A newbie’s guide to Software Defined Radios on Kali Linux | Part 3: Using a RaspberryPi as a transmitter
If you have followed my previous SDR stories, you already know that these times I blog about different experiments to do on the cheap using an RTL-SDR dongle (Part 1 explaining a minimalist setup using Kali and Part 2 starting to listen to airplanes and some on-call pagers). Since then, I explored a little further and realized that a simple RaspberryPi could be used as a transmitter. Like in the second part, this article assumes that you are familiar with the software presented in the first part and that stl-sdr drivers and gqrx are both installed and working on Kali. Additionally you will of course need a Raspberry Pi. My tests were made on a Raspberry Pi Model 3 B, but for the experiments presented here, just any model of Pi should do the trick.
Prerequisite: Installing rpitx
The most complete solution I found on the Internet was a GitHub project named rpitx. With only a Raspberry Pi and a simple wire used by the Pi as an antenna (about 15cm does the job quite well, but I did not experiment too much on this variable), it is possible to install this software and transmit over the air to a receiver of you choice (in the present case, our Kali Linux workstation).
You should plug the antenna in GPIO 4 according to official schematics. Installing rpitx should be as simple as that:
# git clone https://github.com/F5OEO/rpitx.git
# cd rpitx/
# ./install.sh
# sudo rebootAs always, it’s important to reboot in order to be sure that all the newly installed modules are enabled and working propery. Also note that the installation will alter your GPU clock to 250Mhz, so don’t plan on installing this software on a shared device also intended for multimedia.
Once installed, just launch ./easytest.sh to see all the available protocols that are ready to use “out of the box”:
First, select 1 Chirp and start gqrx to see if everything works:
It’s far from perfect, but we can clearly see the Pi oscillating a signal. I am not quite sure if the interference comes from my Tx (the Pi) or my Rx (my SDR dongle) but for my test use-case, it was sufficient to get good results.
Another amusing test you can do is to try the FmRds test and use it on a “classic” radio frequency: You should hear the FM transmission pretty flawlessly, even in stereo! This could turn-out to be a nice way to build a DIY car FM transmitter to stream music from a cell phone in an older car.
Encoded POCSAG communications
In my last story, we learned how to use the RTL-SDR dongle in order to eavesdrop on on-call alarm pagers used notably in hospitals and alarm systems. What if we could use this raspberry pi to encode messages and recreate a POCSAG link? Since we know it’s a plain-text protocol, my suggestion is to base64 messages so you can transfer files in a binary format and/or encrypt them. Warning: Base64 is NOT an encryption algorithm, but rather an encoding algorithm: This means that you must assume everybody can decode a Base64 as easily as plain-text.
Create a test script in the rpitx directory with the following content:
#!/bin/shB64=$(echo "Hello Medium!" | base64)
printf "1:MEDIUM_MESSAGE\n2: $B64" | sudo ./pocsag -f 434000000
Upon execution, this script will Base64-encode the message “Hello Medium!” and transmit it on the 434Mhz frequency:
As stated earlier, you can modify the script as you like to send not only text, but also (potentially encrypted) binary files of your choice, that is why I preferred to add a Base64 version to the example provided in rpitx .
Future works
At the time of writing, I was not able to get a clear SSTV image from the Raspberry Pi + RTL-SDR setup. This is going to be needed if I want to listen to meteorological satellites that constantly transmit weather maps from the sky. The International Space Station is also known to diffuse SSTV images to the Earth.
Another nice trick I would like to achieve is to make a successful “repeat attack” on a car key, which should be almost directly feasible when equipping the Pi with an RTL-SDR dongle. My first attempts on a Toyota car were unsuccessful and it kind-of lacks verbosity about what is going on behind the curtain, so more research is definitely needed here.
Stay tuned for more newbie discoveries! :-)
