RTL-SDR

I'm the antenna, catching vibration

You're the transmitter, give information

KraftwerkAntenna

Fun with a software defined radio(SDR)

Late night long ago while listening to the Perseids pings via Radio Meteors, I started thinking about the unused tv antenna in my attic.

From there I ordered a $10 dvb-t usb adaptor and jumped into the software defined radio world. Within minutes of arrival using the cheap antenna and apt-get install rtl-sdr gradio, I had tuned to various radio stations, listened to the emergency dispatcher, and saw some planes flying near the house!

You can try this out yourself using the Wide-band webSDR from the Amateur radio club ETGD. This is a nice example of a wide-band SDR on which has access to much lower frequencies than I can receive with the inexpensive RTL_SDR.

R820T

The Rafael Micro R820T covers the 24-1766 MHz range.

Identification

If you have more than one of these, you'll want to setup the serial number with rtl_eeprom and product name to make it easy to identify them during testing. This becomes indispensable if you have multiple interfaces with varying bias-t needs. Most rtl-sdr programs will accept -d serialno as a device identifier.

This might have issues with multiple SDRs plugged in at the same time with the same serial number. The most reliable way is to set this when it is the only device in the system and not in use. You have to physically unplug the device before using

Before settings:

Found 2 device(s):
  0:  Realtek, RTL2838UHIDIR, SN: 00000001
  1:  Realtek, RTL2838UHIDIR, SN: 00000001

After setting the product and serial:

rtl_eeprom -s ais00 (and some handwaving and device shuffling)

  0:  Realtek, RTL2838UHIDIR, SN: ais00
  1:  Realtek, RTL2838UHIDIR, SN: adsb00

Calibration

For a $10 device, you don't get the most accurate frequency control. Thankfully, a PPM value can allow your tuner to find the frequency you actually wanted.

ppm = (10⁶ * frequency shift)/ actual frequency
ppm = 147 = (10⁶ * 160230)/ 1090000000

You can calculate what this should be by tuning to some well known stations in `gqrx` and finding the frequency difference at the peak of the signal. I prefer a more automatic approach using GSM channels and kalibrate-rtl.

First, use `rtl_test -p` to get a ballpark estimate of the ppm. Let it run a few minutes so the device warms up and you get a more reliable in-use measurement.

$ rtl_test -p
Found 1 device(s):
  0:  Generic, RTL2832U, SN: 77771111153705700
Using device 0: Generic RTL2832U
Found Rafael Micro R820T tuner
Supported gain values (29): 0.0 0.9 1.4 2.7 3.7 7.7 8.7 12.5 14.4 15.7 16.6 19.7 20.7 22.9 25.4 28.0 29.7 32.8 33.8 36.4 37.2 38.6 40.2 42.1 43.4 43.9 44.5 48.0 49.6
Sampling at 2048000 S/s.
Reporting PPM error measurement every 10 seconds...
Press ^C after a few minutes.
Reading samples in async mode...
real sample rate: 2048219 current PPM: 107 cumulative PPM: 107
real sample rate: 2048427 current PPM: 209 cumulative PPM: 159
real sample rate: 2048301 current PPM: 147 cumulative PPM: 155

I was impatient and had already gotten an estimate of 150 from an earlier test. If you skip this case and have a large PPM value like mine, you will get no useful GSM signals from kalibrate.

Next, use `kal` to scan a usable and local GSM frequency band using gain and our initial ppm value. Unfortunately, the 1900MHz bandwidth is out of the range of the R820T.

$ ./kal -s 850 -g 48 -e 150
Found 1 device(s):
  0:  Generic RTL2832U
Using device 0: Generic RTL2832U
Found Rafael Micro R820T tuner
Exact sample rate is: 270833.002142 Hz
Setting gain: 48.0 dB
kal: Scanning for GSM-850 base stations.
GSM-850:
        chan: 179 (879.4MHz + 3.512kHz) power: 185263.36
        chan: 235 (890.6MHz + 3.016kHz) power: 390921.56

Pick the channel with the highest power and then run cal with the -c argument.

$ ./kal -c 235 -g 48 -e 150
Found 1 device(s):
  0:  Generic RTL2832U
Using device 0: Generic RTL2832U
Found Rafael Micro R820T tuner
Exact sample rate is: 270833.002142 HzSetting gain: 48.0 dB
kal: Calculating clock frequency offset.
Using GSM-850 channel 235 (890.6MHz)
average         [min, max]      (range, stddev)
+ 2.597kHz              [2584, 2610]    (26, 6.847862)
overruns: 0
not found: 0
average absolute error: 147.084 ppm

At last, a PPM value you can use with SDR apps. A quick test of kalibrate on the RPi had a shmem error so this was done on a standard amd64 Debian machine.

ADS-B and Mode S

This tracks signals broadcast from aircraft which are within a line of sight! This quickly became interesting enough to make a unique page.

Meteor and Satellite Pings

FM-RDS

absorptions has a lot of mysterious RDS signals and what they decode to. Her [30c3] talk is a rather good view into this world from traffic alerts to bus route updates.

gr-rds is useful for getting the extended station and song information from standard FM radio. I was over expecting that I would be decoding HD Radio with this.

Disappointments

HDRadio

Listening to an FM radio station with the waterfall display, you can see two horizontal bars on both sides of the channel which is the HD Radio broadcast.
HDRadio Lobes

This is a hugely disappointing proprietary technology brought to you by the kindness of iBiquity and the FCC since 2002. This means they can charge radio stations subscription fees for broadcasting and licensing fees for tuners which can decrypt their stream. The cheapest HDRadio tuner listed is about $35, whereas you can find software applications to easily turn a smartphone into a DAB receiver. Digital Audio Broadcasting (DAB) and Digital Radio Mondiale both have SDR tuners and considerably greater accessibility.

315 MHz Doorbell

This transmission device was hiding from most google searches and the frequency I recorded is completely unstable. Years of exposure to the elements probably didn't help. It uses an A23 battery which is relatively expensive since it regularly dies after months of non-use. This device is probably not going to get much more SDR research from me.

315MHz drift

Most searching for information about the device were to set the chime codes so you don't ring your neighbour's doorbell so it took me a long time to search the 315MHz band. Most interestingly, there was a patent granted where they used this transmitter for wireless tyre pressure information.

The flaky transmitter is SL-6194-TX Revia 085-6194-05.
The receiving device is a Desa specialty Products Model SL-6166-RX-A.

Lightning Sensor

It might be worthwhile to setup an antenna to count nearby strikes as seen in some home weather kits. Unfortunately, blitzortung requires a much more specific detector setup and the bandwidth of interest is 3-30 KHz, much too low for a R820T.

915 MHz Wireless temperature sensor

The SPC775 sensor has a very weak ping on powering up but the base station no longer recognises it. This is probably a futile task since the designed receiver can't decipher the data from 20 cm away. Good riddance since this thing ate AA batteries every few weeks when it was new.

References and Software

sdr.osmocom.org wiki
rtl-sdr.com - a resource of countless things you can do with a SDR.
gr-air-modes - ADS-B receiving software.
gqrx.dk - Graphical SDR
rtlsdr-433m-sensor - making cheap wireless sensors useful outside of their original base station.
wikipedia ADS-B
rtl-sdr ads-b article
reddit/r/RTLSDR
dump1090
satsignal pi-1090