In the first part
, some signals were described that can be received on long and short waves. No less interesting is the VHF range, where you can also find something interesting.
As in the first part, those signals that can be decoded using a computer will be considered. Who cares how it works, continued under the cut.
In the first part, we used the Dutch online receiver
to receive long and short waves. Unfortunately, there are no similar services on VHF - the frequency range is too large. Therefore, those who wish to repeat the experiments described below will have to acquire their own receiver. Of the cheapest ones, RTL SDR V3
, which can be purchased for $ 30. Such a receiver covers the range up to 1.7 GHz, all the signals described below were received on it.
So let's get started. As in the first part, the signals will be considered in increasing frequency.
FM radio itself is unlikely to surprise anyone, but we will be interested in RDS in it. The presence of RDS (Radio Data System) provides the transmission of digital data “inside” the FM signal. The spectrum of the FM station after demodulation looks like this:
The pilot-tone is located at 19KHz, and the RDS signal is transmitted at its tripled frequency 57KHz. On the waveform, if you output both signals together, it looks like this:
With the help of phase modulation, a low-frequency signal with a frequency of 1187.5 Hz is encoded here (by the way, the frequency of 1187.5 Hz is also not chosen by chance - it is the frequency of the 19 KHz pilot tone divided by 16). Further, after bit-by-bit decoding, data packets are decrypted, there are quite a few types - in addition to text, alternative broadcasting frequencies of a radio station can be transmitted, for example, and when entering another area, the receiver can automatically tune into a new frequency.
You can receive local station RDS data using the RDS Spy
program. It can be connected via HDSDR if you select FM modulation, a signal width of 120 kHz and a bitrate of 192 kHz, as shown in the figure.
Then it is enough to redirect the signal using Virtual Audio Cable from HDSDR to RDS Spy (in the VAC settings, you also need to specify the 192 kHz bitrate). If everything was done correctly, we will see all the information about RDS, much more than an ordinary household radio will show:
In addition to FM, by the way, you can also decode DAB +, this was a separate article
. In Russia, it does not work yet, but in other countries it may be relevant.
Historically, aviation has used amplitude modulation (AM) and a frequency range of 118-137 MHz. Negotiations between pilots and controllers are not encrypted, and anyone can accept them. About 20 years ago, for this purpose, ordinary cheap Chinese radio receivers were “tugging” - it was enough to push the heterodyne coils apart, and the band shifted, if they were lucky, towards higher frequencies. Those interested in “digital archeology” can read the discussion of on the radioscanner forum
for 2004.Later, the Chinese manufacturers met the users, and simply added the Air band to the receivers (in the comments to the first part, they recommended Tecsun PL-660 or PL-680). But of course, the use of more specialized devices (for example, AOR, Icom receivers) is more preferable - they have a noise (the sound is turned off when there is no signal and there is no constant hissing) and a higher frequency-sweep speed.
Each large airport uses quite a lot of frequencies, here for example, the frequencies of Pulkovo airport, taken from the site radioscanner:
By the way, you can listen to the broadcast of the negotiations from different Russian cities (Moscow, St. Petersburg, Chelyabinsk and some others) online at http://live.radioscanner.net
The digital protocol ACARS
(Aircraft Communications Addressing and Reporting System) is of interest to us in the airline range. Its signals are transmitted at frequencies of 131.525 and 131.725 MHz (European standard, frequencies in different regions may differ
). These are digital parcels with a bit rate of 2400 or 1200bps, with the help of such a system, pilots can exchange messages with the dispatcher. To decode in MultiPSK, you need to tune to the signal in AM mode (you need an SDR receiver, because the signal bandwidth is more than 5KHz) and redirect the sound using the Virtual Audio Card.
The result is shown in the screenshot.
The format of ACARS signals is fairly simple, and can be viewed in the SA Free program. To do this, just open a fragment of the recording, and we will see that in the “inside” AM recording there is actually frequency modulation.
Next, by applying a frequency detector to the recording, we easily get a bitstream. In real life, you hardly have to do it, because ready programs for decoding ACARS have long been written.
