31 December 2014

ghpsdr3-kx3-server available on github

Having fiddled with fcdpp-server.py to add a ppm offset option before Xmas, I'd been wondering about bodging it to work with my KX3 as an I/Q source.

I had a go earlier this afternoon.  It took all of 10 minutes of python hacking to get something that functioned.  A few more minutes were spent adding command line options.  Now ghpsdr3-kx3-server is available on github.

I hope someone finds it useful, although it is receive only.

Happy new year, everyone.





28 June 2014

KX3 UHF Emissions

I've written his blog post primarily as a place to store my screen shots related to a topic that I initiated on the Elecraft mailing list about the UHF emissions I have noticed emanating from my KX3. The full topic thread can be seen here

These screen-shots have been taken using osmocom_fft, with my USRP-B100 and WBX daughterboard connected the discone antenna in my loft.  My preamp is set for 0dB gain, the USRP gain is set to a total of 43dB which is about as high as I tend to set it in order to avoid intermod.

The first few pictures are with my KX3 in its normal position with its normal cable connections, in its normal configuration, set to 7.080Mhz.  The cables are smothered in #61 ferrite.

Firstly a 8Mhz spectrum capture  (below) shows a fairly high noise floor due to the bandwidth and a faint trace of the sproggy (in the centre), but some other signals towards the upper end of the spectrum, probably TETRA stuff or similar.


Next, the same scenario, but with 125kHz sample-rate/bandwidth to drop the noise floor.

Note that averaging is enabled in all of these plots.  The next one had peak hold enabled so that we can see the effect of sweeping the VFO on the KX3.
Just a quick recap, the above pics shows the results of my attempts so far to suppress the UHF emissions externally.  Perhaps I could do better.

The next picture is with the KX3 disconnected from everything, but sat in the same location.

The next picture is with the KX3 relocated to the kitchen, about 30 ft away from it's operating position.  Both of these locations are roughly equidistant from the discone antenna in the loft, which is about 30ft away.

This one is with the KX3 relocated upstairs, to within 8ft of the discone antenna. There are still no cables attached.
I then moved the KX3 back to its normal operating position, the same scenario as the 4th picture.
I then insert the right angled 2.5mm to in-line 3.5mm stereo adapter cable, which is about 6 inches in length when straight.


This time, I have two turns (they just fit) of the 2.5mm to 3.5mm adapter cable  around the mix #61 ferrite toroid. The peak hold is left from the last shot, so we can see the improvement.
Finally, the KX3 is restored to its normal state of connectivity, with antenna,  power, CAT via Acc1, I/Q, audio out and in cables attached.  I have 3 toroidal chokes with various numbers of turns on the I/Q cable, and a bunch of snap-ons with a couple of turns and the remaining toroidal chokes smothering the other cables. This time, the sample-rate is increased to 1MHz, and I have enabled the 8kHz Rx Shift, which moves the sprog down 55*8kHz, to the left hand end of the spectrum.  An unrelated signal appears to the right of the relocated sprog and a peak trace of another unrelated signal appears near the right hand edge.



Update:

So far, I've found spurs on (some of) the 10th, 20th, 40th, 55th, 75th and 100th harmonics of various VFO frequencies. With my VFO on 21.25Mhz, I'm getting an S-band spur on the 100th harmonic at 2.125GHz.

3 May 2014

qtrfiq

I've just added qtrfiq to github.  It is a simple gnuradio-companion flowgraph that provides a QT fosphor display fed from an audio IQ input (such as that from the Elecraft KX3 transceiver) that determines the radio's frequency by using hamlib's rigctl.


18 March 2014

Decoding pocorgtfo03.pdf with multimon-ng

Having had a read of pocorgtfo03.pdf (you can get it from here) and learning of its chameleon-like properties, I resolved to investigate the claim that "Treated as single-channel raw audio, 16-bit signed little-endian integer, at a sample rate of 22,050 Hz, it contains a 2400 baud AFSK transmission".

I'd already confirmed that the pdf looked like a JPG using the file command:

$ file  Downloads/pocorgtfo03.pdf
Downloads/pocorgtfo03.pdf: JPEG image data, JFIF standard 1.01, comment: ""
 I had a look at the file with baudline:


Sure enough the file seemed to show a modem signal at around 6 seconds in.  I remembered that multimon-hg could decode AFSK2400 and had a stab at decoding the tones with that:


$ multimon-ng -t raw -a AFSK2400  Downloads/pocorgtfo03.pdf -q
 POCSAG512 POCSAG1200 POCSAG2400 EAS UFSK1200 CLIPFSK AFSK1200 AFSK2400 AFSK2400_2 AFSK2400_3 HAPN4800 FSK9600 DTMF ZVEI1 ZVEI2 ZVEI3 DZVEI PZVEI EEA EIA CCIR MORSE_CW DUMPCSV SCOPE
AFSK2400: fm PASTOR-0 to APRS-0 via WIDE1-1,WIDE2-1 UI  pid=F0
:EMAIL    :pastor@phrack.org I have POC to share.

