Skip to content

SDR

SDR

Ham Radio All-in-one-Cable

Introduction:
Intro to SDR and RF Signal Analysis

Blogs:
SDR Blog

Tools:
A Software Defined Radio Attack Tool
SDRtrunk - A cross-platform java application for decoding, monitoring, recording and streaming trunked mobile and related radio protocols using Software Defined Radios (SDR)
Qt-based digital signal analyzer, using Suscan core and Sigutils DSP library
GNURadio
GNU Radio like GUI for taking SDR and reading binary data

Protocol:
An AX.25 packet radio chat protocol with support for digital signatures and binary compression. Like IRC over radio waves.
Introduction to Packet Radio

Links
- Inside_Radio_An_Attack_and_Defense_Guide Book
Wiki for SDR info

Hardware

https://redpitaya.com/
LimeSDR

Protocol/Signal Analysis

Investigate wireless protocols and convert to Binary
View Wireless Protocols with automatic decoding tools

Wiki of Digital Signals including a waterfall picture

WWV (Atomic Clock Radio Transmission)

  • 2.5/5/10/15 MHz
    More information can be found at WWV.

Aircraft Tracking

  • 1090 MHz

Links:
SDR for flight tracking
Tracking ships using software-defined radio

https://www.icao.int/MID/Documents/2019/MICA/MICA-MID%20-%20WP%2013%20-%20RF%20Transmissions%20on%201030%20and%201090MHz.pdf

Boat Tracking (AIS)

  • 161.975MHz and 162.025MHz
    https://github.com/jvde-github/AIS-catcher
    https://github.com/f4exb/sdrangel/blob/master/plugins/feature/ais/readme.md

Cellular Radio

Nmap for internal cellular networks

CDMA:

GSM:
GSM SDR articles
Sniffing GSM traffic with HackRF
Cracking GSM with RTL-SDR for Thirty Dollars

LTE:
LTE Base Station Software

Pagers

  • 137 - 160 MHz, around \~450 MHz, or around 900 MHz

https://github.com/EliasOenal/multimon-ng
https://github.com/pagermon/pagermon

Satellite

Upsat: The first open source satellite
SatNOGS: Open Source global network of satellite ground-stations.
Reading data from Geo Satellites

Location of Satellites

Use gpredict to find what satellites are close to the station.

More satellites can be obtained from Norad tracking

Satellite Frequencies

Satellite Name Downlink Frequency Type Orbit
NOAA 10 Automatic Picture Transmission Polar orbiting
NOAA 10 High-resolution picture transmission Polar orbiting
NOAA 11 Automatic Picture Transmission Polar orbiting
NOAA 11 High-resolution picture transmission Polar orbiting
NOAA 12 137.5000 MHz Automatic Picture Transmission Polar orbiting
NOAA 12 1698.000 MHz High-resolution picture transmission Polar orbiting
NOAA 13 Automatic Picture Transmission Polar orbiting
NOAA 13 High-resolution picture transmission Polar orbiting
NOAA 14 1707.000 MHz High-resolution picture transmission Polar orbiting
NOAA 15 137.6200 MHz Automatic Picture Transmission Polar orbiting
NOAA 15 1707.000 MHz High-resolution picture transmission Polar orbiting
NOAA 16 1698.000 MHz High-resolution picture transmission Polar orbiting
NOAA 17 137.5000 MHz Automatic Picture Transmission Polar orbiting
NOAA 17 1707.000 MHz High-resolution picture transmission Polar orbiting
NOAA 18 137.9125 MHz Automatic Picture Transmission Polar orbiting
NOAA 18 High-resolution picture transmission Polar orbiting
NOAA 19 137.1000 MHz Automatic Picture Transmission Polar orbiting
NOAA 19 High-resolution picture transmission Polar orbiting
Meteor M2 137.1000 MHz Low-rate picture transmission Polar orbiting
GOES-10 1691.000 MHz Weatherfax Geostationary
GOES-10 1685.700 MHz GOES VARiable Protocol Data Units Geostationary
GOES-12 1691.000 MHz Weatherfax Geostationary
GOES-12 1685.700 MHz GOES VARiable Protocol Data Units Geostationary
FengYun-2 1687.500 MHz GOES VARiable Protocol Data Units Geostationary
Meteosat 1691.000 MHz Weatherfax Geostationary
GMS 1691.000 MHz Weatherfax Geostationary

