Hey Habr.
В some signals that can be received on long and short waves have been described. No less interesting is the VHF band, where you can also find something interesting.
As in the first part, those signals that can be independently decoded using a computer will be considered. Who cares how it works, continued under the cut.
In the first part we used Dutch for receiving long and short waves. Unfortunately, there are no similar services on VHF - the frequency range is too large. Therefore, those wishing to repeat the experiments described below will have to acquire their own receiver, of the cheapest ones can be noted which can be purchased for $30. Such a receiver covers the range up to 1.7 GHz, all the signals described below are received on it.
So let's get started. As in the first part, the signals will be considered in increasing frequency.
FM radio
The FM radio itself is unlikely to surprise anyone, but we will be interested in RDS in it. The presence of RDS (Radio Data System) ensures the transmission of digital data “inside” the FM signal. The spectrum of the FM station signal after demodulation looks like this:
The pilot tone is located at 19 kHz, and the RDS signal is transmitted at its triple frequency of 57 kHz. On the waveform, if you output both signals together, it looks something like this:
With the help of phase modulation, a low-frequency signal with a frequency of 1187.5 Hz is encoded here (by the way, the frequency of 1187.5 Hz was also not chosen by chance - this is the frequency of the 19 kHz pilot tone divided by 16). Further, after bit-by-bit decoding, data packets are decrypted, of which there are quite a lot of types - in addition to text, for example, alternative broadcast frequencies of a radio station can be transmitted, and when entering another area, the receiver can automatically tune in to a new frequency.
You can receive RDS data from local stations using the program . It can be connected via HDSDR if you select FM modulation, 120KHz signal width and 192KHz bit rate as shown in the figure.
Then it is enough to redirect the signal using Virtual Audio Cable from HDSDR to RDS Spy (in the VAC settings, you also need to specify a bit rate of 192KHz). If everything was done correctly, we will see all the information about RDS, much more than a normal home radio will show:
In addition to FM, by the way, you can also decode DAB +, it was about . In Russia, it does not work yet, but in other countries it may be relevant.
Air range
It so happened historically that amplitude modulation (AM) and the frequency range of 118-137 MHz are used in aviation. The conversations between pilots and controllers are not encrypted in any way, and anyone can receive them. About 20 years ago, ordinary cheap Chinese radios were “pulled” for this - it was enough to push the local oscillator coils apart, and the range shifted, if you were lucky, towards higher frequencies. Those interested in “digital archeology” can read the discussion for 2004. Later, Chinese manufacturers went to meet users halfway and simply added the Air range to the receivers (in the comments to the first part they recommended Tecsun PL-660 or PL-680). But of course, the use of more specialized devices (for example, AOR, Icom receivers) is more preferable - they have noise reduction (the sound is turned off when there is no signal and there is no constant hiss) and a higher frequency sweep rate.
Each major airport uses quite a few frequencies, for example, here are the Pulkovo airport frequencies taken from the radioscanner website:
By the way, you can listen to broadcasts of negotiations from different Russian cities (Moscow, St. Petersburg, Chelyabinsk and some others) online at .
For us, in the air range, the digital protocol is interesting (Aircraft Communications Addressing and Reporting System). Its signals are transmitted at frequencies of 131.525 and 131.725 MHz (European standard, frequencies of different regions ). These are digital parcels with a bit rate of 2400 or 1200bps, with the help of such a system, pilots can exchange messages with the dispatcher. To decode in MultiPSK, you need to tune in to the signal in AM mode (you need an SDR receiver, because the signal bandwidth is more than 5KHz) and redirect the sound using the Virtual Audio Card.
The result is shown in the screenshot.
The ACARS signal format is quite simple and can be viewed in the SA Free program. To do this, it is enough to open a fragment of the recording, and we will see that the “inside” of the AM recording actually contains frequency modulation.
Further, applying a frequency detector to the recording, we easily get a bit stream. In real life, it is unlikely that you will have to do this, because. ready-made programs for ACARS decoding have been written for a long time.
NOAA weather satellites
After listening to the negotiations of the aviators, you can climb even higher - into space. In which we are interested in weather satellites , и transmitting images of the Earth's surface at frequencies of 137.620, 137.9125 and 137.100 MHz. You can decode the signal using the program .
