Airprobe – setup

Airprobe Install:
The following link is the one I have used to compile and install correctly Airprobe but I have changed some steps because of they are not updated. This is the link of the RTL-SDR blog: http://www.rtl-sdr.com/rtl-sdr-tutorial-analyzing-gsm-with-airprobe-and-wireshark/
This is has an interesting pdf docuemnt which explains what is exactly GNU Radio and Airprobe and what they are used for. Also this link summarizes the steps to compile Airprobe: http://www.data.ks.uni-freiburg.de/download/comsysSS12/7.Lecture_2012-06-15/exercise06-Analyse.pdf

Another link to follow the steps is the next one: http://sdrlatino.wordpress.com/2013/07/14/instalacion-y-uso-de-airprobe/

It’s important to notice that you must have GNU Radio compiled, installed and running correctly to get Airprobe running too. So if you don’t have it, go to my other thread and install GNU Radio first.

Ok, so I suppose you have GNU Radio installed and let’s begin with the compilation of Airprobe. Open a command terminal and give it sudo privileges.
It’s allways better to have sudo privileges with this kind of compilations:

cd Documents/SDR/

(To enter in the same directory that I create for the GNU Radio which is named SDR).

mkdir airprobe
cd airprobe
sudo su

(and enter the password)

Before beginning, install the necessary dependencies:

apt-get install git-core autoconf automake libtool g++ python-dev swig
 libpcap0.8-dev

Some more dependencies are needed:

apt-get install gnuradio gnuradio-dev cmake git libboost-all-dev 
libusb-1.0-0 libusb-1.0-0-dev libfftw3-dev swig python-numpy

I don’t know if all these dependencies are required but to be sure install all these packages and there will be no problems if GNU Radio is well-compiled.

git clone git://git.osmocom.org/libosmocore.git

This will download the directory on github with all the necessary things to compile libosmocore. First of all we must compile libosmocore:

cd libosmocore
autoreconf –i
./configure
make
sudo make install
sudo ldconfig

Now we have to install Airprobe downloading the updated directory:

git clone git://git.gnumonks.org/airprobe.git

(inside the directory of SDR but out of the libosmocore directory)

cd airprobe

(we can see that a second folder with the name “airprobe” is created inside the first folder)

Gsmdecoder and gsm-receiver are tools of Airprobe.

Install gsmdecoder:

cd gsmdecode
./bootstrap
./configure
make

Install gsm-receiver:

cd gsm-receiver
./bootstrap
./configure
make

Now we are going to test Airprobe:

cd airprobe/gsm-receiver/src/python
wget ​https://svn.berlin.ccc.de/projects/airprobe/raw-attachment/wiki/
DeModulation/capture_941.8M_112.cfile

(If this link is outdated, check out the description below)
It’s better to go to this website: https://mega.co.nz/#!a5ZUgYKI!N1R6bCdMRGDW-66D2yj2hSjbPQgbJ8sMlB3xPup5yus
And download the file clicking on the orange button:
cfileDownload
This is a file with a precaptured GSM information that can be used to check if Airprobe is working after the compilation or not.
Then we have to move the file to the correct directory:

mv capture_941.8M_112.cfile gsm-receiver/src/python

After this, we have to open wireshark with sudo privileges:

sudo apt-get install wireshark

(if you are using kali linux wireshark is already installed)
Open wireshark by typing: “wireshark” in the terminal to have sudo privileges and then follow the steps to decode GSM:

./go.sh capture_941.8M_112.cfile

This step will send the infromation of the cfile into wireshark and decode this information. This is a prepared file which has the information very well extracted and classified, of course if we receive a live channel the information won’t be so well classified.
But after this command, if you see a lot of frames entering in wireshark, it means that Airprobe works well. So this is the end of the compilation tutorial.
See my other thread to know how to setup wireshark to get the information sent by Airprobe: https://ferrancasanovas.wordpress.com/cracking-and-sniffing-gsm-with-rtl-sdr-concept/ (STEP 6 of the thread)

Official web of the Airprobe project, but it seems to be outdated: https://svn.berlin.ccc.de/projects/airprobe/

Anuncis

GNU Radio and Gqrx – setup

As I have said in Kali linux some software is easy to obtain and for the GNU Radio and Gqrx case I recommend to search in the Ubuntu Software Center and install the packets through it.
I know that kali linux doesn’t have the Ubuntu Software Center but you can go and download it from the Add/remove software program that brings Kali linux, as I said in my general post of cracking GSM steps: https://ferrancasanovas.wordpress.com/cracking-and-sniffing-gsm-with-rtl-sdr-concept/?preview=true&preview_id=222&preview_nonce=7a8a572b71

I think that even with the default Add/remove software program the GNU Radio first and Gqrx then can be downloaded without any problem. It’s important to see that you have to install always de GNU Radio first becuase the Gqrx will work only if you have GNU Radio well-compiled and installed.

This post is to get the GNU Radio and Gqrx in the case the packets are not included in the updating software and you have to compile it through the terminal prompt, like I have done in Ubuntu 12.04 LTS system.

