rtl_haos: An rtl_433 to Home Assistant Bridge

Thank you to Jaron McDaniel for writing in and sharing with us the release of his open source software called "rtl_haos". rtl_haos is a 'drop-in' bridge that turns one or more RTL-SDR dongles into Home Assistant friendly sensors via rtl_433 and MQTT. Jaron writes:

I just finished a tool that that bridges data received from rtl_433 into Home Assistant friendly entities. Basically allowing you to integrate anything rtl_433 can see into Home Assistant.

Basically you clone the git to a Rasberry PI, configure it for your MQTT server, plug in a RTL-SDR or two and you'll see entities with icons and units automatically assigned to whatever rtl_433 discovers.

This tool allows you to connect older and cheap non-Wi-Fi connected sensors to Home Assistant, which typically communicate to a base station via wireless ISM band signals. Home Assistant is an open-source home automation platform that integrates and controls household devices such as lights, sensors, and actuators.

rtl_haos Overview
rtl_haos Overview
Tweet
Share
Reddit
Vote
Email

Frugal Radio: Using a 25 Dollar PC for Decoding with SDRs

Over on YouTube, Rob from the Frugal Radio channel has uploaded a video showing that you don't need to shell out thousands for a capable PC to run your SDR. Robs finds five second-hand Dell Optiplex 9020 PCs advertised for just $25 each, and shows how each PC is powerful enough to run multiple SDR decoders at once, and run three monitors.

He notes that these PCs are a bargain as they come with a 4th gen Intel i5, 8GB RAM, and a 256 GB SSD. And they even come with Windows 10 Professional pre-installed.

Later in the video Rob shows what each of his $25 PCs is doing. He shows how PC1 decodes five digital trunk systems with RTL-SDRs and runs SDR++ with an Airspy. And how PC2 decodes P25 trunk systems and runs the PDW pager decoder.

Rob notes that deals on these second-hand Dell Optiplex 9020 PCs are easy to find on eBay as these are common ex-corporate PCs.

25 dollar 24/7 SDR PCs for the Shack

Tweet
Share
Reddit
Vote
Email

An Overview of 2025 SDR Black Friday Deals

Below, we're collating the best Black Friday sales we could find on SDR and related products.

If you find any other good sales for SDR or related products, please post in the comments!

RTL-SDR Blog

We're currently offering $5 of V3 dongles (including the V3c) on Amazon. The sale will last until Monday 1 December, and only while stocks last.

RTL-SDR Blog V3 Dongle + Antenna Kit: US$47.95 US$42.95 (Link)
RTL-SDR Blog V3 Dongle Only: US$37.95 US$32.95 (Link)
RTL-SDR Blog V3c Dongle Only: US$39.95 US$34.95 (Link)

We also want to add that in December, the price of V4 dongles will be raised, due to rising chip costs, and dwindling R828D stockpiles, so buying now is purchasing while essentially on sale.

We're also participating in the Airspy 25% sale with the YouLoop listing on our store. The sale takes the price down from $39.95 to $29.96.

Airspy

Airspy offers low-cost RX-only SDRs. Airspy is holding a 25% off Black Friday sale. Black Friday is usually their biggest discount of the year. The sale is offered by their official iTead store and by most resellers. Links to their sales are platforms available here https://airspy.com/purchase

Airspy R2: US$169.00 $126.75
Airspy Mini: US$99.00 US$74.25
Airspy HF+ Discovery: US$169.00 US$126.75
Airspy SpyVerter R2: US$49.00 US$36.75

SDRPlay

SDRplay offers low-cost RX-only SDRs. There do not appear to be any direct Black Friday deals from SDRplay, but on Ham Radio Outlet, the SDRplay nRSP-ST and DUO units are on sale. The RSPdx-R2 and RSP1B appear not to be on sale.

SDRplay nRSP-ST: $499.95 $399.95
SDRplay DUO: $299.95 $249.95

FlexRadio

FlexRadio offers high-end SDRs aimed at ham radio users. They are currently running a Black Friday deal as shown in the screenshot. https://www.flexradio.com/products/categories/black-friday/

Ham Radio Prep Course

While not physical SDRs, some people interested in getting their amateur radio licence in the US may be interested in this study course, which is discounted for Black Friday. https://hamradioprep.com/black-friday

They have various course bundles on sale, but this screenshot is of the full bundle.

