Rose Blair (XORcat)

Rose Blair (XORcat)

ASCII cat

Understanding SDR - Part 1 - Installing and Testing Gqrx

3 minute read

Hey there!

I’ve recently been trying to learn some RF hacking using software defined radio (SDR) tools like the RTL-SDR TV tuner, and the Yard Stick One.

I’ve made some progress understanding how my fixed-code garage door opener works recently, and so I thought I’d try and share what I’ve learned.

In this post we’ll be installing and testing our receiver software (Gqrx), which is the first step you need to take to get started.

What you need

Firstly, to get started understanding a garage door opener, you’re going to need a few things:

  • An RTL-SDR TV tuner for listening/receiving.
    • In its intended form, this is simply a digital TV tuner dongle for your computer, but somebody discovered that they’re useful for analyzing RF signals between ~500kHz and ~1.75GHz.
    • These are super cheap, and you can always get one.
  • A Yard Stick One for transmitting.
    • While I won’t go into transmitting or using the Yard Stick in this post, it will come in handy later when we try and control the door opener from the computer.
    • A HackRF, BladeRF, USRP, or something else will do equally well here, but I have a Yard Stick, it’s cheap, and it works, so I’ll be explaining things using it!
  • An antenna.
    • This should normally come with the RTL-SDR, but I thought I’d mention it just in case!
  • A computer or virtual machine running Linux.
    • While this isn’t strictly required, it is what I use to play with this stuff, and so I’ll be explaining things from a Linux point of view.
    • If you don’t have a Linux system, you can easily install Ubuntu Linux in a virtual machine using VirtualBox for free.
  • A garage door opener, or some other RF thingy to investigate.

Gqrx

Gqrx is the software which we’ll be using to receive and visualise the radio signals being transmitted by the garage door remote.

It is free and open source, but currently is only supported on Linux and macOS.

Before we can do anything with our SDR, we need to ensure Gqrx is installed and ensure that the SDR’s drivers are working.

On Ubuntu/Debian, we can install Gqrx by first adding the appropriate repositories to the package manager (APT in our case), and then installing Gqrx:

1
2
3
4
5
6

sudo add-apt-repository -y ppa:bladerf/bladerf
sudo add-apt-repository -y ppa:myriadrf/drivers
sudo add-apt-repository -y ppa:myriadrf/gnuradio
sudo add-apt-repository -y ppa:gqrx/gqrx-sdr
sudo apt update -y
sudo apt install gqrx-sdr -y

After pasting this in your terminal, you’ll likely have 10 minutes or so to make a cup of tea or coffee, so go and do that now.

After Gqrx is finally installed, open a terminal and type dmesg -w | grep -i rtl to find out if the RTL-SDR has been detected and started correctly.

Now, plug in the RTL-SDR dongle and watch the dmesg output. You’re looking for something like the following. If you get this, your driver and device is likely working, and we should be good to go.

1

[  999.773404] rtl2832 1-0010: Realtek RTL2832 successfully attached

Now, we should be alright to launch Gqrx for the first time. Do this by typing gqrx in a terminal, or finding it in your applications menu. You should be greeted with a screen asking you to configure your I/O:

In the “Device” drop-down, select the “Realtek RTL2838” device. If it doesn’t exist, your RTL-SDR is likely undetected. You might need to re-connect your device, or potentially reboot your system.

Once we’ve done this, you should see a window like this. This is the main Gqrx window, which shows the current frequency, a visualisation of the current signal, and a waterfall chart of the signal’s history.

I’m going to change the frequency to 433.92MHz, which happens to be the frequency of my garage opener, and many small devices like that here in Australia.

You can change the frequency just by hovering over the “871.000.000” and typing the frequency that you want to tune to.

Once we’ve selected the right frequency, hit the “play” button to start listening.

If you’ve got your speakers running, you should hear some noise, and you’ll see the waterfall chart start to populate.

Press and hold the garage door opener, and if it’s running on 433MHz (which mine is), you will hear, and see Gqrx’s update to show you the signal.

Awesome! We’re up and running.

Next time, in part 2, I’ll be showing how we can begin to record, analyse and understand this strange looking signal.

Thanks for reading!

Let me know on twitter or email if you have any questions regarding this post.

XORcat

You May Also Enjoy