It’s better to install them through the Add/remove software program because it will install all the dependencies and all the problems will be solved. It’s also better because the tools can be executed in any directory and because all the files are well-classified by the program.

So if you have been able to get the software without any further problem via Add/remove software, don’t read anymore; if you have problems, continue reading.

In this case you only will be able to run the tools that comes with gnuradio and Gqrx inside the directory where they are placed. I recommend you to use this video in youtube to get GNU Radio & Gqrx  running via an install script, in the case you can’t get them working by any other way.

GNU Radio may be installed with apt-get command too, in case the command has the packets. This is shown in the next link: http://gnuradio.org/redmine/projects/gnuradio/wiki/InstallingGR

IMPORTANT: Before beginning it’s important to notice that with this process I have been able to compile correctly GNU Radio and Gqrx but airprobe installation falls in so many errors that I haven’t been able to get it working. It’s for this reason why I’m recommending  you to install through the Add/remove software if you are able to. So if you try this process notice that you won’t be ablt to crack GSM without airprobe but with GNU Radio and Gqrx you will be able to do a lot of interesting things and it’s an option to get these softwares running for funny purposes.

1) GNU Radio Install via install script:

Here is the description of how I get the gnuradio compiled in ubuntu:

As we can see in the web page of gnuradio, the method of the video that installs gnuradio in Kali linux is not the same for ubuntu or fedora distributions.
I have followed all the video instructions of the blog that shows how to install gnuradio minus the instruction that says to add *|kali* in a specified line. But in the case of Kali linux you won’t have to do it by this way.
In the video they explain the installation for a Kali linux distribution, although there is no need to use it.
If we want to install the GNU Radio in the kali linux operating system or any other operating system, we must first of all enter the command:

sudo apt-get update

Note that in kali linux there is a terminal prompt that comes with sudo privileges and you don’t need to type sudo to enter as a superuser. This is another advantatge of Kali linux.

The method we will be using is a slightly modified build script written by Marcus Leech. So the instructions we must follow are:

First of all we must check which are the dependencies for our ubuntu version, in my case I used the version Ubuntu 12.04 LTS Precise Pangolin and I found the necessary dependencies are:

sudo apt-get -y install git-core autoconf automake libtool g++ 
python-dev swig pkg-config libboost1.48-all-dev libfftw3-dev 
libcppunit-dev libgsl0-dev libusb-dev sdcc libsdl1.2-dev
python-wxgtk2.8 python-numpy python-cheetah python-lxml doxygen 
python-qt4 python-qwt5-qt4 libxi-dev libqt4-opengl-dev libqwt5-qt4-dev
libfontconfig1-dev libxrender-dev

The dependencies can be found in this link: http://gnuradio.org/redmine/projects/gnuradio/wiki/UbuntuInstall

Build from source using Marcus Leech Build Script:

mkdir sdr
cd sdr
mkdir gnuradio-src
cd gnuradio-src
wget http://www.sbrac.org/files/build-gnuradio

To make changes on the build-gnuradio script is better to install gedit first that will count the lines and is better to identify where are the things:

sudo apt-get install gedit
gedit build-gnuradio

Gedit is a text editor that comes with some linux distributions and have to be installed with others. Comment the lines that are showed in the youtube video but don’t add in line 253 the word: *|kali* (IMPORTANT: if you are installing this in kali linux you have to add it!)
To check the debian version:

cat /etc/debian_version

The problem is my system doesn’t have enough space inside the root partition, so I have to get free-space for installing gnuradio:

df -H (to know what amount of free-space there is)
sudo apt-get clean (to get some free-space)
chmod a+x build-gnuradio
sudo su (and enter your password, in case your are not in Kali linux)
./build-gnuradio -m --verbose(answer "yes" to the first 2 questions)

It’s importat to use the -m flag in the last command, because this option will install the last version of GNU Radio, which is the 3.7 version, and this will make sure that the installation of Gqrx has no problems. With the old version of GNU Radio 3.6, the Gqrx can have some problems of compilation and you won’t be able to install it.

The discussion in this blog will make some idea of what I am talking about: http://de.reddit.com/r/RTLSDR/comments/1i6tpl/compiling_gqrx_from_source/

REMARK: This is the reason why airprobe doesn’t work, the owner of Gqrx has build a new version of this software that will only work with the new version of GNU Radio 3.7; but Airprobe is compiled to be used with the old version of GNU Radio 3.6. I tried to get the old version of Gqrx but I wasn’t able to. But using Add/remove Software in kali linux the softwares compile correctly and they have no problem between their versions.

So you must wait for about 2 hours of compiling and then check that no errors have been made by the install process. You can see all this process in the video at the link above to see if you are doing the installation correctly.
A good web page to get used to GNU Radio is: http://blog.opensecurityresearch.com/2012/06/getting-started-with-gnu-radio-and-rtl.html (This web page shows how to use some tools that come with gnuradio and brings you an idea of what exactly is gnuradio and for what is used). It’s important to notice the only tool that has a graphical interface is the gnuradio-companion; the other tools have to be execute through a terminal prompt and don’t have any graphical interface but they are really interesting too.

