رتل-سدر البرنامج التعليمي: تحليل غسم مع إيربروبغر-غسم و ويريشارك يمكن استخدام الراديو رتل-سدر تعريف الراديو لتحليل إشارات غسم الهاتف الخليوي، وذلك باستخدام أدوات لينكس غر-غسم (أو إيربروب) و ويريشارك. يوضح هذا البرنامج التعليمي كيفية إعداد هذه الأدوات للاستخدام مع رتل-سدر. مثال 8211 تحليل غسم مع رتل-سدر البرمجيات تعريف الراديو هنا هو لقطة شاشة فيديو يظهر مثالا لنوع البيانات التي يمكن أن تحصل عليها. يمكنك رؤية معلومات حزمة غسم غير المشفرة. لن تتمكن من رؤية أي معلومات حساسة مثل بيانات الصوت أو الرسائل النصية منذ تشفير هذا الجزء. فك الرسائل غير الخاصة بك أمر صعب للغاية وغير قانوني ولا يغطيه هذا البرنامج التعليمي. يوتيوبواتشفبفكويزرهتبك يمكن تحميل 8217t الفيديو: تحليل غسم الخلوي مع رتل-سدر (RTL2832)، إيربروب و ويريشارك (يوتوبيواتشفبكويزرهتبك) أولا، سوف تحتاج إلى معرفة ما ترددات لديك إشارات غسم في منطقتك. في معظم أنحاء العالم، نطاق غسم الأساسي هو 900 ميغاهيرتز، في الولايات المتحدة الأمريكية يبدأ من 850 ميغاهرتز. إذا كان لديك E4000 رتل-سدر، قد تجد أيضا إشارات غسم في نطاق 1800 ميغاهيرتز في معظم أنحاء العالم، و 1900 ميغاهيرتز النطاق للولايات المتحدة الأمريكية. فتح سدرشارب، ومسح حول الفرقة مهز 900 (أو 850 ميغاهيرتز) لإشارة يشبه صورة الشلال أدناه. هذا هو إشارة عدم الهبوط غسم الهابطة. باستخدام نفم، وسوف يبدو شيئا مثل المثال الصوت المقدمة أدناه. لاحظ أسفل أقوى ترددات غسم يمكنك أن تجد. يتم تنفيذ بقية البرنامج التعليمي في لينكس ونحن نفترض أن لديك مهارات لينكس الأساسية في استخدام المحطة. لهذا البرنامج التعليمي استخدمنا أوبونتو 14.04 في جلسة فموير. يمكنك تحميل مختلف على استعداد للذهاب الصور أوبونتو فموير من هنا. و فموير لاعب مجانا من هنا. لاحظ أنه يتم الإبلاغ عن مربع الظاهري لا تعمل بشكل جيد مع رتل-سدر، وقدرات عرض النطاق الترددي أوسب ضعيفة، لذلك يجب استخدام لاعب فموير. تثبيت غر-غسم ويستند هذا البرنامج التعليمي بشكل كبير على تعليمات من جيستوب غر-غسم التمهيدي في جيثوبتركريسيكغر-جي إس إم. أسهل طريقة لتثبيت غر-غسم هو استخدام بيبومبس. سوف بيبومبس تثبيت تلقائيا غر-غسم، وجميع التبعيات المطلوبة بما في ذلك راديو جنو. بعد تشغيل التكوين سوف يطلب منك عدة خيارات. ترك كل شيء الافتراضي باستثناء البادئة تثبيت التي يجب تعيينها إلى أوسرلوكال. يمكنك تحديد الخيارات الافتراضية ببساطة عن طريق الضغط على إدخال في كل سطر. تحقق لمعرفة ما إذا كان توزيع لينكس يحتوي على راديو غنو 3.7.3 أو حزمة أعلى في مستودعه مع ما يلي. أوبونتو 14.10 يجب أن يكون راديو غنو 3.7.3 في مستودعاتها، ولكن الإصدارات القديمة لا. إذا كان لا يستخدم غنو راديو 3.7.3 ثم استخدام التعليمات البرمجية التالية لتثبيت راديو جنو عبر حزمة مستودع بدلا من المصدر الذي سيوفر كميات كبيرة من وقت التثبيت. لا تقم بالتثبيت من المستودعات إذا كان إصدار راديو غنو أقدم. الآن تثبيت غر-غسم عن طريق تشغيل وبمجرد تركيب يمكنك بدء غر-غسم من أي مكان ببساطة عن طريق تشغيل ما يلي. في النافذة التي للملوثات العضوية الثابتة يمكنك تعيين تردد إشارة غسم. على سبيل المثال لضبط إشارة غسم في 945.402 ميغاهرتز، ونحن سوف تدخل تحت مركز التردد قيمة 9.45402e08. تأكد أيضا من ضبط الكسب وإعدادات بم إذا لزم الأمر. الآن تشغيل ويريشارك عن طريق الكتابة إلى محطة منذ غر-غسم يقطر البيانات إلى منفذ أودب، يجب علينا تعيين ويريشارك للاستماع إلى هذا. تحت زر ابدأ في ويريشارك، أولا تعيين واجهة التقاط إلى الاسترداد: لو ثم اضغط على ابدأ. ثم في مربع التصفية بالقرب من أعلى نافذة ويريشارك، اكتب في إيمب أمبامب غسمتاب. وهذا يضمن أن يتم عرض بيانات غسم إيربروب فقط. لاحظ أنه يمكنك أيضا بدء ويريشارك باستخدام سودو ويريشارك - k - Y 8216icmp أمبامب gsmtap8217 - i لو التي ستبدأ تلقائيا ويريشارك في وضع الاسترجاع مع فلتر غسمتاب تفعيلها. إذا كان لديك مشاكل في تثبيت غر-غسم عبر بيبومبس، يمكنك تثبيت راديو غنو أولا عن طريق ماركوس ليتش تثبيت البرنامج النصي ثم قم بتثبيت غر-غسم على النحو التالي. الطريقة القديمة باستخدام إيربروب (انقر لتوسيع) تثبيت راديو جنو سوف تحتاج إلى تثبيت راديو جنو أولا من أجل الحصول على رتل-سدر للعمل. فيديو تعليمي ممتاز يبين كيفية تثبيت راديو غنو في كالي لينكس يمكن العثور عليها في هذا الفيديو هو مبين أدناه. لاحظ أن كان لي لتشغيل أبت الحصول على التحديث في المحطة الأولى، قبل تشغيل البرنامج النصي بناء، كما حصلت 404 لم يتم العثور على أخطاء خلاف ذلك. يمكنك أيضا استخدام مارس Leech8217s تثبيت البرنامج النصي لتثبيت أحدث إصدار من راديو جنو على أي نظام التشغيل لينكس. يمكن العثور على تعليمات التثبيت هنا. أوصي تثبيت من مصدر للحصول على أحدث إصدار. youtubewatchvB8Acp63DA0 تحديث: الإصدار الجديد 3.7 راديو غنو غير متوافق مع إيربروب. سوف تحتاج إلى تثبيت غنو راديو 3.6. ومع ذلك، نيو من قسم التعليقات من هذه الوظيفة قد خلق التصحيح الذي يجعل إيربروب متوافقة مع راديو غنو 3.7. لتشغيله، ضع ملف التصحيح في مجلد إيربروب ثم قم بتشغيل التصحيح - p1 لوت zmiana3.patch. تثبيت إيربروب إيربروب هو الأداة التي سوف فك شفرة إشارة غسم. لقد استخدمت دروس متعددة للحصول على إيربروب لتثبيت. أولا من هذه الجامعة فريبرغ البرنامج التعليمي. لقد استخدمت تعليماتهم للتأكد من أن التبعيات المطلوبة التي تتطلب إيربروب تم تثبيتها. تثبيت تحديث التبعيات الأساسية: بفضل جوس شيام من قسم التعليقات الذي قد إعلامنا أن بعض التبعية الإضافية مطلوبة عند استخدام كالي لينكس الجديد (1.0.5) ل إيربروب لتجميع. إذا كنت 8217ve تخطي تثبيت غنوراديو لأنك 8217re باستخدام كالي 1.0.5 مع أدوات سدر جديدة مثبتة مسبقا، استخدم الأمر التالي لتثبيت التبعيات المطلوبة إضافية. تثبيت ليبوسموكور استنساخ إيربروب الآن، اكتشفت أن مستودع إيربروب جيت المستخدمة في البرنامج التعليمي للجامعة (berlin. ccc. de) كان محدثا، ولن تجميع. من هذا الموضوع رديت اكتشفت أكثر ما يصل إلى تاريخ إيربروب مستودع جيت التي لا تجميع. استدعاء إيربروب باستخدام الأمر جيت التالي. الآن تثبيت غسمديكود و غسم استقبال. تثبيت غسمديكود تثبيت غسم-ريسيفر اختبار إيربروب الآن، سد إلى الدليل إيربروغسم-ريسيفرسركبيثون. أولا سنقوم اختبار إيربروب على عينة غسم كفيل. الحصول على عينة كفيل التي وجدت من هذا البرنامج التعليمي عن طريق الكتابة في محطة. ملاحظة: البرنامج التعليمي و رابط كفيل في بعض الأحيان ميت. لقد عكست كفيل على ميغوبلود في هذا الرابط. وضع كفيل في المجلد إيربروغسم-ريسيفرزركبيثون. الآن فتح ويريشارك، عن طريق كتابة ويريشارك في نافذة المحطة الطرفية الثانية. تم تثبيت ويريشارك بالفعل في كالي لينوكس، ولكن قد لا تكون في توزيعات لينكس أخرى. منذ إيربروب تفريغ البيانات إلى منفذ أودب، يجب علينا تعيين ويريشارك للاستماع إلى هذا. ضمن بدء في ويريشارك، أولا تعيين واجهة الالتقاط إلى لو (الاسترجاع)، ثم اضغط على ابدأ. ثم في مربع التصفية، اكتب في غسمتاب. وهذا سيضمن فقط يتم عرض بيانات غسم إيربروب. مرة أخرى في المحطة الطرفية الأولى التي هي في الدليل الثعبان، اكتب في إذا كان كل شيء مثبتا بشكل صحيح، يجب أن تكون الآن قادرا على رؤية البيانات غسم عينة في ويريشارك. استقبال قناة حية لفك تشفير قناة حية باستخدام نوع رتل-سدر في الجهاز الطرفي ستظهر نافذة جديدة. لحن لقناة غسم غير القفز المعروفة التي وجدت في وقت سابق باستخدام سدرشارب عن طريق إدخال تردد المركز. ثم انقر في منتصف قناة غسم في نافذة النطاق العريض. في غضون ثوان قليلة يجب أن تبدأ بعض بيانات غسم في الظهور باستمرار في ويريشارك. اكتب. gsmreceivertl. py - h للحصول على معلومات حول المزيد من الخيارات. ويستخدم العلم - s هنا لتعيين معدل العينة إلى 1.0 مسبس، الذي يبدو أن تعمل أفضل بكثير من الافتراضي 1.8 مسبس كما يبدو أنه ينبغي أن يكون هناك ذروة غسم واحد فقط في نافذة الطيف واسع النطاق. التقاط كفيل مع رتل-سدر (وأضاف: 130613) كنت wnn8217t قادرة على العثور على وسيلة لاستخدام إيربروب لالتقاط بلدي كفيل الخاصة. لم أجد وسيلة لالتقاط واحد باستخدام. rtlsdr و غنو راديو ومع ذلك. أولا حفظ ملف البيانات. bin رتلسدر باستخدام حيث - s هو معدل العينة، - f هو تردد إشارة غسم و - g هو إعداد الربح. (يتم تخزين رتلسدر في 8216gnuradio-سركرتل-sdrsrc8217) بعد ذلك، تحميل هذا غنو راديو رفيق (غرك) الرسم البياني تدفق (التمرير على طول الطريق للارتباط)، والتي سيتم تحويل ملف. بن رتلسدر إلى ملف. cfile. قم بتعيين مصدر الملف إلى الملف capt. bin ثم قم بتعيين إخراج الملف لملف يسمى capt. cfile الذي يجب أن يكون موجودا في المجلد 8216airprobegsm-receiversrcpython8217. أيضا، تأكد من تعيين 8216Repeat8217 في كتلة مصدر الملف إلى 8216No8217. الآن تنفيذ الرسم البياني تدفق غرك عن طريق النقر على أيقونة التي تبدو مثل التروس الرمادية. سيؤدي هذا إلى إنشاء التقاط. ملف. لن يتوقف المخطط الانسيابي في حد ذاته عند القيام بذلك 8217s، لذلك بمجرد أن يتم كتابة الملف اضغط على الرمز X الأحمر في غرك لوقف تشغيل المخطط البياني. ويمكن الآن التقاط. ملف يمكن استخدامها في إيربروب. ومع ذلك، لاستخدام هذا كفيل، وجدت أنني اضطررت لاستخدام. gsmreceive. py، بدلا من. go. sh كما هو مطلوب معدل إفساد مخصص. I8217m لست متأكدا لماذا، ولكن معدل إفساد 64 عملت بالنسبة لي، الذي تم تعيينه مع العلم - d. الذهاب إلى أبعد من ذلك لم نتمكن من فك تشفير البيانات غسم مشفرة، ولكن إذا كنت مهتما في البحث عن هذا أبعد من ذلك، وهنا بعض الروابط المفيدة. تنويه: فك فقط إشارات يسمح لك قانونيا (مثل من الهاتف الخليوي الخاص بك) لتجنب اختراق الخصوصية. دليل من مختبرات أبحاث الأمن غسم فك تعليمي من قبل جامعة العلوم والتكنولوجيا النرويجية A5 ويكي محاضرة جيدة حول هذا الموضوع هو مبين أدناه. كتب القارئ في لإعلامنا بعض المعلومات عن الحصول على أرقام تمسي و كك، والتي هي مفيدة إذا كنت ترغب في الذهاب أبعد من ذلك وفعلا فك رموز الرسائل القادمة من الهاتف الخاص بك. يكتب: لسبب ما، فإن معظم الوظائف على شبكة الإنترنت بشأن استنشاق غسم توفر أمثلة قليلة جدا عن كيفية الحصول على أرقام تمسي و كك الخاصة بنا. هذه تعتمد إما على شاشة الهندسة بلاك بيري أو استخدام قارئ بطاقة سيم (انظر على سبيل المثال domonkos. tomcsanyip369). أعرف أن هناك أساليب أخرى مثل تلك التي تصفها في رتل-سدرتل-سدر-سيل-فون-إمسي-تمسي-كي-سنيفر. ومع ذلك، نادرا ما رأيت أي شيء يتعلق الروبوت التطبيق إمسي الماسك الكاشف. هذا يمكن تركيبها بسهولة عن طريق المستودعات القياسية ويسمح لنا بإرسال الأوامر أت إلى المودم المقدمة نحن الجذر مس. هذا الإجراء يعمل على العديد من الأجهزة (راجعت ذلك على موتورولا موتو E). مجرد تذكير سريع من أتكوماندس الأساسية: 1. استخراج إمسي - gt ATCRSM176،28423،0،0،3. 2. استخراج مفتاح التشفير كك - gt ATCRSM176،28448،0،0،9 (سيم)، ATCRSM176،20256،0،0،9 (ل أوسيم). أول 16 إدخالات. 3. استخراج تمسي - gt ATCRSM176،28542،0،0،11. أول 8 إدخالات. يوفر الروبوت إمسي الماسك الكاشف بعض البيانات إضافية مثيرة للاهتمام، مثل معرف الخلية يتم توصيل الجهاز إلى، لاي، الخ youtubewatchv4jfpeQcOmHI الفيديو can8217t يتم تحميلها: ديبسيك 8211 التصحيح غسم (youtubewatchv4jfpeQcOmHI) 129 تعليقات هذا يبدو في الواقع مثيرة جدا للاهتمام. سيئة للغاية لدي مهارات زيرو في استخدام لينكس. ربما شخص ما يمكن أن تخبرني بعض الخطوات التي يمكنني اتخاذها للقيام بذلك في ويندوز. سيكون أويسوم إذا كان بعض برامج ويندوز موجودة للقيام بهذا الشيء نفسه. هل هناك أي إمكانيات للقيام بمشروع منارة الرقمية المتلقي باستخدام مجلس الإنماء والإعمار في windows7 أو windows10 باستخدام ماتلاب بدلا من غنو راديو مرحبا، وأنا أبحث عن وسيلة لحساب عدد الهواتف المحمولة فقط. لا توجد معلومات أخرى. هل هناك أي طريقة مرحبا، لقد كتبت رسالة إلى جيثب عنوان (جيثوبتركريسكر-gsmissues198)، ولكن ما زلت لم أكن ريفيفد الجواب. هل يمكن أن تساعد لي من فضلك أن نفهم مع فك قنوات القفز شكرا you8230 ماذا يكون أفضل الميزانية سدر الراديو والهوائي لاستخدام ميزانيتي لا يزيد عن 75 مجموع أرخص هو أفضل كنت أفكر باستخدام رقاقة E400 مع ANT500 تلسكوبي هوائي أي شخص حقق هذا بنجاح و ما إكيمبنت كنت قد استخدمت مجرد الحصول على واحدة من دونجلز لدينا مع مجموعة الهوائي رتل-سدرستور. و R820T2 أفضل من E4000 في معظم الحالات على أي حال، إلا إذا كنت في حاجة إلى الترددات العالية التي يمكن أن توفر. تأكد من الحصول على حالة الألومنيوم إكسترودد، كما سوف تجد نفسك مع الطريقة الكثير من الضوضاء خلاف ذلك. أيضا، don8217t استخدام هوائي شيتي. تأكد من أن خط التغذية الخاص بك هو مقاومة المعاوقة، وتشديد جيدا وليس وصلات فضفاضة. حافظ على هوائيك بعيدا عن الأجهزة المعدنية الأخرى التي قد تتداخل مع أنماط الاستقبال، وننظر في تعلم بناء هوائياتك الخاصة. يمكنك أن تفعل الاشياء الراديو لرخيصة، ولكن عليك أن تفهم ما you8217re القيام به. المصدر: مشغل راديو هام لسنوات. KF5EGM. إعطاء الراديو الخاص بك الأرض المناسبة الأخرى من جهاز الكمبيوتر الخاص بك أيضا. جهاز الكمبيوتر الخاص بك هو صاخبة. نعم it8217s كل عمل إضافي ولكن كنت 8217ll نقدر ذلك في نهاية المطاف. OH8230and شراء مرشح تمريرة عالية. الأفضل بعد الحصول على مرشح تمرير الفرقة. It8217s كل رخيصة جدا، ويمكنك لا يزال من المحتمل البقاء تحت 75 باكز، وخاصة إذا قمت بإجراء بعض الأشياء نفسك أو يتسوق. القضايا حول كالي لينكس قد بيم حل اعتبارا من الإصدار المتداول 2016.1، لدينا البرنامج التعليمي هو ما يصل على Kali. org في أو مرتبطة مباشرة وتحميلها في. pdf من مستندات جوجل هنا لا تتردد في الاتصال بنا مع أي أسئلة. عندما أحاول تثبيت غر-غسم من خلال بيبومبس تظهر المشكلة التالية: 8220PyBombs. sysutils 8211 تحذير 8211 ديبكسيستس: تعذر العثور على إصدار قابل للتنزيل من libboost1.53-ديف التثبيت من المصدر: boost8221 يحصل على إحباط التثبيت ويفشل. I8217m جديدة جميلة لينكس، ويأمل شخص ما يمكن أن تساعدني مع هذا. مرحبا I8217m في محاولة لالتقاط حزم جي إس إم من قبل بلدي دونجل رتلسدر. ولكن أنا فقط يمكن التقاط قناة كش و I8217m غير قادر على التقاط أي حزم أخرى. يمكن أي هيئة تقول لي لماذا هذا. هو أنه بسبب القفز تردد. أو I8217m في عداد المفقودين شيء شكرا وآسف لضعف الإنجليزية وي محاولة ل runairprobertlsdr. py لدي هذا التدليك: email160protected: airprobertlsdr. py باش: airprobertlsdr. py: الأمر لم يتم العثور غر-غسم تثبيت بنجاح وات هذا يعني أنني وجدت سبب خطأ، كالي لينكس لديه مشاكل التثبيت لم يتم حلها وغير معتمد حاليا. للأسف 8230 هل من الممكن تحديد IP8217s العامة المستخدمة في المنطقة عن طريق استنشاق هذه الحزم جيت استنساخ githubksnieckairprobe. git هو ارتباط بديل التي يمكن استخدامها لتنزيل إيربروب كما وصلة معين don8217t العمل. التبعية مطلوب ل كالي لينكس 1.1.0 مرحبا، يمكن لأي شخص اسمحوا لي أن أعرف أين يمكنني الحصول على جهاز الراديو غنو التي سوف تعمل مع هذا هو أي شخص آخر الحصول على هذا الخطأ: لا أستطيع تثبيت إيربروغسم-المتلقي. عندما أحاول 8220make8221 أنه يعطيني هذا الخطأ: ز: خطأ. gsm. cc: لا يوجد ملف أو دليل ز: خطأ فادح: لم يتم إنهاء ملفات الإدخال. make4: غسملا-gsm. lo خطأ 1 make4: ترك الدليل روتايربروبيسم-receiversrclib8217 make3: كل-ريكورسيف إرور 1 make3: ترك الدليل روتايربروبيسم-receiversrclib8217 make2: آل-ريكورسيف إرور 1 make2: ترك الدليل روتايربروبيسم-receiversrc8217 make1: آل-ريكورسيف إرور 1 make1: ترك الدليل روتايربروبيسم-استقبال 8217 جعل: كل خطأ 2 أنا can8217t العثور على هذا الملف gsm. cc في أي مكان حصلت على نفس الخطأ. هل تمكنت بالفعل من تجميعه أنا مغرم آخر إيربروب سرك، تجميع fine8230. ولكن هناك بعض القضايا الأخرى. كان لي هذه المسألة ل، وحدة 8220no اسمه GSM8221 تبين أن الخطأ كان بسبب استخدام نسخة من ديتيرولد من إيربروب، أن واسنت تجميع بشكل صحيح. منذ ذهب غنومونكس كان علي أن أجد آخر على أن تجميع بشكل صحيح 8211 حصلت عليه العمل مع هذا واحد: استنسخت نفس الريبو على جيثب ولكن لا يزال أنا الحصول على نفس الخطأ 8220ImportError: لا وحدة اسمه gsm8221. واسمحوا لي أن أعرف إذا كان هناك شيء آخر يحتاج إلى القيام به. مرحبا، الرجاء مساعدتي، شكرا. إيربروغسم-ريسيفرزبيثون. gsmreceivertl. py - s 1e6 تراكباك (آخر مكالمة الأخيرة): ملف 8220.gsmreceivertl. py8221، السطر 22، في استيراد أوزموسر إيمبورتيرور: لا وحدة اسمها أوسموسدر مرحبا، اتبعت جميع الخطوات وأنها تعمل بشكل جيد حتى أنا انقر في نافذة الطيف واسعة النطاق. فقط don8217t تفعل أي شيء، فإنه doesn8217t تظهر أي شيء على ويريهسارك سواء. I8217m باستخدام هاكرف، ما يمكن أن تكون المشكلة حاولت أيضا في كالي 1.0.8 فم والحصول على: لينكس غنو C الإصدار 4.7.2 Boost104900 UHD003.005.003-0-غير معروف تراسيباك (آخر مكالمة الماضي): ملف 8220.gsmreceivertl. py8221 ، سطر 27، في استيراد غسم ملف 8220..libgsm. py8221، سطر 26 في غسم سويجيمبورثيلبر () ملف 8220..libgsm. py8221، السطر 18 في سويجيمبورثيلبر استيراد غسم إمبورتيورور: libosmocore. so.5: لا يمكن فتح كائن مشترك ملف: لا يوجد ملف أو دليل أي شخص أي أفكار كيفية جعل هذا العمل في كالي 1.0.8 أجاب على مشكلتي الخاصة. تشغيل ما يلي إذا كان استخدام كالي 1.0.8 قبل إيربروبل تحميل والإعداد: سودو لن - s usrlocalincludegruelswiggruelcommon. i أوسرلوكالينينلودنوراديوسويغ أمبامب لدكونفيغ ويبدو أن العمل على بلدي فم الآن مرحبا إلى اليوم قمت بتثبيت كالي لينكس 1.0.8 مع غنوراديو المثبتة مسبقا اتبع توتريبال كيفية تثبيت إيربروب وتطبيق التصحيح zmiana. patch كل شيء العمل بشكل جيد ولكن عند تطبيق اختبار إيربروب أذهب هذه الرسالة: تراسباك (آخر مكالمة الأخيرة): ملف 8220.gsmreceive. py8221، السطر 11، في استيراد جي إس إم ملف 8220..libgsm. py8221، سطر 26، في غسم سويجيمبورتهيلبر () ملف 8220..libgsm. py8221، السطر 18، في سويجيمبورثيلبر استيراد غسم إمبورتيورور: لا وحدة اسمه غسم الرجاء مساعدتي لدي 5 أيام في محاولة مهلا، اسمي هو هانز و إيف حصلت على سؤال بسيط (إم مبتدئ في هذا القسم): هل من الممكن للكشف عن عدد من الهواتف الذكية بالقرب مني مع غسم أناليساتيون وإذا لم يكن، يمكن ش تخيل بعض الطرق للقيام بذلك وأنا أعلم أنها ليست سهلة، ولكن إيف عدة أشهر للقيام بذلك 8211 أنا فقط بحاجة إلى كنو ث ممكن ها هانز، ما هي المنطقة التي أنت في مرحبا، جعلت i8217m كفيل مع بطاقة أوسب تيراتيك e4000، ولكن للأسف لا أستطيع العثور على طريقة فك هذا. عندما أكتب 8220.go. sh تمبكابتور-رتل-sdr. cfile 64 1S8221 كل شيء يبدو على ما يرام في وحدة التحكم، ولكن في ويريشارك ليس لديهم شيء. بدلا من ذلك عند كتابة 8220.go. sh تمبكابتور-رتل-sdr. cfile 64 0C8221 ثم ويريشارك تظهر حركة المرور ولكن لا معلومات النظام 5 أو 6 mega. co. nz8UtxEAwDGbUW8vkhPspAUtRuI3RaCuhJR3aWOpmbnj0NnLq8cIM حتى إم تحميل بلدي كفيل، وإذا كان شخص ما يمكن أن تحاول في نهاية المطاف تجد فيها إم في الخطأ، وسوف نقدر مرحبا كنت قد تم استخدام gsmreceivertl. py مع الإصدار 1 من التصحيح زميانا، وأنها عملت موافق. ومع ذلك، أنا couln8217t جعل go. sh العمل مع أي ملف الالتقاط، مثل capt941.8M112.cfile أو vfcall6a725d174g5Kc1EF00BAB3BAC7002.cfile. الآن قرأت نيو تعليق حول نسخة التصحيح الجديدة و أنا تطبيقه، ولكن حصلت على نفس ريريرولتس: gsmreceivertl. py تعمل موافق ولكن ملف فك لا تعمل. نيو، ما هي الخيارات التي يجب استخدامها لمحاولة مع vfcall6a725d174g5Kc1EF00BAB3BAC7002.cfile، وهو الملف يجب أن تعمل، isn8217t ذلك شكرا لك تحتاج إلى تغيير كلوكريت في رمز الثعبان إلى 100e6، واستخدام ديسيم 174 ل vfcall6a725d174g5Kc1EF00BAB3BAC7002.cfile ثم أزلت 8220-I8221 تكوين. ac: 16: الملف المطلوب. config. guess8217 لم يتم العثور على configigure. ac:16: أوتوماتيك 8211add-miss8217 يمكن تثبيت config. guess8217 configure. ac:16: الملف المطلوب. config. sub8217 لم يتم العثور على configigure. ac:16: أوتوماتيك 8211add - missing8217 يمكن تثبيت config. sub8217 configure. ac:5: الملف المطلوب. install-sh8217 لم يتم العثور configure. ac:5: أتمتة 8211add-miss8217 يمكن تثبيت إنستال-sh8217 configure. ac:16: الملف المطلوب. ltmain. sh8217 لم يتم العثور على configure. ac:51: الملف المطلوب. missing8217 لم يتم العثور على configure. ac:5: أوتوماتيك 8211add-miss8217 يمكن تثبيت Miss8217 srcMakefile. am: الملف المطلوب. depcomp8217 لم يتم العثور على srcMakefile. am: أوتوماتيك 8211add-miss8217 يمكن تثبيت depcomp8217 أوتوريكونف: أوتوماتيك فايل d مع حالة الخروج: 1 أحصل على هذا: أوتوريكونف: 8216configure. ac8217 أو 8216configure. in8217 مطلوب بعد 8220autoreconf i8221 مرحبا كل شيء، عفوا بسبب جني هذا السؤال عند تشغيل. gsmreceivertl. py أنا أخطأ هذا الخطأ: إينوكس غنو C الإصدار 4.7.2 Boost104900 UHD003.005.003-0-أننوين غر-أوسموسدر v0.0.x-زس-شوننون (0.0.3git) غنوراديو 3.6.5.1 أنواع المصدر المضمنة: ملف فد رتل رتلكب أود هاكرف فاتال: فشل في فتح جهاز هاكرف (-5) هاكرفيرورنوتفوند محاولة لملء 1 قناة (ق) في عداد المفقودين مع الضوضاء الغوسية. ويجري ذلك لمنع التطبيق من تحطمها بسبب علة غنوراديو. وقد تم إبلاغ المشرفين. معدل العينة: 0 تراسباك (آخر مكالمة أخيرة): ملف 8220.gsmreceivertl. py8221، السطر 230، في تب توبلوك () ملف 8220.gsmreceivertl. py8221، السطر 85، في الصنابير إينيت gr. firdes. lowpass (1.0، سامبليرات، 145e3، gr. firdes. WINHANN) ملف 8220usrlibpython2.7dist-packagegnuradiogrgnuradiocoregeneral. py822121، خط 9493، في عودة لوباس gnuradiocoregeneral. firdeslowpass (أرجس، كوارغس) إندكسيرور: فشل فحص غفيرديرز: سامبلينجريف غ 0 هل يمكن أن تخبرني بالضبط كيف يمكن أنا حل هذه المشكلة 8212821282128212821282128212821282128211 و. سؤال آخر هو أنه عندما تشغيل الرقع. فإنه يطلب مني اسم الملف وأعطي اسم الملف لكنه يطلب تجاهلها، 82128212821282128212821282128212821282128212821282128212821282128212- من فضلك قل لي كيفية القيام باتشو سووو سووري و تنكسكس الكثير ل الجواب. 