NFC

NFC Relay attacks

Cars

Passive Keyless Entry and Start in Modern Supercars
https://github.com/ParrotSec/car-hacking-tools

IoT

Smart Meter Security Testing Framework of the C1218 and C1219 protocols for communication over an ANSI type-2 optical probe with a serial interface

Garage Door Openers

https://maxwelldulin.com/BlogPost?post=5370931200

Frequencies

Satellite Bands
Source

CB radio exists on frequencies between 26.965 MHz to 27.115 MHz

130MHz - 180MHz (VHF)
240MHz - 1000MHz (UHF)
1520MHz - 1580MHz (L-Band)
2200 - 2450 MHz (S-Band)
3400 - 4200 MHz (C-Band)
7250 - 8400 MHz (X-Band)
10700 - 12800 MHz (Ku-Band)
17300 - 40000 MHz (Ka-Band)

Frequency Allocation:

Start Frequency End Frequency Info
9 kHz 14 kHz Radio Navigation
19.95 kHz 20.05 kHz Standard Frequency Time Signal
90 kHz 110 kHz Radio Navigation
190 kHz 535 kHz Aeronautical RadioNavigations
535 kHz 1605 kHz AM Radio
1800 kHz 1900 kHz Amateur Radio
2495 kHz 2505 kHz Standard Frequency time and signal
3500 kHz 4000 kHz Amateur Radio
7000 kHz 7100 kHz Amateur Satellite
7100 kHz 7300 kHz Amateur Radio
10.1 MHz 10.15 MHz Amateur Radio
13.36 MHz 13.41 MHz Radio Astronomy
14.0 MHz 14.25 MHz Amateur Satellite
14.25 MHz 14.35 MHz Amateur Radio
18.068 MHz 18.168 MHz Amateur Satellite
21.0 MHz 21.45 MHz Amateur Satellite
24.89 MHz 24.99 MHz Amateur Satellite
25.55 MHz 25.67 MHz Radio Astronomy
28.0 MHz 29.7 MHz Amateur Satellite
50.0 MHz 54.0 MHz Amateur Radio
54.0 MHz 72.0 MHz Broadcasting TV
76.0 MHz 88.0 MHz Broadcasting TV
88.0 MHz 108.0 MHz FM Radio
130.0 MHz 180.0 MHz VHF
137.0 MHz 138.0 MHz Space Operation (Space to Earth)
144.0 MHz 148.0 MHz Amateur Radio
148.0 MHz 150.08 MHz Space Operation (Earth to Space)
174.0 MHz 216.0 MHz Broadcasting TV
219.0 MHz 225.0 MHz Amateur Radio
399.9 MHz 400.05 MHz Mobile Satellite (Earth to Space)
400.0 MHz 480.0 MHz UHF
400.15 MHz 403.0 MHz Mobile Satellite (Earth to Space)
406.0 MHz 406.1 MHz Mobile Satellite (Earth to Space)
410.0 MHz 420.0 MHz Space Research (Space to Space)
420.0 MHz 450.0 MHz Amateur Radio
420.0 MHz 450.0 MHz Meteorological Satellite (Space to Earth)
470.0 MHz 608.0 MHz Broadcasting TV
614.0 MHz 763.0 MHz Broadcasting TV
1164.0 MHz 1215.0 MHz Aeronautical Nav (Space to Earth and Space)
1215.0 MHz 1300.0 MHz Space Research
1390.0 MHz 1392.0 MHz XXXXX (Earth to Space)
1400.0 MHz 1427.0 MHz Space Research
1430.0 MHz 1432.0 MHz XXXXX (Space to Earth)
1525.0 MHz 1559.0 MHz Mobile Satellite (Space to Earth)
1559.0 MHz 1610.0 MHz Aeronautical Nav (Space to Earth and Space)
1660.0 MHz 1668.4 MHz SpaceResearch Passive
2300.0 MHz 2310.0 MHz Amateur Radio
2310.0 MHz 2360.0 MHz Amateur Radio
3300.0 MHz 3500.0 MHz Amateur Radio
3600.0 MHz 4200.0 MHz Amateur Radio

Useful/Common Frequencies:

Frequency Purpose
40.5000 MHz Military Search and Rescue
126.2000 MHz Military Tower
138.4500 MHz Air Force Search and Rescue
138.7500 MHz Air Force Search and Rescue
154.2650 MHz Common Shared Fire/EMS/Law Enforcement Start
155.3700 MHz Law Enforcement Intersystem in some areas
155.4825 MHz Common Shared Fire/EMS/Law Enforcement End
156.0000 MHz Marine VHF Start
162.0000 MHz Marine VHF End
162.4000 MHz Weather Radio 162.400
162.4250 MHz Weather Radio 162.425
162.4500 MHz Weather Radio 162.450
162.4750 MHz Weather Radio 162.475
162.5000 MHz Weather Radio 162.500
162.5250 MHz Weather Radio 162.525
162.5500 MHz Weather Radio 162.550
165.8375 MHz ICE Department of Homeland Security Common (Analog)
165.8375 MHz ICE Department of Homeland Security Common (Digital)
163.7250 MHz ICE National Direct
163.7000 MHz ICE National Tactical 1
168.5875 MHz ICE National Tactical 2
163.1125 MHz ICE National Tactical 3
164.7875 MHz ICE National Tactical 4
166.4625 MHz Federal Law Enforcement Common
173.0750 MHz LoJack Stolen Vehicle Recovery System (US)
242.4000 MHz Army Helo Common (Two Four-Two Four)
242.5000 MHz Army Helo Common
243.0000 MHz Emergency/Guard UHF
252.1000 MHz Air Force Reserves (AFRS) Command Post Common
252.5250 MHz USAF Common [Triple 25]
282.8000 MHz Military Search and Rescue
299.5000 MHz USAF Common [Cheap Suit]
300.6000 MHz USAF Common [Thirty O Six]
300.6500 MHz USAF Common Air to Air
303.0000 MHz USAF Common (Thirty-Thirty) [Winchester]
303.0500 MHz USAF Common Air to Air
310.0000 MHz Garage Electronic Unlock
311.0000 MHz Air Combat Command (ACC) Command Post Primary
315.0000 MHz American Cars and Garage Electronic Unlock
319.4000 MHz Mobility Command (AMC) Command Post
321.0000 MHz Air Combat Command (ACC) Command Post Secondary
323.8000 MHz Airborne Command Post
333.0000 MHz USAF Common [Triple Three]
333.3000 MHz USAF Common [Quad Three}
333.5500 MHz USAF Common [Full House]
335.5500 MHz USAF Common {Full House II]
341.7500 MHz USAF Air to Air
345.6000 MHz USAF Common [Straight]
349.4000 MHz Mobility Command CP Common
351.0000 MHz USAF Common [Haircut]
357.0000 MHz USAF Common [Magnum]
364.2000 MHz NORAD Air Intercept Control Common
383.5500 MHz Take Charge and Move Out (TACAMO) Data
384.5000 MHz USAF Common [Pistol]
380.2000 MHz GSM Trunking Mobile to Base (T-GSM-380) Start
384.5500 MHz USAF Common [Pistol 5]
389.8000 MHz GSM Trunking Mobile to Base (T-GSM-380) End
390.0000 MHz Garage Electronic Unlock
390.2000 MHz GSM Trunking Base to Mobile (T-GSM-380) Start
396.8750 MHz Intra-Squad Radio Channel 1
399.8000 MHz GSM Trunking Base to Mobile (T-GSM-380) End
399.9750 MHz Intra-Squad Radio Channel 14
399.9750 MHz Start of EMS Frequency
406.0000 MHz NOAA - Search and Rescue Start
406.1000 MHz NOAA - Search and Rescue End
410.2000 MHz GSM Trunking Mobile to Base (T-GSM-410) Start
419.8000 MHz GSM Trunking Mobile to Base (T-GSM-410) End
420.2000 MHz GSM Trunking Base to Mobile (T-GSM-410) Start
429.8000 MHz GSM Trunking Base to Mobile (T-GSM-410) End
433.9200 MHz European, Japanese and Asian cars Electric Unlock
450.6000 MHz GSM Mobile to Base (GSM-450) Start
457.6000 MHz GSM Mobile to Base (GSM-450) End
460.6000 MHz GSM Base to Mobile (GSM-450) Start
462.5500 MHz General Mobile Radio Service Start
462.7250 MHz General Mobile Radio Service End
463.2000 MHz End of EMS Frequency
467.6000 MHz GSM Base to Mobile (GSM-450) End
469.5000 MHz Controlled Demolition, Inc. Ch 1 - Primary
469.5500 MHz Controlled Demolition, Inc. Ch 2 - Alternate
479.0000 MHz GSM Mobile to Base (GSM-480) Start
486.0000 MHz GSM Mobile to Base (GSM-480) End
489.0000 MHz GSM Base to Mobile (GSM-480) Start
496.0000 MHz GSM Base to Mobile (GSM-480) End
617.0000 MHz 5G Channel n71 Base to Mobile Start (T-Mobile)
652.0000 MHz 5G Channel n71 Base to Mobile End (T-Mobile)
663.0000 MHz 5G Channel n71 Mobile to Base Start (T-Mobile)
