied) and immediately got that sinking feeling of ‘I know absolutely nothing’:
After a few hours of playing around it become pretty easy to see a few things:
* LO was the tuning band (100MHz on either side)
* Tuner tuned into the specific frequency
* The various options for demodulating the audio with AM/FM(NFM)/CW
So I started with the basics, I figured I’d try listen to some radio, so I tuned to my HDSDR to 90.5 and immediately noticed that setting ‘FM’ demodulation was far too narrow for what i saw:
After doing a bit of research as to why my audio was coming out very ‘choppy’ it turns out that FM has many different modes and can be modulated on NFM (narrow fm – default in HDSDR), WFM (wideband) and custom bandwidths. Seriously, had no idea on this, I thought FM was FM! So it turns out WFM (wideband FM) is what we use for normal radio stations.
I switched to WRPlus and tuned to the frequency again and found that not only could I listen, but I could also receive RDS. Level 1 was unlocked:
Next up was asking around to see what I could listen to in audio, various people in the IRC channel suggested I listen to either the ‘airband’ (air traffic control channels) or see if there were HAM channels running nearby.
I started using, as my mom often likes to say, “the google” and found that there were a few places that offered a listing of what was available near me, including Waterkloof airbase, OR Tambo and other — http://www.bi-comm.com/documents/Frequencies.htm. I tried to tune to these and set the modulation to AM. After a few hours of giving up on OR Tambo I tuned to Waterkloof airbase (about 5km away from me) and even with the default antenna that shipped with my card I could occasionally pick up the traffic (hear planes clearing with ground control etc). Level 2 was suddenly available, I was merely missing a few coins for the level up – these coins came in the form of an antenna.
After being in the IRC channel and understanding how far out of my depth I really was, I identified that the missing element to me being able to listen to ‘the coolness’ was an antenna. I spoke to some people on IRC including one chap from ‘the Australia’ known as Roklobster who gave a full description of how to build what is known as a discone antenna. I evaluated this, and even bought the requirements (< R200), but unfortunately soldering gavlanised steel with my soldering-101 soldering iron was impossible (the burns on my hands can testify for this). I again reverted back to “the google” to try and find an antenna I could buy that would be ‘totes amazeballs’. However I quickly found that antennas were pricey! The card can do 50mhz-1800mhz roughly, and the basic antennas i found could do say 137-146 Mhz and cost around R800. If that worked per frequency this was looking far too costly! Back to level 1.5 (I just cant get past this boss!)
I started asking around and found that there were some _really_ basic antenna that could be built from nothing more than PVC tubing as a base and some Co-ax! I gathered my team (namely i dragged Roelof to Builders warehouse with me) and bought a bit of Co-ax (At < R1/m its almost free like beer) and started building my ‘antenna’. Up-Down-Down-UpperPunch-LowerKick-F-A-T-A-L-I-T-Y
I built what is known as a quaterplane groundplane antenna. The basic gist of it is that you have a piece of metal that is of a specific length ( 1/4 of the wavelength that you need to tune to), and 3 or 4 pieces that extend below it to be the ‘ground’, this is then hoisted in a non conductive environment (some people hang em, others just attach em to PVC pipe – like I did). The basic formula is 300 (speed of light ~ roughly) / <frequency in MHz) * 0.25 (or div 4.. ‘whatevs.’) gives you the length in meters. So one of the stations I wanted to listen to was the airbands at around 122Mhz. The formula become (300/122) * 0.25 = 0.6 meters.
The basic idea is:
* Remove outer insulation and shielding (apart from right at the bottom)
* Exposed length of inner insulation and core is the size you want (see above)
* Then solder/attach various radials of the same length to the inner shielding (not insulation)
* Point radials down at ~45 degrees and spaced 120degrees apart (depending on how many you have)
In Ascii Thats:
Basically then you hook up an F-connector (avail at almost anywhere – builders warehouse, spar, chamberlains, etc) from the antenna center piece (Its all co-ax) to the RTL-SDR device. Additionally to do that you need to get a IEC (thats the standard TV antenna connector) to an F-connector cable – luckily these are everywhere and cost ~R20.
I changed my design slightly and got a PVC tube cap and drilled a hole in it to hold an F-connector join so that I could have one cable going to the PC and at the top of the PVC (where i’d normally keep the antenna anyway) I had another F-connector to join the antenna to, I wont go into detail but these pictures should make it pretty self explanatory:
After that I fired up my HDSDR and wow was there a *ton* of signals near me. Using the guide found earlier I could quickly listen to the Amplitude modulated (AM) transmissions from Airports near me, or the hundreds (okay maybe not hundreds, but atleast 20) frequency modulated 2-way-comms (commonly used for security guards on the ground, towtruck operaters, random people with 2-way-radios).
Here are a few that I have picked out with the wavs that I could easily identify:
Basic Plane-to-Tower comms:
Hand held radios:
Security Guards Checking in with OB number:
Automated Air Information (no idea on the real name for this)
Two microlights talking:
Commercial Airline Approach:
Automated Weather/Other forcast:(from San Jose where I am for this week)
The basics of what I assume now are (lesbiserious, its only been a few days, take everything with a pinch of salt):
* If its gov/country related and analog its gonna be Amplitude Modulated (AM)
* If its private sector its gonna be FM – And then you are kinda interested in say 150-170Mhz and 440-450Mhz – there are tons of things to listen to.
From here there is still about 99 more levels for me to look at, such as:
* How to build and transmitter (its cool that tuning to 144Mhz shows you gate remotes going off – but how can you ‘replay’ it?).
* How antenna design really works (without guessing) – and getting a real antenna.
* What different type of signals look like (I can merely identify AM and FM)
* Decoding something digital
While it appears all fun and games here, it is interesting to note that security companies are running their base<->guard communications essentially ‘in the clear’ (http for the rest of us). Which for $20 I can clearly listen to, additionally I can also listen and find out where the guards are and if there are any issues at the moment, seems perfect for crime? Most police forces are using TETRA (including Gauteng), read https, which at least means criminals can’t simply listen in, however most places of importance (banks, offices) where someone might want to steal data are protected by private companies – with all data in the clear.
But thats an update. Game saved to Slot 1.
People seem to have switched from using WRPlus to SDR# which seems to be the new up and coming kid on the block! http://sdrsharp.com/
23 Comments to “RTLSDR: My First SDR!”
- Remote jamming “detector” on the cheap
- BSides Badge Config
- HackFu 2016 Writeup
- Bypassing Rolling Code Systems
- Hacking fixed key remotes with (only) RFCat
Not the quickest of cats
on the best of days.
Magnetic Stripes (2)
- February 2017
- December 2016
- June 2016
- February 2016
- August 2015
- April 2014
- January 2014
- November 2013
- October 2013
- March 2013
- January 2013
- December 2012
- September 2012
- July 2012
- May 2012
- April 2012
- February 2012
- November 2011
- October 2011
- September 2011
- August 2011
- June 2011
- April 2011
- March 2011
- February 2011
- January 2011
- November 2010
- October 2010
- September 2010
- March 2010