821282128212821282128212821282128212821282128212821282128212 لقد قمت بتثبيت هذا على كالي 1.0.6 في فيرتوالبوكس، ولكن عند تشغيل. gsmreceivertl. py - s 1e6 بعد الكشف عن رتلسر لدي خطأ ألقيت تراسباك (آخر مكالمة الأخيرة): ملف 8220usrlibpython2.7dist-packagegnuradiowxguiplotterplotterbase. py822121، خط 203، في أونباينت ل فن في self. drawfcns: fcn1 () ملف 8220usrlibpython2.7dist-packagegnuradiowxguiplotterplotterbase. py8221، السطر 63، في رسم GL. glCallList (self. gridcompiledlistid) ملف 8220usrlibpython2.7dist-packageOpenGLerror. py8221، السطر 208، في غلشيكيرور بيسوبيراتيون باسوبيراتيون، OpenGL. error. GLError: غليرور (إر 1280، دسكريبتيون 8216invalid enumerant8217، باسوبيراتيون غلكالليست، كارجومنتس (1L،)) شكرا مقدما على أي مساعدة. مرحبا، i8217ve تحديث التصحيح ل 3.7 قليلا 8211 رابط speedy. shA7aP7zmiana2.patch 8211 الآن يعمل gsmreceivertl. py كذلك (يمكن استخدامها للعيش التقاط) كما لاحظ من قبل ستوريمان، go. sh don8217t العمل على سبيل المثال ملف الالتقاط المذكورة في المادة 8211 ربما ملف يحتاج إلى بعض الميقاتية الأخرى (كان wasn8217t بلدي الهدف الاختبار في المقام الأول). وكنت قادرا على فك شفرة ملف سرلابس بشكل صحيح (مع كلوكريت 100e6) ومع 64e6 (افتراضي) I8217m قادرة على فك رموز الملفات التي تم التقاطها مع بلدي رتل-سدر. شكرا للتحديث، ومعلومات إضافية. كنت قادرا على تكرار النتيجة الخاصة بك في عملية العبث معها، وكشفت مشكلة أيضا. لاحظت أنه عندما قمت بالنقر فوق نافذة لحن الخشنة، كان يتصرف بشكل غريب. تعقبت الخلل وصولا الى هذا: عندما انتقل غر من 3.6 إلى 3.7، غر :: فلتر :: فركلاتينغفيرفيلتركسس تغيرت تتطلب السلبية من القيمة القديمة. أي، يجب أن يكون تخالف -200000 في gr3.6 200000 في gr3.7. الإصلاح 8212 تغيير هذا الخط: self. offset - x ل self. offset x ومع ذلك، أن حصلت لي التفكير في ما يمكن أن يحدث ذلك التغيير التوقيع على العبث. بالتأكيد يكفي 8230 هناك وظيفة تصحيح موالف بنيت في هناك، حيث وظيفة استقبال جي إس إم يرسل مرة أخرى تصحيح التردد إلى توبلوك. لذا قمت بإجراء الجراحة البسيطة التالية gsmreceive. py: موالف الفئة (gr. fevaldd): ديف إينيت (سيلف، توبلوك): gr. fevaldd. init (سيلف) self. topblock توبلوك ديف إيفال (سيلف، فريكوفسيت): سيلف. topblock. setcenterfrequency (فريكوفسيت) ريتورن فريكوفسيت يصبح: كلاس تيونر (gr. fevaldd): ديف إينيت (سيلف، توبلوك): gr. fevaldd. init (سيلف) self. topblock توبلوك ديف إيفال (سيلف، فريكوفسيت): self. topblock. سيتسنتيرفركنسي (0 - فريكوفسيت) ريتورن 0 - فريكوفسيت آاند تماما مثل أن 8212 التقاط 941.8M112.cfile فك بشكل صحيح تحت gr3.7 الآن أوه، أردت فقط أن أقول، هناك 8217s ربما نهجا أكثر نظافة لتحديد هذه الأخطاء. قد يكون هناك نقطة مركزية حيث يمكننا فقط القيام بتغيير علامة وإصلاح كل شيء أو شيء من هذا. أنا haven8217t التحقيق حقا أي مزيد من ذلك حتى الآن. كنت مجرد سعيدة جدا للحصول على سبيل المثال كفيل لقراءة، وأخيرا، وأنا مجرد هرعت هنا أن أقول كيف you8217re على الاطلاق ستوريمان 8211 و gnuradio. orgredmineprojectsgnuradiowikiMove3-6to3-7 ينص بوضوح على أن التغيير من علامة هناك حاجة (ولكن فعلت عبس () 8211 بحيث 8217s خطأي). الإصدار الجديد: speedy. shNBRYBzmiana3.patch (فعلت التغيير في موقع مختلف 8211 لكنه يعمل كذلك). حسنا، ذهبت من خلال جميع التعليقات على هذه الصفحة. يبدو من التعليقات أن إيربروب يعمل فقط على كالي لينكس. هذا هو ذلك وأنا أحاول تثبيت إيربروب على نسخة قديمة نسبيا من أوبونتو بمعنى أوبونتو 10.04. لذلك هو أن يستحق أقل للقيام بذلك لا ينبغي أن تعمل على أي لينكس ليس فقط كالي. الناس مجرد استخدام كالي لأن إيربروب يمكن أن يكون من الصعب جدا لتثبيت و كالي تبسيط بعض الشيء من خلال وجود شرط مسبق تثبيت غنو راديو. ننسى أيضا أن أذكر، وفقا ل سوباكسورزتاكر، التي ينبغي للمرء أن تفعل في سركبيثونليب ونسخ gsm. py في سركبيثون الجدير بالذكر هي هذه البقع ل غنوراديو 3.7: نسيت أن نذكر أي بقع هي الألغام، أولا هو سكاتيو والثاني هو (ج) 2014 سوباكسورستاكر I8217ve تطبيقها على حد سواء بقع، وتشغيل البرامج، ولكنهم don8217t إنتاج الانتاج صحيح كما يفعلون بالنسبة لي تحت gr3.6. هل (أو أي شخص، حقا) حصلت فعلا إلى 100 دولة قابلة للاستخدام مع gr3.7 حتى اختبار ضد ملف التقاط 941.8M112.cfile تنتج تيار 8220sch. c: 260 إر: كونفديكود 118221 تحت gr3.7، تفعل نفس الشيء اختبار بنفس الطريقة كما هو الحال في gr3.6 (التي عملت تماما). لديه أي شخص التغلب على هذه المشكلة حتى الآن وإذا كان الأمر كذلك، هل أنت قادرة على مشاركة أي تلميحات حول كيف حاولت تثبيت كالي 1.0.6 ثم غنوراديو 3.7. لقد قرأت عن عدم التوافق مع إيربروب وأنا أيضا تطبيق التصحيح وجميع عملت موافق. عند تشغيل مع caputer. cfile فشل مثل هذا: إيربروغسم-ريسيفرسكربيثون. go. sh التقاط 941.8M112.cfile 112 0b باستخدام فولك آلة: avx64mmxorc مفتاح: 821600000000000000008217 التكوين: 82160B8217 التكوين تيسي: 0 كونفيغوريريسيفر غر :: العازلة :: ألوكاتيبوفر : تحذير: حاول تخصيص 115 من حجم 568. بسبب متطلبات المواءمة تم تخصيص 512. إذا كان هذا isn8217t موافق، والنظر في بادينغ هيكل الخاص بك إلى السلطة من اثنين من وحدات البايت. على هذا المنبر، دقة التوزيع لدينا هي 4096 بايت. sch. c: 260 إر: كونفديكود 11 sch. c: 260 إر: كونفديكود 11 sch. c: 260 إر: كونفديكود 10 sch. c: 260 إر: كونفديكود 11 sch. c: 260 إر: كونفديكود 12 sch. c: 260 إر: كونفديكود 11 sch. c: 260 إر: كونفديكود 11 sch. c: 260 إر: كونفديكود 10 8230. ولا يظهر أي شيء على ويريشارك. أسوأ إذا حاولت تشغيل: إيربروغسم-ريسيفرسركبيثون. gsmreceivertl. py - f 939.363M - c 0B تراسيباك (آخر مكالمة الأخيرة): ملف 8220.gsmreceivertl. py8221، السطر 16، من غنوراديو استيراد غر، غرو، إنغنوتاتيون، blks2 ، أوبتفير إمبورترور: لا يمكن استيراد اسم blks2 أحصل على هذا الخطأ بيثون. يبدو وكأنه لا يوجد تصحيح تطبيقها على وظيفة استيراد الثعبان المتعلقة غنوراديو 3.7 مشكلة مع الثعبان جدا (أوفتوبيك: الذهاب بعيدا سكريبتكيديس حلت المشكلة عن طريق تثبيت كالي 1.0.6 حيث غنوراديو 3.6.5 مثبتة مسبقا، ثم تحميلها و وقمت أيضا بتثبيت مكتبات رملسد أوسموكومب لجعل كاليبرات تعمل من خلال تشغيل القبض على الحية باستخدام غسم-تلقي أنا رفعت المكاسب إلى 52 وآخرون فويل 8230 20 ثانية في وقت لاحق غسم داتافلو تظهر على ويريشارك نصيحتي ليست لتثبيت غنوراديو 3.7 والحفاظ على العمل مع النسخة المثبتة مسبقا على غنوراديو على كالي لينكس 1.0.6 الآن الثابتة والعمل على أوبونتو للخطوة 1 أي تحديد تردد غسم بالضبط، يمكن للمرء أن يستخدم كال نفسها لتحديد تردد غسم (بدلا من عبر سدر أو غركس) طالما كنت تعرف الفرقة غسم (من السهل جدا) مثل كال - s 900 (مسح غسم الفرقة 900 لجميع إشارات غسم) الإخراج سوف يكون شيئا على غرار خطوط تشان: 1 (908.3MHz 8211 21.3243kHz) السلطة : xxxxx. xx تشان: 2 (909.5 ميجا هرتز 8211 22.1231kHz) الطاقة: xxxxx. xx تشان: 3 (907.2 ميجا هرتز 8211 20.3223 كيلو هرتز) السلطة: xxxxx. xx اختيار قناة الذي يظهر قيمة عالية الطاقة (أي. استقبال جيد) ترجمة التردد المقابل ل هز على سبيل المثال. على افتراض أن القناة 3 لها أعلى قيمة قدرة للقنوات المستقبلة 907.2 ميغاهرتز ستترجم إلى 907 200 000 هرتز تعديل التردد الخاص بك في gsmreceivertl. py إلى التردد المقابل على سبيل المثال. gsmreceivertl. py - s 1e6 - f 907200000 لست متأكدا مما إذا كان أي شخص آخر مشاكل تشغيل أبت-جيت تثبيت الأوامر، ولكن فعلت. انتهى بي الأمر إلى تثبيت مركز البرامج Ubuntu8217s وكان قادرا على البحث عن حزم مختلفة من خلال هناك. عندما حاولت تثبيت الحزم من خلال سطر الأوامر قال أكثر من نصف أنها لم تكن موجودة () مجرد التفكير I8217d حصة هذه النصيحة في حالة أي شخص لديه نفس المشكلة. كنت تستخدم كالي لينكس. كيفية تنفيذ ملف. patch سد ثيدركتوريكونتينينغثسورس التصحيح - p1 لوت mypatch. patch إذا كان هذا don39t العمل محاولة مع - p0 بدلا من - p1. مرحبا عندما أحاول أن يجمع إيربروب لفك رموز غسم مع راديو غنوراديو اتبع الخطوات، مشكلتي هي عندما تجميع غسم استقبال مع الأمر جعل، خطأ كوميت أحصل على واحد القادم: إنهاء إنهاء. جعل 5: cch. lo خطأ 1 جعل 5: سي بيع ديل ديرسيو هوموسواريدوكومنتوسدرايربروبيربروغسم-ريسيفرزركليبديكودر make4: كل-ريكورسيف إرور 1 make4: سي سيل ديل ديركتيو هوموسواري دوكومنتوسدرايربروبيربروغسم-ريسيفرزركليبديكودر make3: كل-ريكورسيف إرور 1 make3: سي سيل ديل ديركتيو هوموسواريدوكومنتوسدرايربروبيربوجسم-ريسيفرسركليب make2: آل-ريكورسيف إرور 1 جعل 2: سي بيع ديل ديرسيو هوموسواريدوكومنتوسدرايربروبيربروغسم-ريسيفرسرك make1: كل-ريكورسيف إرور 1 make1: سي سيل ديل ديركتيو هوموسواريدوكومنتوسدرايربروبيربروغسم-جعل المتلقي: كل خطأ 2 ثم عند محاولة اختبار التطبيق أحصل على خطأ آخر: تراسيباك (آخر مكالمة الأخيرة): ملف. gsmreceivertl. py، السطر 16، في من غنوراديو استيراد غر، غرو، إنغنوتاتيون، blks2، أوبتفير ملف usrlocallibpython2.7dist-packagesgnuradioblks2init. py، خط 37، في إيكسيك من gnuradio. blks2impl. s استيراد (f،) فيل، لين 1، إن فيل usrlocallibpython2.7dist-packagegnuradioblks2implpfbinterpolato r. py، خط 23، في من غنوراديو استيراد غر، أوبتفير ملف usrlocallibpython2.7dist-packagesgnuradiooptfir. py، خط 33، في ريميز gr. remez أتريبوتيرور: كائن وحدة لا يوجد لديه سمة ريميز لقد قمت بتثبيت كالي لينكس 1.06 جديد ولكن لا تعمل إيربروب لماذا يمكن لشخص مساعدتي الرجاء الخطأ ل كوميلينغ أيربروب لقد وجدت المشكلة يجب أن يتم تجميع مسار رت-سدر ثري مع. bootstrap و 8230. جعل و إيربروب فك غسم تسير مرحبا عندما أحاول استخدام 1e6 على معدل العينة ، أنا can8217t تغيير التردد أو تيمفن لحن إلى التردد الصحيح. الموجات الطيفية واسعة النطاق تتحرك بطيئة جدا أيضا أبيكتروم قناة موجات. كيف يمكن إصلاحه شكرا تحتاج المزيد من وحدة المعالجة المركزية السلطة. كان لي نفس المشكلة عندما كنت تستخدم جهاز الظاهري فموير، إضافة واحد أكثر وحدة المعالجة المركزية الأساسية في تكوين حل هذه المشكلة بالنسبة لي. أخذ العينات في الوقت الحقيقي يأخذ الكثير من قوة وحدة المعالجة المركزية. يا. I8217m تحاول تشغيله على معالج ذرة. أن 8217s سيئة. أعتقد أنني يمكن استخدام 8217t معدل سابل الأخرى. السبب يمكنني ضبط عندما أستخدم معدل العينة الافتراضي. شكرا البرنامج التعليمي مثيرة جدا للاهتمام هل من الممكن أن نرى عندما يقوم المستخدم نهاية الجهاز فتح وإغلاق بدب جلسات ل غرس مرحبا. لقد تثبيت غنوراديو-3.6.5.1 و إيربروب. أوكي غرامة العمل لدي البيانات انظر محطة بلدي وفك البيانات في نافذة ويريشارك بلدي ولكن أنا لا أسمع أي صوت. انا لا اعرف. fWhat should I do to hear sound. i must should install VMWare player or not. Please help me, thank you and best regards . no, it should act like that. also, how old are you Well, despite I could install airprobe with gnuradio 3.7 using the patch, I still couldn8217t decode any example file (tried with capture941.8M112.cfile and vfcall6a725d174g5Kc1EF00BAB3BAC7002). I get this: go. sh capture941.8M112.cfile 64 0b Using Volk machine: ssse332orc Key: 0000000000000000 Configuration: 0B Configuration TS: 0 configurereceiver gr::buffer::allocatebuffer: warning: tried to allocate 115 items of size 568. Due to alignment requirements 512 were allocated. If this isnt OK, consider padding your structure to a power-of-two bytes. On this platform, our allocation granularity is 4096 bytes. And nothing appears in wireshark. If I use other decimation ratios, for example 112: go. sh capture941.8M112.cfile 112 0b Using Volk machine: ssse332orc Key: 821600000000000000008217 Configuration: 82160B8217 Configuration TS: 0 configurereceiver gr::buffer::allocatebuffer: warning: tried to allocate 115 items of size 568. Due to alignment requirements 512 were allocated. If this isn8217t OK, consider padding your structure to a power-of-two bytes. On this platform, our allocation granularity is 4096 bytes. sch. c:260 ERR: convdecode 11 sch. c:260 ERR: convdecode 11 sch. c:260 ERR: convdecode 11 8230 Any ideas Thanks Hi, I8217m having a problem very similar to OI. When I run:.go. sh capture941.8M112.cfile I get: Traceback (most recent call last): File 8220.gsmreceive. py8221, line 15, in import gsm File 8220..libgsm. py8221, line 26, in gsm swigimporthelper() File 8220..libgsm. py8221, line 18, in swigimporthelper import gsm ImportError. lib. libsgsm. so: undefined symbol: Z14grfastatan2fff I8217ve seen the comment from Andy, but my libfftw3-dev package is in its most recent version. Any ideas Thanks Sorry, I hadn8217t noticed that my problem could be related with the gnuradio version. I tryed with the neeo patch, and now it seems to work. Thanks I8217ve made a patch to make gsm-receiver (from gnumonks airprobe) compatible with gnuradio gt 3.7. it is a little bit hacky im some places, but it works for me you can get it here: i8217ve also created a new version of grc file, that can be loaded in gnuradio-companion (grc) 3.7 Could you please provide the patch in a way that does not require an EXE file to download You could create a fork of the code on github for example (or e-mail the patch to me so I can host it, my email is linked from my homepage). No need to use their executable downloader8230 just click the filename at the top of the page and it will download normally with the browser. Nice one neeo, but how did you get past the error concerning gnuradio-core, since it was removed in 3.7 you must have solved this problem as well This happens when you try to run the. configure script. Errors like this: checking for GNURADIOCORE. configure: error: Package requirements (gnuradio-core gt 3) were not met: No package gnuradio-core found Consider adjusting the PKGCONFIGPATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables GNURADIOCORECFLAGS and GNURADIOCORELIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. And suddenly it worked, after running bootstrap again When I install gsm-receiver of airprobe, the error occurred. How to fix this: In file included from GSMCommon. h:34:0, from GSMCommon. cpp:23:.Timeval. h: In function 8216void msleep(long int)8217:.Timeval. h:32:49: error: 8216usleep8217 was not declared in this scope In file included from GSMCommon. cpp:23:0: GSMCommon. h: In function 8216void GSM::sleepFrames(unsigned int)8217: GSMCommon. h:62:36: error: 8216usleep8217 was not declared in this scope GSMCommon. h: In function 8216void GSM::sleepFrame()8217: GSMCommon. h:66:29: error: 8216usleep8217 was not declared in this scope make5: GSMCommon. lo error 1 make5: Leaving directory rootairprobegsm-receiversrclibdecoderopenbtsstuff8217 make4: all-recursive error 1 make4: Leaving directory rootairprobegsm-receiversrclibdecoder8217 make3: all-recursive error 1 make3: Leaving directory rootairprobegsm-receiversrclib8217 make2: all-recursive error 1 make2: Leaving directory rootairprobegsm - receiversrc8217 make1: all-recursive error 1 make1: Leaving directory rootairprobegsm-receiver8217 make: all error 2 Has anyone used Kraken I have it installed on my machine with tables and I8217m not sure how to point or configure Kraken or findkc toward the tables on the HD. I8217m a rather new Linux user. I get an error i don. t understand. im using latest version of debian : gsmreceivertl. py linux GNU C version 4.7.2 Boost104900 UHD003.006.002-1-g8f0f045c gr-osmosdr v0.0.2-42-g86ecf305 (0.0.3git) gnuradio 3.6.5.1 built-in source types: file fcd rtl rtltcp uhd hackrf bladerf netsdr Using device 0 Realtek RTL2838UHIDIR SN: 00000001 Found Rafael Micro R820T tuner sample rate: 1800000 gtgtgt grfirccc: using SSE gtgtgt grfirccf: using SSE Key: 8216ad6a3ec2b442e4008217 Configuration: 82160B8217 Configuration TS: 0 configurereceiver Using Volk machine: sse4264orc The program 8216python8217 received an X Window System error. This probably reflects a bug in the program. The error was 8216BadWindow (invalid Window parameter)8217. (Details: serial 629 errorcode 3 requestcode 137 minorcode 4) (Note to programmers: normally, X errors are reported asynchronously that is, you will receive the error a while after causing it. To debug your program, run it with the 8211sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdkxerror() function.) For those of you in the states, have any of you guys had any luck with this Our possible ranges leave only 1 of the 4 bands usable if using the RTL SDR seeing as the max range is 1700 (GSM for the states for ATampT and T-Mobile are within 850, 1700, 1900, and 2100 I believe). Therefore, I have only been able to attempt 850mhz band, but with no such luck. I am currently using a simple TV Antenna. Given the comments for this article, even the stock antenna that comes with the RTL SDR can pick this up. Any thoughts as to what I may be doing wrong I think that once I find a non-hopping signal, I will be set. In the meantime, I can only find MOTORBO signals within this range. Thank you so much for the tutorial As soon as I finished reading it, I went out and bought the Terratec E4000. Unfortunately, I am having the same troubles as some of the others. After I installed Airprobe, I got this error message: sdrairprobegsm-receiversrcpython. go. sh capture941.8M112.cfile Traceback (most recent call last): File 8220.gsmreceive. py8221, line 3, in from gnuradio import gr, gru, blks2 ImportError: cannot import name blks2 I even tried removing the GNURadio that comes with Kali, and instead installed it in the fashion described in the video-tutorial in your post. But nothing seems to work. I tried googling the problem, and have now spent several days trying to figure it out 8211 unfortunately without any luck. I hope someone can help me with this problem. Hi, I have installed the gnuradio 3.7. But when I tried to install gsm-receiver after step 8220.configure8221, I got a error like this 8220Package requirements (gnuradio-core gt 3) were not met8221. I googled the problem. It seems the new version gnuradio is not compatible with the airprobe. Do you have any ideal to fix it Many Thanks Great tutorial8230the clearest yet I did have to download many dependencies on my fresh install of Kali in order to install gsm-receiver but now it installed correctly. When I try to run gsmreceivertl. py I get the following errors: linux GNU C version 4.7.2 Boost104900 UHD003.005.003-0-unknown gr-osmosdr v0.0.x-xxx-xunknown (0.0.3git) gnuradio 3.6.5.1 built-in source types: file fcd rtl rtltcp uhd hackrf FATAL: Failed to open HackRF device (-5) HACKRFERRORNOTFOUND Trying to fill up 1 missing channel(s) with gaussian noise. This is being done to prevent the application from crashing due to a gnuradio bug. The maintainers have been informed. sample rate: 0 Traceback (most recent call last): File 8220.gsmreceivertl. py8221, line 230, in tb topblock() File 8220.gsmreceivertl. py8221, line 85, in init taps gr. firdes. lowpass(1.0, samplerate, 145e3, 10e3, gr. firdes. WINHANN) File 8220usrlibpython2.7dist-packagesgnuradiogrgnuradiocoregeneral. py8221, line 9493, in lowpass return gnuradiocoregeneral. firdeslowpass(args, kwargs) IndexError: grfirdes check failed: samplingfreq gt 0 any idea what this is Attached rtl2832-cfile. grc does not work in modern version of gnuradio. Trying in v3.7 gives a lot of errors. I know that asking for a port maybe asking too much. Could at least a picture of the schematic be posted This is Ajay here, When I use. go. sh with the downloaded cfile, everything is fine. When I make my own cfile using usrpgnuradioairprobe. gsmscan. py - pe - re - d174 - c643 I get the cfile but the decode does not happen using. go. sh. Can anyone help me with how to capture a valid cfile using USRPGNURADIO. I have been trying for a long time, pls help. Install Kali and simple run a script as root from root folder: apt-get - y install git-core autoconf automake libtool g python-dev swig libpcap0.8-dev apt-get install gnuradio gnuradio-dev cmake git libboost-all-dev libusb-1.0-0 libusb-1.0-0-dev libfftw3-dev swig python-numpy git clone git:git. osmocom. orglibosmocore. git cd libosmocore autoreconf - i. configure make sudo make install sudo ldconfig git clone git:git. gnumonks. orgairprobe. git cd airprobegsmdecode. bootstrap. configure make cd airprobegsm-receiver. bootstrap. configure make how