Flight tracking with RTL-SDR and Dump1090

One of the interesting uses for RTL Software Defined Radio is to set it up to track ADS-B  data sent from nearby aircraft, this information provides transponder information such as altitude, course, speed and the flight number.

To examine this data I am using a Linux utility called Dump1090, I compiled this from source using the current git HEAD at https://github.com/MalcolmRobb/dump1090, there are other repositories but I hear this is the best. To start on an Ubuntu or derivative, install build-essential and git;

apt-get install build-essential git

Then clone the repository into a folder somewhere:

git clone https://github.com/MalcolmRobb/dump1090

Enter the folder and compile the application:

cd dump1090
make

Now run the application with the following options:

./dump1090 --interactive --net

I was already running another server on dump1090’s default 8080 so I needed to specify an alternative port 10900

./dump1090 --interactive --net --net-http-port 10900

Now, open your browser and point to the address http://localhost:8080, replacing the 8080 with the alternative port chosen if you needed to.

dump1090_screenshot

The application will start finding nearby aircraft and plotting them on a Google map, you can select the planes  to look up their flight plan on web sites like flightaware and flightstats. I live near to Manchester International Airport so I could see a good few flights arriving and departing MAN that would show up as they leave and disappear as they left range somewhere off the coast of the Irish Sea.

RTL SDR frequency correction

Tuning the radio on an RTL SDR receiver, it’s very common to find the frequency read-out to be wildly inaccurate. To correct for this SDR applications request a PPM value which is unique to each RTL SDR USB dongle. To get your PPM value run the following command in the Linux CLI:

rtl_test -p

After several minutes you’ll have a read-out like the following:

Found 1 device(s):
0:  Realtek, RTL2838UHIDIR, SN: 00000001

Using device 0: Generic RTL2832U OEM
Found Rafael Micro R820T tuner
Supported gain values (29): 0.0 0.9 1.4 2.7 3.7 7.7 8.7 12.5 14.4 15.7 16.6 19.7 20.7 22.9 25.4 28.0 29.7 32.8 33.8 36.4 37.2 38.6 40.2 42.1 43.4 43.9 44.5 48.0 49.6
Sampling at 2048000 S/s.
Reporting PPM error measurement every 10 seconds...
Press ^C after a few minutes.
Reading samples in async mode...
lost at least 196 bytes
real sample rate: 2048184 current PPM: 90 cumulative PPM: 90
real sample rate: 2048151 current PPM: 74 cumulative PPM: 82
real sample rate: 2048198 current PPM: 97 cumulative PPM: 87
real sample rate: 2048152 current PPM: 74 cumulative PPM: 84
real sample rate: 2048186 current PPM: 91 cumulative PPM: 85
real sample rate: 2048166 current PPM: 82 cumulative PPM: 85
real sample rate: 2048161 current PPM: 79 cumulative PPM: 84
real sample rate: 2048189 current PPM: 93 cumulative PPM: 85
real sample rate: 2048170 current PPM: 83 cumulative PPM: 85
real sample rate: 2048165 current PPM: 81 cumulative PPM: 84
real sample rate: 2048188 current PPM: 92 cumulative PPM: 85
real sample rate: 2048162 current PPM: 80 cumulative PPM: 85
real sample rate: 2048180 current PPM: 88 cumulative PPM: 85
real sample rate: 2048174 current PPM: 85 cumulative PPM: 85
real sample rate: 2048161 current PPM: 79 cumulative PPM: 84
real sample rate: 2048182 current PPM: 89 cumulative PPM: 85
real sample rate: 2048183 current PPM: 90 cumulative PPM: 85
real sample rate: 2048153 current PPM: 75 cumulative PPM: 84
real sample rate: 2048179 current PPM: 88 cumulative PPM: 85
real sample rate: 2048184 current PPM: 90 cumulative PPM: 85
real sample rate: 2048165 current PPM: 81 cumulative PPM: 85
real sample rate: 2048178 current PPM: 87 cumulative PPM: 85
real sample rate: 2048177 current PPM: 87 cumulative PPM: 85
real sample rate: 2048166 current PPM: 81 cumulative PPM: 85
real sample rate: 2048195 current PPM: 95 cumulative PPM: 85

As you can see. the value averages out over time to give a stable reading. My USB dongle is off by 85 PPM so I’ll enter this to correct my frequency reading.

However I found afterwards that this still leaves me slightly off the mark, so using a graphical SDR application such as GQRX, tune to a known frequency then fine-tune the PPM value until the signal meets the tuning line in the middle. Typically I find mine is ~73 PPM using this method, this can vary by ~1-2 PPM but it’s enough to hit signals when tuned to the right frequency.

