Jan 172015

Followup article on yesterday’s workshop (where nothing worked basicly, I’m really sorry for this!)

If you have a USB DVB-T dongle which has as RTL2832U you can use this dongle to listen to multiple frequencies (not only DVB-T)! Those dongles can be bought on Ebay, Amazon, Aliexpress etc. Price range is around 10-20 Euro. Keywords for the search can be “RTL-SDR” or “RTL2832U”. The big difference is the shipping speed (the devices from China take around 4-5 weeks, the one’s from Germany some days).

For simplicity I will explain how to install the stuff as the root user and only root can use the dongle/software for the dongle. If you want other users to be able to use the dongle, you need to change the udev rules (see osmocom howto).

Let’s get started. Do not connect the dongle yet. Log into your Raspberry via SSH and do the following (as root, on Raspberian you might want to execute “sudo -s” to become root):

apt-get update
apt-get upgrade
apt-get install git cmake libusb-dev build-essential pkg-config libusb-1.0-0-dev
Now that your system is up to date and has the necessary build environment you can get rtl-sdr from the osmocom repository and build it (cd into a directory of your choice, in my example ~/rtlsdr):
cd ~rtlsdr
git clone git://git.osmocom.org/rtl-sdr.git
cd rtl-sdr/
mkdir build
cd build
cmake ../
make install

Now reboot the device (“reboot“). Once the device is back you can log in using SSH and you can connect the dongle. The Raspberian kernel might bring its own driver for the dongle, which we need to remove now. You can do this using this command:
rmmod dvb_usb_rtl28xxu
It will remove the driver until next reboot or until the dongle is re-attached. If you want to remove it permanently, you can add it to the modprobe blacklist using (my advice):
echo "blacklist dvb_usb_rtl28xxu" >> /etc/modprobe.d/blacklist.conf
In addition you *might* need to load the sound module (modprobe snd-bcm2835). I had to do it once, but it may be optional.

FM Radio
Now listen to FM Radio as a first test. Choose your favorite station by frequency (here 100.2mhz) and tune in using:
rtl_fm -f 100200000 -M wbfm -s 2200000 -r 48000 - | aplay -r 48k -f S16_LE
If you see multiple error messages containing “Underrun!” the sample rate is too high. In general 1-2 million seems fine for me. Try -s 1000000 and -s 2000000 or others until you find one that is fine for you. If the CPU load on your Pi is too high because you already use it for other stuff, you could also try to change the resample rate from 48000 to 44100 (in rtl_fm and aplay).

The next thing you could do is receive and decode airplane signals. As said, the project is open source and shows how to decode a signal, which I find very interesting. Commandline kung-fu:

cd ~/rtlsdr
git clone git://github.com/MalcolmRobb/dump1090.git
cd dump1090

You can now test dump1090 using “./dump1090 –interactive” or “./dump1090 –interactive –net” for the version with embedded webserver. If you enable the –net option you can open your browser at http://[ip_of_the_pi]:8080/ and watch the planes getting plotted on Google Maps. Here is a picture how it might look like:

As a last quick tool, I’d suggest multimon-ng which can decode various pager messages (yes, the old pagers from the 90s, but they are still in use).

cd ~/rtlsdr
apt-get install libpulse-dev
git clone https://github.com/EliasOenal/multimonNG.git
cd multimonNG
mkdir build
cd build
qmake ../multimon-ng.pro
sudo make install

According to POCSAG signal wiki the frequencies in use in Germany are 173, 466.075 and 465.970 mhz, which means that you can try listening to now using:
rtl_fm -f 466075000 -s 22050 | multimon-ng -t raw -a POCSAG512 -a POCSAG1200 -a POCSAG2400 -f alpha -

The best things I got so far is from the 460mhz range (address removed, hospital one’s removed, most are POCSAG1200):
Legal situation unclear. Removed.

UFSK1200 is generating a lot of noise, so I’d not use it. So, if you want to go extreme, try this (the bandwidth of the dongle should be able to catch both frequencies if you tune into the middle, here around 466mhz) :)
rtl_fm -f 466000000 -s 22050 | multimon-ng -t raw -a POCSAG512 -a POCSAG1200 -a POCSAG2400 -a EAS -a CLIPFSK -a FMSFSK -a AFSK1200 -a AFSK2400 -a AFSK2400_2 -a AFSK2400_3 -a HAPN4800 -a FSK9600 -a DTMF -a ZVEI1 -a ZVEI2 -a ZVEI3 -a DZVEI -a PZVEI -a EEA -a EIA -a CCIR -a MORSE_CW  -f alpha -

Correction / Wrong things I said during the workshop:
– You need libusb-1.0-0-dev NOT libusb
– The chip itself is RTL2832U, NOT RTL2838 (this is just the identification of my chip, but it seems that this is a common wrong identifier)
– The frequency for the airplane identification is NOT around 160mhz (there you’ll find voice communication from Frankfurt Airport). It is in fact close to 1090 mhz
– The Elonics 4000 (E4000) tuner has a range of 52 – 2200 MHz with a gap from 1100 MHz to 1250 MHz (varies) (these are expensive and rare)
– The R820T has a range of 24 – 1766 MHz (these are the most common)
– I have received pager messages now, but I had to leave it running during the night. They are quite rare.

Further reading / Links:
RTL-SDR: http://www.rtl-sdr.com/
Osmocom http://sdr.osmocom.org/trac/wiki/rtl-sdr
HackRF, the better RTL-SDR: https://greatscottgadgets.com/hackrf/
Signal Identification Wiki: http://www.sigidwiki.com/
Sample RTL dongle (one of the cheapest): http://www.aliexpress.com/item/Mini-USB-2-0-DVB-T-TV-DVD-Digital-TV-Stick-Receiver-Recorder-Tuner-Portable-Antenna/1710577884.html

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>