Anoduck's Das Wiki
- Building a Custom Kali Image: Like a boss!
- Desktops.md
- Partitioning in OpenBSD
- amass.md
- amd-gpu-kali.md
- argparse-no-arg.md
- art.md
- awesome.md
- awk.md
- bash.md
Menu (Edit):
Link List (Edit):
# ____ _____ _ _ _ __________
# | _ \_ _| | | || ||___ /___ /
# | |_) || | | | | || |_ |_ \ |_ \
# | _ < | | | |___ |__ _|__) |__) |
# |_| \_\|_| |_____| |_||____/____/
#
RTL 433 - The ISM Band
The Intro
The title of this wiki entry is ambiguious and is a misnomer. RTL-433 actually refers to a program or group of programs used with software defined radio in the analysis and study of radio communications that occur in the ISM band. The ISM band are portions of the radio spectrum that are internationally reserved for industrial, scientific, and medical use, forming the acronym I.S.M.. Although designed for use with the ISM band, rtl-433 technology expands beyond the officially recognized ISM band and incorporates frequencies used for ISM purposes, but not internationally reserved for such use. An example of a frequency used for ISM purposes, but is not reserved internationally is the frequency 318MHZ. So, to provide a general all encompassing definition to what is RTL-433, we can summarize and say frequencies below 1GHZ.
A moment of praise
RTL-433, the program, is quite well developed, very robust, and extremely powerful. It is undoubtedly the workhorse of decoding ISM-Band radio signals. The developers are extremely knowledgeful and very friendly.
Capturing Data
There are several ways one can capture radio signals in the ISM band. The Great Scotts Gadget Yard STick One
has been referred to as a modern miracle of electrical engineering and is perfectly designed to explore
the ISM frequency range, but since the title of this page is RTL-433, we will be focusing on using the RTL-433
software with a low-cost general purpose software defined radio. Current experience has been with using both
the RTL-SDR doggle and the HackRF One SDR. RTL-433 was specifically written for use with the RTL-SDR doggle in
mind, but also works perfectly with the HackRF SDR. The only noticeable difference will be RTL-433 will output
an 8-bit cu8 file for captured data, and will output a 16bit cs16 file for captured data with the hackrf.
To capture all data recieved from the sdr use rtl_433 -S All, and rtl-433 will start saving signals and
outputting log on the terminal. Later, you can visit the I/Q Spectrogram, upload your
binary data file, and view a visual representation of the data you just recieved. Below is a screenshot of spectrogram of
captured data recieved prior to writing this page.
File formats
Before you hit the snooze button, to use RTL-433 you will need to know a little about the different file formats it stores information under. Software defined radios store their raw data in “In-Phase/Quadrature” format. A sample of raw data in this format consists of an “I” and “Q” value, each commonly of 8, 12, and 16 bit. The processing of this data is much akin to the processing of audio data, except at a much faster rate. This rate is most often either 250kHz, 1024 kHz, or sometimes 1MHZ.
Above it is mentioned that using rtl-433 with a RTL-SDR doggle or with a HackRF SDR created two different file
formats. From here you should be able to deduce the RTL-SDR generated a .cu8 file, meaning it create a raw
data file consisting of 8 bit “I”/”Q” values. The HackRF produced a raw data file consisiting of 16 bit “I”/”Q” values.
Thankfully, the creators of rtl-433 created it with the ability to convert raw data files to just about any format needed to process the data. An example command is shown below.
rlt_433 -w ${FILENAME}.${DESIRED EXTENSION} ${ORIGINAL SOURCE FILE}
Processing captured data
RTL-433 recognizes a lot of different devices,