change ip in wireshark to 10.0.0.016 Hi, I8217m a Noob here. Running. go. sh capture941.8M112.cfile 112 1S on the cfile mentioned in the tutorial shows SI 5 amp 6 frames. However, I8217ve been unsuccessful in getting similar data off a live transmission and was hoping someone here could point me in the right direction. My beacon is on ARFCN 22 and here8217s what I8217ve done so far: 1).gsmreceivertl. py - f 939.363M - c 0B I see BCCH data with 2 different kinds of Immediate Assignments in Wireshark. Here8217s a brief excerpt 821282128211 SDCCH8 SACCHC8 or CBCH (SDCCH8), Subchannel 4 Timeslot: 2 Hopping channel: No Single channel. ARFCN 22 821282128211 Spare bits (ignored by receiver) Timeslot: 4 Hopping channel: Yes Hopping channel: MAIO 6 Hopping channel: HSN 38 821282128211 2) Since the Immediate Assignments to TS2 were frequent, I was hoping that monitoring TS2 on ARFCN 22 would show pre-encryption SI 5 and SI 6 frames. I ran the following command:.gsmreceivertl. py - f 939.363M - c 2S I do not see any output at all in Wireshark while I do see encrypted frames on the gsmreceive window. I tried config 2C and setting the sampling rate to 1MHz but I still cannot see anything in Wireshark. What am I missing Needed to force the key to 0 to get it to work. gsmreceivertl. py - f 939.363M - c 2S - k 822000 00 00 00 00 00 00 008221 Hi there, Just posted about decrypting the data captured on my blog, thought it might be interesting for you too t. coatlCy8ykqg finaly i am able to run it in new Kali linux (version 1.0.5), For those who getting error when compilingmake 8220gsm-receiver8221,this is beacuse of the missing dependencies with gnuradio installed in kali run this command to fix it. sudo apt-get install gnuradio gnuradio-dev cmake git libboost-all-dev libusb-1.0-0 libusb-1.0-0-dev libfftw3-dev swig python-numpy then try compile airprobe FYI: tried this tutorial in ubuntu 13.04 but failed, worked fine in Kali linux (version 1.0.5) Thanks for this, I havn8217t had a chance to try airprobe on the new Kali yet, so this will save some time. correction, airprobe is not pre-installed in kali Thanks for the correction, not sure why I thought that. I am trying to compile airprobe to decode GSM signals with gnuradio radio and wireshark following the steps, the problem is when I compile the gsm-receiver with the command make, the error I get is the next one: compilation terminated. make5: cch. lo Error 1 make5: se sale del directorio homeusuariDocumentosSDRairprobeairprobegsm-receiversrclibdecoder make4: all-recursive Error 1 make4: se sale del directorio homeusuariDocumentosSDRairprobeairprobegsm-receiversrclibdecoder make3: all-recursive Error 1 make3: se sale del directorio homeusuariDocumentosSDRairprobeairprobegsm-receiversrclib make2: all-recursive Error 1 make2: se sale del directorio homeusuariDocumentosSDRairprobeairprobegsm-receiversrc make1: all-recursive Error 1 make1: se sale del directorio homeusuariDocumentosSDRairprobeairprobegsm-receiver make: all Error 2 And then when I try to test the application i get another error: Traceback (most recent call last): File 8220.gsmreceivertl. py8221, line 16, in from gnuradio import gr, gru, engnotation, blks2, optfir File 8220usrlocallibpython2.7dist-packagesgnuradioblks2init. py8221, line 37, in exec 8220from gnuradio. blks2impl. s import 8221 (f,) File 82208221, line 1, in File 8220usrlocallibpython2.7dist-pac kagesgnuradioblks2implpfbinterpolator. py8221, line 23, in from gnuradio import gr, optfir File 8220usrlocallibpython2.7dist-packagesgnuradiooptfir. py8221, line 33, in remez gr. remez AttributeError: 8216module8217 object has no attribute 8216remez8217 I think that the problem comes from some kind of version incompatibility of python but I8217m not sure, can someone help me please Hi I8217m newby at this. Please, help. After execute a gsmreceive. py I have error: airprobegsm-receiversrcpython. gsmreceive. py Traceback (most recent call last): File 8220.gsmreceive. py8221, line 12, in import gsm File 8220..libgsm. py8221, line 26, in gsm swigimporthelper() File 8220..libgsm. py8221, line 18, in swigimporthelper import gsm ImportError. lib. libsgsm. so: undefined symbol: ZTI8grblock Sorry I don8217t know what could be wrong here, maybe someone else can help I encountered the same error on Kali Linux. The reason is, that the shared object (gsm. o) doesn8217t get correctly linked against gnuradio-core. so, because pkg-config fails during the build. It fails, because gnuradio-core depends on the package 8220fftw3f8221 which is installed in binary form, because otherwise gnuradio woulndn8217t work, but the - dev package is mising. Long story short: Install the missing package (apt-get install libfftw3-dev) and rebuild the gsm-receiver. Then it works. It doesn8217t work8230 (I use kali 1.0.5) Hey, thanks for the excellent article. So I8217ve gotten up to the point of actually trying to do a live capture with wireshark, but for some reason, when I run gsmreceivertl. py, I get an error where each parse of a packet should be. It looks like this: sch. c:260 ERR: convdecode 12 The number seems to vary between 9 and 12. Any idea how to fix this Did you set the - s flag to make the bandwidth 1MHz I get this error too sometimes, usually it8217s because the GSM peak isn8217t perfectly centered, or I haven8217t clicked on the peak center perfectly. Also poor reception might cause it. In one of Domi8217s comments below he says that he used kalibrate to get a clock offset figure which allowed him to tune to the signal much more accurately to get around that error, you might want to try that too. Great tutorial, I have several questions though: 1) By using kalibrate I can correctly get 90 of all gsm downlink traffic for 20 seconds or so in wireshark, then I get a parity bit error for 10 seconds followed by around 15 seconds of ERR: convdecode 11 and lastly a bunch of 08217s, any idea what can cause this I am guessing either my antennae gets offset or I get offset on my packages. 2) I can see uplink traffic with SDR but when I try to sniff it with airprobe I get absolutely nothing in wireshark, not even any error messages. Any ideas Thanks for any help you can give. I plan on trying to run uplink and downlink sniffing at the same time and will let you know my results. (using 2 dongles) I think I can answer you since I have been down the same road. 1. I think you need to wait for the dongle to warm up (as admin said), and keep re-kalibrating it. It is actually quite random, sometimes I get the full traffic even when I use the exact value coming from arfcncalc, sometimes I need to calibrate. I think this is because my error (28-30kHz) is still in the width of a GSM channel (200 kHz). The parity errors could be ignored it means the traffic you tried to de-modulate and decode is encrypted. The ERRCONV messages mean that you are not well calibrated, sometimes if you wait they disappear as the dongle gets in tact. The 0s mean that you are so off from the frequency that airprobe couldn8217t even find anything that looks like GSM so it just prints it the bits it finds. 2. There is no uplink support at all in airprobe. There was a little demonstration at one of the conferences but the code was never released. You can find some gitHUB repos claiming their airprobe is down and uplink compatible, but they don8217t work. According to a comment in the code 8220uplink can8217t be decoded the way currently gsm-receive works8221. Everybidy switched to osmocomBB therefore no more code is written for SDRs. I asked Dieter Spaar who presented uplink sniffing but he said the code is private and dirty so he will never release it. I was also thinking about doing uplink and downlink simultaniously but it appears that for some reason you need to sync the two dongles for good results, so I decided to put this aside as it is a lot more complicated than I thought. Thanks for the info Domi, I hope it will save some people some time. Does airprobe work on ubuntu or it is only for kali linux Which version of ubuntu will be most suitable for airprobe As i m using ubuntu 10.04.4 Did you try it for uplink traffic as well. As far as I know, it isn8217t possible to monitor uplink traffic at the moment. Someone correct me if i8217m wrong. EDIT: In this video at 32 minutes in they show a demo of uplink traffic monitoring, but I think you need to monitor down downlink and uplink at the same time, which only the USRP can do. Maybe it is possible with two RTLs though8230 I haven8217t tried it yet, but it should be possible 8211 uplink is just a different frequency, but uses the same kind of data-structure as far as I know, so it shuld be possible to demodulate and analyze it using the same tools. It is totally possible, just need some computing power to be able to work with both sticks. The program arfncalc can give you the uplink frequency as well as the downlink. I will look into this stuff in the coming days and will post some results to my blog. Nice blog, you seem knowledgeable about GSM. I8217ll keep an eye on your work. Hi, I have one issue that kind of bothers me: I tune my rtl-sdr to the right frequency 8211 I use arfcn-calc and an old Nokia 3310 in network monitor mode so I know what is the the phone8217s tower8217s ARFCN so I know the frequency 8211 but I don8217t always get data, most of the time I get sch. c:260 ERR: convdecode 11 and similar messages. After that I decided to do a little calibration with kalibrate-rtl. It showed me an average of 24 kHz offset, so I subtracted around 24 000 from the frequency arfcncalc told me and now I am tresting this setup. It seems that it still starts with the ERR-messages, but after some seconds it actually starts to output GSM-data as expected. Now my question is: since I am very new to radios and SDR especially is what I did with calibrating and changing the frequency manually correct (at least in theory) Should I try to move closer to the tower My phone shows around -59 dBi signal. Thank you Hi, yes what you did is correct, usually you8217d use the PPM offset value, but gsmreceivertl. py doesn8217t seem to have that option. Remember the dongle takes time to warm up and stabilize, and during that time the frequency offset can change, so make sure you run Kalibrate after the dongle has been running for a few minutes. Also, if the signal isn8217t perfectly centered you can tune around with the mouse by clicking on the GSM peak middle. I get those errors sometimes too and i8217m not sure why, but it could be signal strength related. Hi, great article, thank you for posting it. What kind of antenna did you use for this Hi, thanks. I used a roof mounted J-Pole. But GSM signals are usually quite strong so even the stock rtl-sdr antenna should pick up GSM decently assuming you have a GSM cell tower near you. Oh, great I already ordered an RTL-SDR from eBay, so I am just waiting for the mailman to bring it. I am really interested about decrypting actual data, found this video which I think could be applied to RTL-SDR, what do you think youtubewatchv0hjn-BP8nro Hi, yes the video is applicable, the USRP and RTL-SDR should be pretty much interchangeable. Nice tutorial. I could capture control data without any problem. But how to capture encrypted content. It should be possible to capture encrypted data even without decrypting. Cant find much info except USRP. I don8217t know much about the encryption stuff, but are you talking about capturing a cfile I wasn8217t able to find a way to get airprobe to do it with the rtl-sdr. But it should be possible using GNURadio. sdr. osmocom. orgtracwikirtl-sdrUsingthedata Great instruction Thanks But I have a question. I trying to get burst data for kraken (magic 114 bits). I use osmocombb motorola C123. I8217m able to see receiving data in wireshark. But how to convert this captured data into necessary format Thanks in advance To be honest I haven8217t looked into the encryption side of things yet. Your best bet for help is probably on the srlabs A51 mailing list lists. srlabs. decgi-binmailmanlistinfoa51. Some people on IRC might also be able to help. Ask around on the freenode server, channel rtlsdr. I8217ve been trying to hunt down a GSM frequency to try this out. I can8217t seem to find one though. I browsed 900Mhz-1000Mhz, nothing that looked like data. Any tips in using the FCC website for looking it up I imagine there is a better way than me browsing around randomly. Keep up these great tutorials Sorry, I almost forgot that the USA uses slightly different frequencies. Try searching from 850 MHz. Theres a good worldwide list of the bands used here. worldtimezonegsm. html This is also useful for finding exact frequencies. cellmapperarfcn. If you dont know your own cells ARFCN number, look here in the table for the range of valid values for your GSM band. en. wikipedia. orgwikiAbsoluteradio-frequencychannelnumber Thanks, I8217ll check those out. I also found this while I was searching: githubEvrytaniaLTE-Cell-Scanner It allows you to locate and track LTE basestations. May be cool for your next article. Nice LTE scanner link. I can8217t really use it yet as there are no LTE signals in my country until next year. There is a test signal around, but I have no idea what part of the spectrum it is in EDIT: Just realized there are LTE signals around, but they8217re all in the 1.8 GHz region. hey. i have gnuradio 3.6.5 installed on ubuntu 12.04..i m trying to install airprobe. everything works fine according to this tutorial till the point i try to make gsm receiver8230 i got the following error usrbinld: i386 architecture of input file decoder. libslibdecoder. a(GSM660Tables. o)8217 is incompatible with i386:x86-64 output collect2: ld returned 1 exit status make4: gsm. la Error 1 make4: Leaving directory homeaairprobegsm-receiversrclib8217 make3: all-recursive Error 1 make3: Leaving directory homeaairprobegsm-receiversrclib8217 make2: all-recursive Error 1 make2: Leaving directory homeaairprobegsm-receiversrc8217 make1: all-recursive Error 1 make1: Leaving directory homeaairprobegsm-receiver8217 make: all Error 2 i m not sure about what this error is. when i try to run gsmreceive. py file it again give an error which is probably due to the incomplete installation Traceback (most recent call last): File 8220.gsmreceive. py8221, line 12, in import gsm File 8220..libgsm. py8221, line 26, in gsm swigimporthelper() File 8220..libgsm. py8221, line 18, in swigimporthelper import gsm ImportError: No module named gsm is there anybody who can help me with this problem. thanx in advance, regards ali Post a comment Cancel replyRtlfm is a little utility I wrote for the rtl-sdr project. The program was made to fill a gap in software defined radio: all the computers weaker than a Pentium 4. Basically, an Atom processor processor does not have enough oomph to demodulate something as simple as narrow band FM using the standard tools. (Recently a high performance FM demodulator was released, Simple FM but it works only passably on newer Atoms.) So rtlfm was written with one goal, efficiency, in mind. Atom processor processor The very first version ran with plenty of cycles to space. As an unexpected bonus, it ended up being efficient enough to easily run on small ARM boards such as the Raspberry Pi. GnuRadio is a really great program easily worth a thousand bucks. But it was designed to run on 500 computers with 500 SDR hardware. Where as this is made for 20 SDRs plugged into 20 computers. More powerful windows and OSX machines can easily handle several instances of rtlfm at once. cycles to space should be cycles to spare. Rtlfm is a general purpose analog demodulator. It can handle FM, AM and SSB. It can scan more than a hundred frequencies a second. For digital modes, piping the audio into multimon-ng works very well. On a Raspberry Pi, rtlfm multimon uses just over half of the CPU. If you are interested in ADS-B decoding, check out the rtladsb utility. It uses only 6 CPU on a Raspberry Pi and can run on targets as small and adorable as a 16MB TL-R703N. If you are using Arch Linux, Ive already packaged these tools for you and you can install them with pacman - S rtl-sdr. If you need something more specific, feel free to send me an email. Throughout this guide, Ill be using Sox s play command to play the audio. This is because Sox works on Linux, OSX, Windows and pretty much anything else you can run a compiler on. (If you are using Windows, rename the sox binary to play first.) Sox will automatically resample the audio to keep your soundcard happy and can apply denoising filters to keep your ears happy. If you want to run closer to the metal, feel free to use the utilities provided by Alsa or OSS or Pulse. But I wont be talking about them in this guide. My configuration (R820T) is. usrlocalbinrtlfm - f freq -.Last updated: 2016-12-07 - R820T2 Register Descriptions RTL-SDR and GNU Radio with Realtek RTL2832U Elonics E4000Raphael Micro R820T software defined radio receivers. Originally meant for television reception and streaming the discovery and exploitation of the separate raw mode used in FM reception was perhaps first noticed by Eric Fry in March of 2010 and then expanded upon by Antti Palosaari in Feb 2012 who found that these devices can output unsigned 8bit IQ samples at high rates. أم لا. Who knows A lot of people other people have helped build it up from there. rtlsdr as we know it today was created by the osmocom people in the form of rtl-sdr and osmoSDR , librtlsdr - contains the major part of the driver rtlsdr, rtltcp, rtltest, etc - command line capture tools and utilities gr-osmosdr - gnuradio compatible module and a bunch of other stuff. keenerd is the author of many other rtl tools: rtlfm, rtlpower (heatmap. py), rtladsb and code changes accepted into the mainline. patchvonbraun is the author and maintainer of the build-gnuradio script that made it easy for me, and multitudes of others, to get started with rtlsdr under GNU Radio. rtl-sdr has the latest news and tutorials. rtlsdr. org has a clear introduction too. RF, DSP, and USB details The dongles with an E4000 tuner can range between 54-2147 MHz (in my experience) with a gap over 1100-1250 MHz in general. The R820T and R820T2 go from 24-1760 MHz (but with reduced performance above 1500 MHz). The R820T dongles use a 3.57 MHz or 4.57 MHz intermediate frequency (IF) while the E4000s use a Zero-IF. For both kinds the tuner error is 30 -20 PPM, relatively stable once warmed up, and stable from day to day for a given dongle. All of the antenna inputs are 75 Ohm impedance. The dynamic range for most dongles is around 45 dB. The sensitivity is somewhere around -110 dBm typically. The highest safe sample rate is 2.56 MSs but in some situations up to 3.2 MSs works without USB dropping samples (RTL2832U drops them internally). Because the devices use complex sampling (IQ) the sample rate is equal to the bandwidth