tom/SDRPrimer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
tom 2025-03-31 17:39:20 +00:00
parent 34fd46b96b
commit f4cfa9ced0
1 changed files with 138 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
README.md
View File

@ -87,3 +87,141 @@ This is sometimes the hardest part of setting a system like this up. The ambient
Listening to radio for hours on end can get tedious. Most of the time you are just sweeping ranges that do not have much going on, or it is a firehose of information, like a police scanner. Either way, it is important to take breaks. This sort of activity does take some work to learn and get comfortable with, so finding a group of people that is trusted, and that is interested in radio, is crucial.
## The First Leap Into DIY Signals Intelligence
In government circles the interception of radio signals is referred to as Signals Intelligence, or SIGINT. For much of the history of radio the ability to intercept signals, the technical knowledge to demodulate them and make them useful, and the sheer volume and cost of equipment meant that mostly states were able to pluck signals out of the air for information gathering purposes. With the advent of consumer grade SDR, however, this is a capability that is not only possible, but has been used in actions to keep people safe, out of jail, and effective.
As was discussed earlier, the number of signals that are traveling through the air at any one point is immense, most of which are not able to just be listened to as coherent audio. There are some signals, however, that are very easy to pick up, and this is where we will start. After getting everything set up, plugged in, and turned on, it is possible to start intercepting signals immediately. To begin to learn it is recommended that you work on picking up NOAA weather radio broadcasts (162.400 162.550 MHz), two way radios (462.5625-462.7250 MHz), and local AM and FM stations. These signals are easy to receive, are intended for open public use, and can help you get comfortable with using SDR. NOAA weather alert radio sounds like the recordings accessible at the link below.
https://archive.org/details/NOAAWeatherRadioWXL40/AMACLINWR.mp3
When you fire the system up, and start the software, you will likely be met with a waterfall graph. A waterfall graph is a visualization of the signals within a specific group of frequencies. The below image is from SDR#, but GQRX will display similarly.
![sdrsharp](sdrsharp.png)
Now, with this basic setup we would only be able to listen to signals. Most of what we will hear is going to sound like robots chattering; that is data being sent over the airwaves. It sounds like this:
https://www.sigidwiki.com/wiki/Category:Trunked_Radio
The demodulation process involves extracting this data, in a usable form, from these captured transmissions. For example, and we will discuss this more later, if you try to tune to the control channel of digital police radio system, you are only going to hear this chattering. What is being sent over those frequencies are not audible, but is data used by the radio system itself to allocate channels for discussions, which often jump frequencies mid-way through a transmission. So, for something like police radio just getting audio signals is not good enough, we have to process those signals into data that makes sense.
There are advanced frameworks, like GNURadio, which are built to allow for users to customize listeners to demodulate different types of signals. A framework like GNURadio is beyond the scope of a simple introduction though. Rather, we are going to use pre-built open source tools for the signals that we are going to intercept in this guide.
To start gathering useful data, and making sense of it, we can start with ADS-B signals. The ADS-B system is a radio specification used in aircraft to report type of aircraft, callsign, altitude, speed, and location to airports and other landing areas, and it broadcasts on 1090 MHz. In the US only airplanes are required to transmit ADS-B signals, but increasingly helicopters are broadcasting these signals. We have used ADS-B to track police helicopters in the middle of actions, especially when there is dispersed actions, and to locate staging areas for times when the National Guard comes to town (based on where a lot of cargo planes were landing in a short period of time). To get a glimpse of what ADS-B signals provide you can go to ADS-B Exchange, which is a service that aggregates the ADS-B data from thousands of SDRs around the world, providing near global coverage of every aircraft in the sky globally at any one time. A similar system also exists for watercraft, called AIS, which can be used in similar ways.
To pick up and map out ADS-B data there are a number of different possible pieces of software that you could use, but for the purposes of this guide we are going to focus on dump1090, which is the basis for most of the other ADS-B receiving frameworks.