If all the installation is correctly you should have gnuradio installed and before contuining I recommend to get used with GNU Radio tools with the link above.

To know what version of GNU Radio have you installed, type the following command:

echo -e "from gnuradio import gr\nprint gr.version()" | python

2) GQRX Install:

Gqrx is an experimental AM, FM and Single Side Band (SSB) software defined receiver implemented using GNU Radio and the Qt GUI toolkit. Currently it works on Linux and can use the RTL-SDR dongles as input source. Gqrx is like a SDRsharp but in linux.

Now we will proceed with the installation of Gqrx. The first command we have to enter is:

git clone https://github.com/csete/gqrx.git

It is important to enter the command inside the directory gnuradio_src.
In my case I entered this command first:

git clone git://git.osmocom.org/osmo-sdr

Because I notice that miss this dependency. But probably you won’t have to do it.

Then download the Qtcreator program from Ubuntu Software Center, open the gqrx.pro file with it and search the document receivers.h and then click on the build button to compile it. If it doesn’t work or you don’t find some of these files, do it by terminal commands.

This is an image of Qtcreator main window:

qtcreatorIt’s important to see that this program is a cross-compiler that may or not have been used. So I prefer to use qmake command instead of this software. For the images of the other softwares, you can find a lot of them at the links posted through all the thread.

I prefer to do it by commands:

cd gqrx
qmake gqrx.pro
make

And in the Gqrx directory will be created the executable file Gqrx that will be executed by the next command:

./gqrx

This will open the graphical interface of Gqrx if all the installation process had gone correctly.

I recommend you to follow this blog of Gqrx to make some ideas of what are the problems that people come across and what are the possible solutions you may use: https://groups.google.com/forum/#!forum/gqrx

You have to enter with your google account and the administrator of the group will allow you to enter and share your problems, in case you have any. If not, you can enter to see how does this software work and what can you do with it.

Kali linux – setup

To Install Kali linux in a computer, the only thing you must do is to download and save the kali linux operating system from the source page:

http://www.kali.org/downloads/ (This is the official page of Kali Linux were you have to download the corresponding one for your own type of computer, I mean 32 or 64 bits and save the downloaded file into a CD/DVD or USB)

It’s possible to take a lot of time to download the file because the server of this page is very bad, but depending the moment it can be downloaded in 30 minutes or so. I recommend to try to download it in different hours of the day to see if the server is better or worse working.

In my case I used a CD and I have downloaded the 32 bits ISO image version for my own type of computer but check for your own case.

Then you only have to follow this web page (in spanish) where it shows how to access the BIOS of the computer to make the computer boot the system with the CD and not ths installed system.

If you don’t know how to do it and you don’t understand spanish language, do a google search and for sure you will found how to run the BIOS and change the booting to a CD.

There’s another good youtube video for the same purpose (in Spansih too): http://www.youtube.com/watch?v=nKvJ0URLptQ

Take care about what you are doing because if you boot via CD and you didn’t save your system files, it’s possible to lose everything. Another option is to do a re-partition of the disk first and install the kali linux as your second operating system. Check out this link for re-partition with Windows: http://docs.kali.org/installation/dual-boot-kali-with-windows

Then when the computer boots through the CD, it will appear a menu that will bring you to the install steps and when finishes the system will be running.

There is an image of what you must see, depending on the installer or the system you download, but in all cases you will see a similar menu:

kali image

So that’s all you have to do to get the Kali linux distribution system running on your computer.

Linux commands review!!!

In this post I will bring you the key commands in linux that are important to know if you have some kind of problems when you compile software in the raspberry pi.

These commands are the ones I have used to learn about Linux operting systems. It is possible that some commands don’t work in the raspbian operating system but the most of them will work perfectly and they will bring you the skills to handle the raspberry pi in a correct way.

The commands will work because raspbian operating system is very similar to ubuntu or other linux operating systems with a debian distribution.

Also this draft will bring you the knowledge to see what you are doing when entering in the terminal the specified commands that I tell you in the posts under the category: Raspberry pi setup.

I have installed and ubuntu disk partition on my laptop to get used to the operating system and I practised there all the commands before going to the raspberry pi. There are a lot of videos on how to do a dual-booting in youtube. For example in my case I am dealing with a dual-booting system with windows 7 and ubuntu 12.04 LTS.

There is a video on how to do it: http://www.youtube.com/watch?v=0W7XYAB4cLc

But there is no a problem to play directly in the raspberry pi, because even if you make something wrong and the system crushes, you can remove all from the SD card and download another raspbian image there to get the system working well again.

Another option is to install a virtual machine and download and ubuntu image from their website. But the problem about this option is that you can’t access in the lower levels of the software when programming and that the virtual machine will get the CPU busy.

If you think that doing a dual-booting is such a difficult thing that could not be done by yourself I recommend you an easy windows installer that does the disk partition and all the work for you. I have just discovered this kind of installer and I think it’s a really interesting option for the people which are starting to deal with all of these kind of things.

