How to use Software Defined Radios

In this article we’ll cover how to use software defined radios. This will include following topics

  • Introduction to radio frequency scanners
  • Hands-on with RTLSDR scanner
  • Playing around with gqrx
  • Kalibrating device for GSM tapping
  • Decoding ADS-B messages with Dump1090

The term software-defined radio means, implementation of hardware-based radio components such as modulators, demodulators and tuners using a software. In this chapter we will cover different recipes and look at multiple ways on how RTLSDR can be used to play around with frequencies and the data being transported through it.

Radio frequency scanners

RTLSDR is a very cheap (around 20 USD) software-defined radio that uses a DVB-T TV tuner dongle. In this recipe, we will cover connecting an RTLSDR device with Kali Linux to test whether it was detected successfully.


We will need some hardware for this recipe. It’s easily available for purchase from Amazon or from here. Kali already has tools for us to get going with it.

We connect our device and it should be detected in Kali Linux. It’s common for the devices to behave inaccurately. Here is the recipe to run the test:

We will first run the test using the command:
rtl_test
The following screenshot shows the output of the preceding command:

software defined radios

We may see some packet drops. This is because of trying this in a VM setup with only USB 2.0.

In case there are a lot of packet drops, we can test it by setting a lower sampling rate with rtl_test -s 10000000:

software defined radios

Now, we are all set to move on to the next recipe and play around with our device.

Hands-on with RTLSDR scanner

RTLSDR scanner is a cross-platform GUI that can be used for spectrum analysis. It will scan the given frequency range and display the output in a spectrogram.


Here is the recipe to run rtlsdr-scanner:

We connect RTLSDR to the system and start the scanner using the command:
rtlsdr-scanner
The following screenshot shows the output of the preceding command:

software defined radios

We should see a new window open, showing the GUI interface of the tool; here we can simply enter the frequency range on which we want to perform the scan and click on Start scan:

It will take some time to see a sweep of frequencies, and then we will see the result in graphical format:

software defined radios

If the application stops responding, it is recommended you lower the range and choose Single as the Mode instead of continuous.

Playing around with gqrx

The gqrx tool is an open source software-defined radio (SDR) receiver powered by the GNU radio and the Qt graphical toolkit.

It has many features such as:

  1. Discovering devices connected to a computer
  2. Processing I/Q data
  3. AM, SSB, CW, FM-N, and FM-W (mono and stereo) demodulators
  4. Recording and playing back audio to/from WAV file
  5. Recording and playing back raw baseband data
  6. Streaming audio output over UDP

In this section, we will cover basics of gqrx and another tool, RTLSDR.

Following is the guide to use gqrx:

We can install gqrx using the command:

apt install gqrx

Once it’s done, we run the tool by typing gqrx. We choose our device from the drop-down menu in the window that opens and click OK:

software defined radios

Now the GQRX application opens, and on the right-side in the receiver window, we choose the frequency we want to view. Then we go to the file and click on Start DSP.


Now we see a waterfall and we should start hearing the sound in our speaker. We can even change the frequency we are listening to using the up and down buttons in the Receiver Options window:

software defined radios

We will look at an example of a car key remote, which is used to lock/unlock a car.
Once we press the button a couple of times, we will see the change in the waterfall showing the difference in the signal:

software defined radios

We can record the signal in the record window and then save it. This can be later decoded and transmitted back to the car using a transponder to unlock it.

To capture the data at 443 MHz, we can use the command:
rtl_sdr -f 443M – | xxd



The following screenshot shows the output of the preceding command:

software defined radios

That’s it for today I’ll discuss remaining content in other article and put link here (you can read it here) thanks for reading. Now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku,

LEAVE A REPLY

Please enter your comment!
Please enter your name here