To download and install dump1090 you can find a version for Windows at https://github.com/gvanem/Dump1090 and for Linux, https://github.com/MalcolmRobb/dump1090
Once installed these frameworks will identify the SDR dongle, tune it to 1090 MHz, start capturing data, and mapping it. When receiving ADS-B data, the demodulated packets of data contain information that looks like this:
![dump1090terminal](dump1090terminal.jpg)
When launched in webserver mode you will be able to access a visual map that looks like this:
![dump1090map](dump1090map.jpg)
If you want an interesting follow-up project, here are some instructions about how you can intercept and display NOAA weather satellite images in real time:
https://www.rtl-sdr.com/wp-content/uploads/2022/08/NOAA-Satellite-Tracking-and-Decoding-Guide-V2.pdf
With just some simple software, a little bit of time, and a small amount of resources we have been able to explore the audible areas of the RF spectrum, as well as to start mining the airwaves for signals. It only gets more interesting from here!
## An Amateurs Guide to Spying on Cops
So far, we discussed known signals that have already been extensively researched and are able to be easily utilized. We can find the frequency, tune our radio, and start listening to whatever is coming over the air. In the past police radio worked just like any other radio system, they used predetermined “channels”, which corresponded to different frequencies, and all we needed to do was tune our radio to one of those frequencies and listen to the cops plotting how to occupy our lives.
There are plenty of online sources for existing streaming police scanners. These are wonderful resources, and we can often get apps to stream them on our phones, which is helpful during actions. But, we do not control these radios, cannot tune them, and cannot prevent them from being taken down. In the past streams have been shut down by police order, overloaded with listeners, or are just tuned to talkgroups that are not relevant. To get the most relevant, most useful, information we need to build our own.
This involves more than it did in the past, where it was sufficient to just buy the proper equipment and start scanning the spectrum. Today, if you were trying to listen into police radio by manually tuning to frequencies, you may catch a small blip of a discussion, and that is if youre lucky. Most police departments, and every department in a medium to large city, have radio systems that are digital and “trunked”. This guide will be focused on a specification called Project 25, or P25. In a European context emergency radios tend to use a specification called TETRA (Terrestrial Trunked Radio).
Digital refers to the sending of data in binary, as opposed to sending an audible radio stream. To say a system is “trunked” imples a couple of things. The first element is that a bank of frequencies is allocated which can be used to host calls. The second element is a control system which takes in transmissions, allocates them a frequency, and then send that data to all other radios in the same “talkgroup”. Not only does this mean that calls can be allocated to any of a number of frequencies unpredictably, but these systems often “jump” calls in the middle of a transmission to a completely different frequency.
This not only creates the problem of finding a transmission, but we also need to know how to follow the transmission when it jumps frequencies. Unlike “normal” single frequency radio, it is not enough to tune to the frequency that we want to listen in on. Rather, we need to figure out how to tap into the data stream that allocates channels and transmits channel information to radios. To do this we are going to tune our radios to what is called a “control channel”, or the channel that allocates calls to frequencies.
Information about trunked radio systems, their control channels, and talkgroups is widely available online. Using this information, we can begin the process of capturing emergency radio transmissions. Once you identify a control channel frequency in our area, turn on our radio, and tune to the control channel frequencies, you will likely see a signal waterfall that looks like the below image.
![p25signal](p25signal.jpg)
Now, of course, this is not particularly helpful. We need software to help us follow the control channel transmissions, tune the radio to the proper frequency automatically, and translate (demodulate) the signal into something we can hear. When building custom police scanners locally we rely, generally, on a small series of open source tools, depending on the objective. If the goal is to capture individual discussions, listen to them live (or stream them to listeners), and be able to prioritize what signals the radio will tune to, then the primary tool we use is called sdrtrunk, which can be found here:
https://github.com/DSheirer/sdrtrunk
The installation and setup of sdrtrunk is outside of the scope of this guide. The user guide provided at the link above is very comprehensive. Instead, we are going to skip the installation step and move directly into how it is used. Just like any SDR framework you can just plug in the radio dongle, flip the software listener on, and start tuning.
The real advantage of sdrtrunk is the ability to ingest information about a radio system, and to use that data to assist in how to tune your own custom system. To start someone in your crew, or someone you know, is going to need to know where to get information about the local emergency radio system. There are different places to find this, but the most updated information can be downloaded from https://radioreference.com with an account. This site is the most comprehensive location for technical data on radio systems of all types in the US. In the configuration of sdrtrunk there is a tool that allows you to log into RadioReference, and automatically download the information of any system you are interested in.