And this is the software installer for Windows to download: http://www.ubuntu.com/download/desktop/windows-installer

There are the instructions to follow: http://www.ubuntu.com/download/desktop/install-ubuntu-with-windows

So if you are planning to use ubuntu afterwards I recommend the disk partition, but if you are just training for the rapsberry pi, I recommend the virtual machine option. But you must consider the installer if you will use linux sometime in the future.

COMMANDS:

ls               To see all the directories and files that are located inside the actual directory.

ls -a           To see all the directories and files that are located inside the actual directory and the ones that begins with a point, which are the not visible files.

ls “filename”         To see all the information of a file.

ls –l  “filename or directory”   gives more information about a directory or a file.

ls – lg  “filename or directory”     for more information about the directory or the file.

cd “linux”          It goes to a directory called “linux” that have to be placed inside the directory where you are placed now.

cd “/home/user/linux”          It goes to a directory called “linux” that is placed inside home and inside user folders.

cd .     Remains in the same directory.

cd..      It brings you to the directory where that includes the folder you are situated.

cd ~     It brings you to your home directory.

pwd    gives the path of the directory you are placed.

fig1

In the following commands, everywhere that you can see the name “file” have to be replaced by the path of the file if you are not in the directory where the file is, if you want to operate with the specified file or files:

cp “file1” “file2”              copies the file named “file1” of the directory where we are situated to this same directory but with the name “file2”, if you want to copy the file to another directory, you only have to specify the path.

mv “file1” “file2”              same command as before but now the file is moved not copied, it means that when the process finalizes there will be only one file while in the command above there will be two identical files.

rm “file1”          removes a file named “file1”.

mkdir “music”           Creates a directory named “music”.

rmdir “directory name”          removes an empty directory.

clear               removes the commands and output of the terminal.

cat “file1”          display the content of “file1” on the screen.

less “file1”         display one page of the “file1” content. Q quit of the mode.  Space-bar  to pass the page.

/word             to search the word “word” and then N  to pass to the next word “word”.

head “file1”       displays the first ten lines of the file.

head -5 “file1”       displays the first five lines of the file.

tail “file1”         displays the last ten linesof the file.

tail -5 “file1”     displays the last five lines of the file.

grep “word” “file1”         displays the line containing the word “word” of the document “file1”.

grep –i “word” “file1”     does the same but ignores the uppercase.

grep –i ‘sentence’ “file1”  or grep ‘sentence’ “file1”    display the sentence that is inside the single quotes(‘’).

options of grep:

                   -v display those lines that do NOT match.

                   -n precede each matching line with the line number.

                   -c print only the total count of matched lines.

wc –w “file1”    counts the words of the file.

wc –l “file1”      counts the rows of the file.

fig2

REDIRECT THE OUTPUT:

cat > “list1 ”      redirects the output to the file named list1.

cat >> “file1”     appends more items to the file named file1.

control d        to finalize the file.

cat “list1” “list2” “list3” > “biglist”    concatenates the three lists into a unique one list named biglist.

REDIRECT THE INPUT:

sort     sorts a list of things that we enter.

sort < “list1”     redirects the input and take it from a file called list1.

sort  < “biglist” > “newlist”        redirects the input from biglist, sort the information and finally redirects the output to newlist file.

PIPES:

whoami         to know with which user you are logged in.

who               gives a list of the users that are inside the system at that moment.

who|sort       combines the two options in one command.

who | wc –l   counts how many users are logged in.

——————————————————————————————————————–

EXERCISE:
Using pipes, display all lines of list1 and list2 containing the letter ‘p’, and sort the result.

SOLUTION:

Cat list1 list2|grep p | sort

SOLUTION 2:

Cat list list2 |Grep p list1 list2 | sort

——————————————————————————————————————–

fig3

fig4

CHANGE THE PERMISSIONS OF FILES AND DIRECTORIES:

chmod go-rwx “file1”              to change the permissions on file1 depending on the kind of users, the kind of groups that belongs to, etc.

chmod 777 “file1”               gives the permissions to write(w), read(r) and execute(x) to the user that owns the file, which is the first 7, to the group of users that belongs the root, which is the second 7, and to every other user, which is the third 7.

Number meanings:

0 – no permission

1 – execute

2 – write

3 – write & execute

4 – read

5 – read & execute

6 – read & write

7 – all

Thats is the most important thing you must remember when using chmod:

D(if it’s a directory)wrx(for the user that owns the file)wrx(for the group of users that correspond the root)wrx(for everyone else).

fig5

fig6

fig7

chown user “mydoc.txt”         changes the owner of the file mydoc.txt and the owner will be a user named “user”.

chgrp users “mydoc.txt”         changes the group of users named “users” as the owners of file mydoc.txt (it can be done with the command chown user.group “mydoc.txt”)

ps             to list all the processes runnning in our system with the data of the users, I mean the permissions, the PID of the process, etc.

ps -e        to list all the process that runs in the background or the foreground and all the processes that are not typed by you and that initializes in their own.

background  “name of the process”                  this command will execute a process in the background, this is useful for tasks that takes a lot of time to execute.