instead of just half of it. For the data transfer mode USB 2 is required, 1.1 wont work. Antti Palosaaris measurements show the R820T use 300mA of 5v USB power while the E4000 devices use only 170mA. You can cut the leads to the LED to drop usage The rtlsdr dongles use a phased locked loop based synthesizer to produce the local oscillator required by the quadrature mixer. The quadrature mixer produces a complex-baseband output where the signal spans from - bandwidth2 to bandwidth2 and bandwidth is the analog bandwidth of the mixer output stages. (Datasheets. general ref: Quadrature Signals: Complex, But Not Complicated by Richard Lyons) This is complex-sampled (I and Q) by the ADC. The Sigma-Delta ADC samples at some high rate but low precision. From this a 28.8 Msps stream at 8 bits is produced. That can be resampled inside the RTL2832U to present whatever sample rate is desired to the host PC. This resampled output can be up to 3.2 MSs but 2.56 MSs is the max recommended to avoid losing samples. The minimum resampled output is 0.5 MSs. Check this reddit thread for caveats and details. The actual output is interleaved so one byte I, then one byte Q with no header or metadata (timestamps). The samples themselves are unsigned and you subtract 127 from them to get their actual value. Youll almost certainly notice a stable spike around DC. Its from either the 1f noise of the electronics or if its a Zero-IF tuner (E4000) the LO beating with itself in the mixer. Popular software My favorite way to explore the spectrum is using rtlpower to do very wideband multi-day surveys. For general use SDR is probably the best application for windows with secondary mono-based linux and Mac support. I normally use Gqrx but it requires GNU Radio dependencies. Luckily there are Linux and OS X native binaries packages with all dependencies (ie, gnuradio) these days. For doing diagnostic and low signal level work Linrad is full featured and fast. osmocomfft comes with GNU Radio module gr-osmosdr and is the natural and best way to use gr-fosphor a GPU accelerated display. multimode has a very full and configurable GUI (it works great with GPU accelerated displays like gr-fosphor). For command line and low power devices try keenerds rtlfm. Assuming youre on linux, but applicable in general, do not use the OS DVB drivers. Those are for the DVB-T mode and not the debug mode that outputs raw samples. Linux 3.x kernel should check with lsmod grep dvbusbrtl28xxu and if found at least sudo modprobe - r dvbusbrtl28xxu to unload it. While the sampling bandwidth is only 2.56 MHz the frequency can be re-tuned up to 40 times a second. With frequency hopping you can survey very large bandwidths. See tholins annotated 24 hour rtlpower spectrogram. Below is a zoomable 3720031008 pixel 5 day long spectrogram I made using rtlpowers FFT mode and heatmap. py. It starts very far zoomed out. It might load a bit slow too. (view full window ) This page is mostly just notes to myself on how to use rtlsdrs core applications, 3rd party stuff using librtlsdr and wrappers for it, and lots on using the gr-osmosdr source in GNU Radio and GNU Radio Companion. This isnt a blog, dont read it sequentially, just search for terms of interest or use the topics menu. For realtime support on the same topics try Freenode IRCs rtlsdr and reddits rrtlsdr. These days for most people doing most things you want to get an dongle with an R820T2 tuner. Theyll come with MCX coaxial connectors. On sites like eBay shipping from China the average price is about 10 shipped. These work fine for most things. At a bit higher price of 20 some come with improvements like SMA or F connectors, metal cases and heatsinks on the tuner for stability above 1500 MHz, temperature controlled crystal oscillators, extra breakouts on the PCB, and the like. I bought two E4000 based rtlsdr usb dongles for 20 each in early 2012. Then many months later I bought two more R820T tuner based dongles for 11 each. Theres photos of the E4ks up at the top of the page and of an R820T based dongle in the mini format off to the left (most minis do not have eeproms for device ID). It and the Newsky E4k dongle up top are MCX. Back in 2012 some of the cheaper dongles occasionally miss protection diodes but that is no longer an issue. The antenna connector on the E4k ezcap up top is IEC-169-2, Belling-Lee. I usually replace it with an F-connector or use a PAL Male to F-Connector Female. F to MCX for the other style dongles. The default design has the tuner taking 75 Ohm so thats what they all are except SMA. Only three tuners are very desirable at this time. The Elonics E4000 and the Raphael Micro R820TR820T2. In general they are of equal performance but the sticks with R820T2 chips are easy to find, cheaper ( 10 USD), and they have a smaller DC spike due to the use of a non-zero intermediate frequency but must have cooling for the tuner to PLL lock above 1500 MHz or so. The E4K is better for high end (gt1.7GHz) while the R820T can tune down to 13 MHz without any hardware mods (mutabilitys driver). The tuners themselves are set up and retuned with I2C commands. E4000 tuners used to re-tune twice as fast as R820T tuners, but this was fixed in keenerds experimental branch where R820T actually tune a tiny bit faster than the E4Ks. These changes were later adopted by the main rtlsdr. Re-tune speed But that was the old days when rtlsdr sticks re-tuned relatively slowly. As time passed re-tuning speed has been increased by clean-ups in code and specifically keenerds changes so the tuner doesnt wait nearly as long for the pll to settle. More recently tejeezs mod made the re-tuning even faster by updating all the changed registers for a re-tune in one r82xxwrite I2C call. With this done you can re-tune at rates of up to 41() hops per second a 2x improvement over then-existing drivers. Since then all of these re-tuning changes have been incorporated into the main rtlsdr. Further massive speed-ups can be had at the cost of pretty much all reliability. By not waiting for PLL lock at all and always leaving the i2c repeater register enabled tejeez reports retuning speeds of up to 300 jumps per second are possible. Tuning range As of Aug. 2014 a handful of people have found ways to extend the r820t frequency range as well. Initially thought to top out at 1700 MHZ the R820T driver has has re-written to tune from 22 to 1870() MHz. While efforts have been made to extend the lower range as well, with the PLL seeming to lock down to 8 MHz in some cases, this range turns out to be full of images and repeats of the higher frequency range. A later effort with the addition of driver tweaks to the RTL2832 downconverter pushed the low end down to After tejeez worked out the no-mod HF reception a couple people have noted that the tuners with fc0013 receive HF even better than the R820T board designs. So if you have one of those laying around you might want to try HF with it. Gain settings The E4K has settings for LNA (-5..25dB), mixer (4 or 12dB) and total of 6 IF gain stages with various gains allowing for 1dB steps between 3 and 57dB. The software only deals with LNA and mixer gain and not independently. IF gain can be set through the API. R820T also has LNA, mixer and IF gain settings - the exact steps are not known. The numbers in the library code are through measuring the gain at a fixed frequency. That gave 0..33dB for the LNA, 0..16dB for the mixer and -4.7..40.8dB for the IF gain. The current library does not expose these settings through an API, only LNA and mixer are set through some algorithm. IF gain is set to a fixed value. bofh gives more detail about the R820T step size, The mixer gain step is 1dB (matches the empirical data passably, but not great) and the IFVGA gain step is 3.5dB (matches mine basically dead-on). LNA gain step is not mentioned, all it says is 1111 - max, 0000 - min Frequency error All of the dongles have significant frequency offsets from reality that can be measured and corrected at runtime. My ezcap with E4000 tuner has a frequency offset of about 57 PPM from reality as determined by checking against a local 751 Mhz LTE cell using LTE Cell Scanner. Heres a plot of frequency offsets in PPM over a week. The major component of variation in time is ambient temperature. With the R820T tuner dongle after correctly for I have has a -17 Khz offset at GSM frequencies or -35 ppm absolute after applying a 50 ppm initial error correction. When using kalibrate for this the initial frequency error is often too large and the FCCH peak might be outside the sampled 200 KHz bandwidth. This requires passing an initial ppm error parameter (from LTE scanner) - e. Another tool for checking frequency corrections is keenerds version of rtltest which uses (I think) ntp and system clock to estimate it rather than cell phone basestation broadcasts. Also very cool is the MIT Haystack people switching to rtlsdr dongles (pdf) for their SRT and VSRT telescope designs, Use of DVB-T RTL2832U dongle with Rafael R820T tuner (pdf). The first of these characterizes the drift of the R820T clock and gain over time as well as a calibration routine. As of 2015 there are a number of SDR-enthusiast targeting dongles produced with temperature controlled oscillators (TXCO) that run at less than 1 PPM with no start-up drift. R820T2 variant I recently (06-15-2014) found out from prog (of SDR and airspy) that there are actually two different versions of the R820T tuner. The normal one and the R820T2. The T2 has different intermediate frequency filters allowing for wider IF bandwidths and apparently slightly better sensitivity (a few dB lower noise floor). For rtlsdr dongles this difference in IF filter bandwidth usually doesnt matter much since all of them are larger than the RTL2832Us debugSDR mode bandwidth of 3 MHz. But there are certain situations where a larger tuner bandwidth is advantageous: such as when using Jowetts HF tuning mod. As of Sept. 2014 some of the new R820T2 have been showing up in Terratec E4000 upgrade model sticks. But dont count on it. I bought one from ebay seller smallpartsbigdifference which had a photo showing an R820T2 and it was just an R820T. Since 2015 R820T2 have become far more available. Heres a pdf with the R820T2 Register Descriptions . R820T2 IF Filter Settings In Feburary 2015 Leif sm5bsz (of linrad) relased a modified librtlsdr with changes to the rtlsdr R820T tuner code to allow for finer grained control over IF filter settings. The IF filter which actually is a low pass filter and a high pass filter can be set for a bandwidth of 300 kHz. Dynamic range increases by something like 30 dB for the second next channel 400 kHz away. It is also possible to get some more improvement by changing the gain distribution. Following this gat3ways patched gr-osmosdr and Vasilirus SDR driver were released. gat3way made the IF filter width variable from within gqrx by presenting it as a gain value. Vasilis rtlsdr SDR driver also moves the SDR decimation normally applied during demodulation to the front of the IQ stream. This gives better dynamic range for the visual FFT but demodulated quality is not changed. So far this is all experimental but expect it to be brought mainline on both sides soon. keenerds experimental branch automatically set IF filter width based on sample rate but had not exposed them as manually set values. R828D variant In late 2013 Astrometra DVB-T2 dongles with the R828D tuner ( pic ) paired RTL2832U have begun to appear (2 ). The DVB-T2 stuff is done by a separate Panasonic chip on the same I2C bus. merbanan wrote a set of patches, rtl-astrometa. for librtlsdr has better support these tuners. The performance hasnt been characterized but it at least works for broadcast wide FM via SDR. stevems preliminary testing suggests bad performance in the form of the crystal for the DVB-T2 demodulator leaking fixed spurs 25 dB above noise floor in the IF at approximately 196 and -820 KHz. He was able to mitigate these with the hardware mod of removing the crystal for the DVB-T2 chip (ref ). Official support was added to the rtl-sdr on Nov 5th while testing support was added on Nov 4th . Double FC0013 tuner PCI DVB card randomsdr reported on Freenode rtlsdr IRC on 2015-09-03 that the Leadtek Winfast DTV2000DS PLUS pci card has 2x FC0013 tuners and 2x rtl2832u chips like 2 normal rtlsdr dongles. Performance is not good but tools like rtlfm work if the VIDPID is added to the rtlsdr driver table and udev rules set. It isnt recommended except as a novelty. E4000 datasheet All the ones that are documented in the DS are explainedin the driver header file. And the rest, the datasheet call them Ctrl2: Write 0x20 there and no more details R820T original, support, etc 2012-09-07: Experimental support for dongles with the Rafael Micro R820T tuner that started appearing in May has been added to rtl-sdr source base by stevem. These tuners cover 24 MHz to 1766 MHz. They also dont have the DC spike caused by the IQ imbalance since they use a different, non-zero, IF. On the other hand, they might have image aliasing due to being superheterodine receivers. See stevems tuner comparisons. On 2012-09-20 the R820T datasheet was leaked to the ultra-cheap-sdr mailing list. The R820T2 Register Description pdf was provided by luigi tarenga to the ultra cheap sdr mailing list after he received it from RafaelMicro. The official range is 42-1002 Mhz with a 3.5 dB noise figure. On 2012-10-04 my order arrived. Im liking this tuner very much since it actually works well, locking down to 24 Mhz or so without direct sampling mode. Heres a rough gnuplot spectral map of 24 to 1700 Mhz over 3 days I made with some custom perl and python scripts. Dont judge the r820t on the quality of that graph, it is just to show the range. You can see what I think is either front-end mixer filters not attenuating enough or actual intermodulation as RFI. I do almost no processing of the signal (ie, no IQ correction), dont clear the buffer between samples (LSB probably bad), and use a hacky way to display timeseries data in gluplot. Real SDR software like SDR shows them to be equal or better in quality to E4ks. stevem did gain measurement tests with a few dongles using some equipment he had to transmit a GSM FCCH peak, which is a pure tone. This includes the E4000 and R820T tuners. In addition he measured the mixer. IF and LNA for the R820T. High Frequency (0-30Mhz) Direct Sampling Mod 30Mhz() by using the 28.8 MHz RTL2832U ADCs for RF sampling and aliasing to do the conversion. In practice you only get DC-14.4MHz in the first Nyquist zone but the upper could be had by using a 14.4 MHz to 28.8 MHz bandpass filter. In the stereotypical ezcap boards you can test this by connecting an appropriately long wire antenna to the right side of capacitor 17 (on EzTV668 1.1, at least) that goes to pin 1 of the RTL2832U. Thats the one by the dot on the chip surface. Apparently even pressing a wet finger onto the capacitor can pick up strong AM stations. This bypasses static protection among other things so theres a chance of destroying your dongle. For gr-osmosdr the parameter directsamp1 or directsamp2 gives you the two I or two Q inputs. No hardware change, software mod direct sampling It has recently become possible to use direct sampling with no hardware modifications at all. It is still very experimental and performance is bad. In Oct 2012 Anonofish on the rrtlsdr subreddit had discovered the PLL would lock for a small 3686.6 MHz - 3730 MHz range far outside the normal tuning range and there seemed to be signals there. In January 2014 rtlsdr IRC channel user tejeez figured out this bypassed the tuner (mixer leakage) and implemented a set of register settings (R820T IF frequency, IF filter bandwidths, r82xxwriteregmask(priv, 0x12, val, 0x08) replaced with r82xxwriteregmask(priv, 0x12, val0x10, 0x18)) that would exploit this to enable HF reception. Shortly thereafter keenerd assembled everything into a relatively easy to use patch-set. If you want to give HF listening a try with no risk keenerd has added these changes rtlfm and rtlpower in his experimental rtlsdr repository. To use the no mode mode with rtl tools append the argument, - E no-mod. To use the no-mod direct sampling in something that uses gr-osmosdr, like gqrx or GRC flowgraphs, add the following to the the device string parameters: ie directsamp3. Plug your HF antenna into the normal connector, no hardware mods needed. Differential input Ive been told my pin numbering doesnt correspond to the datasheets, so take that with salt. The relative positions are correct regardless of the numbering. Since then the direct sampling branch has been integrated into main and a number of people have also done balun stuff to use both RTL2832U ADC inputs (usually the two I) in direct sampling mode. Dekar has a page showing how to use an ADSL transformer to generate signal for the ADCs differential input using pin 1 (I) and 2(-I) on the RTL2832. mikig has a useful pdf schematic with part numbers for using wide band transformers or toroids for winding your own. Heres a series of posts from bh5ea20tb showing how to use a FT37-43 ferrite core. And another example from IW6OVD Fernando. PY4ZBZ as well. The ADC has a differentialbalanced input so this is done mainly for the unbalanced-gtbalanced conversion. But the ADC input pins also have a DC offset so you cant just connect one to GND for that. Impedance matching can be done as well but the impedance isnt known. A recent study suggested it was near 3 KOhm but 200 Ohms seems reasonable and is mentioned in some of the tuner datasheets. 