Foxhunting with a $20 SDR TV Dongle

Foxhunting with a $20
SDR TV Dongle
Ben, KC9UNS
LCARC Meeting - 9/11/2015
Tooting my own horn
●
●
●
●
●
Destroying electronics since the age of 4
Licensed ARO since 2011
Produced Podcasts from 2007-2011
Worked as a Sound Engineer for over 12 years
Open thinker and a general pain in the (CENSORED)
since 1983
What is Foxhunting?
The sport of hunting a fox across country with a pack of
hounds by a group of people on foot and horseback
Transmitter hunting (also known as T-hunting, fox
hunting, bunny hunting, and bunny chasing), is an
activity wherein participants use radio direction finding
techniques to locate one or more radio transmitters
hidden within a designated search area.
Why Foxhunts?
According to the FCC we must police our airwaves.
Find human interference like Jammers or unlicensed
transmissions.
Hunt electronic interference that cause band noises.
Practice for real events, such as finding downed aircraft
via ELT and lost or injured parties with radios.
Wildlife Tracking such as Avian, Bear, Beaver, Deer,
Turtles, and Fish.
Why Foxhunts?
TO HAVE FUN!!!
FCC Van
Resources
(Equipment)
•MDDF (Mobile Digital
Direction Finding)
•Remote Direction Finding
and Monitoring Equipment
•Spectrum Analyzers
•Field Strength Meters
•RF Radiation Survey
Equipment
Traditional Tools for Foxhunting
Mobile and or Handheld Radio
Traditional Tools for Foxhunting
Amplified Field Strength Meter
A measuring device which measures the signal
strength caused by a transmitter
Traditional Tools for Foxhunting
Attenuator
● Used to reduce the strength of the received
signal.
● Allow you to use a very high-gain antenna, even
at close ranges.
● Not strictly necessary, but add versatility.
● Many types are available, but they usually aren’t
cheap; check eBay.
● Old-fashioned variable attenuator: rotate your
antenna.
Traditional Tools for Foxhunting
Sniffers
Traditional Tools for Foxhunting
Doppler systems such as the Radio Direction
Finder DF2020T
Traditional Tools for Foxhunting
Yagi antenna or rubber duck
Antenna Selection
Aperture Versus Gain
As a rule, the more sensitive the antenna, the
more focused (directional) its reception pattern.
Too much gain can be a bad thing.
High gain requires accurate pointing.
Unless you can attenuate your gain, you lose
range discrimination when you’re close to an
emitter.
Omnidirectional Antenna Pattern
● Typically have a
toroidal radiation
pattern.
● Gain varies inversely
with z-axis
directionality.
● For foxhunting, high
gain is good.
● Provides greater
detection distance.
● Allows some degree of
attenuation by varying
orientation.
Directional Antenna Pattern
●
●
●
Yagi: High gain, narrow
aperture, narrow bandwidth.
Moxon: The design is
rectangular, with roughly half
the rectangle being the
driven element and the other
half being the reflector. It
can be thought of as a Yagi
antenna with bent elements
and without directors.
Choose your antenna based
on performance and form
factor.
Directional Antenna Pattern
Beware of back lobes
and side lobes when
hunting.
What do you use for the fox?
The fox can be a manned or automated
station.
Manned stations typically only transmit on
request, or maybe a particular time and
length.
Automated stations may have a continuous
carrier or timer based.
The Transmitter
Byonics Picon hidden transmitter
The Transmitter
Micro Fox transmitter
The Transmitter
Fox box transmitter
The Transmitter
PiFox transmitter
General Rules
Transmissions
Depending on group, the use of voice or CW are used. Most voice transmissions are a minimum of 60 sec every
3 min. The audio may be pre recorded but the use of sound effects is prohibited per FCC rules.
FCC Compliant Transmissions
The Fox must clearly identify by calling one of the Hunters. This makes the transmission legal and fully compliant
with FCC rules.
Forbidden Hiding Spots
If a spot cannot be reached without trespassing or crossing a barrier designed to keep people out, it should not
be used. If it is customary to pay for admission in or out of an area, it should not be used. Areas requiring
entrance to a building that are engaged in business or who would not permit such activity, should not be used.
Any area that may be adversely involve the general public or give the appearance of a security risk, should not
be used.
Notification
Its a good idea to notify the Police Department in each town that the hunt might be in, should one's presence in
the hunt area may draw ‘suspicious persons’ calls.
Let’s Talk SDR
Multiple Definitions
Let’s Talk SDR
What is SDR?