sleep “number”                        the prompt sleeps the number of seconds specified.

sleep “number” &        the prompt does the same in a background format, it displays the PID of the process and the number in brackets. The PID is the identifier of the process.

control + Z        to finalize a process.

bg                to put the previous typed process into a background format if it is suspended.

fg or fg %number     puts the last process in the foreground format/status or the process specified by the number.

control  + C       to kill a process in the foreground.

kill %number            to kill a process in the background or suspended.

kill “PID_number”                  to kill a process of the list of running processes.

kill -9 “PID_number”              if it refused to be killed with the command above.

fig8

top, htop                it is a version of ps that gives us a list of the last processes.

sudo apt-get install “quota”           to download and install the quota command, “apt-get” does all of this work automatically and you will have not to compile anything. The word “sudo” in the first part will execute the command as the root user to have more permissions.

quota –v        to view what part of the disk you are using.

df .                 to know how much space is free and how much is used.

du  -s *           to show how many kilobytes has every directory.

gzip “file1”        compress file1.

 
GZIP is the most common method to compress files in GNU/Linux. Gzip compresses all types of files, even though it works better with   text files.

There are some examples of commands that you can use related with  GZIP command:

1) To compress a file: gzip "file1"    

2) To unzip a file previously compressed by gzip: gunzip "file1"          
3) To compress a file of "tar" extension: tar cvzf "file1.tar" "name of the file to compress"

4) To unzip a file of "tar" extension: tar cvzf "name of the compressed file.tar" "name of the file when extracted"

gunzip “file1”        unzip file1.

zcat “file1.gz”         displays the content of file1 if it is compressed.

zcat “file1.gz” | less     displays the content in another window, you can exit using q quit.

file *    sort the files by alphabetical order and it gives information about the type of files they are.

diff “file1” “file2”         gives the differences between the contents of file1 and file2.

find                   it has many options, but displays the files of a given characteristics of the current and subsequent directories.

history           to show the commands’ list.

These commands recall and execute the command you are looking for:

!!         recall the last command.

!-3         recall the 3 last commands.

!5           recall 5th command in the list.

!grep    recall the last command starting with grep.

set                   to see all the shell variables.

unset              to unset the shell variables.

set history=100         to increase the size of the history list.

set history=200         to increase the size of the history list.

echo $history             to prove that it has been gone well.

gedit  “file1”               to open a file with gedit text editor.

nano  “file1”               to open a file with nano text editor.

source .cshrc             to read the file named “cshrc” and execute it.

lsb_release –a            to know the ubuntu version you have installed. (this will not work with the raspberry pi)

man “command”        to view the command options that you can use.

——————————————————————————————————————–

EXAMPLE OF COMPILING A PACKAGE:

The simplest way to compile a package is:

  1. cd to the directory containing the package’s source code.
  2. Type ./configure to configure the package for your system.
  3. Type make to compile the package.
  4. Optionally, type make check to run any self-tests that come with the package.
  5. Type make install to install the programs and any data files and documentation.
  6. Optionally, type make clean to remove the program binaries and object files from the source code directory.

First of all go to the web browser like mozilla and download this file: http://www.ee.surrey.ac.uk/Teaching/Unix/units-1.74.tar.gz

We are going to compile a little terminal program that transforms units. You have to go to the directory where you have downloaded the file and follow the next steps.

Commands to compile the package:

gunzip units-1.74.tar.gz       unzip the file.

tar –xvf units-1.74.tar           to extract the file of the format “tar”, which means tarball.

cd units-1.74                          to enter the directory.

mkdir  ~/units174                  creates a subdirectory inside the one you are now, called units174.

./configure –prefix=$HOME/units174       creates a file named Makefile with the necessary options to say the machine to install the program in the units174 directory.

make              creates the executables.

make check        check if all has gone well.

make install       installs the program into the units174 directory if the check command has been succesfull.

make install-strip      if we want a reduced file.

cd ~/units174             to change the directory.

./units                         to execute the compiled program.

info –file=units.info  in the info directory to read all the units program information.

strip units                  reduces the size of the program units.

file units                    shows the size of the file units.

——————————————————————————————————————–

By agreement:

1)      Environment variables = uppercase:

printenv         to show all the values of these variables (or env).

setenv            to set environmental variables.

unsetenv        to unset environmental variables.

2)      Shell variables = lowercase.

——————————————————————————————————————–

That is just an intorduction of some important commands you will have to use when playing with your raspberry pi.

I have extracted some of these commands and parts of my tutorial for these other websites that I recommend to read and pay attention because they give an interesting view of how is distributed the ubuntu operating system, which is similar to raspbian:

How are files distributed: http://linuxnewbieguide.org/tutorials/files-directories-and-the-linux-filing-system/

Some helpful tutorials: http://www.ee.surrey.ac.uk/Teaching/Unix/

An overview of all Ubuntu operating system: http://doc.ubuntu-es.org/Documentaci%C3%B3n

I wish this tutorial might be helpful for you to handle the rapsberry pi in a better way.

Enllaç

Presentation of the concept!!!