4:1 baluns that are used for cable-tv might also work, depending on the impedance of your antenna. Tom Berger (K1TRB) used multiple core materials with trifilar wire and performed tests using his N2PK virtual network analyzer on May 19th (2013). Hams love type 43 ferrite, but for almost every application, there is a better choice. For broadband HF transformers Steward 35T is generally a better choice. Therefore, I wound a couple transformers and did the comparison. Type 43 and 35T Transformer Material Compared For my tests with direct sampling mode I ordered a couple wideband transformers from coilcraft. The PWB-2-ALB and PWB-4-ALB to be specific. I sampled the PWB-4-ALB for free and ordered 4 of the PWB-2-ALB for 10 shipped. Both seem to work fine though I have no means of comparative testing. If youre particularly interested in HF work then an upconverter would be better than the HF mod. With the mod there will be aliases() for any frequency over 14.4 Mhz (12 the 28.8 clock rate). So youd want a 14 MHz lowpass for the low end or a 14-28 MHz bandpass for the high end. And probably other little idiosyncracies. A lot of people chose to just use an upconverter instead. KF7LE wrote up short summaries comparing 16 popular upconverters . Another alternative is to make a diplexer so that you get both HF via direct sampling and VHFetc without any switches. G8JNJ has a detailed guide with annotated photos on how to build the appropriate circuit and modify the latest R820T2 type dongles with it. He reports being able to receive from 15 KHz to 1.8 GHz with this mod. Noise, shielding, cables, and why is that FM signal there When you see something weird, like commercial FM broadcasts at 27 MHz, what you are seeing incomplete filtering of mixing products. Its the harmonics of the square wave driving the mixers combined with insufficient rf filtering to suppress the response. You can tell if it is a local oscillator mixer harmonic leakage by sweeping the frequency and seeing how fast the ghost signal moves relative to this look for linear relationships (ie, 2x the speed, 14 the speed). Sometimes local signals can be powerful (ie, pagers) or close enough to make the preamplifier behave non-linearly resulting in intermodulation. For this kind of RFI turning down the gain helps. The tuners all have a certain amount of intrinsic noise too. keenerd had done tests with an R820T rtlsdr terminated to a resistor inside of a metal box. For these tests rtlpower gain was set to max (49.6dB) and a frequency sweep was done through the entire tuner range, r820t Background Noise. The 28.8 MHz spikes from the clock frequency can be seen among other abberations. But not everything is a ghost from hardware design problems. Depending on your computer setup and local electronics there could be a lot of real noise LCD monitors are a common culprit for VHF noise spikes distributed across wide ranges. It is best to shield and put ferrites on everything if you can. To solve the commercial FM mixing problems an FM trap can be used. Commercial ones work fine typically. But for non-commercial FM RFI like emergency services and pagers custom filters must be made or ordered. Adam-9A4QV has a detailed write-up on making FM trap with a very high upper passband (all the way to 1.7 GHz) with links to design for other low VHF bands. tejeez shared his VHF bandstop design on IRC. Like Adams it has the unique feature of not also wiping out harmonics of the FM band: fm-notch. jpg fm-notchschematic. png. This means you can use it and still do wideband frequency hopping (unlike, say, a 14th wave coaxial stub). For more information on this general type of coaxial cable notch filter check out Ed Lorangers write up on VHF Notch filters (photo ). For my powerful 461 MHz RFI that can be received without an antenna I use a custom 3 cavity notch filter from Par Electronics. Acinonyx describes one way to doing this using a single strip of aluminum tape combined with a spring to connect it to the dongle ground. Akos Czermann at the sdrformariners blog made a somewhat confusing but definitely empirical comparison of noise levels compared to different hardware mods like disconnecting the USB ground from the rtlsdr ground. Quite a few people have had success with that and scotch tape around the USB connector works to test it. Some others bond the enclosure to both the antenna and the USB shield and this works reliably and well. Martin from g8jnj finds the most effective mod to reduce USB and DC-converter noise is shielding the antenna input area with metal soldered to the pcb ground, The noise seems to be coupled directly between components on the topside of the PCB. You can find it if you scroll about halfway down the page linked. Additional noise comes from the switching power supply in the RTL2832U that runs at 1.024MHz. This drops the supplied 3.3v down to the 1.2v needed for internal use. ttrftech has successfully disconnected this switching supply replaced it with 3 diodes to drop the 5v line down to 1.2v. In the example linked above ttrftech uses power form the far side of the board but the eeproms power rail would also work. This decreases spurs in HF significantly. It will increase power usage though something to watch out for when R820T dongles start out at Laidukass Mods and performance of R820T2 based RTL SDR receiver covers replacing all the power rails with external linear regulators, increasing the amount of bypass capacitance on power lines, adding extra chip filtering for the USB 5v line, cutting off the IR receiver part of the PCB, wiring in a TCXO 28.8MHz oscillator, creating a shield with kapton tape and copper foil soldered extensively to the PCB ground, and a new heavy metal case and connectors. To reduce signal loss over long distances and get away from computer RFI I like to run long USB active extension cable with hubs at the end and ferrites added instead of coaxial cable. Around this USB cable I clip on 5 or 6 ferrites at each end. Active extensionrepeater USB2 cables of up to 25m in length can be used. Using External Clocks and coherent sampling in general. Multiple coherent dongles The most exciting development in rtlsdr that has happened recently are Juha Vierinens discuss-gnuradio mailing list and blog posts about a simple and inexpensive method to distribute the clock signal from one dongle to multiple others for coherent operation. I recently came up with a trivial hack to build a receiver with multiple coherent channels using the RTL dongles. I do this basically by unsoldering the quartz clock on the slave units and cable the clock from the master RTL dongle to the input of the buffer amplifier (Xtalin) in the slave units (Ive attached some pictures). Since Ive seen a lot of people asking, the dongles he used were Newsky TV28T v2 wR820T tuners. Ben Silverwood later replicated this technique with his Low cost RTL-SDR passive multistatic DAB radar. implementation in matlab. The youtube video description has links to photos of the setup . Also, theres a Japanese seller with high precision SMD 28.8 MHz crystals. And an ebay seller with high precision 28.8 MHz oscillators for around Things again became exciting in June of 2014. Going beyond simple clock sharing and its max of 3 dongles, YO3IIU put up a great post his build of a 4 dongle RTL2832u based coherent multichannel receiver using a CDCLVC1310-EVM dev board from TI for clock distribution. His post shows the results of a gnuradio block he coded that does all the correlation math to align the samples from each receiver (which are out of step due to the way USB works). Unfortunately the software was never released. stevems experiments were the first I heard about back in 2011. He used his 13MHz cell-phone clock as a reference for a PLL to generate 28.8MHz. He said he used 1v peak to peak. He also related it was possible to not even use the PLL and just the 13 MHz clock if wE4000 tuners if you dont care about sample rate offset. The Green Bay Public Packet Radio guys have written up an interesting article on using 14.4 MHz temperature controlled crystal oscillators sent through a passive (two diode) frequency doubler followed by crystal filters made out of the old rtlsdr clock crystals to provide a low PPM error clock for rtlsdr devices. Since their mirror was missing images I cut them out of the Zine pdf and made a mirror here . I first heard about the GBPPR article from patchvonbraun who implemented one and performed tests which he posted about on the Society for Amateur Radio Astronomy list. It turns out that even with a good distributed clock the 2x R820t rtlsdr dongles still have large phase error for some reason, see: Phase-coherence experiments with RTLSDR dongles and the photo post: Progress towards using RTLSDR dongles for interferometry . Alex Paha has also done clock distribution but unlike the others he used E4000 tuner based receivers for his dual coherent receiver. He also seems to be using only half the IQ pairs. This post is in Russian. Actually maintaining coherence over re-tunes and USB2 latency rtlcoherent In October 2015 teejez uploaded his rtlcoherent code for maintaining multi-dongle coherence using external antenna switches to disconnect the antennas and connect all to a common noise source for correlation calibration. Heres a video of him using it to make a 3 dongle direction finder . Each dither-disabled rtl-sdr is fed from the same reference clock. They still have unknown phase shifts and sampling time differences relative to each other. This is calibrated by disconnecting them from antennas and connecting every receiver to the same noise source. Cross correlation of the noise gives their time and phase differences so that it can be corrected. Currently the signal is received and processed in short blocks with each block starting with a burst of calibration noise. As I understand it the switch chips are sa630 that look for dongle i2c traffic. There are controlled by two RC delay circuits so that every time you change frequency (causing i2c traffic) it disconnects antennas, waits for some time, feeds a pulse (just one edge from the logic chip) into all dongles, waits a bit more and connects the antennas back. You can see the evolution of his setup from this earlier prototype to this later prototype and finally the version used in his direction finder. Every time you tune any two (or more) dongles to a new frequency there will be a tiny difference in the frequency each actually tuned to. The offset must corrected before trying to correlate them. If you dont itll look like theres a constantly varying phase shift. Also dont forget to let the dongles warm up to equilibrium otherwise this additional temperature related frequency shift will cause changes even larger than relative tuning offset and youll get the random phase shift again. As of 2016 Piotr Krysiks Multi-RTL (github ) has made maintaining coherence of multiple dongles accessible even to the amateur. His GNU Radio block handles all the complex details of keeping multiple rtlsdr coherent even when theyre tuned to different frequencies and over re-tunes. It requires no external circuitry. You just have to distribute the clock signal with cable. PLL Dithering and you. On the clock coherencey side Michele Bavaros has explored, tweaked, and replaced, librtlsdrs pll setting code, intermediate frequency, and PLL dithering settings, such that the math, and results, work out cleaner. Using this modified driver he was able to minimize frequency setting errors and improve his GPS carrier following code. This is written up with code examples at his blog in, GNSS carrier phase, RTLSDR, and fractional PLLs (the necessary evil). Without dithering you can only tune to increments of 439.45 Hz. With dithering, you can tune to aproximately anything. tejeez from the rtlsdr IRC relates that this can be done in r82xxsetpll by changing r82xxwriteregmask(priv, 0x12, val, 0x08) to r82xxwriteregmask(priv, 0x12, val0x10, 0x18). This has been implemented as an option in rtlsdr, - N, in keenerds experimental branch. In the absence of any useful information about the RTL2832U clock heres some information about the R820Ts clock system. Crystal parallel capacitors are recommended when a default crystal frequency of 16 MHz is implemented. Please contact Rafael Micro application engineering for crystal parallel capacitors using other crystal frequencies. For cost sensitive project, the R820T can share crystal with backend demodulators or baseband ICs to reduce component count. The recommended reference design for crystal loading capacitors and share crystal is shown as below . Antenna, but particularly broadband antenna When I want to do some scanning that takes advantage of the tuners very wide ranges I use five types of antenna: discone, spiral, dual planar disks, vivaldi (tapered slot), and horns (TEM and pyramidal). Discone, dual planar disk. and archimedian spiral antenna can omnidirectionally cover almost the full range of the E4000 tuner but things get a bit too large to go all the way to the 24 Mhz of the R820T. You can refer to the seperate spiral antenna page for construction and technical details. To build my discone I followed Roklobstas D. I.Y. Discone for RTLSDR. With just a discone and rtlpower its possible to see lots of LEO satellite carrier frequencies doppler across the spectrum. To get an idea of how much you can see with a discone heres a directory where I produce 2 to 4 day long 70 to 1000 MHz range 25KHz resolution 45k10k pixel spectrograms. They each have a javascript zoomable interface to load small tiles progressively. An example. With just a discone and rtlpower its possible to see lots of LEO satellite carrier frequencies doppler across the spectrum. But with a band specific helix in a cone reflector (helicone) many more satellites can be picked up. The previous is a link to a zoomable spectrogram of 2 days of the 1616-1626 MHz satellite band that Iridium satellites use. No LNA was used. Theres plenty of RFIEMI even through a 1 GHz high pass but the satellite doppler passes are clearly there in numbers if you zoom in far enough. When using such broadband antenna, or even a band specific helix, it is possible to pick up powerful out of band signals due to overloading or incomplete mixer filtering. Its important to identify any extraordinarily powerful transmitters nearbye and filter them out. In my case I have a 50w transmitter at 461 MHz across the street always going full power. I bought a custom tuned 3 cavity notch filter from PAR Electronics. This limits the upper frequency range to 1GHz but does at least solve the RFI problem. Usually the spectra are much cleaner when using directional and resonant antenna instead of wideband omnidirectionals. But many directional antenna like helix and log periodic dipoles have very large out of band sidebands on low frequencies not in the designed range. Chipset docs, GNU Radio, DSP, and Antenna Links Page Sections RTL-SDR Links Warning: Im learning as I go along. There are errors. Refer to the proper documentation and original sources first. GNU Radio and RTL-SDR Setup You dont need GNU Radio to use the rtlsdr dongles in sdr mode, but there are many useful apps that depend on it. patchvonbraun has made setting up and compiling GNU Radio and RTLSDR with all the right options very simple on Ubuntu and Fedora. It automates grabbing the latest of everything from git and compiling. It will also uninstall any packages providing GNU Radio already installed first. Simply run, sbrac. orgfilesbuild-gnuradio. and itll automate downloading and compiling of prequisites, libraries, correct git branches, udev settings, and more. I had no problems using Ubuntu 10.04, 12.04, or 14.04. These days (2015) pybombs is slowly taking over for build-gnuradio but for now this works best. If youre thinking about trying this in a virtual machine: dont. If you do get it partially working itll still suck. As an aside: If youre an OSX user then you can use the MacPorts version of GNU Radio (including gqrx, etc) maintained by Michael Dickens. Install 3.7. Most gnu radio projects have been ported to it as default. Only a few old things will require 3.6. An (re )install looks like this. It might be useful to save the log output for future reference. Then test it. The test output below is from a very old version of rtltest with an E4K dongle. Newer versions, and R820T tuners will output slightly different text. Once GNU Radio is installed the Known Apps list at the rtl-sdr wiki is a good place to start. Try running a third party receiver, a python file or start up GNU Radio Companion (gnuradio-companion) and load the GRC flowcharts. If youre having Failed to open rtlsdr device 0 errors make sure something like etcudevrules. d15-rtl-sdr. rules exists and youve rebooted. When updating you can just repeat the install instructions which is simple but long. The advantage to repeating the full process is mainly if there are major changes in the gr-osmosdr as well as rtl-sdr. Itll do things like ldconfig for you. Just compileinstalling rtl-sdr If you dont have the patience for a full recompile and there havent been major gnu radio or gr-osmosdr changes its much faster just to recompile rtl-sdr by itself. The instructions to do so are at the osmosdr page. Itll only take a few minutes even on slow machines. Once you have the latest git clone it is like most cmake projects: rtl-sdr supporting receivers, associated tools keenerds rtl-sdr branch This experimental branch contains a number of useful low processing power utilities, expansions of the original rtl tools, and improvements to the R820T driver re-tuning speed. A lot of them have already been merged into the librtlsdr master but rtlfm and rtlpower fixes, features and bugs appear here first. rtlfm is for scanning, listening, and decoding (and not just FM), rtladbs for plane watching with an external ads-b viewer, rtleeprom for checking and setting serial numbers and related data if your dongle has an eeprom. And as of 2013-09-20, rtlpower, a total power frequency scanner. These tools are very good for slow machines or when you want to do command line automation. Just build it like the osmocom rtlsdr page does for the vanilla install. Use these on the raspberry pi. Most people use rtlpower for smaller total bandwidths (lt200 MHz) and higher spectral resolution using the default FFT mode. This is visualized with keenerds heatmap. py and can result in some really impressive plots when done with 25 crop mode. Just refer to the - h help in rtlpower for instruction. There is also an rtlpower guide at keenerds website. For RMS average power mode, which kicks in automatically for FFT bin sizes 1 MHz and larger, I do visualization of the resulting. csv file with gnuplot. Because the entire bandwidth is summed and saved as one value the the data rate to disk, and spectrogram dimensions are much lower than FFT mode. If you do a large number of frequency hops, (hundreds) then the time adds up. On my two computers the R820T tuner dongles average about 55 milliseconds per retune and sample cycle. I sometimes have dongles thatll fail to lock pll and go into a loop. The - e parameter sets a time limit for a run. Combining this time limit with a bash while loop results in pretty low downtime with resiliance to rtlsdr and USB failures. To combine the results from multiple dongles just cat the files together. But on gnuplots end each new. csv filename requires you to manually edit the gnuplot format. Additionally you need to set the output spectrogram filename and a pixel width. I find for 1000 Mhz 1 MHz that approximately 1000px per 100 MB of file size is required to cover all gaps. And that pops out a png . For rtlfm stuff refer to keenerds sites Rtlfm Guide . Spektrum: an rtlpower GUI frontend. There are a lot of rtlpower GUI frontends but the most useful for me is Spektrum. It uses a modified rtlpower with a Processing GUI front-end. Its available for linux and windows. One of its best features is the relative mode for use in measuring changes in antennas and filters. patchvonbraun (Marcus Leech)s multimode : AM, FM, USB, LSB. WFM. TV-FM, PAL-FM. Very nice, easy to