698.0000 MHz 5G Channel n71 Mobile to Base End (T-Mobile)
698.2000 MHz GSM Mobile to Base (GSM-710) Start
716.2000 MHz GSM Mobile to Base (GSM-710) End
728.2000 MHz GSM Base to Mobile (GSM-710) Start
746.2000 MHz GSM Base to Mobile (GSM-710) End
747.2000 MHz GSM Base to Mobile (GSM-750) Start
762.2000 MHz GSM Base to Mobile (GSM-750) End
777.2000 MHz GSM Mobile to Base (GSM-750) Start
792.2000 MHz GSM Mobile to Base (GSM-750) End
806.2000 MHz GSM Trunking Mobile to Base (T-GSM-810) Start
821.2000 MHz GSM Trunking Mobile to Base (T-GSM-810) End
824.0000 MHz 5G Channel n5 Mobile to Base Start (AT&T)
824.2000 MHz GSM Mobile to Base (GSM-850) Start
848.8000 MHz GSM Mobile to Base (GSM-850) End
849.0000 MHz 5G Channel n5 Mobile to Base End (AT&T)
851.2000 MHz GSM Trunking Base to Mobile (T-GSM-810) Start
866.2000 MHz GSM Trunking Base to Mobile (T-GSM-810) End
869.0000 MHz 5G Channel n5 Base to Mobile Start (AT&T)
894.0000 MHz 5G Channel n5 Base to Mobile End (AT&T)
869.2000 MHz GSM Base to Mobile (GSM-850) Start
893.8000 MHz GSM Base to Mobile (GSM-850) End
870.0000 MHz GSM Trunking Mobile to Base (T-GSM-900) Start
876.0000 MHz GSM Trunking Mobile to Base (T-GSM-900) End
876.0000 MHz GSM Railway Mobile to Base (R-GSM-900) Start
880.0000 MHz GSM Extended Mobile to Base (E-GSM-900) Start
890.0000 MHz GSM Primary Mobile to Base (P-GSM-900) Start
915.0000 MHz GSM Extended Mobile to Base (E-GSM-900) End
915.0000 MHz GSM Primary Mobile to Base (P-GSM-900) End
915.0000 MHz GSM Railway Mobile to Base (R-GSM-900) End
915.4000 MHz GSM Trunking Base to Mobile (T-GSM-900) Start
921.0000 MHz GSM Trunking Base to Mobile (T-GSM-900) End
921.0000 MHz GSM Railway Base to Mobile (R-GSM-900) Start
925.0000 MHz GSM Extended Base to Mobile (E-GSM-900) Start
935.0000 MHz GSM Primary Base to Mobile (P-GSM-900) Start
960.0000 MHz GSM Primary Base to Mobile (P-GSM-900) End
960.0000 MHz GSM Extended Base to Mobile (E-GSM-900) End
960.0000 MHz GSM Railway Base to Mobile (R-GSM-900) End
1030.000 MHz Aircraft position, velocity, and ID Request (ADS-B)
1090.000 MHz Aircraft position, velocity, and ID Reply (ADS-B)
1176.450 MHz GPS L5 Band (Used in Civilian Aviation)
1176.450 MHz Glonass L5 Band (Used in Civilian Aviation)
1202.025 MHz GLONASS L3 Band Start
1207.140 MHz GLONASS L3 Band End
1227.600 MHz GPS L2 Band
1246.000 MHz GLONASS L2 Band Start
1252.5625 MHz GLONASS L2 Band End
1379.913 MHz GPS L4 Band
1381.050 MHz GPS L3 Band
1575.420 MHz GPS L1 Band
1598.000 MHz GLONASS L1 GPS Channel 1
1605.000 MHz GLONASS L1 GPS Channel 14
1710.200 MHz GSM Digital Cellular System Mobile to Base (DCS-1800) Start
1784.800 MHz GSM Digital Cellular System Mobile to Base (DCS-1800) End
1805.200 MHz GSM Digital Cellular System Base to Mobile (DCS-1800) Start
1850.200 MHz GSM Personal Communication Service Mobile to Base (PCS-1900) Start
1879.800 MHz GSM Digital Cellular System Base to Mobile (DCS-1800) End
1909.800 MHz GSM Personal Communication Service Mobile to Base (PCS-1900) End
1930.200 MHz GSM Personal Communication Service Base to Mobile (PCS-1900) Start
1989.800 MHz GSM Personal Communication Service Base to Mobile (PCS-1900) End
2401.000 MHz Wifi 2.4G Channel 1
2402.000 MHz Bluetooth Channel 1
2483.500 MHz Bluetooth Channel 79
2495.000 MHz Wifi 2.4G Channel 14
2495.000 MHz Wifi 2.4G Channel 14
4910.000 MHz Wifi 5G Start
5875.000 MHz Wifi 5G End
2496.000 MHz 5G Channel n41 Start (T-Mobile/Sprint)
2690.000 MHz 5G Channel n41 End (T-Mobile/Sprint)
26500.00 MHz 5G Channel n257 Start
29500.00 MHz 5G Channel n257 End
24250.00 MHz 5G Channel n258 Start
27500.00 MHz 5G Channel n258 End
37000.00 MHz 5G Channel n260 Start (Verizon\AT&T\T-Mobile)
40000.00 MHz 5G Channel n260 End (Verizon\AT&T\T-Mobile)
27500.00 MHz 5G Channel n261 Start (Verizon\AT&T\T-Mobile)
28350.00 MHz 5G Channel n261 End (Verizon\AT&T\T-Mobile)