We have been in the Barcelona AirSim Meeting 2013 (BASM13) that has taken place the weekend of the 5th – 6th of October of 2013 on the EETAC,  to explain our experiments with free software that is available for everyone who is interested in ADS-B systems and SDR concept.

” Construye tu propio ADS-B radar ‘low-cost’ 

 This is the description of our incoming presentation in the web of the BASM13:
Construye tu propio radar ADS-B ‘low cost’
October 6th 10:30 – 12:00

“Ferran Casanovas, estudiante del Grado en Ingeniería de Aeronavegación de la EETAC, y el profesor de la EETAC-UPC, David Rincón, explican cómo cualquiera puede diseñar y construir su propio radar aeronáutico con equipos de bajo coste.”

If you are interested here is the link to see our presentation in the BCN AirSim Meeting 2013 of the last 6th of October: http://www.youtube.com/watch?v=shDeNkS5Cts&feature=youtu.be

The presentation is in Spanish but I recommend to all of you to see it if you are interested in our work. It gives some idea to see exactly the work we have been doing these months.

Construeix el teu propi equip ADS-B de baix cost

Vigilància i posicionament d’aeronaus en temps real amb un petit receptor DVB-T de TDT.

Potser és la primera vegada que sentiu a parlar sobre el sistema de posicionament i vigilancia aeronàutic anomenat ADS-B (Automatic Dependent Surveillance – Broadcast) però si esteu familiaritzats amb el món aeronàutic, segur que heu sentit a parlar sobre els RADARs de posicionament. Bé doncs el ADS-B és l’evolució en termes de vigilància i posicionament dels RADARs, ja que a més de permetre obtenir la posició de l’aeronau en la mateixa aeronau, permet millorar els defectes que tenen els RADARs a l’hora d’obtenir la posició de les aeronaus.

ADS-B ground station

Figura 1 Antena receptora ADS-B.

El funcionament del ADS-B el podríem resumir amb el següent esquema:

Structure of an ADS-B system.

Structure of an ADS-B system.

Figura 2 – Funcionament ADS-B.

Algunes de les dades retransmeses per les aeronaus són la posició, l’altitud, la velocitat, el “heading”(o dit d’un altre manera) el sentit en la que es desplaça l’aeronau, etc.

Bé doncs utilitzant un petit receptor de TDT i una petita antena omnidireccional hem experimentat amb la recepció de trames ADS-B que es poden rebre en qualsevol zona amb una mica de cobertura o en la que les aeronaus volin relativament baix.

Hem utilitzat un “RTL-SDR USB dongle” per tal de fer l’etapa de recepció, conversió d’analògic a digital i sincronització en hardware i totes les altres etapes a través de software.

RTL2832

Figura 3 – RTL2832 USB dongle (RTL-SDR).

Aquest és el concepte de SDR (Software Defined Radio) fer un sistema de telecomunicacions en el qual els components estan implementats en software, en comptes de hardware com acostuma a ser.

Aquests petits receptors tenen una banda de freqüència de recepció molt ample, desde 24 a 1766 MHz, el qual permet rebre les senyals retransmeses pels “transponders” dels avions a 1090 MHz.

Gràcies a molta gent que a desenvolupat softwares que permeten descodificar i processar les senyals ADS-B rebudes per un receptor SDR, el que hem aconseguit és mostrar en un mapa en temps real el moviment de les aeronaus que sobrevolen la nostra zona.

Alguns exemples de les possibilitats que hi ha són les següents:

RTL1090

Figura 4 – RTL1090, software per descodificar les senyals ADS-B rebudes.

ADSB#

Figura 5 – ADSB#, software per processar les trames i enviar-les a un altre programa que les mostri en un mapa.

PlanePlotter_image

Figura 6 – Planeplotter, Software per visualitzar les dades a temps-real de qualsevol dels 2 programes anteriors.

adsbScopeScreenShot

Figura 7 – ADSBScope, Software per visualitzar les dades a temps real del ADSB# o RTL1090.

El receptor SDR també permet escoltar la ràdio FM, AM, rebre imatges de satèl·lits meteorològics com els NOAA, rebre ACARS aeronàutica, escoltar a temps real les converses ATC que té el pilot amb la torre de control, etc.

Per tal de poder sintonitzar qualsevol freqüència i tenir un ventall més ampli de possibilitats està disponible de forma gratuïta el programa anomenat SDR# que permet aplicar diverses modulacions, filtres i combinat amb altres programes es pot arribar a descodificar molts tipus de senyals, sempre hi quant es trobin dins el rang del receptor SDR.

SDR# screenshot

SDR# screenshot

Figura 8 – SDR#, Software per sintonitzar i rebre senyals en diverses freqüències.

Després d’experimentar amb totes les possibilitats que ens permetia aquest dispositiu receptor tant interessant, hem creat un escenari permanent al laboratori 328B de la EETAC, en el qual rebem les dades ADS-B de les aeronaus de la zona, processem les dades i les enviem a FlightRadar24.com.

FR24

Figura 9 – FlightRadar24 web, permet visualitzar a temps real les dades ADS-B a escala mundial.

