From dde3fb944a02a5ad7ddf57df11492bab6cc18a9f Mon Sep 17 00:00:00 2001
From: FreeArtMan <=>
Date: Thu, 17 Sep 2015 17:48:16 +0100
Subject: Initial
---
writeup/article1.md | 462 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 462 insertions(+)
create mode 100644 writeup/article1.md
(limited to 'writeup/article1.md')
diff --git a/writeup/article1.md b/writeup/article1.md
new file mode 100644
index 0000000..4995b15
--- /dev/null
+++ b/writeup/article1.md
@@ -0,0 +1,462 @@
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ RTLSDR usage +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ INDEX +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1. Setup rtlsdr
+ 1.1. Get sources
+ 1.2. Drivers
+ 1.3. Check if works
+ 2. Collection of tools
+ 2.1. FM
+ 2.2. Spectrum diagram
+ 2.3. ADSB
+ 2.4. AFSK1200
+ 3. Projects where rtlsdr used
+ 3.1. WebSDR
+ 4. Problems
+ 4.1. Sync errors
+ 5. Links
+ 6. Changelog
+
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ 1.Setup rtlsdr +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+By rtlsdr usually call RTL2832U chip based tv-tunners which
+can be used for not just recievin DVB-T frequencies but much more
+and yes price is ~$10 it mean that anyone can just buy and try
+without "loosing" money.
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+1.1.Get sources
+
+
+Main development repository is on http://sdr.osmocom.org/trac/wiki/rtl-sdr
+on github you can find more repos with experminental
+features (https://github.com/keenerd/rtl-sdr).
+
+Getting sources from git:
+ git clone git://git.osmocom.org/rtl-sdr.git
+
+I prefer using plain binaries without any kind of installation. Just
+compile and use binary without any troubles.
+Build:
+ cmake .
+ make
+
+All binaries is in src dir
+
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+1.2.Drivers
+
+
+Linux kernel have some drivers for rtlsdr stick and DVB-T. When you will plug
+rtlsdr then kernel probably will load DVB-T drivers and you will not able
+to use you rtlsdr for sdr. Way yo fix is it add some drivers to black list and
+next time when you will plug rtlsdr this drivers will not be loaded.
+
+Check if rtlsdr related drivers is loaded:
+ lsmod | grep rtl28
+
+If there is some drivers then balcklist driver by creating file
+in /etc/modprobe.d/ with content:
+ blacklist dvb_usb_rtl28xxu
+
+Next thing that could appear is permissions on rtlsdr usage when its pluged in.
+To allow everyone to use create file in /etc/udev/rules.d/ with content:
+ SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", \
+ GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr"
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+1.3.Check if works
+
+How to test if rtlsdr works? Run one of commands:
+ rtl_test
+
+I like to run rtl_adsb as you can see there that something is recieved and
+you see that everything "works":
+ rtl_adsb
+
+There should be line by line showing up some "hex" lines. If some data is showen
+then adsb data from plains is recieved.
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ 2.Collection of tools +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+2.1.FM
+
+Get some sound trancmited from FM radio stations.
+
+ rtl_fm -f 96.3e6 -M wbfm -s 200000 -r 48000 - | aplay -r 48k -f S16_LE
+
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+2.2.Spectrum diagram
+
+Scan spectrum to find some activities on different frequencies.
+Good link with all description is http://kmkeen.com/rtl-power/ .
+Main usage of rtl_power is :
+
+ rtl_power -f 76M:108M:125k -i 1 fm_stations.csv
+
+and then draw image :
+
+ heatmap.py fm_stations.csv fm_stations.png
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+2.3.ADSB
+
+ADS-B ( Automatic dependent surveillance broadcast ) in simple words airplain
+geoposition, speed, height and flight number broadcasting. You can recieve
+this data and see how many plains is around and sometimes flight number.
+
+rtlsdr have default one rtl_adsb programm but it shows only recieved data,
+without any decoding. Here is dump1090 specifically for rtlsdr and nothing
+more:
+
+ https://github.com/antirez/dump1090
+
+description howto install could be found also here
+
+ http://www.satsignal.eu/raspberry-pi/dump1090.html
+
+Using in interactive mode with height in metrs:
+
+ dump1090 --interactive --metric
+
+Output:
+
+ Hex Flight Altitude Speed Lat Lon Track Messages Seen .
+ ------------------------------------------------------------------------------
+ 71be01 10052 1009 36.434 33.544 45 9 1 sec
+ 424913 SDM6329 10966 711 36.440 33.405 221 65 0 sec
+
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+2.4.AFSK1200
+
+Gqrx is graphical SDR software where you can travel across frequencies
+and in real time search for some transmission.