When you open up sdrtrunk, you will see the following screen.
![sdrtrunk](sdrtrunk.png)
We can configure our scanner by clicking on the Playlist Editor. From there, if you have access to a Radio Reference account (and every scene should have access to at least one), you can use the interface to easily download all of your local police departments' radio talkgroup configurations.
![sdrtrunkchannels](sdrtrunkchannels.png)
In the section of this page that appears when you click the Talkgroup View button, we can take the data that was imported, look at the talkgroups present on the system, and import them into a “channel” configuration. A talkgroup is a user group on the digital radio system comprised of a number of radios, and all radios in any specific talkgroup can receive and transmit to any other radio in that talkgroup. The talkgroup is used as a way to divide up the overall radio system, as opposed to frequencies, with talkgroups being allocated frequencies when calls occur.
![sdrtrunkchannels2](sdrtrunkchannels2.png)
Importing the talkgroups will result in a “channel” being created, which we can now customize. We do this by selecting which talkgroups we want to listen to, which we want to mute, and what priority we want to assign to calls if more than one is being processed at a time.
![sdrtrunkchannels3](sdrtrunkchannels3.png)
After talkgroups are configured the stream can be started by going to Channels, selecting the channel you want to listen to, and hitting Start.
![sdrtrunkchannels4](sdrtrunkchannels4.png)
Sdrtrunk will then do a lot of the hard work of tracking the control channel, demodulating the signal, and tuning the radio to calls as they jump around the radio spectrum. This allows us to spend time configuring the system and listening in.
Additionally, if you would like to set up an audio streaming server (we use Icecast), you can stream the audio from your scanner to an online accessible audio stream so you can access it anywhere (including from within the middle of the protest or action).
These tools, in personal experience, have been the difference between successful disruption of urban spaces with no arrests and getting everyone rounded up in an alleyway. Being able to have advanced knowledge of preparations and the activities of the state can be the difference between victory and a jail cell.
## Conclusion
With the advent of software defined radio what used to be a complex and expensive undertaking, involving thousands of dollars of equipment and years of training, has been drastically simplified. Now, with access to ample information available online on the use of SDR for intercepting various signals, the barrier to entry for setting up our own mechanisms for gathering signals intelligence has lowered to the point where it is within the reach of most anarchist communities (and if you dont have the skills locally, ask around, someone will).
This is just scratching the surface though. Around the US organizations like Signals Rising and others are encouraging radicals to get their radio licenses and to develop skills. Once we develop understanding of how radio works, we can start to apply those principles to anything. For example, anarchists in the US are working diligently on building meshnet based encrypted communications networks, long range radio links, and mechanisms to securely communicate across vast distances in a situation where normal channels are not able to be trusted, or if a disaster strikes.
When we control the airwaves we control the means of our communication. We are able to rip networking out of the hands of the state and massive telecommunications companies, and can start to build the networks that not only allow us to fight, but allow us to build a new way of living as a part of that struggle. This is an essential shift in an anarchist movement that is transitioning from being a protest based activist movement to one that is starting to enter into more acute resistance.
## Additional Sources
Map of FCC Enforcement Actions
https://www.fcc.gov/reports-research/maps/fcc-enforcement-actions-against-pirate-radio-location/
Information on FCC applications, technical schematics, etc
https://fcc.io
RTL-SDR Blog Quick Start Guide
https://www.rtl-sdr.com/rtl-sdr-quick-start-guide/
ADS-B Exchange
https://www.adsbexchange.com/
Twente University WebSDR
http://websdr.ewi.utwente.nl:8901/
Priyom (collection of number stations and other government broadcasts)
https://priyom.org/
Signals Identification Wiki
https://www.sigidwiki.com/
Radio Reference
https://radioreference.com
Google Patents
https://patents.google.com
Problems With P25 Radio Encryption
https://www.usenix.org/legacy/events/sec11/tech/full_papers/Clark.pdf
Directory of Online SDR Receivers
https://www.receiverbook.de/