The received picture may look something like this (photo from the radioscanner website):
Unfortunately (you can’t deceive the laws of physics, and the Earth is still round, although not everyone believes in it), you can receive a satellite signal only when it flies over us, and these flights do not always have a convenient time and angle above the horizon. Previously, to find out the time, date and time of the next flight, it was required to set the program (a long-lived program that has existed since 2001), now it’s easier to do it online using the links , и respectively.
The satellite signal is quite loud, and can be heard on almost any antenna and on any receiver. But in order to receive a picture in good quality, a special antenna and a good view of the horizon are still desirable. Those interested can see or read . Personally, I never had the patience to see it through to the end, but others may have better luck.
FLEX/POCSAG paging messages
Whether paging communication for corporate clients in Russia still works, I do not know, but in Europe it is fully functional, it is used by firefighters, police and various services.
You can receive FLEX and POCSAG signals using HDSDR and Virtual Audio Cable, a program is used for decoding . It was written already in 2004, and the interface has an appropriate one, but oddly enough, it still works quite well.
There is also a multimon-ng decoder that runs under Linux, its sources are available . There was also a separate article about the POCSAG transfer protocol, those who wish can read it .
Keyfobs/wireless switches
Even higher in frequency, at 433 MHz, there is a whole variety of different devices - wireless switches and sockets, doorbells, car tire pressure sensors, etc.
These are often cheap Chinese devices with the simplest modulation. There is no encryption, and a simple binary code (OOK - on-off keying) is used. The decoding of such signals has been considered in . We can use the ready-made rtl_433 decoder, which you can download .
By running the program, you can see various devices, and (if there is a parking lot nearby) find out, for example, the tire pressure of a neighbor's car. There is little practical sense in this, but from a purely mathematical point of view, it is quite interesting - the protocols of these signals are easy to decode.
By the way, those who buy such wireless switches should keep in mind that they are not protected in any way, and theoretically, your hacker neighbor, with HackRF or a similar device, can maliciously turn off the light in the toilet for you at the most inopportune moment or do something similar. Personally, I don’t bother, but if the security issue is relevant, you can use more serious and expensive devices with full keys and authentication (Z-Wave, Philips Hue, etc.).
TETRA
(Terrestrial Trunked Radio) is a professional corporate radio communication system with sufficiently large capabilities (group calls, encryption, combining several networks, etc.). And its signals, if they are not encrypted, can also be received using a computer and an SDR receiver.
TETRA decoder for Linux existed , but its setup was far from trivial, and about a year ago a Russian programmer created for SDR#. Now this task is solved almost literally in two clicks, the program allows you to display information about the system, listen to voice messages, collect statistics, etc.
The plugin does not implement all the features of the standard, but the main functions more or less work.
According to Wikipedia, Tetra can be used in ambulances, police, railway transport, etc. I don’t know about its distribution in Russia (it seems that the Tetra network was used at the 2018 World Cup, but this is inaccurate), those who wish can check it themselves - Tetra signals are easily recognizable, and have a width of 25KHz, as seen in the screenshot.
Of course, if encryption is enabled on the network (there is such a possibility in Tetra), the plug-in will not work - instead of speech, there will only be “gurgling”.
ADSB
Going even higher in frequency, aircraft transponder signals are transmitted at 1.09 GHz, which allows sites such as FlightRadar24 to show passing aircraft. This protocol has already been dealt with earlier, so I won’t repeat myself here (the article turned out to be large anyway), those who wish can read и parts.
Conclusion
As you can see, even with a $30 receiver, you can find a lot of interesting things on the air. I'm sure not everything is listed here, and I probably missed something or don't know. Those who wish can try it on their own - this is a good way to understand the principle of operation of a particular system better.
I did not consider amateur radio communication, although it is also available on VHF, but the article is still about service communication.
PS: Special for it can be noted that nothing really secret has been broadcast on the air for probably 50 years, so from this point of view, it is not worth wasting time and money. But from the point of view of studying the principles of communication and various engineering systems, getting acquainted with the real operation of real networks is quite interesting and informative.
Source: habr.com