Aquesta pàgina web el que fa és rebre les senyals de molts receptors ADS-B situats arreu del món i permet visualitzar la posició de les aeronaus a temps real en qualsevol lloc del món.

Per crear aquest escenari, hem utilitzat una raspberry pi. Es tracta d’un petit ordinador el qual serveix per poder localitzar el receptor SDR més a prop de l’antena.

Per altra banda, hem connectat el receptor SDR a l’antena ADS-B de l’escola que permet incrementar la cobertura.

Figura 10 – El nostre escenari al LAB328B de l’EETAC.

Ferran Casanovas Bargalló, estudiant del grau en aeronavegació de la EETAC(UPC).

Aquest cap de setmana estarem presents en el Barcelona AirSim Meeting 2013 (BASM13) en el qual farem una presentació sobre els nostres experiments i introduirem a tothom que estigui interessat en aquest tema per tal de que ell mateix pugui muntar-se el seu propi receptor ADS-B de baix cost.

Link al article de Arcitec: http://arcitec.blog.upc.edu/construeix-el-teu-propi-radar-aeronautic-de-baix-cost/

Link al blog bitsquevolen: http://bitsquevolen.eetac.upc.edu/?p=1695

Windows SDR – software setup

SETUP:

I have explained what is my purpose to do in the drafts named:

1) Build your own ADS-B aeronautical radar with low-cost equipment

2) SDR Concept

3) Kinds of Software

These drafts explains our experiments, how ADS-B works, the SDR concept, etc.

But after reading these posts if you are interested in experimenting with the SDR concept and, of course, if you have a RTL-SDR USB dongle; you must read this draft to install and play with all the free software that is available in the web thanks to many different authors that have been working to offer these pieces of software for anyone that is interested in SDR.

Installing the USB driver for the RTL-SDR dongle:

To use the DVB-T receiver for ADS-B there is an important thing to take into account:

You need to use a particular USB driver. Do not use the supplied drivers that come with the RTL-SDR USB dongle and do not let Windows install the drivers. You must use Zadig to install the USB drivers.

We need to install the USB driver for the port being used and the RTL-SDR dongle will only work for this USB port. We need a small software utility called Zadig which can be downloaded from Sourceforge.net.

The download files are compressed using 7-Zip, an open source file compression utility, similar to WinZip or RAR. You will need Winzip, Winrar or some other software to extract the files.

Create a folder for the extracted files.

Insert your USB stick into your USB port. Ignore and cancel any Windows messages asking to install the drivers.

Now run the Zadig.exe for your Windows version.

Under Options select “List all Devices”.

Now choose “Bulk-In, Interface (Interface 0)” or else if your device name is different.

Make sure you choose the “WinUSB (v6.1.7600.16385)” driver.

After installing it if all has gone well, you will be able to use the RTL-SDR dongle with this specific USB port, not the other ports of your laptop, PC, etc.

More detailed information is available at github.com:

https://github.com/pbatard/libwdi/wiki/Zadig

Note that if you have more than 1 RTL-SDR USB dongle and you want to use them at the same time for different purposes, for example, one to decode ADS-B data and another to listen to FM radio; you have to install Zadig in 2 different USB ports. If a ADS-B decoding software is using the dongle, no other software can be using the dongle and if you try to open another program, a message will be displayed saying that the device is beign used.

Decoding ADS-B using RTL-SDR:

ADS-B (Automatic Dependent Surveillance-Broadcast) is a technology that allows tracking aircrafts using high speed radio transmissions and get data of their position, velocity, heading, altitude, etc.

OPTION 1 – RTL1090:

The first option to decode ADS-B data is the RTL1090 free software but this is not a unique option.

Although, I recommend this first option for the decoding software because it brings you more information about what are you receiving in every moment.

Create 2 folders – one for RTL1090 and another for the SDR files.

Download these two zips and extract the files:

http://www.jetvision.de/download/rtl1090.zip

http://sdr.osmocom.org/trac/raw-attachment/wiki/rtl-sdr/RelWithDebInfo.zip

Copy the files below from the rtl-sdr-release/x32 folder (even if you have a 64-bit machine) to the folder containing the extracted RTL1090 files:

libusb-1.0.dll
rtlsdr.dll

You should now have the following files in your RTL1090 folder (possibly without the rtl1090.ini):

After doing all the steps in the way that are described here, the software is ready to be used.

With an antenna connected and your DVB-T Receiver in a USB port, launch rtl1090.exe from the folder we are working with.

Click Start for RTL1090 to find the DVB-T receiver and open the output ports:

Depending on your location and antenna position, the RTL1090 window should display decoded Mode-S messages. Please look for the RTL1090 Online Manual for more information.
If you toggle the List option you will see a list of received messages by ICAO code. This will include messages without positional data. Those with positional data will display an asterisk in the right-hand column.

OPTION 2 – ADSB#:

The author of this software explains in his web page:

“We discovered a very simple way of demodulating this digital mode using the cheap DVB-T/FM (rtlsdr) dongles. This diagram explains how it works:”

Simple ADS-B DemodulatorThe block diagram explains how the program works to get data of the aicrafts that are overflying our area.