SDR defines a collection of hardware and software technologies where some
or all of the radio’s operating functions (also referred to as physical layer
processing) are implemented through modifiable software or firmware operating
on programmable processing technologies.
These devices include field programmable gate arrays (FPGA), digital signal
processors (DSP), general purpose processors (GPP), programmable System
on Chip (SoC) or other application specific programmable processors.
The use of these technologies allows new wireless features and capabilities to
be added to existing radio systems without requiring new hardware.
Let’s Talk SDR
What is RTL-SDR?
RTL-SDR is a very cheap software defined radio that uses a DVB-T TV tuner
dongle based on the RTL2832U chipset. With the combined efforts of a few people
it was found that the signal I/Q data(Imaginary and Quotient) could be accessed
directly, which allowed the DVB-T TV tuner to be converted into a wideband
software defined radio via a new software driver.
Essentially, this means that a cheap $20 TV tuner USB dongle with the RTL2832U
chip can be used as a computer based radio scanner. That means you can use a
computer (with Windows, Mac, or Linux) to tune into: FM Radio, AM signals (but not
AM radio), CW (morse code!), unencrypted radio signals (such as those used by
many police and fire departments), POCSAG pagers, and more. This sort of
scanner capability would have cost hundreds or even thousands of dollars just a
few years ago.
Let’s Talk SDR
And since then tens of thousands of hams, security researchers, hackers, makers,
tinkerers, students and electronics enthusiasts have purchased RTL-SDR dongles
to use as a very cheap software defined radio.
What Can you do with SDR?
Listening to unencrypted Police/Ambulance/Fire/EMS conversations.
Listening to aircraft traffic control conversations.
Tracking aircraft positions like a radar with ADS-B decoding.
Decoding aircraft ACARS short messages.
Scanning trunking radio conversations.
Decoding unencrypted digital voice transmissions.
Tracking maritime boat positions like a radar with AIS decoding.
Decoding POCSAG/FLEX pager traffic.
Scanning for cordless phones and baby monitors.
Tracking and receiving meteorological agency launched weather balloon data.
Tracking your own self launched high altitude balloon for payload recovery.
Receiving wireless temperature sensors and wireless power meter sensors.
Listening to VHF amateur radio.
Decoding ham radio APRS packets.
What Can you do with SDR?
Watching analogue broadcast TV.
Sniffing GSM signals.
Using rtl-sdr on your Android device as a portable radio scanner.
Receiving GPS signals and decoding them.
Using rtl-sdr as a spectrum analyzer.
Receiving NOAA weather satellite images.
Listening to satellites and the ISS.
Listening to unencrypted military communications.
Radio astronomy.
Monitoring meteor scatter.
Listening to FM radio, and decoding RDS information.
Listening to DAB broadcast radio.
Use rtl-sdr as a panadapter for your traditional hardware radio.
Decoding taxi mobile data terminal signals.
What Can you do with SDR?
Use rtl-sdr as a true random number generator.
Listening to amateur radio hams on SSB with LSB/USB modulation.
Decoding digital amateur radio ham communications such as CW/PSK/RTTY/SSTV.
Receiving HF weatherfax.
Receiving digital radio monodiale shortwave radio (DRM).
Listening to international shortwave radio.
Looking for RADAR signals like over the horizon (OTH) radar, and HAARP signals.
And Fox hunting
Why SDR for Foxhunting?
No need for all the hardware based tools such
as Strength meter, Attenuator, and Sniffers.
Helps locate your target in the RF spectrum
Can be used to track multiple emitters over
time.
Downside to SDR for Foxhunting
Information overload for simple foxhunting.
Become fluent in hardware and software
you’re using.
May be bulky
Tools used in SDR Foxhunts
Laptop/Tablet/Phone
Tools used in SDR Foxhunts
Software
SRD Software
SDR# (Windows) (sdrsharp.com)
SDR-Radio (Windows) (sdr-radio.com)
GNU Radio (Linux) (gnuradio.com)
GQRX Powered by GNU radio (Linux, Mac) (gqrx.dk)
RFAnalyzer (Android, $1.09 or Free)
(Google Play or tinyurl.com/rf-analyzer-app)
SDR Touch (Android, Trial/$9.99) (sdrtouch.com)
Tools used in SDR Foxhunts
SDR Dongle
What Dongle’s can I use?
There are several online places to buy SDR's.
Amazon: Nooelec is a company that knows their products and can provide
installation support should you need it. When buying from Amazon you also get
the extra Amazon buyers protection.