NOAA meteorological satellite
After listening to the talks of the aviators, you can climb even higher - into space. In which we are interested in meteorological satellites NOAA 15
, NOAA 18
and NOAA 19
, transmitting images of the Earth's surface at 137.620 , 137.9125 and 137.100 MHz. You can decode the signal using the WXtoImg
The received picture may look something like this (photo from radioscanner):
Unfortunately (the laws of physics cannot be fooled, and the Earth is still round, although not everyone believes in it), a satellite signal can be received only when it flies over us, and not always these spans have convenient time and angle above the horizon. Previously, to find out the date and time of the next flight, it was required to install the program Orbitron
(a long-lived program that already exists since 2001), now it’s easier to do online the links https://www.n2yo.com/passes/?s=25338
The satellite signal is quite loud, and can be heard on almost any antenna and on any receiver. But in order to take a picture in good quality, a special antenna and a good view of the horizon is still desirable. Those interested can watch English tutorial on youtube
or read detailed description
. Personally, I still didn’t have the patience to complete it, but others may have better luck.
FLEX/POCSAG Paging Messages
Does the paging service still work for corporate clients in Russia, I don’t know, in Europe it functions perfectly, it is used by firefighters, police and various services.
You can receive FLEX and POCSAG signals using HDSDR and Virtual Audio Cable, using PDW
for decoding. It was written already in 2004, and the interface has a corresponding, but oddly enough, it still works quite well.
There is also a multimon-ng decoder that runs under Linux, its sources are available on github
. There was also a separate article about the POCSAG transmission protocol, those who wish can read it in more detail
Even higher in frequency, at 433 MHz, there is a whole variety of different devices - wireless switches and sockets, door bells, car tire pressure sensors, etc.
These are often cheap Chinese devices with the simplest modulation. There is no encryption, and a simple binary code (OOK - on-off keying) is used. The decoding of such signals was discussed in a separate article
. We can use the ready-made rtl_433 decoder, which can be downloaded from here
By running the program, you can see various devices, and (if there is a parking lot nearby) find out for example the pressure in the tires of a neighboring car. There is little practical sense in this, but from a purely mathematical point of view, it is quite interesting - the protocols of these signals are simple to decode.
By the way, those who buy such wireless switches should be aware that they are not protected at all, and theoretically your hacker neighbor, if you have a HackRF or similar device, can maliciously turn off the toilet light at the most inopportune moment or do something similar. Personally, I don’t bother, but if the security issue is relevant, you can use more serious and expensive devices with full-fledged keys and authentication (Z-Wave, Philips Hue, etc.).
(Terrestrial Trunked Radio) is a professional system of corporate radio communication with sufficiently large capabilities (group calls, encryption, connection of several networks and etc). And its signals, if they are not encrypted, can also be received using a computer and an SDR receiver.
The TETRA decoder for Linux existed quite a while
, but its configuration was far from trivial, and about a year ago the Russian programmer created plugin for receiving TETRA
for SDR #. Now this task is solved almost literally in two clicks, the program allows you to display information about the system, listen to voice messages, collect statistics, etc.
The plugin does not implement all the features of the standard, but the main functions more or less work.
According to Wikipedia, Tetra can be used in ambulance, police, on railway transport, etc.I do not know about its distribution in Russia (like the Tetra network was used at FM2018, but this is not accurate), those who wish can check it out for themselves - the Tetra signals are easily recognizable, and have a width of 25KHz, as can be seen in the screenshot.
Of course, if encryption is enabled on the network (there is such a possibility in Tetra), the plug-in will not work - instead of speech there will be only “gurgling”.
Let us go even higher in frequency, at 1.09 GHz, signals from aircraft transponders are transmitted, which allows sites like FlightRadar24 to show flying aircraft. This protocol has already been understood before, so I will not repeat here (the article turned out to be a big one), those who wish can read the first one
and the second
As you can see, even with a $ 30 receiver you can find a lot of interesting things on the air. I am sure that far from everything is listed here, and I probably missed something or do not know. Those who wish can try it out on their own - this is a good way to get a better understanding of how a particular system works.
I did not consider amateur radio communication, although it also exists on VHF, but the article is still about service communication.
PS: Especially for kulkhackers
it can be noted that nothing really secret has been broadcast in the open air for about 50 years, so from" this "point of view, it’s not worth spending time and money. But from the point of view of studying the principles of communication and various engineering systems, familiarization with the real work of real networks is quite interesting and informative.