Tweet
Share
Reddit
Vote
Email

Using the Don’t Look Up Tool to Eavesdrop on Insecure Private Satellite Communications

Over on YouTube, Rob VK8FOES has uploaded a video showing how to install and use the "dontlookup" open-source Linux Python research tool for evaluating satellite IP link security. Back in October, we posted about a new Wired article that discussed how many geostationary satellites are broadcasting sensitive, unencrypted data in the clear and how a cheap DVB-S2 receiver and satellite dish can be used to eavesdrop on them.

In the video, Rob discusses the new dontlookup tool, which is an excellent one-stop shop open-source tool for parsing IP data from these satellites. He goes on to show the full steps on how to install and use the tool in Linux. The end result is private internet satellite data being visible in Wireshark (blurred in the video for legal reasons). In the video description, Rob writes:

I thought I would make a video showcasing this new open-source Python tool for Linux. 'Don't look up' is the result of a research campaign conducted by a group of cyber security researchers from the USA for decoding DVB-S2 satellite data transponders.

Geostationary communications satellites are somewhat of a 'perfect target' to malicious threat actors, due to their downlink signals covering large portions of earth surface. This gives attackers are large attack surface to intercept IP traffic being transmitted from space. To most peoples surprise, little-to-no security, such as encryption, are being used on these data transponders!

This is all old news to myself, and the fans of my YouTube channel that have been following my TV-satellite hobby for the past couple of years. Most of this was already possible with consumer-grade satellite equipment and a Python application called GSExtract. However, the scope of GSExtract was a lot more narrower than that of DontLookUp, with the developers claiming to have achieved an exponential packet recovery rate compared to GSExtract.

Join me in this video today where I will be showing my users how to patch and build the TBS5927 USB satellite receiver drivers for RAW data capturing. I'll also be showcasing the software application called 'DVBV5-Zap' which interfaces with our satellite receiver to capture RAW data from a satellite. And finally, I will finish-off the video by demonstrating the actual usage of DontLookUp itself. To make the tutorial as accessible as possible, I'm doing the entire process inside a Linux virtual machine!

This tutorial will probably only work in DragonOS FocalX R37 Linux by the wonderful @cemaxecuter. You are welcome to try on other Linux distributions, but your mileage will vary! Also, due to the TBS5927 using something called a 'Isochronous Endpoint', it's only possible to use this satellite receiver via USB Passthrough in VMWare versions 17.5 and above. VirtualBox does not support Isochronous USB Endpoints in any version. It's always best to run Linux on 'bare-metal' by installing it directly to your PC's internal SSD, or running it from a bootable USB thumb drive.

Please understand that if you own an internal PCI-E satellite receiver card from TBS, it is not possible to 'pass it through' to Linux running inside in a Type-2 Hypervisor (VMware, VirtualBox etc.) Installing Linux on bare-metal is the only hope for PCI-E card owners. Thanks very much for watching!

HARDWARE:
TBS5927 USB Satellite Receiver
90cm 'Foxtel' Satellite Dish
Golden Media GM202+ LNB
Hills RG-6 Coaxial Cable (F-Type Connectors, 75 Ohm)

SOFTWARE:
VMWare Workstation 17.6.2
DragonOS FocalX R37 Linux
TBS 'Linux_Media' Drivers
'RAW Data Handling' Patch
DVBV5-Zap
DontLookUp

If you're interested in this topic, Rob's YouTube channel has many videos on this topic that are worth checking out.

Don't Look Up (No, Not The Movie): A New Research Tool To Evaluate Satellite IP Link Security!

Tweet
Share
Reddit
Vote
Email

halow_scanner: An RTL-SDR Based 802.11aH HaLow Channel Scanner

Over on GitHub we've recently noticed the release of halow_scanner, a Python script that uses an RTL-SDR to scan the 802.11ah (WiFi HaLow) channels in the sub-GHz spectrum to determined which channels have the least noise/interference.

Unlike standard WiFi, which operates outside of the RTL-SDRs range at 2.4 GHz+, 802.11ah operates in the sub-GHz ISM bands, which RTL-SDRs can easily receive.

Use of these lower frequencies gives 802.11ah HaLow excellent signal penetration, making it useful for long-range, low-power IoT devices. With 802.11ah HaLow links, several kilometers can be achieved.

The software's features include:

  • 🔍 Scans all 802.11ah HaLow channels in the US 902-928 MHz band
  • 📊 Supports multiple channel bandwidths: 1, 2, 4, and 8 MHz
  • 📡 Uses RTL-SDR for spectrum analysis
  • 🎯 Identifies the cleanest channel with lowest noise floor
  • 📈 Provides detailed power spectrum measurements
  • ⚡ Fast scanning with averaging for accuracy
Comparison Between regular WiFi and 802.11ah HaLow. Source: https://www.gateworks.com/802-11ah-halow-long-range-low-power-wireless-for-iot/
Comparison Between regular WiFi and 802.11ah HaLow. Source: https://www.gateworks.com/802-11ah-halow-long-range-low-power-wireless-for-iot
 
Tweet
Share
Reddit
Vote
Email

Software Defined Toolkit: A DIY Radio Reconnaissance Device with RTL-SDR and EvilCrow RF Inside

Thank you to "p3rp0ul" for writing in and sharing his neat-looking build of a "Software Defined Toolkit," which consists of two RTL-SDRs, EvilCrow RF, and other RF signal conditioning hardware, all in a ruggedized metal enclosure. He writes:

It’s a compact, field-ready SDR platform that consolidates two RTL-SDR receivers (one acquired via your site), a GPS timing/position module, an LNA with adjustable biasing, and an integrated ESP32-based ISM-band transceiver subsystem into a single rugged enclosure. The project explores how far low-cost SDR hardware can be pushed when carefully packaged, powered, filtered, and shielded as a coherent tool rather than a loose bench setup.

The design focuses on field usability: modular power distribution, fully externalized RF and antenna connectivity, thermal management for the dongles, and internal coax routing optimized with ferrite suppression. The addition of the ESP32 subsystem brings replay, sniffing, jamming, and remote-operation capabilities, extending the utility of RTL-SDR hardware in practical RF reconnaissance and experimentation.

P3rp0ul has shared full details about his build on both Hackaday.io and Hackster.io.

P3rp0ul's DIY Software Defined Toolkit
P3rp0ul's DIY Software Defined Toolkit
Inside the Enclosure
Inside the Enclosure
Tweet
Share
Reddit
Vote
Email

Talking Sasquach Reviews the uConsole and RTL-SDR Antenna Board Expansion

The uConsole is a portable computer system based on the Raspberry Pi CM5 module. It adds a screen, battery, and complete hardware keyboard with a mouse trackball to the CM5, while allowing for various expansion boards.

One such expansion board of interest to us is the RTL-SDR AIO V2 module, which adds an RTL-SDR, as well as adding capabilities such as LoRa, GPS, RTC, USB Hub, USB 3.0, and RJ45 Ethernet. We currently have one on order for our own review, but it is currently in pre-order status, and the V1 module has been out of stock for a long time.

Over on YouTube, Talking Sasquatch has managed to get his hands on one and has created a video about it. In the video, he shows the assembly of the uConsole and RTL-SDR AIO and how to flash the DragonOS Linux distribution, which contains many pre-installed RTL-SDR programs.

He goes on to show the system running SDR++ and receiving an FM station, as well as showing how it can connect with a Flipper Zero.

This uConsole HACK is a Game Changer

Tweet
Share
Reddit
Vote
Email

NSA GENESIS: How NSA Spies Snooped on Local RF Bands using Modified Cell Phones with a Built-in SDR

Over on YouTube, the "Spy Collection" channel has recently uploaded a video detailing the US National Security Agency's (NSA) GENESIS spy gadget. GENSIS was a modified Motorola cell phone that contained a full software-defined radio system within. This system allowed NSA agents to discreetly record the local RF spectrum for later analysis. For example, an agent may have been able to record the frequencies and RF protocols used at particular facilities of interest for use in later operations. 

Details about the NSA GENESIS were revealed when the NSA's Advanced Network Technologies (ANT) catalogue was publicly leaked back in 2013. Originally, project GENESIS was due to be declassified in 2032.

Spy Collection also notes that the leaked documents indicate it is possible the phone was also used, or intended to be used, as a "finishing tool". In other words, a remotely detonated explosive phone, that could be given to persons on the US terrorist list. 

NSA's Leaked Secret GENESIS Cell Phone

Tweet
Share
Reddit
Vote
Email