The crowdfunding campaign for the open-hardware LimeSDR XTRX, an updated and fully-supported successor to the Fairwaves XTRX, is now open, with hardware expected to ship to backers at the end of November.

Designed as a drop-in replacement for the discontinued Fairwaves XTRX, the LimeSDR XTRX puts a Lime Microsystems LMS7002M field-programmable radio-frequency chip on a mini-PCI Express (mPCIe) board for easy integration into everything from embedded devices like the Raspberry Pi Compute Module 4 to powerful servers and workstations.

Existing projects built around the Fairwaves XTRX will be able to use the LimeSDR XTRX as a direct replacement, complete with compatibility with Fairwaves’ original driver package. The updated board also boasts compatibility with the Lime Suite software bundle, providing an easy path to a fully-maintained and broadly-adopted software stack.

The LimeSDR XTRX includes two full-dupelx multiple-input multiple-output (MIMO) channels with a frequency range of 30 MHz up to 3.8 GHz and a bandwidth of 120 MHz, with 12-bit sampling at a rate of 120 mega-samples per second (MSPS) single-input single-output or 90 MSPS MIMO. There’s an on-board AMD Xilinx Artix 7 field-programmable gate array (FPGA) with 52k look-up tables (LUTs) – enough spare logic to run custom workloads on-device to free up the host processor.

The crowdfunding campaign for the LimeSDR XTRX is open now on Crowd Supply, with hardware priced at $699 including global delivery. All hardware is expected to begin shipping at the end of November this year, Lime Micro has confirmed.

GNU Radio contributor Barry Duggan has published a proof-of-concept design for file sharing over radio, though warns of “a lot of noise” when trying it out on the license-free industrial, scientific, and medical (ISM) bands.

“This package consists of a packet transmitter, a channel simulation, and a packet receiver,” Barry explains of the project, which uses Packet and Binary Phase-Shift Keying (BPSK) blocks to transfer files over-the-air. “It has been developed and tested with GNU Radio version For Over The Air testing, a Transmit/Receive SDR module is used in place of the channel simulation.

“Any text, binary, and other non-text files (such as PDF or PNG) can be sent. [A] Python block performs the following functions: send a preamble to allow the receiver to synchronise; read the file in ‘Pkt_Len’ chunks; convert the data to Base64, which produces 4 bytes of output for every 3 bytes of input; send each Base64 chunk with revised ‘packet_len’ tags; send a post-file filler to assure that any buffers have been flushed.”

The project has received “limited testing” with real hardware, Barry writes, with the discovery of a need for tuning tweaks at the receiving end for best results, a requirement for forward error correction to prevent dropped packets putting holes in the file, and that using a license-free ISM band “can introduce a lot of noise.”

The source files and documentation for the project are available on the GNU Radio wiki.

The UK government’s Department for Science, Innovation, and Technology (DSIT) has announced a public call for information on the use of private telecommunication networks in the nation – and on their security, too.

“The call for information will help the government develop its understanding of the private telecoms market, including the technologies being deployed, the sectors using these networks, and the security measures taken to protect them,” a DSIT spokesperson explains. “This information will be used to determine if any government intervention is required to promote the security and resilience of private telecoms networks.

“While anyone can respond to it, the government would particularly welcome responses from telecoms providers, businesses that currently procure, or are planning to procure, and use private telecoms networks, and consultants, contractors, or academics involved in the industry.”

The UK government defines private telecommunications networks as those which “provide bespoke services to closed user groups,” which would include SDR-driven small-cell private networks. The call for information is open now, and closes on the 13th of September 2023.

Those interested in submitting a response can read more on GOV.UK.

Baltic Lab’s Sebastian Westerhold has published a guide to modifying a low-cost block (LNB) downcoverter for use with the QO-100 payload on the Es’hail 2 satellite.

“The modification itself is quite simple. In essence, the 25 MHz crystal is removed and replaced by a 25 MHz LC-series resonant circuit with bandpass characteristic connected to the F-connector of the LNB,” Sebastian explains. “Standard component values of 18 pF and 2.2 µH were chosen for the series LC circuit.

“The 25 MHz, through-hole crystal on the back of the PCB was removed using a soldering iron and solder wick. A 2.2 µH inductor was then installed instead of the previously removed crystal. In order to protect the leads of the inductor from unintended contact with the grounded enclosure, it was covered with a small piece of Kapton tape. The PCB was then re-installed inside the metal enclosure and soldered back in place.”

The full guide is published on the Baltic Lab website, with more information available in a research paper published with colleague Celin Matlinksi.

Pseudonymous YouTuber “Tech Minds” has published a video showcasing the build of a low-cost turnstile antenna for tuning in to MILSAT SATCOM satellite constellations — and using tape measure segments in a 3D-printed frame.

“All you need is some aluminium tubing, a couple of tape measures, and a 3D printer to print the required parts,” the Tech Minds host explains. “The 3D printed parts [take] a couple of afternoons to print, as there’s quite a few of them. Cutting the tape measures [is] actually quite easy using a pair of household scissors, as the tape measure that I purchased was actually quite thin.

In field testing, the antenna proved capable of tuning in to the target satellites with good directionality: “You can hear […] as I move the antenna into different directions the signal faded, so its directional qualities are working well,” the host says of his tests. “Even though the turnstile antenna was connected with lossy coax, it still outperformed the vertical antenna [on the roof].”

The full video is available on the Tech Minds YouTube channel.

Gabe Emerson, of YouTube channel “saveitforparts,” has published a video guide on receiving satellites from the Russian Meteor M2-3 satellite — a recently-launched replacement for the M2-2 which suffered damage earlier this year.

“That particular satellite seems to have caught fire or exploded or run into something or had some other issue where it’s no longer sending down images,” Gabe explains of M2-2’s fate, “at least not on a frequency that I can pick up. Fortunately, they’ve just launched another one. Tracking these Russian weather satellites can be challenging, not just in a technical and looking up in the sky perspective but even just from a naming convention perspective.

“The folks over at Roscosmos don’t seem to be very imaginative, so they name all of these satellites Meteor 2. We’ve had a Meteor Number 2, a Meteor Number 2-2, a Meteor M Number 2, a Meteor M Number 2-1, Meteor M Number 2-2, and this latest one that’s just launched is Meteor M2-3. It would be pretty hard to keep track of them all, except they seem to fail pretty quickly so there only seems to ever be on that’s working at a given time.”

Gabe’s full guide, which uses a Raspberry Pi as the receiving host, is available on the saveitforparts YouTube channel now.

Semi-pseudonymous ham operator “Derek SGC,” meanwhile, has tuned to Global Navigation Satellite System (GNSS) satellites in order to pick up something unexpected: audible conversations.

“Did you know that GPS satellites routinely broadcast plain unencrypted FM voice transmissions,” Derek asks. “The exact same kind of transmission that you would hear from a broadcast FM radio station or a walkie-talkie. To understand why this happens I first need to introduce you to a system called SARSET.

“[SARSET] is an internationally collaborative project which aims to put instruments on navigation and other satellites that are able to receive and process distress and emergency transmissions from locator beacons. You don’t really need to change your setup if you already have a working HRP receiver, you only need an amplifier that lets those frequencies through.

“Depending on where you are in the world you may see different kinds of traffic,” Derek continues, “[but] it’s probably not something that you want to monitor for too long because all you’re going to hear are probably some unintentional voice transmissions from things like taxi services in China or something like that.”

Derek’s full video is available on his YouTube channel. has brought our attention to Hystérésia — an art installation in Lausanne, Switzerland which listens to “zombie” satellites using an autonomous ground station.

“Several thousand kilometres from Earth, 31 ‘zombie’ satellites circle above our heads,” the team behind the project explains. “Transit 5B-5, LES 1, Solrad, Secor, Oscar, Isis, Tiros… launched for the most part at the heart of the Cold War, these machines fed new information routes, served as support for intelligence systems, staff or scientists. Moved into cemetery orbits, between life and death, they continue to emit a residual signal.

“Of what memory are they still the messengers? Hystérésia is an outdoor sound installation that captures the waves of these technological ruins to recompose a story of the sky and communicate with the beyond.”

The installation picks up signals from a total of eight satellites, launched between 1964 and 1966 and still transmitting intelligible – if not particularly useful – signals. Those interested in hearing the signals can play them through the project’s website.

Pseudonymous Reddit user “NeoHolo” has shown off a work-in-progress project to create a platform for the sharing of radio signals and reports of same: Spotted.

“[Spotted is] a space where you can exchange and list intercepted radio signals, as well as write reports on your observations,” NeoHolo explains of the project. “Whether you’re into radio communication or simply fascinated by signals in the air, this platform is designed for you.

“Key features of Spotted: exchange and list intercepted radio signals; provide detailed information about the signals, such as frequency, amplitude, and modulation type; write reports on your observations. Feedback and suggestions will be invaluable in refining and enhancing the platform’s features.”

More information is available in NeoHolo’s Reddit post, while interested parties can sign up to Spotted – which is in a work-in-progress pre-launch phase – on the official website.

A team of security researchers from Midnight Blue have released details of several vulnerabilities in the Terrestrial Trunked Radio (TETRA) project – including one they describe as a “backdoor” in the TEA1 encryption algorithm, rendering it “trivially brute-forceable” on a standard desktop computer.

“TETRA:BURST is a collection of five vulnerabilities, two of which are deemed critical, affecting the Terrestrial Trunked Radio (TETRA) standard used globally by law enforcement, military, critical infrastructure, and industrial asset owners in the power, oil & gas, water, and transport sectors, beyond,” the team explains. “Most of the TETRA:BURST vulnerabilities affect all TETRA networks. Depending on infrastructure and device configurations, these vulnerabilities allow for real-time decryption, harvest-now-decrypt-later attacks, message injection, user de-anonymisation, or session key pinning.”

Perhaps the most concerning of these is a claimed “backdoor” in the TEA1 encryption algorithm, which lowers its effective key size from the designed 80-bit length to one “trivially brute-forceable on consumer hardware in minutes.” A video released alongside the announcement shows this vulnerability being used to decrypt traffic on a real network, proving its existence.

The European Telecommunications Standards Institute (ETSI), creator of the TETRA standard, has confirmed the issue with the TEA1 algorithm but declares it by-design. “The TETRA security standards have been specified together with national security agencies and are designed for and subject to export control regulations which determine the strength of the encryption,” its statement on the matter claims. “These regulations apply to all available encryption technologies. As the designer of the TETRA security algorithms, ETSI does not consider that this constitutes a ‘backdoor.'”

More information on the research is available on the TETRA:BURST website; firmware updates for some issues have already been released by vendors, while others can only be worked around using end-to-end encryption (E2EE) and other mitigations.