Nice!

12 March 2014

Psychedelic SSTV on 255.560MHz

I was having a rummage around in the UHF Satcom band when I noticed an unusual signal on the 255.550MHz transponder downlink.


It turned out to be analogue SSTV, Robot 36 mode, over FM centred on 255.560MHz.


It seems to repeat the same image for quite a while.  So far it has sent these pictures, received with QSSTV:
 




The colour looks worse than NTSC :P  I'm not sure why it is so bad.  Similar reports have been noted here and here (forums.radioreference.com) and on youtube here.

2 March 2014

QSSTV with hampal digital SSTV

I've been trying out the new version of QSSTV, 8.2.4, listening on on 40m.  It has support for the DRM-based digital modes now.

You can get the new version here.  Here are some screenshots:



23 February 2014

Oddness with Apple iCloud SMTP with TLS - MITM?

Last Thursday, the 20th February, there was a planned migration of my ADSL service to another LLU provider.  Things went smoothly, but I noticed that my line sync rates were a little on the low-side, so I planned to email my ISP about it the following day, if the connection hadn't improved.

After returning home from work on Friday 21st, I determined that the sync rates were still below par, and with oodles of margin, proceeded to knock out an email asking someone to fiddle with something.  However, I was stumped by an unforeseen hurdle - Thunderbird (running on Linux) was unable to send an email through the configured SMTP server: smtp.mail.me.com, using TLS on port 587.

I then experimented with my iPhone 4S, and found that it could send emails via the same SMTP server on either my 3G service or when connected via my domestic wifi through the ADSL service of my ISP.  OK, I thought, it must be a Thunderbird configuration problem, but I found nothing wrong.  I then dropped my LAN connection on my Linux box and established a wifi connection, using my iPhone 4S as a hotspot, and found that Thunderbird was able to send emails OK with the same configuration via the cellular network.

I found this to be odd, something didn't make sense. I couldn't understand why using the cellular network for the SMTP connection would allow either the iOS or Thunderbird clients to work, but only the iOS client would succesfully send via SMTP with TLS over my ISPs network.  At this point I raised the issue with my ISP.

A shortwhile later, the ISP suggested that I should try and connect via SMTP on port 25.  Not wanting to actually make a clear-text authenticated connection with my actual account credentials, I decided to connect with telnet on port 25.

The results looked like this:

$ telnet smtp.mail.me.com 25
Trying 17.172.34.225...
Connected to smtp.mail.me.com.
Escape character is '^]'.
220 st11p00mm-asmtp002.mac.com -- Server ESMTP (Oracle Communications
Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built Aug 22 2013))

That seemed pretty normal, I vaguely recalled seeing that greeting before.  I tried again on port 587.  The results looked like this:

$ telnet smtp.mail.me.com 587
Trying 17.172.34.225...
Connected to smtp.mail.me.com.
Escape character is '^]'.

^]
telnet> quit
Connection closed.

This attempt was made using my ADSL connection for internet access.  Nothing happened after the connection was made, so I dropped the telnet connection, switched to using my iPhone's hotspot and tried the same thing. I got the same response on port 587 as I had previously on port 25:


$ telnet smtp.mail.me.com 587
Trying 17.172.34.225...
Connected to smtp.mail.me.com.
Escape character is '^]'.
220 st11p00mm-asmtp001.mac.com -- Server ESMTP (Oracle Communications
Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built Aug 22 2013))

Pretty strange huh?  The IP address was the same so It wouldn't seem that there was any DNS buggeration involved.

I made contact with my ISP again and reported my findings.  Within 20 minutes they responded, stating that they too had attempted to telnet to port 587 but met with the expected Oracle greeting.  By this time, I  had verified that the server answering on port 587 had indeed started to behave in the manner expected.

At this point I was a bit confused and slightly paranoid.  I mentioned to the ISP that this was all very fishy and that some kind of explanation would be appropriate.  It was at his point that I think they went home for the weekend, and I started to fiddle around with something else.  It was Saturday afternoon before I heard about the Apple SSL goto fail bug being patched on Friday.  The existence of that bug explains why my iPhone itself would have been happy sending email through my ADSL connection through a MITM to the STMP server on port 587, and why Thunderbird would not.

So what does this all mean? Was there a MITM attack going on?