+
+ http://gqrx.dk/
+
+It have builtin AFSK1200 demodulator or in simple words ham radio packets.
+And you could try to see what people sending in tex around the world.
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ 3.Projects where rtlsdr used +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+3.1.WebSDR
+
+WebSDR probably best site where you can go and click on some radio reciever
+and liste what happends in some particular country. WebSDR site contains
+about 80 radio recievers around the world that can be accessed trought web
+interface.
+ http://websdr.org/
+
+If you whant setup your own radio reciever read FAQ, prepare mail and send mail
+after that you could recieve precompiled websdr software with is easy
+to setup with rtlsdr stick.
+
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ 4.Problems +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+4.1.Sync errors
+
+Once there was sync error when was trying to use rtl_test or rtl_adsb.
+To fix that changes for better quality usb cable.
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ 5.Links +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+[1] http://kmkeen.com/rtl-demod-guide/
+[2] http://kmkeen.com/rtl-power/
+[3] http://sdr.osmocom.org/trac/wiki/rtl-sdr
+[4] http://www.rtl-sdr.com/
+[5] https://github.com/antirez/dump1090
+[6] http://gqrx.dk
+
+
+```c
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#define _GNU_SOURCE
+#include
+
+
+struct ihex_binrec {
+ struct ihex_binrec *next; /* not part of the real data structure */
+ uint32_t addr;
+ uint16_t len;
+ uint8_t data[];
+};
+
+/**
+ * nybble/hex are little helpers to parse hexadecimal numbers to a byte value
+ **/
+static uint8_t nybble(const uint8_t n)
+{
+ if (n >= '0' && n <= '9') return n - '0';
+ else if (n >= 'A' && n <= 'F') return n - ('A' - 10);
+ else if (n >= 'a' && n <= 'f') return n - ('a' - 10);
+ return 0;
+}
+
+static uint8_t hex(const uint8_t *data, uint8_t *crc)
+{
+ uint8_t val = (nybble(data[0]) << 4) | nybble(data[1]);
+ *crc += val;
+ return val;
+}
+
+static int process_ihex(uint8_t *data, ssize_t size);
+static void file_record(struct ihex_binrec *record);
+static int output_records(int outfd);
+
+static int sort_records = 0;
+static int wide_records = 0;
+static int include_jump = 0;
+
+static int usage(void)
+{
+ fprintf(stderr, "ihex2fw: Convert ihex files into binary "
+ "representation for use by Linux kernel\n");
+ fprintf(stderr, "usage: ihex2fw [] \n");
+ fprintf(stderr, " -w: wide records (16-bit length)\n");
+ fprintf(stderr, " -s: sort records by address\n");
+ fprintf(stderr, " -j: include records for CS:IP/EIP address\n");
+ return 1;
+}
+
+int main(int argc, char **argv)
+{
+ int infd, outfd;
+ struct stat st;
+ uint8_t *data;
+ int opt;
+
+ while ((opt = getopt(argc, argv, "wsj")) != -1) {
+ switch (opt) {
+ case 'w':
+ wide_records = 1;
+ break;
+ case 's':
+ sort_records = 1;
+ break;
+ case 'j':
+ include_jump = 1;
+ break;
+ default:
+ return usage();
+ }
+ }
+
+ if (optind + 2 != argc)
+ return usage();
+
+ if (!strcmp(argv[optind], "-"))
+ infd = 0;
+ else
+ infd = open(argv[optind], O_RDONLY);
+ if (infd == -1) {
+ fprintf(stderr, "Failed to open source file: %s",
+ strerror(errno));
+ return usage();
+ }
+ if (fstat(infd, &st)) {
+ perror("stat");
+ return 1;
+ }
+ data = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, infd, 0);
+ if (data == MAP_FAILED) {
+ perror("mmap");
+ return 1;
+ }
+
+ if (!strcmp(argv[optind+1], "-"))
+ outfd = 1;
+ else
+ outfd = open(argv[optind+1], O_TRUNC|O_CREAT|O_WRONLY, 0644);
+ if (outfd == -1) {
+ fprintf(stderr, "Failed to open destination file: %s",
+ strerror(errno));
+ return usage();
+ }
+ if (process_ihex(data, st.st_size))
+ return 1;
+
+ return output_records(outfd);
+}
+
+static int process_ihex(uint8_t *data, ssize_t size)