use (screenshots: main. scanning ). It has an automated scanning and spectral zoom features with callbacks to click on the spectrogram or panorama to tune to the frequency of interest. Theres a toggle for active gain control too. The way to get it is, then instead of using GRC, just run the multimode. py as is. If you run it outside of the svn created directory you might need to append bin to pythonpath to find the helper script. If you used build-gnuradio itll tell you what this is at the end of the install. Alternately set it in your. bashrc. If you do the below make sure to reload in the terminal by source When setting the sample rate it is rounded-down to a multiple of 200 Ksps so the decimation math works out. If you have overruns like OOOOoo. then try reducing the sample rate or pausing the waterfall or spectrum displays. The audio subsystem uses a as the identifier, and UHD uses u. With RTLSDR, itll issue O when it experiences an overrun. Which means that your machine isnt keeping up with the data stream. Sometimes buffering helps, but only if your machine is right on the edge of working properly. If it really cant, on average keep up, no amount of buffering will help. If you have overruns like aUaUaUaUa or just aaa then the audio system is asking for samples at a higher rate than the DSP flow can provide (44vs48Khz, etc). Use aplay - l to get a list of the devices on your system. The hw:X, Y comes from this mapping of your hardware -- in this case, X is the card number, while Y is the device number. Or you can use pulse for pulseaudio. Try specifying, gqrx : Written by Alexandru Csete OZ9AEC gqrx is an experimental AM, FM and SSB software defined receiver. The original version did not have librtlsdr support so changes were made by a number of others to add it. A couple weeks later Csete added gr-osmosdr support to the original. Dekar established a non-pulseaudio port of gqrx for Mac OSX. GNU Radio 3.7 has recently been released and it is not exactly backwards compatible. patchvonbrauns build-gnuradio. sh pulls 3.6.5 3.7.x by default. As of August 9th 2013 Gqrx 2.2.0 has been released. This upgraded version can now be installed as binaries with all of its dependencies pre-packaged on both Ubuntu linux (a custom PPA. no 10.04 packages) and Mac OS X That includes all the GNU Radio stuff. So this is an all-in-one alternative to building GNU Radio from source. I think this persons guide is better than mine. rtlsdr wGqrx on N900 phones xes provides pre-compiled packages of Gqrx and the GNU Radio dependencies for N900 linux cell phones. SDR. Written by prog (Youssef) for Windows. It is probably the best general purpose software for rtlsdr devices. Mono is slow and ugly on linux but if you restrict the sample rate it works fine. Its probably the easiest program to use, has the most diverse plugin ecosystem (example: Vasilirus plugins ), and has the best DSP and features for dealing with the quirks of the rtlsdr dongles. As of 2015-09-14 the changes to Mono 4 allow SDR to be viable to run on linux again. Make sure you have the latest Mono 4 though. This still requires soft linking in your system rtlsdr and portaudio library to the sdrshape. exe dir like below, Just make sure you link your actual system rtlsdr and libportaudio, not my example path above. On debianubuntu find it by using locate, Update: As of 2015-10-15 ADBS is no more. ADBS is another easy to use application by prog, but specifically for plotting aviation transponders like gr-air-modes does. The distributed binaries also runs under linux with mono (or native in windows) and output virtualradar compatible data on 127.0.0.1:47806. If your antenna condition is crappy, try using filter 1. gr-fosphor. gr-fosphor is an amazingly fast and information dense spectrogram and waterfall visualization using OpenCL hardware acceleration. It surpasses the Wx widget elements in performance, and so usability, by far. With this visualization you can easily skip through 1 GHz of spectrum very quickly and actually notice transient signals as they pass. Right now it is not very configurable, just arrow keys for scale. But expect this to be the preferred visualization block in the future. I have written up an barebones guide to installing gr-fosphor on Ubuntu 12.04. Modern gr-fosphor requires OpenCl 2. If you only have OpenCl 1.2 installed use this commit . gr-air-modes. A decoder of aviation transponder Mode S including ads-b reports near 1090 Mhz. It can be coupled to software to show plane positions in near real time (ex: VirtualRadar ). This works under mono on Ubuntu 12.04 but not 10.04. Originally written by Nick Foster (bistromath) and adapted to rtlsdr devices first by Steve Markgraf (stevem), bistromath later added rtlsdr support. Heres an example of basic decoding done with the stock antenna on the early version by stevem. Nowdays its better to use bistromaths. As of July 23, 2013 there was a major update to gr-air-modes which now includes a nice google maps overlay and works on gnu radio 3.7 branch only . Heres an example of install process and first run looks like. To use with virtual radar output add the below - P switch. Then open up virtualradar with mono and go to tools-gtoptions-gtbasestation and put in the IP of the computer running uhdmodes. There are not many compatible planes in the USA so far so even if you are seeing lots of Mode-S broadcast in uhdmodes you might not see anything in virtualradar. Sometimes my server is running at superkuh:81VirtualRadarGoogleMap. htm. Dump1090. Dump 1090 is a Mode S decoder specifically designed for RTLSDR devices. Antirezs ADS-B program is really slick. It does not depend on GNU Radio, has a number of interactive modes, and it even optionally runs its own HTTP server with googlemaps overlay of discovered planes no virtualradar needed. It uses very little CPU and has impressive error correction. This is your best choice to play with plane tracking quickly. I tried various bits blindly and found a setting that eliminates the AGC in the RTL2832 chip. That is a significant part of the performance improvement. This is an LTE cell searcher that scans a set of downlink frequencies and reports any LTE cells that were identified. A cell is considered identified if the MIB can be decoded and passes the CRC check. LTE-Tracker is a program that continuously searchers for LTE cells on a particular frequency and then tracks, in realtime, all found cells. With the addition of a GPS receiver, this program can be used to obtain basic cellular coverage maps. The author had only tested it on Ubuntu 12.04 but with some frustrating work replacing cmake files and compiling dependencies I made it work on 10.04. Scanner is very useful to get your dongles frequency offset reliably and Tracker is very pretty. Remember to let your rtlsdr dongle warm up to equilibrium temperature before checking frequency error. Kalibrate. or kal, can scan for GSM base stations in a given frequency band and can use those GSM base stations to calculate the local oscillator frequency offset. The code was written by Joshua Lackey and made rtlsdr accessible by stevem. There is also a windows build made by Hoernchen. Let your rtlsdr dongle warm up to equilibrium temperature before running the test. When youre using this to find your frequency error its important to use the - e option to specify intial error. 270k of bandwidth is used for GSM reception and if the error of the dongle is too large the FCCH-peak is outside the range. I compiled some install process and example usage notes . Simple FM (Stereo) Receiver simplefmrcv also by patchvonbraun is the best sounding and tuning commercial FM software in my opinion. He released a major update to his gnuradio creation at the end of October. my DongleLogger : I wrote these scripts do automatic generation of 1D spectrograms, per frequency time series plots of total power, and 2D spectral maps over arbitrary frequency ranges using multiple dongles at once. There is almost no DSP done and it is very simple but the wideband spectrograms and time series can be informative and fun regardless. It uses gnuplot for graphics generation. Obsolete. Use rtlpower instead . A simple, GRC-based tool for small-scale radio astronomy, providing both Total Power and Spectral modes. It has a graphical stripchart display, and a standard FFT display. It also records both total-power and spectral data using an external C program that records the data along with timestamps based on the Local Mean Sidereal Time. This is another incredible tool by patchvonbraun. It does all the heavy lifting of integration over time and signal processing to get an accurate measurement of absolute power over a range. With it he has managed to pick out the transit of the milky way at the neutral hydrogen frequency using rtlsdr sticks and a pair of yagi antenna. The log file format is text and fairly easy to parse with gnuplot but it comes with processsimpletpdat for cutting it into the bits you want and making total power or spectral component graphs. Itll make a directory called simpleradata in your home by default. Dont forget to set the --devid to rtl otherwise gnuradio wont find the gr-osmosdr source and itll substitute a gaussian noise source. Ear to Ear Oak made this wideband total power scanner that generates 1D spectrum plots over any tunable ranges with arbitrary integration times. It can update a matplotlib python plot GUI in real time and has the ability to output cvs values as well as an internal format. Its very useful for finding whats broadcasting in your area quickly. Using its csv output and gnuplot I visualized a scan from 54-1100 MHz . If you want to use the data in gnuplot you have to sort it and make sure the header is commented out. You can comment out the header manually but I instead prefixed a hash to the log writing behavior at line 786, Pager stuff Thomas Sailers multimon. Linux Radio Transmission Decoder which I use to (try to) decode pager transmissions around 930Mhz. And more recently Dekar s multimonNG. a fork with improved error correction, more supported modes, and nixosxwindows support. Dekar also supplied a GRC receiver for pagers to decode pager transmissions in real-time using fifos. zarya has made rtlflex. py. a gnuradio based flex decoder for pagers. It can be used to decode dutch p2000 messages, for example. This fills a gap in multimon-ng pager support. DongleLogger: my pyrtlsdr lib based spectrogram and signal strength log and plotter Obsolete. Use rtlpower instead. Automatic generation of and html gallery creation of wideband spectrograms using multiple rtlsdr dongles to divide up the spectrum. It also produces narrow band total charts, and other visualizations. (not live): erewhon. superkuhgnuradiolive - click the spectrograms for time series plot These scripts cause the rtlsdr dongle to jump from frequency to frequency as fast as they can and take very rough total power measurement. This data is stored in human readable logs and later turned into wideband spectrograms by calling gnuplot. In order to further increase coverage of any given spectrum range multiple instances of the script can be run at once in the same directory adding to the same logs. Their combined output will be represented in the spectrogram. I dont know much python but the python wrapper for librtlsdr pyrtlsdr was a bit easier to work with than gnu radio when I wanted to do simple things without a need for precision or accuracy . Actualy receivers with processing could be made with it too, but not by me. This is the gist of what it does, The pyrtlsdr library can be downloaded by, I have used the test. py matplotlib graphical spectrogram generator that came with pyrtlsdr as a seed from which to conglomerate my own program for spectrum observation and logging. Since I am not very good with python I had to pull a lot of the logic out into a perl script. So everything is modular. As of now the python script generates the spectrogram pngs and records signal strength (and metadata) in frequency named logs. It is passed lots of arguments. These arguments can be made however you want, but I wrote a perl script to automate it along with a few other useful things. It can generate a simple html gallery of the most recent full spectral map and spectrograms with each linked to the log of past signal levels. Or it can additionally generate gnuplot time series pngs (example ) and link those intead of the raw logs. It also calls LTE Cell Scanner and parses out the frequency offset for passing to graphfreq. py for correction. I no longer have it running because of the processor usage spikes which interrupt daily tasks. In the past Id have rsync updating the public mirror with a big pipe every Modifying pyrltsdr As it is pyrtlsdr does not have the getset functions for frequency correction even if I sent the PPM correct from the perl script. Since the hooks () were already in librtlsdr. py (line 60-66) but just not pythonized in rtlsdr. py they were easy to add to the library. These changes are required to use frequency correction and make the int variable errppm available. I have probably shown that I dont know anything about python with this description. I forked roger-s pyrtlsdr on github and added them there for review or use, githubsuperkuhpyrtlsdrcommitffba3611cf0071dee7e1efec5c1a582e1e344c61. I apologize for cluttering up the pyrtlsdr namespace with such trivial changes but Im new to this and github doesnt allow for private repositories. What you should be using instead. rtlpower was recently (2013-08-20) released by keenerd. It does most of what my scripts do, except much better, faster, and easier. I highly recommend you try it first. RTLSDR Scanner by Ear To Ear Oak is awesome for generating 1D wideband spectrograms. Enoch Zembecowicz made a polished and useful sdr logging tool Panteltjes rtlsdrscan is another tool like RTLSDR Scanner for 1D total power scans. It is a good reference for using librtlsdr with C. If you are serious about measuring total power over one 2.5 Mhz range then simplera. or simple radio astronomy, is best. fast version: see below donglelogger-faster. tar. gz - all needed files including pyrtlsdr radioscanfaster. pl - pyrltsdr using script frequency setting and incrimenting, sampling, and logging. graphfreqsfaster5.py - option passing, log parsing, plot making, frequency corrections wrapper, html image gallery generation graphfreqsgnuplot. py - legacy functions slow version: graphfreqs. py - pyrltsdr using script sampling, and logging radioscan. pl - manages graphfreqs, parses logs, makes plots, gets frequency corrections, generates gallery The faster version Speed ups, Inline C usb reset, and avoiding dongle reinitialization. (less options) cli switchesoptions These two scripts do fast scans within python from x to y frequency. Enabled it with - fast and make sure to set start and stop frequency with - f1 and - f2. Do not use - flist with this option. This is an example output spectral map (a spectrogram with a silly name). This example output above shows the overloading effects of using a wideband discone that picks up off-band noise. Each column is made up of small squares colored by intensity of the signal. Since the scripts start at the low frequency and sweep to high there is a small time delay between the bottom and top (see it more clearly zoomed in ). And this is represented as the slant of the row. Sometimes strong signals will swamp out others resulting in discontinuities displaying as small dark vertical bands. Or fast (-fast) scan a smaller range with smaller range (-f1,-f2: 24-80Mhz), with smaller samplerate (-r: 250 Khz) at smaller intervals (-s: 400Khz steps) with a gain of 30. Only output a large spectrogram of all frequencies to the directory specified with - d2 as spectral-map. png. This example does not use frequency offset correct (-c) for even faster speeds. Combining multiple rtlsdr devices for greater speed By splitting up the spectrum into multiple smaller slices and giving them to multiple dongles the time required for one scan pass can be greatly improved. The above spectrogram is made with 2 dongles, one for the lower half and one for the upper. It is from ryannathans who also contributed the code for for specifying device ID . This is as simple as running the script twice but giving each instance a different - dev argument to specify device ID. You can run as many rtlsdr devices with my scripts as you wish (up to the USB and CPU limits). If they are using the same directory (-d2) their log data will be combined automagically for better coverage. Outlier signals skewing your color map scale Sometimes I get corrupt samples that show a signal level of 60dB. These skew the scale of the output spectrograms. If I notice that they have occurred during a long run Ill use grep to find them and remove them manually. I replace the signal level with the level of the previous non-corrupt sample. In the future Ill build this kind of outlier removal in to the scripts, or sanity check before writing them. All the incremental improvements in speed Ive made above are okay but not very easy to maintain with multiple script types (bashperlpython). Im slowly putting together an Inline C based perl wrapper for exposing librtlsdrs functions within a perl script to write this as a standalone in perl. This is slow work because Ive never done anything like it before. rtlsdrperl - what if there were a perl wrapper for librtlsdr Well, there never will be. But heres some example code anyway. Older version graphfreqs. py You have to have the modified pyrtlsdr with the getset functions for frequency correction. LTE Cell Scanner should also be installed so the CellSearch binary is available. Then download the two scripts above and put them in the same directory. For large bandwidths sampled this feature, ppm error correction, has an unnoticably small effect but I wanted to add it anyway. To call the spectrogramlog generator by itself for 431.2 Mhz at 2.4MSs with a gain of 30 and frequency correction of 58 PPM use it like, Ive disabled the matplotlib (python) per frequency spectrogram plots for frequencies over 1 Ghz because theres not much going on up there. Also, the x-axis ticks and labels become inaccurate for some reason. Logs and format The signal strength logs, named by frequency (e. g. 53200000.log), use unix time and are comma seperated with newlines after each entry. In order of columns it is: unix time. relative signal level. gain in dB, PPM correction. It also generates a log file with all frequencies for use with gnuplot, all. log. This file has unixtime first, then frequency, then gain and ppm error. radioscan. pl The radioscan. pl script is used to automate calling graphfreqs in arbitrary steps. To generate plots and signal strength for 52 Mhz to 1108 Mhz with a gain of 30, sample rate of 2.4MSs, and an interval between center