For a known frequency I suggest finding a local repeater, preferably on 70cm to 23cm for highest precision, but one that is most active is best. You might also use APRS which is always 144.8MHz in Europe, different frequencies in other regions but it’s reliable. Both these choices are NFM so you should hit them exactly in the centre of the broadcast when tuned correctly.
sm313 on YouTube tried using GSM mobile frequencies, this is a good choice because it’s a high frequency so has good precision and is constantly broadcasting, but you need to know what you’re looking for in a very wide-band signal so might not be that straight-forward.

If you have other suggestions please leave advice in the comments.

RossLUG Talk: Radio on Linux

This is a copy of the talk I gave to the Rossendale Linux User Group on Monday 28th October 2013, the topic is “Radio on Linux” intending to provide an overview of some of the amateur radio and software define radio technologies I have been playing with during the summer.

Radio on Linux

GQRX and RTL-SDR

Hardware required

R820T Digital TV Tuner

A very cheap digital TV tuner that was discovered to allow hackers the ability to read raw radio i/o for software processing.

Antenna

  • House TV antenna is fine for VHF/UHF.
  • Long-wire antenna for low frequencies under 30MHz, 20 metres of thin wire.
  • Can get quite complicated, lots of information online
Optional and Alternatives

e4000 TV tuners

Earlier DTV tuner chip that is similarly capable as newer R820T

HackRF

  • 30MHz – 6GHz (wider frequency range)
  • 20MHz sampling bandwidth
  • RX/TX (can also transmit with appropriate licensing)
  • Costs ~£200 when available

Softrock SDR kits[3]

  • DIY electronic kits for self-assembly
  • Various capabilities and prices

“Ham It Up” v1.2 Up-converter[4]

  • Open Source hardware
  • Enables access to 0-30MHz frequencies on other SDR hardware
  • Requires a “pig-tail” lead to link with SDR receiver
  • Costs ~£30

Software Set-up

Blacklist DTV module

Linux may try to load the v4l module for the TV tuner card, this will claim the hardware preventing access by the SDR driver, so we need to disable it

On Ubuntu and derivatives:

$ rmmod dvb_usb_rtl28xxu # unload module if already loaded
$ sudo echo 'blacklist dvb_usb_rtl28xxu' >> /etc/modprobe.d/blacklist.conf # add to blacklist

Install the applications

Ubuntu

GQRX is not in Ubuntu repositories, it is also under rapid development so it’s best to compile from source. GNU Radio in Ubuntu 13.10 should be adequate, compiling from source takes a long time!

Source: http://vereniging.opensource.nl/wiki/index.php/Software-Defined_Radio_on_Ubuntu

Fedora

Fedora has a ham radio special interest group maintaining a lot of packages. Currently GQRX does not seem to be included.

Using the application

  • Once loaded turn it on
  • Beware that frequencies are badly calibrated
  • Zoom into the frequency band by scrolling up on the frequency axis of the top display
  • Use “SQL” to squelch out noise to stop irritating your neighbours, the noise floor changes at different frequencies so may need to be reset
  • Don’t forget to set the right modulation type
    • WFM for commercial FM (Wide-band FM)
    • NFM for ham radio and CB Radio (27MHz), thought some illegal CB is AM
    • Airband is all AM
    • LSB (Lower Sideband) for ham radio < 10MHz
    • USB (Upper Sideband) for ham radio > 10MHz
  • Learn to recognise signals by their sound and pattern on the waterfall
  • Find numbers stations like “The Buzzer” we listened to at 4625KHz

Things to see and do

Web-SDR

Try out listening to and decoding radio signals without paying a penny. WebSDR connects remote SDR hardware to the Internet so any user can tune in (without impacting others!).

Go to www.websdr.org

My favourites:

University of Twente – http://websdr.ewi.utwente.nl:8901/

  • Full HF frequency range available
  • Based in Netherlands – Good location to hear all of Europe

Hack Green – http://hackgreensdr.org:8901/

  • Based in Cheshire, similar results to what can be heard locally
  • Covers main HAM radio bands

What to see and do

  • Discuss what you can hear with other listeners
  • Find interesting signals, my favourite is polytones

Fldigi

Used for encoding and decoding digital modes such as Morse or more recent phase-shift-keying and others.