Ebay: Dongles are also available on Ebay. However, you must be careful when
buying on Ebay as sometimes sellers misrepresent their product. This is
especially the case with the E4000 tuner dongles. Some sellers advertise
E4000 dongles cheaply, when in fact they are actually R820T dongles.
What Dongle’s can I use?
The commonly bought R820T dongle comes in many packages. The most
common and fit for most purposes is the black dongle with MCX connector.
There is also the ‘nano’ package available now which is very tiny.
There are also these white dongles which have PAL (Belling-Lee)
connectors.
While they all have similar performance, I recommend the ones with the
MCX connectors such as the standard and nano packages. MCX
connectors have less insertion loss at GHz frequencies which is important
for applications like ADS-B. Note that it has also been reported that the
‘nano’ models get hotter causing greater frequency instability.
What Dongle’s can I use?
Tools used in SDR Foxhunts
USB extension cable or OTG Cable
with ferrites attached
Tools used in SDR Foxhunts
MCX to ? Adapter
Tools used in SDR Foxhunts
VHF or UHF Low noise amplifier
Tools used in SDR Foxhunts
Antenna
How to Foxhunt with SDR
Modulation
Modulation technique defines how the signal
will look on the spectrum
What am I hearing/Seeing?
http://www.sigidwiki.com/wiki/Signal_Identification_Guide
Software Plugin’s
SDR#
Signal Strength Logger
Level Meter
ScopeView
Audio FFT
Common RTL-SDR Problems
Power lines. A faulty power line which is arcing electricity can create huge amounts of
white noise which can drown out signals.
Find a reference frequency as the device heats or cools down, due to clock shift.
Switch mode power supplies.
Most electrical devices, such as monitors, TVs, appliances etc.
Ethernet cables. Unshielded Ethernet cables can output huge amounts of RFI.
Car alternators.
The dongle itself. You will see spikes at integer multiple of 28.8 MHz (e.g 28.8 MHz, 2
x 28.8, 3x28.8 and so on). These spikes come from the local oscillator used in the
dongle.
Universal Serial Bus (USB). USB typically uses a 48 MHz clock, and you may see
spikes at multiples of these frequencies.
Ethernet over power.
Dongle grounding design flaw.
Static
The Cheaper RTL's do NOT have static protection.
Wind generates static.
Rubbing things. Generates static.
Static protection is a must!
Open your Dongle and find out
Clocks
Cheaper SDR's have a lot of noise in them.
Keep the clock as cool as possible to negate drift. DO
USE a fan its the equivalent of putting a flashlight in
your face.
Choke them out and isolate noise sources.
Keep it cool - tinyurl.com/sdrcooling
Know your offset - National Weather Service
162.400, 162.425, 162.450, 162.475, 162.500, 162.525, 162.550
Police Checklist
Carry ID and Registration
Amateur Radio licence
Antenna structural redundancy
Dress code
Clean‐shaven
Hide Motorola XTS radios
Avoid turning around and trying to desperately
disconnect antennas
General Foxhunt Tips
Be aggressive! Make an active effort to seek your target.
Be aware of your environment, and take an organized
approach to your search area; don’t just wander randomly.
Keep a mental map of where you’ve been, and the observed
signal levels along the way, for mental triangulation.
Heads Up! Don't glue your nose to the screen, or you might
miss a chance to find your target based on secondary
indicators.
Basic Strategy of a Foxhunt
Tune your radios to the target emitter.
Walk a search pattern, watching the signal strength on a
PTD plot.
Use the omni to determine if you’re getting closer.
Use the directional, and your historical direction of travel, to
determine in which direction to continue.
If you start to peak your signal, add attenuation.
Don’t go too fast, because received power will fluctuate.
Look around: The emitter may become obvious once you
relate RF power to what you see in the environment.
The Fox Fun!
Spoofing Techniques
Use a lot of power, saturate the hunters receivers to confuse
hunters as to whether they are getting close or not.
Directional antennas – beam the power in a specific direction.
Use topography to mask signal from hunters or direct it in another
direction.
Add modulation to interfere with doppler and TDOA switching.
Don’t transmit continuously.
Use unexpected polarization or vary polarization
SDR and Fox hunting Resources
RTL-SDR.com
Install SDR# - Tinyurl.com/adafruit-sdr
hak5.org
Dangerousprototypes.com/category/sdr/
Reddit.com/r/rtlsdr/
SRO / CFAR Foxhunts - w9sro.org/foxhuntreports.html
Homingin.com
LNA Design - github.com/loxodes/rtl-sdr-lna
SDR Youtube Playlist - https://goo.gl/2YeCb1