frequencies of 1.2 Mhz, call it like, cli switchesoptions Because I can use the default directories I keep it running like the below, but anyone else should make sure to set - d2. TunerUSB freeze solution with unplugging edit: as of Jan 5th 2013, librtlsdr has added soft reset functionality Since graphfreqs. pys initializing and calling of rtl-sdr happens so frequently there are sometimes freezes. To fix these the USB device has to be reset. In the past I would accomplish this by un and re-plugging the cord manually. But that meant lots of downtime when I was away or sleeping. So, Ive added in a small C program to the perl script using Inline::C that exposes a function, resetusb(). It is used if the eval loop around the graphfreqs call takes more than 10 seconds. This means you need Inline::C to run this script . To look at the original C version with a good explanation of how to use it click here . Page Sections My rtlsdr receiver wgnuradio implementation of the 11 GHz VSRT solar interferometer As far as I understand it, the VSRT design is a subset of intensity interferometer that uses the frequency error between multiple 11 GHz satellite TV low noise downconverter block (LNBF) clocks to create a beat frequency in the total power integrated. I am basically copying the MIT Haystack Very Small Radio Telescope (VSRT) but replacing the discrete component integrator and USB video input device with an rtlsdr dongle. The idea is to spend as little on hardware as possible. With modern LNBF the error between same model parts is about 30 ppm which results in beat frequencies of 100 KHz at the 10 GHz of the mixers. With this kind of front-end there are no nulls but the fringe modulation can still be read out as variations in count of histogram bins that contain the beat frequency (in the total power fft). This intensity measurement proxy traces out the the envelope of the fringes and varies as a sinc function of distance between antenna. Knowing this and the distance can give you high angular diameter and position measurements of very bright radio sources. Historical and other context. For a detailed mathematical explanation of VSRT see MIT Haystacks VSRT Introduction . There is also a thread on the Society for Amateur Radio Astronomers list discussing the VSRT design. The more general concept of intensity interferometry, where you correlate total power instead of frequency, was originally developed by Hanbury-Brown amp Twiss. Roger Jennison was around too. The Early Years of Radio Astronomy: Reflections Fifty Years after Janskys Discovery by W T Sullivan (2005) is an excellent source about Hanbury Brown and Twisss side of it. The chapter The Invention and Early Devlopment of The Intensity Interferometer (pdf) is fascinating. Also see The Development of Michelson and Intensity Long Baseline Interferometry (pdf). It covers not only the technical concepts but also historical context, detailed hands-on implementations, and other personal anectdotes. And check out Jennisons book Radio Astronomy (1966)) as he invented the process of phase closure which uses a third antenna signal combined mathematically to recover some of the missing phase information. Arranged in a triangle of projected baselines the phase errors cause equal but opposite phase shifts in ajoining baselines, canceling out in the closure phase. The MIT Haystack groups managed to resolve individual sunspots groups moving across the solar disk using with the technique with the VSRTs. An interferometer is an instrument that combines two signals (normally from two detectors) in a manner that the signals interfere to produce a resultant signal. The resultant signal is usually the vector sum of the two signals, but in some cases it is the product or some other mix. The traditional interferometer, usually studied and analyzed in physics courses, combines the two signals in a way that both amplitude and phase information are used. By varying the positions of the two detectors, it is possible to synthesize an effective aperture that is equivalent to the separation of the detectors and to reconstruct the impinging wavefront, thus providing significant information about the extent and structure of the signal source. The traditional phase-sensitive interferometer requires retention of the signal phase at each detector the phase-sensitive interferometry technique will not be discussed in detail here. A special case of the interferometer is the intensity interferometer, which performs an intensity correlation of signals from the two detectors. Although in the intensity interferometer the phase information from the two antennas is discarded, the correlation of the two signals remains useful. Aperture synthesis is not practical, but some important source characteristics may be determined. I think the VSRT is a special case of intensity interferometer where you dont try to align samples by time after recording. Instead you just look for the baseline distance sinc pattern in total power at the beat frequency of the unsynchronized clocks. Implementation so far. So far Ive only done it with manual pointing screwed to a board. The interferometry correlation is done with a satellite tv market stripline power combiner at the intermediate frequency (IF, 950-1950 MHz) and then an rtlsdr dongle is used to measure the total power of a 2.4 MHz bandwidth of the intermediate frequency range. I use a gnuradio-companion flowgraph to take the total power and then do a fourier transform of the total power. In this fourier transform the fringes show up as a modulation of the count in the FFT bins which correspond to the difference in frequency between the two downconverters. In my case this is about In the Haystack VSRT memos a line drop amplifier, or two, are sometimes put behind the respective LNBF IF coax outputs or the power combiner. With the rtlsdr dongle and relative short (lt10m) baselines of RG6 this isnt required. The GUI allows for setting the exact 2.4 MHz bandwidth of the IF range to sample and the total power FFT bin bandpass to where and what the LNBF beat frequency is. The file name is autogenerated to the format, The time embedded in the filename is later used by a perl script, vsrtlogtimeplot. pl, which converts and metadata tags the binary records to gnuplot useable text csv format for making PNG plots. total power modes (tp-modes. grc) vsrtlogtimeplot. pl Who else helped I consulted with patchvonbraun a lot for the softwaregnuradio side. He gave me an example of how to use the WX GUI Stripchart and I would not have guessed I needed to square the values from the beat frequency bins after the first squaring for taking total power. He made a generic simulator for dual free running clocks LNBF intensity interferometers. You dont even need to have an rtlsdr device to run it only an up to date install of gnuradio. It is an easy way to understand how to do interferometry without a distributed clock signal. With this setup on a 1 meter baseline and a intermediate tuning frequency of 1.6 GHz IF (10700 MHz(1600 MHz950 MHz) 11350 MHz) the main beamwidth would be about 70(c11GHz)1m), or 1.9 degrees. This does not resolve the solar disk ( 0.5 deg) during drift scans. I have been told that the magnitude goes down in a SINC pattern as you widen the baseline and approach resolving the source but I will not resolve the sun initially. In the VSRT Memos Development of a solar imaging array of Very Small Radio Telescopes a computationally complex way to resolve individual action regions is done with a 3rd dish providing phase closure in the array on a slanted north-south baseline in addition to the existing east-west baseline. I try to point my dishes so that the Earth is passing the sun through the beam at 12:09pm (noon) each day. To aid in pointing a cross of reflective aluminum tape is applied center of the dish. This creates a cross of light on the LNBF feed when it is in the dish focal plane and the dish is pointed at the sun. The picture below is from later in the day, the one of the left shows the sun drifting out of the beam as it sets. I made my LNBF holders out of small pieces of wood compression fit in the dish arm. There are grooves for the RG6 coax to fit ground out with a rotary tool. The PVC collars have slots cut in the back with screws going into the wood to set the angle. The screenshot shows a short run near sunset on an otherwise cloudy day. The discontinuities are me running outside and manually re-pointing the dishes. But it does highlight how the beat frequency of the 2 LNBF varies as they warm up when turned on. It starts down at 90 KHz but within 10 minutes it rises to 115 KHz. After it reaches equilibrium the variation is -1 KHz. I could change the existing 80-120 KHz bandpass to a 110-120 KHz bandpass and have better sensitivity. But that bandwidth is something that has to be found empirically with each LNBF pair and set manually within the GUI for now. patchvonbraun said it was feasible to identify the frequency bins with the most counts and that there was an example within the simplara code, You could even have a little helper function, based on a vector probe, that finds your bin range, and tunes the filter appropriately. The below close up of indoor testing showing how everything is connected on the rtlsdr side showing the power injector, e4k based rtlsdr (wrapped in aluminum tape), and the stripline based satellite power combiner for correlation. The two rg6 quadshield coaxial lines going from the power combiner to the ku band LNBF are as close to the same length as I could trim them. I use a 1 amp 18v power supply and coaxial power injector to supply power to the LNB and any amplifiers. This voltage controls linear polarization (horiztonalvertical) and it can be changed by putting a few 1 amp 1N4007 in series with the power line to drop the voltage. Accessory scripts. tp-modes. grc produces binary logs that are pretty simple. The count of the LNBF beat frequency bins in the bandpass are saved as floats represented as 4 pairs of hexadecimal. When the integration time is set to the default 1 second then one 4 byte data point is written to the log every 0.5 seconds. I highly recommend not changing this for now. There is no metadata or padding. Heres a screenshot of a run using the utility bless, In order to convert the binary logs of 4 byte records into something gnuplot can parse I use a simple perl script, Now I have the filename which gives the time the gnuradio-companion grc file started running. This is not the time I hit the record button and started logging. The offset is a second or two. Ignoring that, it is possible to use the start time encoded in the log file name to figure out when a particular measurement was taken. To do that I have to know the interval between entries saved to the binary log. To know what time a log record corresponds to, take the time from the filename and then add 0.5 seconds the index of the 4 byte entry in the binary log. This should be possible to write into the until loop so it outputs time instead of just index i. The below example is a hacky version of my log parser that does just this. Heres an example output . Now I just have to make up a good gnuplot format and integrate the calls into the perl script. Computer controlled pointing, mechanical and software differences Manually repositioning the dishes swamps out the signal of interest as the target leaves the beamwidth. For any decent measurements I need computer controlled pointing. This means the Haystack idea of two coupled Diseqc 1.2 compatible motor positioners mounted one on the other. In their design both dishes are mounted on a single PVC tube hooked to one of the positioners with a metal extension. My satellite dish mounts cant rotate like theirs so Ill have to modify this design a bit. They use a serial relay to push the buttons on a physical Diseqc 1.2 motor controller remote. That seemed a bit convoluted to me. I bought a SkyStar2 DVB-S pci card and under linux send raw Diseqc commands out by calling xdipo which accesses the linux DVB interface. It has both a GUI and cli interface. Unfortunately xdipo cannot send through Diseqc switches. I had to add manual motor commands to tune-s2 which did support switches but not manual motor commands. This version which supports manual stepping mode is available at githubsuperkuhtune-s2-stepping. Another alternative Diseqc motor controller I didnt persue would be using a 192 KHz USB soundcard and the DiSEqC Audio Generator software from Juras-Projects. The documentation for the hardware side of the audio generator is 404 now, but Juras responded to an email of mine with the schematics attached . Since the bent motor shafts that came will my motors looked really difficult to drill through I thought Id use straight hex holed shafts to make everything mechanically simpler. I found reidsupplyskuHHS-18 and ordered a couple. Unfortunately my measurements of the dish motor shaft flat-to-flate size were off. The Reid hex holed shaft hole is just a tiny bit too large. This was easily fixed by wrapping a couple turns of masking tape around the shaft to increase the diameter. This is often how fishing rod handles are made. I also encountered this construction technique on Jarrod Kinseys CO2 laser pages . The hardest part of all this is drilling an 8mm hole precisely normal to the curved outside surface of the hex hole shaft. The first step is to flatten the area with a hand file. This took me about 10 minutes. I had previously ordered and received two carbide drill bits, one small to sub-drill the intial hole and then one 8mm for the final hole. A drill press and small vice are quired to actually drill the holes. And even then its really tricky. My first two attempts resulted in holes not quite normal to the surface of the hex flat. I could only use roll or taper pins to secure the shaft. Luckily I bought 2x shafts just in case. I also had to drill 4 additional 8mm holes in the 2x satellite dish motor mounts to make holes for level mounting instead of at a tilt. The VRST guys got lucky with their sat motor mounts having a long slot. The diameter of easily available PVC is slightly to small for the dish mounting clamp. This is remedied like the motor shafts by wrapping wide masking tape to size and optionally epoxy coatingsanding it. The dish motors used in the VSRT project were Stab HH90. These have come down in cost since the VSRT memos were written and are still widely available. In order to control these motors a system to send DISEqC 1.2 commands is needed. The first option would be to faithfully replicate the VSRT implementation. They do it in a rather roundabout way but at least it is tested and known to work with their software. Unfortunately the specific hardware used has become rare, is mostly shipped from overseas, or is expensive. My chosen method of HH90 motor control is a single DVB-S card under linux with DVB API 5.x w my modified tune-s2 and optionally xdipo. This can be combined with a DiSEqC switch to scale to control of multiple motors relatively cheaply. I do sun alt-az position calculation by using a small pysolar python script. I have not yet completed the scripts to turn alt-az positions of the sun at my location into motor step commands. Hopefully I can use some of the USAL fuctions in tune-s2 for that. Both require PVC pipe, tools like drills, 8mm drill bits and smaller sub-drill bit, hand saws, files, and potentially a welder (though liberal J-B Weld would probably work). Diseqc switches problems and solutions. It turns out that xdipo alone cannot deal with motors behind Diseqc switches. This means it can only control one Diseqc motor at once. Controlling two would require 2x Skystar 2 pci cards. Luckily there are other options. CrazyCats tune-s2 supports Diseqc switches and addressing. It normally only provides for motor commands using the USAL system which isnt too helpful. But I was able to modify the code to support manual motor position commands while retaining the switch support. xdipo could still be used in theory by calling tune-s2 to set the Diseqc switch to the appropriate portmotor and then calling xdipo as normal. But it is easier to just use the modified tune-s2 for everything. This gutted version of tune-s2 for manual motor commands is available at: The functions I added are basically just look up arrays with Diseqc bus commands for different steps in the clockwise or counter-clockwise directions. In Diseqc the packets have 4 sections. Check out the Diseqc Bus Functional Specification (pdf) for a better explanation with more detail. The first, Framing byte represent if the command is from the receiver or diseqc device and wether it needs a reply. For my table these are all just EO which means its a packet from the receiver with no response required. Most commands are EO but it goes up to E7. The second, Address specifies which types of Diseqc devices should listen (ex: LNB, switch, motor, polarizer). For motors this is 32 The third is Command. This is a huge list of values of which only 68 and 69 are relevant. They are Drive Motor East and Drive Motor West respectively. The Command byte is only relevant to their specific devices specified via the Address byte. The remaining bytes of the packet are Data and how theyre interpreted depends on the Command bytes specifying a specific type of command. For motor movement there are three options. 