This is an old revision of the document!
Software Defined Radio
Radiolab is being reconstructed. Some (or all) remote functionality might be unavailable
Calling to brmlab (e.g. in case of phone or internet disruption), brmlab calling channels:
first shared frequency in 2m band (172.650 MHz
, NFM, 5W EIRP)
PMR CH7, no subtone (446.08125, NFM, 0.5W EIRP)
CB CH 32, band C (27.325 MHz
, NFM, 4W EIRP)
OK0N Žižkov repeater (145.6 MHz
DL, 145.0 MHz
UL, 88.5 Hz CTCS)
It is not ensured someone will be listening, however CB station is powered on almost all the time.
Software Defined Radio is a computer peripheral that allows reception (and ideally also transmission) of arbitrary radio waves. Various peripherals have different frequency range, bandwidth and other capabilities. Best known are USRP (Universal Software Radio Peripherial) and RTL-SDR (extremely cheap DVB-T USB stick chipset).
On the software side, GNURadio is the most popular control software. Its modular design allows defining arbitrary signal decoding pathways visually.
We have SDR station on the table near our library (RadioLab), and some antennas on the roof.
So far, we achieved for example:
FM broadcast listening
decoding of voice from unencrypted Tetra network (local traffic company and municipal police)
firemen, waterworks, civil security service, taxi RX (NFM)
POCSAG (Prague emergency service), ADSB and ACARS (planes) RX
Radiosonde hunting and in-terrain recovery
Currently, we are running with rtl-sdr as RX and Baofeng as TX. We have collected most of money for BladeRF and it will be hopefully available in summer.
What is available
Several Linux computers with GnuRadio and rtl-sdr drivers installed and with SSH
TB of storage space for your captured signals :)
Helix and wire antennas on brmlab rooftop covering most of Prague.
400MHz YAGI pointing on
Ruzyně Václav Havel Airport.
Several PMR446 walkie-talkies.
HAM portable 2m/70cm transceiver upon request.
Portable 400MHz YAGI
advice related to Baofeng UV-5R device
Active: see status
wideband radio scanner (there are lots of interesting unencrypted/weakly encrypted signals in Prague!)
DSP FPGA workshop wanted!
own GSM network (some experiments with osmocom TRX
GNSS (GPS, GLONASS, GALILEO) RX and TX (signal faker)
RFID, KEELOQ, Mifare, BT, wifi hacking
BTS testing (tetra, DMR, APCO, D-star, matra, paging,… )
HAM HF CW and digimodes TRX
Genius TVGo DVB-T03 USB dongle
Elonics E4000 tuner
E4K range: 53 to 2210 MHz
E4K L-band gap: 1106 to 1250 MHz
TODO: Where/how to get a good antenna?
TODO: What are interesting frequencies to listen to without a super-strong antenna?
Remote listening - tune radio in brmlab, listen at home! Ask Jenda/Mrkva/TomSuch for access.
xtightvncviewer -quality 7 -encodings tight 192.168.77.35:0
Maybe you will need to start a VNC server:
LightDM login in case machine rebooted and autologin got stuck
root@radio-observer:~# x11vnc -display :0 -usepw -forever -auth /var/run/lightdm/root/\:0
radio@radio-observer:~$ x11vnc -display :0 -usepw -forever
ssh email@example.com "parecord --channels=1 | oggenc -q "-1" -r -C 1 -" | ogg123 -
Uncompressed (e.g. for further processing)
ssh firstname.lastname@example.org "parecord --channels=1" | aplay -r 44100 -c 1 -f S16_LE
Average delay of this chain is 1-2 seconds.
Tunnel raw data - connect remote radio to your local receiver
ssh -A -L1234:192.168.77.35:1234 email@example.com 'ssh firstname.lastname@example.org "killall rtl_tcp; rtl_tcp -a 0.0.0.0"'
Then start gqrx locally with
Works for me with 300000Hz bandwith.
Get rtl-sdr tool, compile.
mkfifo /tmp/radio - we will use it to tunnel samples.
Install GNURadio. (Debian Unstable version works fine.)
Switch sink from file to audio, adjust source file to /tmp/radio.
As root, run ./rtl_sdr -f 94.6e6 - >/tmp/radio
In gnuradio-companion, execute the flow graph (click on gear icon).
You should hear CRo Radiozurnal. Quality of reception depends (hopefully) on the antenna.
Detection of pulses from kappi's geiger counter with a soundcard
Cutting and timestamping based on silence detection
GnuRadio on RPi
First attempt: I was able to record GSM channel data with http://nat.brmlab.cz/~sysop/gsm.grc (recorded file here) and decode it with airprobe (gsm_receive.py with modified clock frequency here)
./gsm_receive_rtl.py -I dump.cfile -d 1 B0
That nice QT GUI we are using is called GQRX. (build with qmake)