+{
+ struct ihex_binrec *record;
+ uint32_t offset = 0;
+ uint32_t data32;
+ uint8_t type, crc = 0, crcbyte = 0;
+ int i, j;
+ int line = 1;
+ int len;
+
+ i = 0;
+next_record:
+ /* search for the start of record character */
+ while (i < size) {
+ if (data[i] == '\n') line++;
+ if (data[i++] == ':') break;
+ }
+
+ /* Minimum record length would be about 10 characters */
+ if (i + 10 > size) {
+ fprintf(stderr, "Can't find valid record at line %d\n", line);
+ return -EINVAL;
+ }
+
+ len = hex(data + i, &crc); i += 2;
+ if (wide_records) {
+ len <<= 8;
+ len += hex(data + i, &crc); i += 2;
+ }
+ record = malloc((sizeof (*record) + len + 3) & ~3);
+ if (!record) {
+ fprintf(stderr, "out of memory for records\n");
+ return -ENOMEM;
+ }
+ memset(record, 0, (sizeof(*record) + len + 3) & ~3);
+ record->len = len;
+
+ /* now check if we have enough data to read everything */
+ if (i + 8 + (record->len * 2) > size) {
+ fprintf(stderr, "Not enough data to read complete record at line %d\n",
+ line);
+ return -EINVAL;
+ }
+
+ record->addr = hex(data + i, &crc) << 8; i += 2;
+ record->addr |= hex(data + i, &crc); i += 2;
+ type = hex(data + i, &crc); i += 2;
+
+ for (j = 0; j < record->len; j++, i += 2)
+ record->data[j] = hex(data + i, &crc);
+
+ /* check CRC */
+ crcbyte = hex(data + i, &crc); i += 2;
+ if (crc != 0) {
+ fprintf(stderr, "CRC failure at line %d: got 0x%X, expected 0x%X\n",
+ line, crcbyte, (unsigned char)(crcbyte-crc));
+ return -EINVAL;
+ }
+
+ /* Done reading the record */
+ switch (type) {
+ case 0:
+ /* old style EOF record? */
+ if (!record->len)
+ break;
+
+ record->addr += offset;
+ file_record(record);
+ goto next_record;
+
+ case 1: /* End-Of-File Record */
+ if (record->addr || record->len) {
+ fprintf(stderr, "Bad EOF record (type 01) format at line %d",
+ line);
+ return -EINVAL;
+ }
+ break;
+
+ case 2: /* Extended Segment Address Record (HEX86) */
+ case 4: /* Extended Linear Address Record (HEX386) */
+ if (record->addr || record->len != 2) {
+ fprintf(stderr, "Bad HEX86/HEX386 record (type %02X) at line %d\n",
+ type, line);
+ return -EINVAL;
+ }
+
+ /* We shouldn't really be using the offset for HEX86 because
+ * the wraparound case is specified quite differently. */
+ offset = record->data[0] << 8 | record->data[1];
+ offset <<= (type == 2 ? 4 : 16);
+ goto next_record;
+
+ case 3: /* Start Segment Address Record */
+ case 5: /* Start Linear Address Record */
+ if (record->addr || record->len != 4) {
+ fprintf(stderr, "Bad Start Address record (type %02X) at line %d\n",
+ type, line);
+ return -EINVAL;
+ }
+
+ memcpy(&data32, &record->data[0], sizeof(data32));
+ data32 = htonl(data32);
+ memcpy(&record->data[0], &data32, sizeof(data32));
+
+ /* These records contain the CS/IP or EIP where execution
+ * starts. If requested output this as a record. */
+ if (include_jump)
+ file_record(record);
+ goto next_record;
+
+ default:
+ fprintf(stderr, "Unknown record (type %02X)\n", type);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static struct ihex_binrec *records;
+
+static void file_record(struct ihex_binrec *record)
+{
+ struct ihex_binrec **p = &records;
+
+ while ((*p) && (!sort_records || (*p)->addr < record->addr))
+ p = &((*p)->next);
+
+ record->next = *p;
+ *p = record;
+}
+
+static int output_records(int outfd)
+{
+ unsigned char zeroes[6] = {0, 0, 0, 0, 0, 0};
+ struct ihex_binrec *p = records;
+
+ while (p) {
+ uint16_t writelen = (p->len + 9) & ~3;
+
+ p->addr = htonl(p->addr);
+ p->len = htons(p->len);
+ if (write(outfd, &p->addr, writelen) != writelen)
+ return 1;
+ p = p->next;
+ }
+ /* EOF record is zero length, since we don't bother to represent
+ the type field in the binary version */
+ if (write(outfd, zeroes, 6) != 6)
+ return 1;
+ return 0;
+}
+```
\ No newline at end of file
--
cgit v1.2.3