00 makes the motor turn until a Diseqc stop command is sent. The second mode is positive values for the bytes, 01 to 7F. They represent an amount of time to turn the motor. Or by specifying negative byte values 80 to FF the motor is rotated a number of steps. This last is best and detailed in the Positioner Application Note (pdf) with an excerpt below, The number of steps to make is given by the additional count needed to make the parameter byte reach zero (or overflow to zero if the byte is considered as unsigned). Thus the byte FF (hexadecimal) requests only one step, FE two steps, and for example F9 requests 7 steps. With my motors each step corresponds to about 0.1 deg. Using this information I made up a table of Diseqc packets for each rotation direction. For addressing specific ports of the Diseqc switch tune-s2s normal functions are used. They are called before the motor position commands are sent. Usage of the modified tune-s2 is pretty simple. The only differences are two new cli switches and not needing to give it tuning parameters. They each take any value from 0 to 10 like, This would cause the satellite dish motor on port 1 of the Diseqc switch to step 1 position counter-clockwise. To send the same command of stepping 1 position counter-clockwise to the other motor, The stepping argument values 0 through 10 are mapped on a fairly arbitrary set of actual steps. This results from just doing array index look ups in the above packet tables, Calculating solar position and using that to decide how many steps to step per axis Figuring out where the sun is in the sky in terms of an alt-az format is made simple by pysolar. Figuring out how to turn that position into sequences of steps on the motors is much, much harder. These values are relative to the pysolar reference frame which is given by their diagram, My setup is pointed directly south. So for this example time that means I need to calculate the number of steps required to turn the (top) altitude motor 41.5 up from level and the (bottom) azimuth motor 35.8 degrees to the left (east). Decoding Pager Data with multimon andor gnu radio receivers The hardest part of this is figuring out what kind of pager system you have. I spent a long time trying to decode the local FLEX pager system with decoders that did not support it. Written by Thomas Sailer, HB9JNXAE4WA, multimon (multimon. tar. bz2 ) supports decoding a large number of pager modulations. FLEX is not one of them. Scroll down for FLEX . On June 29th 2012 dekar told me about his updated fork of multimon, multimonNG. with better error correction and more modulations supported. As of right this instant those on 64bit linux should just use the existing makefile and not qmake or qt-creator to compile it. For the windows users (or anyone wanting more info) theres a precompiled version and blog post. Make sure to disable all the demodulators you dont need. I think especially ZVEI is quite spammy. This and this is what pocsag sounds like if youre wondering. When I originally started playing and wrote this there were only a couple options for rtlsdr receivers to use with the multimon decoder. I used patchvonbrauns multimode to save. wavs and dekars pager example GRC I modified for OsmoSDR sources linked below for raw, real time decoding. Lately (as of late 201213) a large number of receivers have been released that dont depend on GNU Radio. rtlfm is one and theres an example usage below. real time decoding rtlfm real time decoding wdekars pagerfifo Dekar s multimonNG. a fork with improved error correction, more supported modes, and nixosxwindows support. In the screenshots below the signal is not pocsag. I thought it might be zwei but now Im not so sure its even pager data. Test samples of pocsag that Dekar links on his blog decode just fine. pagerfifoweb. grc In order to decode the pager data in real time you should use a first-in first-out file (fifo). Dekars pagerfifo is designed to do that but youll need to set the correct file paths for the File Sink yourself. In the copy downloadable here the File Sinks path is set to tmppagerfifo. raw. You should be able to run it without editing once youve made that fifo. Make sure to start multimon reading the fifo before you begin GRC and execute the receiver. In my personal copy of dekars pagerfifo the file and audio sinks are enabled while the waterfall, wav, and other sinks are disabled. To enable the disabled (grey) block select them and press e (d to disable). The audio sink is set to pulseaudio (pulse). FLEX Pagers Unfortunately it turned out my local pagers were all using FLEX. and so not supported by any of the above software. But the procedures might still be useful for someone. Decoding FLEX can be done with the software PDW, but it is windows only. In GNU Radio there is additionally gr-pager. which is supposed to support flex, but many implementation scripts for it are GNU Radio 3.6.5 or older and getting stuff to work with 3.7 requires namespace changes. mothrans flexhackrf is one of these. Since the rtlsdr receivers can but shouldnt do 3.125 MSs, like flexhackrf of uhdflux, what they use natively for the bandwidth, and so decimation, and pretty much everything else have to be re-written too. Ive attempted to start this and you can see a copy here . A couple days after I wrote the above paragraph zarya came on rtlsdr on freenode and mentioned his rtlsdr supprting FLEX decoder written months before. It is easy to use and works great This script runs at a 250 KSs sample rate and decodes 12.5 KHz channel only. Internally it uses gnuradios optfir to generate low pass taps that wide to use witih a frequency xlating FIR filter. It then passes that to gr-pagers flexdemod. later . argilo (Clayton Smith) has also put together an osmosdr source based gr. pager flex decoder for his GNU Radio tutorial series. The below output is heavily censored and edited to avoid disclosing or reproducing sensitive information but it gives you an idea of the type of messages. I tried for over a year before successfully decoding local pager signals. Now that I have I think it is a bad idea. There is far much too much private information in cleartext. I dont plan to try again. (old) gqrx install notes When I wrote this up the original version by csete didnt support the hardware yet but mathis, phirsch, Hoernchen, and perhaps others Ive missed from rtlsdr on freenode had added librtlsdr support to gqrx their repos are still listed by commented out. These days csete has added in rtlsdr support so you can use his original repository. Use with Ubuntu 10.04 and distros with old Qt lt 4.7 You will almost certainly not get this error. But, someone might, so Im leaving it here to be indexed. If youre like me and run an older distribution then your Qt libraries will be out of date and lack a function required for generating the name of the files to be saved when recording. Initially I thought it was a qtcreator thing so I tried to get more information by doing it manually, qmake make g - c - pipe - O2 - Iusrlocalincludegnuradio - Iusrlocalinclude - Iusrlocalinclude - Iusrlocalincludegnuradio - DREENTRANT - DREENTRANT - Iusrincludelibusb-1.0 - Wall - W - DREENTRANT - DQTNODEBUG - DQTNODEBUGOUTPUT - DVERSION0.0 - DQTNODEBUG - DQTGUILIB - DQTCORELIB - DQTSHARED - Iusrshareqt4mkspecslinux-g - I. - Iusrincludeqt4QtCore - Iusrincludeqt4QtGui - Iusrincludeqt4 - I. - I. - o dockaudio. o qtguidockaudio. cpp qtguidockaudio. cpp: In member function void DockAudio::onaudioRecButtonclicked(bool): qtguidockaudio. cpp:100: error: currentDateTimeUtc is not a member of QDateTime make: dockaudio. o Error 1 To get it to compile on these systems youll have to do the below. (edit: This little change is now added into phirschs .) Ubuntu 10.04 has old Qt libs and gqrx uses a function call not in them. So, while I was waiting for Qt 4.74 to compile I decided to try a hack. I removed that function call with a static string of text. edit I later found comparable functions for Qt 4.6 and older. If you are using qtcreator like the docs suggest you can double click on the error and go to the line. If not, it was in. Sourcesqtguidockaudio. cpp replace, With something like this. And itll compile and run correctly on my specific machine. Compiling LTE Cell Scanner and LTE Tracker on Ubuntu 10.04 Before starting make sure to have a fortran compiler, FFTW, BLAS, and LAPACK libraries installed from the repositories. If youre using 12.04 just follow the instructions on the github page and everything is trivial. For 10.04 (lucid) users the the initial hurdle is cmake. LTE Cell Scanner requires cmake 2.8.8 and Ubuntu 10.04 only has 2.8 the finding of BLAS and LAPACK libraries will fail like, Until you open CMakeList. txt and change the version number on first line to 2.8.0. After fixing that the BLAS and LAPACK issues come in, You can see my installation notes before I figured it out. To fix it I searched for people complaining of similar problems on other projects and then replaced my system files with theirs, FindBLAS. cmake . LAPACK will also fail this way. I used this arbitray cmake file, code. googlepqmcpacksourcebrowsetrunkCMakeFindLapack. cmaker5383. And this is a local backup in case that disappears. After fixing the cmake issues compile and install the latest IT (ITPP 4.2). Make sure to completely remove the old ITPP 4.0.7 libraries from the Ubuntu repository. When LTE Cell scanner compiles you can go back and restore the. bak cmake files. The rate of scan is about 0.1 Mhz per 10 seconds. Both positive and negative frequency offsets happen, but rarely in the same dongle. LTE Tracker I havent used as much yet (recently released ) but it is included in the github repository cloned initially and should be compiled as well if you did the above. Check out the authors site for videos of its use since an ascii paste of the ncurses like interface wouldnt tell you much. لكن. the start looks like this, Slightly altered GNU Radio Companion flowcharts The GUI stuff in Gnu Radio was rather an afterthought. Nobody really expected that youd use it to build actual applications, but rather just use it as a way of making test jigs for your signal flows. This section is my notes on how I made basic examples work, and how I edited those examples in very simple and often broken ways. Also, since gqrx, multimode, and other intergrated receivers came out I dont see any need to update these as things change. Most of this is very old. While there are links to the originals in the summaries, these descriptions are of the versions modified by me usually just sample rate and GUI stuff. While the sample rate or tuner width I set may be some large number, itll become obvious what the limits of each other as you scan about and see the signal folding or mirroring. Using sample rates above 2.4 MSs with rtlsdr is not recommended. It does create aliases all over. If youre using GNU Radio 3.7 dont even bother trying with any. grc files hosted here. FM: patchvonbrauns simple (stereo) fm receiver - harder setup, best reception, best sound, 2.048 MSs, -600Khz fine tune lindis fm receiver easy setup, good reception, good sound, 3.2 MSs, -600Khz fine tune superkuhs offset fm receiver - easy setup, okay reception, okay sound, 2.8 MSs, -900Khz tune, -50Khz fine. 2h20s beginner fm (mono) receiver - easy to understand, easy setup, okay sound, 2.8 MSs, no fine tune SSB: OZ9AECs SSB Receiver - SSB rx and record to disk, seperate playback script. 1 MSs, -1k fine tune. If it comes with a python file, try that first before generating one from the GRC file. When tuning, make sure to hit enter again if it doesnt work the first time or tunes to the wrong frequency. Always hit autoscale to start, and for FFT displays try using the average settings. I have set all audio sinks to pulse (pulseaudio) instead of say, hw:0,0 (ALSA). You might have to change that. To get a list of hardwareuse aplay - l. Thatll show the various cards and devices. Use the format, hw:X, Y where hw:CARDX, DEVY. Some flowcharts have variables for it, others put it directly in the Audio Sink element. If you hear something interesting you can try comparing it to indentified samples from kb9ukddigital or hfradio. org. ukhtmldigitalmodes. html. or the windows program, Signals Analyzer. Check radioreference or wireless2.fcc. govUlsAppUlsSearchsearchAdvanced. jsp to see whats in the USA area at a given frequency. Multiple Dongles There are two ways to specify the use of multiple dongles. The first, correct, way is to set the Num Channels in the OsmoSDR Source block to 2 and then specify the device IDs in Device Arguments like, rtl0 rtl1. Each specified device is seperate with a space from the previous one. The not so correct but still working way is to use multiple OsmoSDR Source blocks with Num Channels set to 1 and each with its respective Device Arguments field set to rtl0 or rtl1, or so on. The OsmoSDR Source block has extensive help files at the bottom of its properties if you scroll down. To enable a block, select it and press e. To disable a block select it and press d. When disabled blocks will appear darker gray. If you open a. grc file and it looks like there are blocks missing (red error highlights and no connections between them) then it is likely the name of the block changed during some GNU Radio update. If your install is more than a month or two old this often happens. Update GNU Radio. Its easier to type in 1e6 than 1000000 so use scientific notation when you can in variable fields. If you double click on an element in a flowchart it usually includes a helpful Documentation: of most the variables to be set at the bottom. The GUI element grid position is a set of two pairs of numbers: y, x,a, b where the first pair y, x, is position (y row, x column) and a, b is the span of the box. If you enter a Grid Position and it overlaps with another element itll turn red and report the error and where the origin is of the element it overlaps with. The tab effect is done with notebooks. For RTL2832 Source the minimum sample rate is 800KSs, its gr-baz() and generally not updated. Use OsmoSDR source. Its under OsmoSDR, not Sources on the right panel). It has a 1MSs minimum sample rate. Its not recommended to use sample rates above 2.4M. In older versions of gr-osmosdr and rtl-sdr I think automagic gain control (AGC) was on all the time so you didnt have to set the gain explicitly in the source in GRC. New versions require that and also require setting the chan 0. freq to something. The dongles seem to have noise at their 0Hz center frequency so the best performance is from selecting a band 100-200Khz offset from the center (depending on signal type). patchvonbrauns simplefmrcv is a great example of that. patchvonbrauns simplefmrcv (this summary is outdated) The best sounding software Ive found for listening to FM is patchvonbrauns Simple FM (Stereo) Receiver. I dont think it is very simple it includes many advanced FM specific features like extraction of the 19k (pilot) tone next to some commercial FM broadcasts. It used to do RDS, I hear, and older versions checked into CGRAN still have it, but it is removed for simplicitly in this version. lindis FM receiver Original: lindi. iki. filindignuradiortl2832-cfile-lindi-fm. grc. this was an example posted to rtlsdr by lindi. It used a file source which was decoded to wav and saved to disk. Seen in the screenshot above. Modified: superkuhrtl2832-cfile-lindi-fmedit. grc. had a frontend GUI and an increased sample rate. Right now the rate of the audio files saved out is. not very useful. But it sounds fine. Seen below. 3.2 MSs field of view, tune -900Khz 2h20s simple fm receiver 2.8 MSs field of view, no fine tuning. 2h20 made available. with thorough explaination, a bare bones FM (mono) receiver to learn how to use GNU Radio. This was the first one I managed to get to work. Because the original h202s uses the RTL2832 Source and not the OsmoSDR Source you might experience tuner crashes if you scan too quickly. Make sure to unreplug in the dongle after these. Its best just to enter the frequency as a number. Be aware this section of this page was written many months ago when rtl-sdr was different and I had little idea of what I was doing. xzero has since manually added signal seeking to this example . My edit of 2h20s simple receiver does not add much, but I did replace the RTL2832 source with an OsmoSDR source to avoid tuner crashes. I also increased the sample rate to 2.8MSs (to see more spectrum) and then increased the decimation in the filter from 4 to 8 to compensate so everything still decodessounds right. I also remove the superfluous throttle block. my offset tuning recording example 2.8 MSs field of view, -900Khz tuning, -50Khz fine. This takes parts from a bunch of the other example receivers and repurposes them in presumably incorrect but seemingly working ways. It is a basic example of how to offset the tuner 200khz away from the center to avoid the noise there. I started with 2h20s simple tuners GUI framework and removed almost all of the content. I copied, with inaccurate trial and error changes of sample rate and filter offset, sections of the offset tuning and other advanced bits from simplefmrcv and wfmrx. grc. The tuner is tuned 200Khz. The freqxlating filter is tuned 200Khz. The the bandpass filter is specified in a variable, The net result is that the frequency of interest comes out of the tuner 200Khz below DC, and the freqxlater lifts it up by 200Khz, and then its bandpassed. I also blindly copied the RF power display, a toggle for saving the audio files out to disk, and a -900khz tuning slider from other receivers. I added a second fine tune -50Khz. This is done by setting the frequency of the Xlating FIR filter to, where freqoffset is the frequency offset from center (200Khz in this case), fine is the ID of a wx gui slider for regular tuning, and finer is the same for fine tuning. In order for the frequency display to show the proper value it was correspondingly set to a variable ID curfreq, I also made the current frequency display a editable text field so you can tune, copy, and paste. There are good examples of how notebook positioning works and includes simple scripting examples for the file field. This flowchart is simple enough to learn from but includes many elements pulled out of the very complex simplefmrcv from patchvonbraun. Without his explanation of the offset process I wouldnt have figured it out. All blocks are layed out by type and GUI elements in the same order as they appear when run. This should help you figure out Grid and Notebook positioning. The sound is only okay. I think the signal is being clipped off at the edges a little bit. I am not sure if it is required to install patchvonbrauns simplefmrcv to use this, I do use some of his custom filter stuff. Use the Waterfall for scanning through channels. Once located, look at the offset from 0 on the bottom display. Use that to set the tuning (and fine) slider and wiggle it till you get the signal crossing the band in the Second Filter top display. Switch to FFT view and look at the bottom First Filter display, use tuning and fine tuning to center the peak on the First Filter display. Or the other way around. Its personal preference. Ignore the noise you see at higher frequencies (900Mhz) at 0.2Mhz baseband. Although sometimes it gets folded in depending on tuning. SSB Receiver and data Recorder Created by Alexandru Csete OZ9AEC the notes say, Simple SSB receiver prototype. This comes from the GNU Radio GRC examples repository over at githubcsetegnuradio-grc-examplestreemasterreceiver I changed the way it saves samples for the sister decoder program by adding automatic generation of file names and an onoff tickbox toggle for recording. You might want to change the default directory by editing the variable prefix. The key was in the File Sink file field. I also changed the GUI so it was easier to find signals. Use the saved. bin files with ssbrxplay to hear. Jumping around in frequency is a lot smoother when reading from disk instead of the dongle. How to use rtlsdr and hackrf on a fresh odroid-u3 with ubuntu Related Pages Page Sections Type, sayYour message here. after the end of any URL on my site and hit enter to leave a comment. You can view them here. An example would be, superkuhrtlsdr. htmlsayThis is a comment.
No comments:
Post a Comment