A newbie’s guide to Software Defined Radios on Kali Linux | Part 1: Fun with FM radios

At the last Hackfest in November 2018, I got lucky enough to get my hands on a Software Defined Radio at the Soldering Village. Being a total newbie in this field, I though it could be interesting for other folks to follow my experiments and learn from my mistakes. I made this a multi-part story just like my other SSRF series because there is just so much to explore on this topic and I don’t think a very long article is so enjoyable. In this series, we will explore how to use a Software Defined Radio in order to listen to a normal FM radio station (let’s start with the basic), tune-in and listen to nearby airplane’s ADS-B traffic, intercept FLEX pager communications (still in-use by some emergency services and private alerting systems), receive communications from the International Space Station and even build a rudimentary GSM (read-only) IMSI catcher. But for now, let’s just setup a simple RF lab environment:

Lab Prerequisites

In my case, I have a very simple lab setup:

• A laptop with Kali installed, which in my case is an old Lenovo W510; That said, any computer with a Debian-based distribution would do the trick, even a Raspberry Pi should have most necessary packages and horsepower available (I will most-certainly test that in a future part of this story).

My NooElec RTL2838 DVB-T SDR dongle

• A Realtek RTL2838 DVB-T based Software Defined Radio receiver. In my case, it is a 30$ NooElec NESDR SMArt, but for this simple experiment, just about any USB dongle should work just fine.

Software Setup

The setup procedure should be the same for any SDR dongle that uses the RTL2838 chip; First plug it in your USB port and verify that it gets detected:

$ sudo lsusb
Bus 004 Device 008: ID 0bda:2838 Realtek Semiconductor Corp. RTL2838 DVB-T

Good! But Debian comes with default drivers that we do not want for our particular use-case (they were intended to use the RTL2838 chip as a TV-Tuner). So we need to blacklist those drivers from loading. To do so, just create a file at /etc/modprobe.d/blacklist-dvb.conf with the following content:

blacklist dvb_usb_rtl28xxu

Then, reboot (I strongly recommend, even if it shouldn’t be necessary) to be sure the “bad” drivers aren’t loading. You can verify with the following command, returning no result after rebooting:

# lsmod | grep -i dvb
#

We are now ready to install the SDR-centric drivers:

$ sudo apt-get install rtl-sdr

Alright, from now on, we should have a working SDR device; Yay! In order to test if everything works well, just execute rtl_test for a couple of seconds: If you don’t see any lost packet messages (after the initial one) everything should be fine:

$ rtl_test
Found 1 device(s):
 0: Realtek, RTL2838UHIDIR, SN: 00000001
Using device 0: Generic RTL2832U OEM
Found Rafael Micro R820T tuner
Supported gain values (29): 0.0 0.9 1.4 2.7 3.7 7.7 8.7 12.5 14.4 15.7 16.6 19.7 20.7 22.9 25.4 28.0 29.7 32.8 33.8 36.4 37.2 38.6 40.2 42.1 43.4 43.9 44.5 48.0 49.6 
[R82XX] PLL not locked!
Sampling at 2048000 S/s.
Info: This tool will continuously read from the device, and report if samples get lost. If you observe no further output, everything is fine.
Reading samples in async mode…
Allocating 15 zero-copy buffers
lost at least 96 bytes
^CSignal caught, exiting!
User cancel, exiting…
Samples per million lost (minimum): 0

Tuning to an FM Radio Station

Now that our hardware has been setup, the first exeriment we should do is to tune-in a known FM radio station, since we know how it should work as most people are familiar with this vintage technology. First, let’s install gqrx, which I think is the go-to software to begin experimenting with SDR technology, then start it as root:

$ sudo apt-get install gqrx
$ sudo gqrx

Configure gqrx for a first use; In my case, these settings did work well (mostly default)

My working settings for gqrx

You will see gqrx’s interface appear. Now, in my example, I am tuning to the FM 88.3, which is ICI Radio-Canada Première, Canada’s french-speaking public radio station. Notice that we are used to deal with radio frequencies in Mhz, but we need to convert our desired frequency to Khz to actually tune to something useful (just multiply by 1000 your known frequency). To start listening, just press the “play” button ( ▶) at the top-left corner and set the mode to WFM (mono) (it is possible to do stereo playback, but it’s a little bit more difficult to get a clear sound, so we stick to mono for a first test):

Me listening to Radio-Canada using my SDR tuner

Et voilà! We are now listening to an off-the-grid (OK, just with no Internet) radio transmission demodulated using the software SDR receiver :-)

Future Works

I know, it’s not super impressive to be able to listen to FM radio on your computer, everyone has FM receivers since the 40's… But as I mentioned in the introduction, this is just to get you going with much more exciting stuff to come!

Stay tuned to my next stories where we will be able to listen to actual nearby airplanes sharing their position, speed, altitude and even flight number using ADS-B radio protocol. Since I tested this during the Christmas holidays, I called it my “Santa Claus Position Tracker”.

Happy Hacking!