Asia Personal Handy-phone System (PHS) 1880–1930

4G Band 71: Uplink (663 - 698) Downlink (617 - 652)
4G Band 66: Uplink (1710 - 1780) Downlink (2110 - 2200)
4G Band 25: Uplink (1850 - 1915) Downlink (1930 - 1995)
4G Band 30: Uplink (2305 - 2315) Downlink (2350 - 2360)

LTE (3GPP) Band 1: Uplink (1920-1980) Downlink (2110-2170)
LTE (3GPP) Band 2: Uplink (1850-1910) Downlink (1930-1990)
LTE (3GPP) Band 3: Uplink (1710-1785) Downlink (1805-1880)
LTE (3GPP) Band 4: Uplink (1710-1755) Downlink (2110-2155)
LTE (3GPP) Band 5: Uplink (824-849) Downlink (869-894)
LTE (3GPP) Band 6: Uplink (830-840) Downlink (875-885)
LTE (3GPP) Band 7: Uplink (2500-2570) Downlink (2620-2690)
LTE (3GPP) Band 8: Uplink (880-915) Downlink (925-960)
LTE (3GPP) Band 9: Uplink (1750-1785) Downlink (1845-1880)
LTE (3GPP) Band 10: Uplink (1710-1770) Downlink (2110-2170)
LTE (3GPP) Band 11: Uplink (1427.9-1452.9) Downlink (1475.9-1500.9)
LTE (3GPP) Band 12: Uplink (698-716) Downlink (728-746)
LTE (3GPP) Band 13: Uplink (777-787) Downlink (746-756)
LTE (3GPP) Band 14: Uplink (788-798) Downlink (758-768)
LTE (3GPP) Band 17: Uplink (704-716) Downlink (734-746)
LTE (3GPP) Band 18: Uplink (815-830) Downlink (860-875)
LTE (3GPP) Band 19: Uplink (830-845) Downlink (875-890)

LTE (3GPP) Band 33: Uplink and Downlink (1900-1920)
LTE (3GPP) Band 34: Uplink and Downlink (2010-2025)
LTE (3GPP) Band 35: Uplink and Downlink (1850-1910)
LTE (3GPP) Band 36: Uplink and Downlink (1930-1990)
LTE (3GPP) Band 37: Uplink and Downlink (1910-1930)
LTE (3GPP) Band 38: Uplink and Downlink (2570-2620)
LTE (3GPP) Band 39: Uplink and Downlink (1880-1920)
LTE (3GPP) Band 40: Uplink and Downlink (2300-2400)