In this case, the program doesn’t show the ADS-B frames that we are received and doesn’t give us the information decoded of the aicrafts. This is because there is an important difference between RTL1090 and ADSB#.

The difference is that RTL1090 receives and decodes the ADS-B frames and ADSB# only receives and sends the data to other programs or to a web server.

For this reason I prefer the RTL1090 but one advantatge is that it shows the frames per second that you are receiving at every moment so you can make yourself an idea of how many coverage you have where you are.

This is an screenshot of the program:

ADSB#The executable can be downloaded here. And the guides in spanish and in english to see the steps to get the software started and installed can be downloaded here:

http://www.atouk.com/wordpress/?page_id=237

Installation:

This is all extracted from the PDF guides donwloaded:

“The ADSB# zip includes 5 files. Extract all of these into the folder of your choice.

example_ADSB#

Your folder will now contain all of the files needed for operation of ADSB#.

ADSB# only receives and decodes the raw hexadecimal data from the ads-b signal, and acts as a multi-client TCP server to send that data to whichever decoding and display program you are using. The most popular programs to view and decode are Virtual Radar Server, ADSBScope and PlanePlotter. ADSB# works equally well with any of these programs at the same time, or to a single ADSBHub.

Since ADSB# is acting as a TCP server, you can access the data stream from any computer that is accessible on your network. This means that multiple users may have access to the data at the sane time, and that the dongle may be using in a remote computer with the best access to an outside antenna if one is available.”

Using the RTL-SDR for other things:

Another possibility to use the RTL-SDR dongle is to use it to listen to any transmission inside the frequency band that allows the dongle you are using.

In my case I am using a RTL2832 RTL-SDR USB dongle also named Rafael Micro R820T – USB dongle which has a frequency range of 24 to 1766 MHz.

I think this is the best RTL-SDR dongle because it hasn’t any frequency gaps.

This allows to listen from FM radio to live aeronautical ATC, passing through ACARS transmissions and receiving meteorologic satellite images like NOAA satellites. All the transmissions in the frequency range specified above can be received, taking into account the coverage of the place, by the RTL-SDR dongle.

This allows such a different possibilities with the dongle that makes this USB receivers such an interesting thing to work with.

To get prepared to receive all of these things, you will have to install SDR#. A free and open-source code software that allows you to realize the steps implemented in software by the SDR concept that a few years ago were implemented only in hardware, like aplying the demodulation, aplying different kind of filters, etc.

Installation:

I have used the explanation of the next web page: http://rtlsdr.org/softwarewindows

“Download sdr-install.zip and unzip it.

Double click on the install.bat file in the newly created sdr-install directory to have the script download everything you need including Zadig.

Once the script has completed it will have downloaded the latest SDR#, the latest RTL driver from Osmocom (and enabled use of RTL-USB) and Zadig and put them in a new sdrsharp directory.”


You don’t have to use Zadig if you have installed it with the instructions above.

Run SDRSharp.exe and you should see the following window:

SDR# screenshot

SDR# screenshot

Steps to get the software running:

  1. Set Radio to WFM (wideband FM).
  2. Set the centre frequency to (88,000,000), this is 88MHz, the start of the FM radio band in most countries.
  3. Set the ‘Front End’ type from ‘Other’ to ‘RTLSDR / USB’.
  4. If all is working the ‘Front End’ button should go from grey text to black text.
  5. Click on Play.

“You should now see an orange waterfall display in the bottom half and a dancing blue spectrum in the top half. By clicking and dragging on the blue spectrum you can conveniently change the frequency. In the example below I have dragged the spectrum and centered on an FM station. All going well you should hear the audio coming out of the PC speaker.”

 

INSTALLING PLANEPLOTTER:

Now you have all installed in a correct way, you can install some software to display the infomration that you are receiving.

The Planeplotter software is not free but it has a trial period of 30 days to experiment with it. It has a lot of different options.

To download the software go to the next web page: http://www.coaa.co.uk/planeplotter.htm

At this web page there are the steps to get it working.

But I recommend a nice video tutorial to get the Planeplotter working feeded by the RTL1090 information:

http://www.nicstorey.co.uk/planeplotter/PlanePlotter%20and%20the%20RTL1090

If you are not satisfied with the instructions from the first website, I recommend this other web page to follow the installation steps:

http://planeplotter.pbworks.com/w/page/17117302/FrontPage

To see an example of planeplotter there is a screenshot:

PlanePlotter

There is another software to visualize the aicrafts that I have experimented with it, called ADSBScope but I had some problems with it.

The next link will explain you how to get it started and to download it:

http://www.sprut.de/electronic/pic/projekte/adsb/adsb_en.html

There is another screenshot to make an idea of what we are talking about:

adsbScopeScreenShot

I will recommend you the planeplotter software to work with, I know you have to pay for it after 30 days but it has more options and brings you a lot of different possibilities.

Play with any of the 2 programs, try the 2 possibilities and get used to them before choosing what is the best of them.