It’s designed for sending and receiving but fine to just receive

Digital communications tend to follow a standard format, don’t expect deep conversations going on (Rag-chews – in ham terminology)

Most common digital modes are:

  • Morse code AKA “CW” or “continuous wave”
  • BPSK31 – phase shift keying, 31Hz wide, very narrow on frequency waterfall
  • RTTY – two tones but wider apart than BPSK31

Keep trying different modes until it starts outputting readable text, you’ll get an ear for what different modes sound like with experience

 Other Applications

  • GNU Radio – build simple and complex radio systems, endless possibilities
  • Sigmira – Decode NATO STANAG 4285 modem signals
  • aprs.fi – See how APRS is translated with Google Maps
  • Dream – Digital Radio Mondiale on shortware frequencies
  • 433MHz home automation

Useful Links

Surfing the shortwaves

Back in May I posted about my first tentative experiments in the world of radio. Since that first post I’ve made slow but steady progress spending time learning a lot about different frequency allocations, modulation types, antenna designs and so on but being careful not to get too carried away as I’m prone to do!

Switching Back to Linux

Initially I was using an application called SDR# or “SDR Sharp” to tune my RTL-SDR receiver. SDR# is a .net framework application for Windows but not being a Windows user I followed some instructions to get it working on Linux using the Mono framework. This worked but I found the performance nowhere near as good as on Windows so I began looking for alternatives.

I found another application for Linux called Gqrx which performs the same function as SDR# but is pure Linux. It is essentially a front-end for the GNU Radio suite which is a huge collection of tools for building software radios using modular components. Gqrx itself is written in QT but has no KDE dependencies so it is simple to set-up on my Mint 15 Cinnamon installation, to do so I followed these instructions to compile the latest development version of GNU Radio and Gqrx from source that have support for the r820t dongle I have, the current Ubuntu/Mint repositories contain an older version of GNURadio which does not have support for the r820t but should work with older e4000 TV tuners.

While Gqrx is a simpler application than SDR# it works well and it’s fast. It can tune quickly and easily like SDR# and can demodulate all the usual AM, FM, upper/lower sideband (SSB) and CW signals. I haven’t worked out if it can zoom into the Gqrx can zoom into the frequency band like SDR#, but it isn’t as intuitive or flexible, this feature is useful for identifying narrow bandwidth signals and distinguishing modulation types.

Going down-frequency

Happy in Linux I spent my early days listening to the local 70cm band repeaters and occasionally I’d discover nearby transmissions on the 2 metre band by hams or walkie talkie users on PMR446 at 446MHz. I could never hear anything on the 10 metre band at ~28Mhz but got a lot of noise from commercial transmissions, I found out I was setting my antenna gain too high and lowering it reduced a lot of the interference but I still get “ghost” FM signals around 26MHz which I believe might be resonance from transmissions in the main FM radio bands because I have direct line-of-sight from the local transmitter only a few miles away across the valley so they are probably a little too strong and bleed across the radio spectrum.

Antennas

I was initially using my home’s spare TV antenna which is a common “Yagi” type which are designed to be directional, they focus their reception power wherever they are pointed but are not very good hearing anything behind them, so I made my first investment upgrade and bought a scanning antenna that is omni-directional and easy to move about to get a good signal.

While this has all been very fun there was never a lot of activity going on and in my research I kept hearing about all the fun hams were having on the HF bands which I didn’t have access to. The RTL-SDR dongle can received frequencies from 25MHz up to 1.8GHz but there’s a lot of activity below 25MHz where signals travel much further distances so people communicate across the world, I felt the need to investigate this!

Upconverters

To get my RTL-SDR “shack” tuning into these lower frequencies I needed an upconverter. This is a device that mixes a signal to shift it up the frequency spectrum so it can be handle more easily by the receiver. I made my 2nd investment upgrade and bought a “Ham it up” v1.2 upconverter from NooElec in the United States and it’s a thing of beauty!

kVWkKZv3KOC6VeQsyFfzFFWzxgxu4_pgd0XG1Siyp48

The upconverter is open source hardware, the designs are available online to fabricate yourself which is interesting but way above my head. There’s an RF input on one side for the antenna, IF output on the other side to go to the receiver, power is supplied via a USB A-to-B cable from your computer and a switch is there to activate the upconversion or simply pass-though the signal untouched without needing to disconnect it when not in use.

This model uses a 125MHz clocking chip which is replaceable, with this any signal that comes in is shifted up 125MHz on the receiver. This isn’t 100% accurate and some fine tuning is required using a known frequency, I use Absolute Radio’s 1215KHz signal to adjust the offset, on my hardware is this 124.99000MHz which doesn’t seem like much but 10KHz s the difference between finding a signal or not when the signal bandwidth is very narrow. Gqrx and SDR# both have the ability to offset the frequency reading so they show only the RF frequency on the air not the IF frequency that the dongle is receiving which is 124.99MHz higher.

