This is an old revision of the document!

Software Defined Radio

Software Defined Radio
founder: brmlab collective
depends on:
interested: sargon
software license: -
hardware license: -
status: active

Radiolab is being reconstructed. Some (or all) remote functionality might be unavailable
Calling to brmlab (e.g. in case of phone or internet disruption), brmlab calling channels:
  • first shared frequency in 2m band (172.650 MHz, NFM, 5W EIRP)
  • PMR CH7, no subtone (446.08125, NFM, 0.5W EIRP)
  • CB CH 32, band C (27.325 MHz, NFM, 4W EIRP)
  • OK0N Žižkov repeater (145.6 MHz DL, 145.0 MHz UL, 88.5 Hz CTCS)
  • HAM shortwave FIXME (CW)
  • It is not ensured someone will be listening, however CB station is powered on almost all the time.

Software Defined Radio is a computer peripheral that allows reception (and ideally also transmission) of arbitrary radio waves. Various peripherals have different frequency range, bandwidth and other capabilities. Best known are USRP (Universal Software Radio Peripherial) and RTL-SDR (extremely cheap DVB-T USB stick chipset).

On the software side, GNURadio is the most popular control software. Its modular design allows defining arbitrary signal decoding pathways visually.


We have SDR station on the table near our library (RadioLab), and some antennas on the roof.

So far, we achieved for example:

  • FM broadcast listening =)
  • decoding of voice from unencrypted Tetra network (local traffic company and municipal police)
  • firemen, waterworks, civil security service, taxi RX (NFM)
  • Prague Subway RX (NFM)
  • POCSAG (Prague emergency service), ADSB and ACARS (planes) RX
  • Radiosonde hunting and in-terrain recovery

Currently, we are running with rtl-sdr as RX and Baofeng as TX. We have collected most of money for BladeRF and it will be hopefully available in summer.

What is available

  • Several Linux computers with GnuRadio and rtl-sdr drivers installed and with SSH/VNC access.
  • TB of storage space for your captured signals :)
  • Helix and wire antennas on brmlab rooftop covering most of Prague.
  • 400MHz YAGI pointing on Ruzyně Václav Havel Airport.
  • CB transceiver.
  • Several PMR446 walkie-talkies.
  • Satellite card
  • HAM portable 2m/70cm transceiver upon request.
  • Portable 400MHz YAGI
  • advice related to Baofeng UV-5R device


Active: see status

Planned/magic wish

  • wideband radio scanner (there are lots of interesting unencrypted/weakly encrypted signals in Prague!)
  • OSS baseband for Tetra
  • DSP FPGA workshop wanted!
  • own GSM network (some experiments with osmocom TRX so far)
  • GNSS (GPS, GLONASS, GALILEO) RX and TX (signal faker)
  • RFID, KEELOQ, Mifare, BT, wifi hacking
  • BTS testing (tetra, DMR, APCO, D-star, matra, paging,… )
  • HAM HF CW and digimodes TRX


Genius TVGo DVB-T03 USB dongle


Elonics E4000 tuner

E4K range: 53 to 2210 MHz
E4K L-band gap: 1106 to 1250 MHz


New tuner




TODO: Where/how to get a good antenna?

TODO: What are interesting frequencies to listen to without a super-strong antenna?


Undergoing reconstruction.

Remote listening - tune radio in brmlab, listen at home! Ask Jenda/Mrkva/TomSuch for access.


xtightvncviewer -quality 7 -encodings tight

Maybe you will need to start a VNC server:

  • LightDM login in case machine rebooted and autologin got stuck :-(
root@radio-observer:~# x11vnc -display :0 -usepw -forever -auth /var/run/lightdm/root/\:0
  • Desktop access:
radio@radio-observer:~$ x11vnc -display :0 -usepw -forever
  • Audio: Vorbis compressed (for listening)
ssh radio@ "parecord --channels=1 | oggenc -q "-1" -r -C 1 -" | ogg123 -

Uncompressed (e.g. for further processing)

ssh radio@ "parecord --channels=1" | aplay -r 44100 -c 1 -f S16_LE

Average delay of this chain is 1-2 seconds.

Tunnel raw data - connect remote radio to your local receiver

ssh -A -L1234: 'ssh radio@ "killall rtl_tcp; rtl_tcp -a"'

Then start gqrx locally with


Works for me with 300000Hz bandwith.


FM Radio

  • Get rtl-sdr tool, compile.
  • mkfifo /tmp/radio - we will use it to tunnel samples.
  • Install GNURadio. (Debian Unstable version works fine.)
  • Start gnuradio-companion and load
  • Switch sink from file to audio, adjust source file to /tmp/radio.
  • As root, run ./rtl_sdr -f 94.6e6 - >/tmp/radio
  • In gnuradio-companion, execute the flow graph (click on gear icon).
  • You should hear CRo Radiozurnal. Quality of reception depends (hopefully) on the antenna.
  • - stereo FM receiver with RDS decoder (original source here)

Detection of pulses from kappi's geiger counter with a soundcard

geiger.c (inspiration: Geiger on a Plane

Cutting and timestamping based on silence detection

GnuRadio on RPi


First attempt: I was able to record GSM channel data with (recorded file here) and decode it with airprobe ( with modified clock frequency here)

./ -I dump.cfile -d 1 B0


That nice QT GUI we are using is called GQRX. (build with qmake)


Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki