Link to this headingSDR

Hardware:

Introduction:
Intro to SDR and RF Signal Analysis
Inside_Radio_An_Attack_and_Defense_Guide Book
Wiki for SDR info

Blogs:
SDR Blog

Software:
A Software Defined Radio Attack Tool
SDRtrunk - A cross-platform java application for decoding, monitoring, recording and streaming trunked mobile and related radio protocols using Software Defined Radios (SDR)
Qt-based digital signal analyzer, using Suscan core and Sigutils DSP library
GNURadio
GNU Radio like GUI for taking SDR and reading binary data

Link to this headingProtocols

Protocol/Signal Analysis:
Investigate wireless protocols and convert to Binary
View Wireless Protocols with automatic decoding tools
Wiki of Digital Signals including a waterfall picture

Link to this headingAmateur Radio

  • Frequency: 144–148 MHz using narrow band FM

Software:
An AX.25 packet radio chat protocol with support for digital signatures and binary compression. Like IRC over radio waves.

Link to this headingWWV (Atomic Clock Radio Transmission)

  • Frequency: 2.5/5/10/15 MHz

More information can be found at [WWV](/Reverse Engineering/Protocols/WWV).

Link to this headingAircraft Tracking

  • Frequency: 1030/1090 MHz

Links:
SDR for flight tracking
Tracking ships using software-defined radio
Surveillance/MICA Workshop Slides

Link to this headingBoat Tracking (AIS)

Link to this headingCellular Radio

Nmap for internal cellular networks

CDMA:

GSM:
GSM SDR articles
Sniffing GSM traffic with HackRF
Cracking GSM with RTL-SDR for Thirty Dollars

LTE:
LTE Base Station Software

Link to this headingPagers

  • Frequency: 137-160/450/900 MHz

Used to Decode Pager Data formats
Multimon-ng pager message parser and viewer

Link to this headingSatellite

Upsat: The first open source satellite
SatNOGS: Open Source global network of satellite ground-stations.
Reading data from Geo Satellites

Link to this headingLocation of Satellites

Use gpredict to find what satellites are close to the station.

More satellites can be obtained from Norad tracking

Link to this headingSatellite Frequencies

Satellite NameDownlinkFrequency TypeOrbit
NOAA 10Automatic Picture TransmissionPolar orbiting
NOAA 10High-resolution picture transmissionPolar orbiting
NOAA 11Automatic Picture TransmissionPolar orbiting
NOAA 11High-resolution picture transmissionPolar orbiting
NOAA 12137.5000 MHzAutomatic Picture TransmissionPolar orbiting
NOAA 121698.000 MHzHigh-resolution picture transmissionPolar orbiting
NOAA 13Automatic Picture TransmissionPolar orbiting
NOAA 13High-resolution picture transmissionPolar orbiting
NOAA 141707.000 MHzHigh-resolution picture transmissionPolar orbiting
NOAA 15137.6200 MHzAutomatic Picture TransmissionPolar orbiting
NOAA 151707.000 MHzHigh-resolution picture transmissionPolar orbiting
NOAA 161698.000 MHzHigh-resolution picture transmissionPolar orbiting
NOAA 17137.5000 MHzAutomatic Picture TransmissionPolar orbiting
NOAA 171707.000 MHzHigh-resolution picture transmissionPolar orbiting
NOAA 18137.9125 MHzAutomatic Picture TransmissionPolar orbiting
NOAA 18High-resolution picture transmissionPolar orbiting
NOAA 19137.1000 MHzAutomatic Picture TransmissionPolar orbiting
NOAA 19High-resolution picture transmissionPolar orbiting
Meteor M2137.1000 MHzLow-rate picture transmissionPolar orbiting
GOES-101691.000 MHzWeatherfaxGeostationary
GOES-101685.700 MHzGOES VARiable Protocol Data UnitsGeostationary
GOES-121691.000 MHzWeatherfaxGeostationary
GOES-121685.700 MHzGOES VARiable Protocol Data UnitsGeostationary
FengYun-21687.500 MHzGOES VARiable Protocol Data UnitsGeostationary
Meteosat1691.000 MHzWeatherfaxGeostationary
GMS1691.000 MHzWeatherfaxGeostationary

Link to this headingNFC

NFC Relay attacks

Link to this headingCars

Passive Keyless Entry and Start in Modern Supercars
Car Hacking Tools - Need to update

Link to this headingIoT

Smart Meter Security Testing Framework of the C1218 and C1219 protocols for communication over an ANSI type-2 optical probe with a serial interface

Link to this headingGarage Door Openers

https://maxwelldulin.com/BlogPost?post=5370931200

Link to this headingFrequencies

Satellite Bands
Source

Frequencies: 26.965 - 27.115 MHz

130MHz - 180MHz (VHF)
240MHz - 1000MHz (UHF)
1520MHz - 1580MHz (L-Band)
2200 - 2450 MHz (S-Band)
3400 - 4200 MHz (C-Band)
7250 - 8400 MHz (X-Band)
10700 - 12800 MHz (Ku-Band)
17300 - 40000 MHz (Ka-Band)

Frequency Allocation:

Start FrequencyEnd FrequencyInfo
9 kHz14 kHzRadio Navigation
19.95 kHz20.05 kHzStandard Frequency Time Signal
90 kHz110 kHzRadio Navigation
190 kHz535 kHzAeronautical RadioNavigations
1800 kHz1900 kHzAmateur Radio
2495 kHz2505 kHzStandard Frequency time and signal
3500 kHz4000 kHzAmateur Radio
7000 kHz7100 kHzAmateur Satellite
7100 kHz7300 kHzAmateur Radio
10.1 MHz10.15 MHzAmateur Radio
13.36 MHz13.41 MHzRadio Astronomy
14.0 MHz14.25 MHzAmateur Satellite
14.25 MHz14.35 MHzAmateur Radio
18.068 MHz18.168 MHzAmateur Satellite
21.0 MHz21.45 MHzAmateur Satellite
24.89 MHz24.99 MHzAmateur Satellite
25.55 MHz25.67 MHzRadio Astronomy
28.0 MHz29.7 MHzAmateur Satellite
50.0 MHz54.0 MHzAmateur Radio
54.0 MHz72.0 MHzBroadcasting TV
76.0 MHz88.0 MHzBroadcasting TV
88.0 MHz108.0 MHzFM Radio
137.0 MHz138.0 MHzSpace Operation (Space to Earth)
144.0 MHz148.0 MHzAmateur Radio
148.0 MHz150.08 MHzSpace Operation (Earth to Space)
174.0 MHz216.0 MHzBroadcasting TV
219.0 MHz225.0 MHzAmateur Radio
399.9 MHz400.05 MHzMobile Satellite (Earth to Space)
400.15 MHz403.0 MHzMobile Satellite (Earth to Space)
406.0 MHz406.1 MHzMobile Satellite (Earth to Space)
410.0 MHz420.0 MHzSpace Research (Space to Space)
420.0 MHz450.0 MHzAmateur Radio
420.0 MHz450.0 MHzMeteorological Satellite (Space to Earth)
470.0 MHz608.0 MHzBroadcasting TV
614.0 MHz763.0 MHzBroadcasting TV
1164.0 MHz1215.0 MHzAeronautical Nav (Space to Earth and Space)
1215.0 MHz1300.0 MHzSpace Research
1390.0 MHz1392.0 MHzXXXXX (Earth to Space)
1400.0 MHz1427.0 MHzSpace Research
1430.0 MHz1432.0 MHzXXXXX (Space to Earth)
1525.0 MHz1559.0 MHzMobile Satellite (Space to Earth)
1559.0 MHz1610.0 MHzAeronautical Nav (Space to Earth and Space)
1660.0 MHz1668.4 MHzSpaceResearch Passive
2300.0 MHz2310.0 MHzAmateur Radio
2310.0 MHz2360.0 MHzAmateur Radio
3300.0 MHz3500.0 MHzAmateur Radio
3600.0 MHz4200.0 MHzAmateur Radio

Useful/Common Frequencies:

40.5000 MHzMilitary Search and Rescue
126.2000 MHzMilitary Tower
138.4500 MHzAir Force Search and Rescue
138.7500 MHzAir Force Search and Rescue
154.2650 MHzCommon Shared Fire/EMS/Law Enforcement Start
155.3700 MHzLaw Enforcement Intersystem in some areas
155.4825 MHzCommon Shared Fire/EMS/Law Enforcement End
156.0000 MHzMarine VHF Start
162.0000 MHzMarine VHF End
162.4000 MHzWeather Radio 162.400
162.4250 MHzWeather Radio 162.425
162.4500 MHzWeather Radio 162.450
162.4750 MHzWeather Radio 162.475
162.5000 MHzWeather Radio 162.500
162.5250 MHzWeather Radio 162.525
162.5500 MHzWeather Radio 162.550
165.8375 MHzICE Department of Homeland Security Common (Analog)
165.8375 MHzICE Department of Homeland Security Common (Digital)
163.7250 MHzICE National Direct
163.7000 MHzICE National Tactical 1
168.5875 MHzICE National Tactical 2
163.1125 MHzICE National Tactical 3
164.7875 MHzICE National Tactical 4
166.4625 MHzFederal Law Enforcement Common
173.0750 MHzLoJack Stolen Vehicle Recovery System (US)
242.4000 MHzArmy Helo Common (Two Four-Two Four)
242.5000 MHzArmy Helo Common
243.0000 MHzEmergency/Guard UHF
252.1000 MHzAir Force Reserves (AFRS) Command Post Common
252.5250 MHzUSAF Common [Triple 25]
282.8000 MHzMilitary Search and Rescue
299.5000 MHzUSAF Common [Cheap Suit]
300.6000 MHzUSAF Common [Thirty O Six]
300.6500 MHzUSAF Common Air to Air
303.0000 MHzUSAF Common (Thirty-Thirty) [Winchester]
303.0500 MHzUSAF Common Air to Air
310.0000 MHzGarage Electronic Unlock
311.0000 MHzAir Combat Command (ACC) Command Post Primary
315.0000 MHzAmerican Cars and Garage Electronic Unlock
319.4000 MHzMobility Command (AMC) Command Post
321.0000 MHzAir Combat Command (ACC) Command Post Secondary
323.8000 MHzAirborne Command Post
333.0000 MHzUSAF Common [Triple Three]
333.3000 MHzUSAF Common [Quad Three}
333.5500 MHzUSAF Common [Full House]
335.5500 MHzUSAF Common {Full House II]
341.7500 MHzUSAF Air to Air
345.6000 MHzUSAF Common [Straight]
349.4000 MHzMobility Command CP Common
351.0000 MHzUSAF Common [Haircut]
357.0000 MHzUSAF Common [Magnum]
364.2000 MHzNORAD Air Intercept Control Common
383.5500 MHzTake Charge and Move Out (TACAMO) Data
384.5000 MHzUSAF Common [Pistol]
380.2000 MHzGSM Trunking Mobile to Base (T-GSM-380) Start
384.5500 MHzUSAF Common [Pistol 5]
389.8000 MHzGSM Trunking Mobile to Base (T-GSM-380) End
390.0000 MHzGarage Electronic Unlock
390.2000 MHzGSM Trunking Base to Mobile (T-GSM-380) Start
396.8750 MHzIntra-Squad Radio Channel 1
399.8000 MHzGSM Trunking Base to Mobile (T-GSM-380) End
399.9750 MHzIntra-Squad Radio Channel 14
399.9750 MHzStart of EMS Frequency
406.0000 MHzNOAA - Search and Rescue Start
406.1000 MHzNOAA - Search and Rescue End
410.2000 MHzGSM Trunking Mobile to Base (T-GSM-410) Start
419.8000 MHzGSM Trunking Mobile to Base (T-GSM-410) End
420.2000 MHzGSM Trunking Base to Mobile (T-GSM-410) Start
429.8000 MHzGSM Trunking Base to Mobile (T-GSM-410) End
433.9200 MHzEuropean, Japanese and Asian cars Electric Unlock
450.6000 MHzGSM Mobile to Base (GSM-450) Start
457.6000 MHzGSM Mobile to Base (GSM-450) End
460.6000 MHzGSM Base to Mobile (GSM-450) Start
462.5500 MHzGeneral Mobile Radio Service Start
462.7250 MHzGeneral Mobile Radio Service End
463.2000 MHzEnd of EMS Frequency
467.6000 MHzGSM Base to Mobile (GSM-450) End
469.5000 MHzControlled Demolition, Inc. Ch 1 - Primary
469.5500 MHzControlled Demolition, Inc. Ch 2 - Alternate
479.0000 MHzGSM Mobile to Base (GSM-480) Start
486.0000 MHzGSM Mobile to Base (GSM-480) End
489.0000 MHzGSM Base to Mobile (GSM-480) Start
496.0000 MHzGSM Base to Mobile (GSM-480) End
617.0000 MHz5G Channel n71 Base to Mobile Start (T-Mobile)
652.0000 MHz5G Channel n71 Base to Mobile End (T-Mobile)
663.0000 MHz5G Channel n71 Mobile to Base Start (T-Mobile)
698.0000 MHz5G Channel n71 Mobile to Base End (T-Mobile)
698.2000 MHzGSM Mobile to Base (GSM-710) Start
716.2000 MHzGSM Mobile to Base (GSM-710) End
728.2000 MHzGSM Base to Mobile (GSM-710) Start
746.2000 MHzGSM Base to Mobile (GSM-710) End
747.2000 MHzGSM Base to Mobile (GSM-750) Start
762.2000 MHzGSM Base to Mobile (GSM-750) End
777.2000 MHzGSM Mobile to Base (GSM-750) Start
792.2000 MHzGSM Mobile to Base (GSM-750) End
806.2000 MHzGSM Trunking Mobile to Base (T-GSM-810) Start
821.2000 MHzGSM Trunking Mobile to Base (T-GSM-810) End
824.0000 MHz5G Channel n5 Mobile to Base Start (AT&T)
824.2000 MHzGSM Mobile to Base (GSM-850) Start
848.8000 MHzGSM Mobile to Base (GSM-850) End
849.0000 MHz5G Channel n5 Mobile to Base End (AT&T)
851.2000 MHzGSM Trunking Base to Mobile (T-GSM-810) Start
866.2000 MHzGSM Trunking Base to Mobile (T-GSM-810) End
869.0000 MHz5G Channel n5 Base to Mobile Start (AT&T)
894.0000 MHz5G Channel n5 Base to Mobile End (AT&T)
869.2000 MHzGSM Base to Mobile (GSM-850) Start
893.8000 MHzGSM Base to Mobile (GSM-850) End
870.0000 MHzGSM Trunking Mobile to Base (T-GSM-900) Start
876.0000 MHzGSM Trunking Mobile to Base (T-GSM-900) End
876.0000 MHzGSM Railway Mobile to Base (R-GSM-900) Start
880.0000 MHzGSM Extended Mobile to Base (E-GSM-900) Start
890.0000 MHzGSM Primary Mobile to Base (P-GSM-900) Start
915.0000 MHzGSM Extended Mobile to Base (E-GSM-900) End
915.0000 MHzGSM Primary Mobile to Base (P-GSM-900) End
915.0000 MHzGSM Railway Mobile to Base (R-GSM-900) End
915.4000 MHzGSM Trunking Base to Mobile (T-GSM-900) Start
921.0000 MHzGSM Trunking Base to Mobile (T-GSM-900) End
921.0000 MHzGSM Railway Base to Mobile (R-GSM-900) Start
925.0000 MHzGSM Extended Base to Mobile (E-GSM-900) Start
935.0000 MHzGSM Primary Base to Mobile (P-GSM-900) Start
960.0000 MHzGSM Primary Base to Mobile (P-GSM-900) End
960.0000 MHzGSM Extended Base to Mobile (E-GSM-900) End
960.0000 MHzGSM Railway Base to Mobile (R-GSM-900) End
1030.000 MHzAircraft position, velocity, and ID Request (ADS-B)
1090.000 MHzAircraft position, velocity, and ID Reply (ADS-B)
1176.450 MHzGPS L5 Band (Used in Civilian Aviation)
1176.450 MHzGlonass L5 Band (Used in Civilian Aviation)
1202.025 MHzGLONASS L3 Band Start
1207.140 MHzGLONASS L3 Band End
1246.000 MHzGLONASS L2 Band Start
1252.5625 MHzGLONASS L2 Band End
1598.000 MHzGLONASS L1 GPS Channel 1
1605.000 MHzGLONASS L1 GPS Channel 14
1710.200 MHzGSM Digital Cellular System Mobile to Base (DCS-1800) Start
1784.800 MHzGSM Digital Cellular System Mobile to Base (DCS-1800) End
1805.200 MHzGSM Digital Cellular System Base to Mobile (DCS-1800) Start
1850.200 MHzGSM Personal Communication Service Mobile to Base (PCS-1900) Start
1879.800 MHzGSM Digital Cellular System Base to Mobile (DCS-1800) End
1909.800 MHzGSM Personal Communication Service Mobile to Base (PCS-1900) End
1930.200 MHzGSM Personal Communication Service Base to Mobile (PCS-1900) Start
1989.800 MHzGSM Personal Communication Service Base to Mobile (PCS-1900) End
2401.000 MHzWifi 2.4G Channel 1
2402.000 MHzBluetooth Channel 1
2483.500 MHzBluetooth Channel 79
2495.000 MHzWifi 2.4G Channel 14
2495.000 MHzWifi 2.4G Channel 14
4910.000 MHzWifi 5G Start
2496.000 MHz5G Channel n41 Start (T-Mobile/Sprint)
2690.000 MHz5G Channel n41 End (T-Mobile/Sprint)
26500.00 MHz5G Channel n257 Start
29500.00 MHz5G Channel n257 End
24250.00 MHz5G Channel n258 Start
27500.00 MHz5G Channel n258 End
37000.00 MHz5G Channel n260 Start (VerizonAT&TT-Mobile)
40000.00 MHz5G Channel n260 End (VerizonAT&TT-Mobile)
27500.00 MHz5G Channel n261 Start (VerizonAT&TT-Mobile)
28350.00 MHz5G Channel n261 End (VerizonAT&TT-Mobile)

Asia Personal Handy-phone System (PHS) 1880–1930

4G Band 71: Uplink (663 - 698) Downlink (617 - 652)
4G Band 66: Uplink (1710 - 1780) Downlink (2110 - 2200)
4G Band 25: Uplink (1850 - 1915) Downlink (1930 - 1995)
4G Band 30: Uplink (2305 - 2315) Downlink (2350 - 2360)

LTE (3GPP) Band 1: Uplink (1920-1980) Downlink (2110-2170)
LTE (3GPP) Band 2: Uplink (1850-1910) Downlink (1930-1990)
LTE (3GPP) Band 3: Uplink (1710-1785) Downlink (1805-1880)
LTE (3GPP) Band 4: Uplink (1710-1755) Downlink (2110-2155)
LTE (3GPP) Band 5: Uplink (824-849) Downlink (869-894)
LTE (3GPP) Band 6: Uplink (830-840) Downlink (875-885)
LTE (3GPP) Band 7: Uplink (2500-2570) Downlink (2620-2690)
LTE (3GPP) Band 8: Uplink (880-915) Downlink (925-960)
LTE (3GPP) Band 9: Uplink (1750-1785) Downlink (1845-1880)
LTE (3GPP) Band 10: Uplink (1710-1770) Downlink (2110-2170)
LTE (3GPP) Band 11: Uplink (1427.9-1452.9) Downlink (1475.9-1500.9)
LTE (3GPP) Band 12: Uplink (698-716) Downlink (728-746)
LTE (3GPP) Band 13: Uplink (777-787) Downlink (746-756)
LTE (3GPP) Band 14: Uplink (788-798) Downlink (758-768)
LTE (3GPP) Band 17: Uplink (704-716) Downlink (734-746)
LTE (3GPP) Band 18: Uplink (815-830) Downlink (860-875)
LTE (3GPP) Band 19: Uplink (830-845) Downlink (875-890)

LTE (3GPP) Band 33: Uplink and Downlink (1900-1920)
LTE (3GPP) Band 34: Uplink and Downlink (2010-2025)
LTE (3GPP) Band 35: Uplink and Downlink (1850-1910)
LTE (3GPP) Band 36: Uplink and Downlink (1930-1990)
LTE (3GPP) Band 37: Uplink and Downlink (1910-1930)
LTE (3GPP) Band 38: Uplink and Downlink (2570-2620)
LTE (3GPP) Band 39: Uplink and Downlink (1880-1920)
LTE (3GPP) Band 40: Uplink and Downlink (2300-2400)