Update – 25th January 2015

My earlier problems with the offset were due to inaccurate frequency reporting by the RTL dongle and not the crystal which was very accurate.

First, you also need to set a frequency correction value, this is unique to each RTL dongle so to find your value see this later post on the topic. This value is entered in the ‘Freq. Correction’ box in the ‘Input Controls’ side panel.

Next, set the offset, still in ‘Input Controls’ edit the value “LNB LO”. For a 125MHz shift set the value to “-125.000000”, note this is a negative value because your tuning frequency is shifted down. If your upconverter is using a different crystal set the value as appropriate. Once done re-tune to your desired frequency and you’re all set.

Yet more antennas!

But let’s not forget the antenna! My house Yagi and scanning antenna both work only on VHF/UHF bands so are not sensitive to the relatively low frequencies of HF, for this I needed a new antenna, so I built one! I chose a simple design, a random longwire antenna, for which I borrowed 20 metres of steel garden wire, removed the insulation from one end and jammed it in the RF input on the upconverter, and it works!

B2YI5TljB06yLNb4xx_A6g5awZuIdIGrSRjDguEkBYQ

Tuning In

True to my expectations I’ve discovered a lot of activity on HF, I can hear the normal AM commercial broadcasts on Longwave and Mediumwave, I can also hear a lot of world radio stations on various Shortwave bands. Shortwave radio is unfortunately in decline but there are still a lot of stations to be heard, I have not had this set up long but already I have heard broadcasts as far as Beijing and Botswana  over 5,500 miles away!

What is this strange place?

Being nearly 30 I am still too young to have experienced Shortwave’s peak, I didn’t know much about it before this experience but I’ve found it rather interesting in my unashamedly nerdish way. Compared with normal commercial AM, FM and DAB stations, Shortwave is bizarre. Because signals travel internationally transmissions are only part-time and sometimes overlap on certain frequencies. Tuning into shortwave is also a mixed bag, every time you turn on the radio you get something different, not just because of the intermittent broadcasting schedules but also because of variable propagation conditions. Signals travel different distances depending on the time of the day or the season of the year and the influence of these factors varies depending on which shortwave band you’re listening to, so your listening experience can be very random!

Most Shortwave listeners are either international travellers or people who follow a hobby called ‘Shortwave listening’. They aim to optimise conditions for listening to as many stations as possible as far away as possible. If you can hear them some stations ask you to write in and report where in the world you heard them from known as a QSL report, I heard one station already reading out the QSL reports they had received from listeners and they were certainly a far-flung group!

Many broadcasters are national institutions such as the BBC putting across their Government’s view of world events to foreigners. This is clearly used as a propaganda tool and so it’s sometimes jammed by oppressive states to block out the signals, North Korea are apparently famed for this unsurprisingly. Religious organisations also use it to preach their message, pirate radio stations are set up by revolutionaries and militaries broadcast warnings to whole continents or just to their agents in code.

Next time…

The BBC world service have been reining in their Shortwave broadcasts as they are expensive to operate and there’s a lot of ways to receive the BBC in most places in the world today however they have begun to transmit on Shortwave in digital format using Digital Radio Mondiale (DRM). This is similar to DAB used on VHF radio but designed for shortwave, this seeks to address low quality audio you frequently receive on shortwave bands so it can become a viable alternative to FM/AM while retaining its very wide coverage benefits.

However DRM seems be in the catch-22 situation that DAB had for a long time, there’s few broadcasters because there’s few listeners, there’s few listeners because there’s few radios, there’s few radios because there’s few listeners and broadcasters. Mind you the DAB radio in my kitchen tunes into DAB stations daily so it’s not impossible to break the cycle, it’ll just take time and effort to get there. Why do I mention this? Because there is a software DRM decoder called Dream that I can add to my RTL-SDR shack to listen into the growing number of DRM stations but that’s an experiment for another day!

Toe-dipping into Radio

As a perfectly contented computer geek, I have always been aware of the world of amateur radio but I had too much going on in the IT world to really pay it much notice. Of course the Internet is the place where worlds collide and at some point a couple of weeks ago I found myself reading about a project called RTL-SDR, which meant nothing to me so as always when that happens I did a little digging to understand more about it.

That was the subtle start of my fall into the rabbit hole of Amateur Radio and I’m not sure if I’ll be coming back…

Continue reading “Toe-dipping into Radio”