Software-defined radio on a handheld Linux box — RTL-SDR, HackRF, GQRX, GNU Radio, Meshtastic, ADS-B, trunked-radio

Section	Topic
1	About this Volume
2	Legal and Ethics for RF
3	The SDR Universe
· 3.1	What an SDR is
· 3.2	RTL-SDR
· 3.3	HackRF One
· 3.4	LimeSDR family
· 3.5	USRP family
· 3.6	Comparison table
4	The uConsole’s SDR Hardware Paths
· 4.1	HackerGadgets AIO V2 RTL-SDR
· 4.2	USB RTL-SDR dongle
· 4.3	HackRF One via USB
· 4.4	LimeSDR Mini via USB
· 4.5	The V3.14 USB-2 bandwidth ceiling
5	GQRX — the Canonical SDR GUI
· 5.1	Install and first launch
· 5.2	Tuning the receiver
· 5.3	Demodulation modes
· 5.4	Recording IQ and audio
· 5.5	The remote-control TCP interface
6	SDR++ — the Modern Alternative
· 6.1	Why SDR++ over GQRX
· 6.2	Install (Pi OS) vs pre-installed (Dragon OS)
· 6.3	Module ecosystem
7	GNU Radio
· 7.1	What it is and why it matters
· 7.2	`gnuradio-companion` GUI
· 7.3	Common flowgraphs
· 7.4	Performance on the uConsole
8	ADS-B Aircraft Tracking
· 8.1	`dump1090` — the workhorse
· 8.2	Web UI and Skyview
· 8.3	Feeding FlightAware / FlightRadar24
9	Trunked-Radio Decoding
· 9.1	P25 via SDRtrunk
· 9.2	DMR via DSDPlus / DSD-FME
· 9.3	NXDN, ProVoice, Tetra
· 9.4	`op25` — open-source P25 decoder
10	Meshtastic on the AIO V2’s SX1262
· 10.1	What Meshtastic is
· 10.2	Setup on the uConsole
· 10.3	`meshtastic-cli` and the Python API
· 10.4	Pairing with handheld nodes
11	Spectrum Analysis Workflows
· 11.1	`SoapyRemote` for headless capture
· 11.2	GNU Radio FFT visualisation
· 11.3	Long-baseline waterfall recording
· 11.4	Survey patterns for unknown bands
12	Recording and Post-Processing IQ
· 12.1	File formats — `.cu8`, `.cs16`, `.cf32`, SigMF
· 12.2	`baudline` for visual analysis
· 12.3	`inspectrum` for digital signals
· 12.4	Universal Radio Hacker (URH)
13	Antenna Selection
14	The Field SDR Loadout
15	Vol 12 Cheatsheet Updates
16	Resources
17	Footnotes
18	Index

1. About this Volume

The uConsole is a remarkably good SDR platform. Not because the BCM2711 is fast (it isn’t, by SDR-workstation standards) but because the form factor matches the workload: an SDR + USB hub + integrated screen + battery + keyboard adds up to a self-contained portable receiver that you can carry into a parking lot, a hotel room, or a roadside-pull-over without setting up a full station.

This volume covers SDR work — the hardware, the software stacks, the workflows, and the limits. It picks up where Volume 7 §5 stopped (the AIO V2 hardware specs) and Volume 5 §6 stopped (Dragon OS as the pre-built SDR-focused distribution).

The reader of this volume is assumed to have basic radio literacy — knows the difference between AM and FM, has heard of the IF and the local oscillator, and can read a frequency in MHz vs GHz without a calculator. If those are new, the ARRL Handbook or https://www.rtl-sdr.com/about-rtl-sdr/ are good prerequisites.

What this volume is not: an introduction to RF theory. We will not derive the Friis equation. We will tell you what input level the RTL-SDR can handle (the answer is roughly -10 dBm before the front-end clips), and how to know if your antenna is delivering more than that, but the underlying physics is taken as known.

2. Legal and Ethics for RF

Before any RF work — and this is similar in spirit to the Volume 8 pen-test ethics chapter, but the rules are different:

Receive-only is generally legal. Most jurisdictions allow listening to publicly broadcast or unencrypted signals on amateur radio bands, weather bands, aircraft bands, broadcast FM/AM, public-safety voice traffic. Decoding unencrypted public-safety traffic is generally legal in the U.S. (Communications Act §605(a) carves out unencrypted broadcasts) but acting on what you hear may not be — see local law.
Decoding encrypted communications is illegal almost everywhere. Even if you have the key. Don’t.
Transmitting requires licensing. Amateur radio bands need an amateur licence. ISM bands (433 / 868 / 915 / 2400 MHz) allow unlicensed low-power use within band-specific power limits. Broadcast bands, public-safety, cellular — all require licensing or are unavailable to amateurs. HackRF and LimeSDR can transmit; this does not authorise you to transmit on every frequency they’re capable of.
Bypass-detection / jamming is criminal. No matter the country.
Fox-hunting / direction-finding is generally legal as long as you’re receiving, not transmitting. A fun amateur sport.
Encryption interception under the U.S. Wiretap Act is a federal crime even on accidental capture if you act on the information.

The sane practical pattern: stay receive-only on unencrypted bands. If you need to transmit, get the licence first — amateur radio is the easiest path (Technician class in the U.S. takes a weekend of study and a $35 exam fee).

For ham radio specifically, Volume 10 is the deep dive.

3. The SDR Universe

3.1 What an SDR is

A software-defined radio takes raw RF samples in (or out, for transmit-capable units) and lets software do the modulation/demodulation. A traditional radio receiver has a fixed-function chain: antenna → bandpass filter → mixer → IF amp → demodulator → audio. An SDR replaces everything after the mixer with a high-speed ADC and a software decoder.

The advantages: one piece of hardware decodes anything within its bandwidth budget — FM broadcast, NOAA weather satellite, ADS-B, AIS, P25 trunked voice, LoRa, FT8, all the way down to whatever experimental protocol you’re sniffing. Change the software, change the radio. The disadvantages: you trade fixed-function performance for flexibility, and you need a CPU to do the decoding.

3.2 RTL-SDR

The cheapest SDR. A repurposed DVB-T USB dongle (Realtek RTL2832U + Rafael Micro R820T2 tuner) sold for around $25-35 from RTL-SDR Blog or generic resellers. Specs:

Parameter	Value
Frequency range	24 MHz – 1.766 GHz (R820T2 tuner)
With HF upconverter or direct sampling	down to ~500 kHz
Sample rate	up to 3.2 Msps stable; 2.4 Msps reliable
ADC resolution	8 bits
Receive only	(no transmit)
Interface	USB 2.0
Antenna	SMA-female

The 8-bit ADC is the meaningful limit — only ~50 dB of dynamic range. A strong nearby signal will desensitise the front end. The 2.4 Msps usable bandwidth means you can see ~2 MHz of spectrum at a time. For listening to a single FM station, monitoring ADS-B, decoding APRS, or receiving low-bandwidth signals, the RTL-SDR is more than enough.

Variants worth knowing:

RTL-SDR Blog v3 / v4 — TCXO (better frequency stability) + bias-tee + HF direct sampling. The premium consumer RTL-SDR. ~$35.
NESDR SMArt — Nooelec’s premium variant; similar features. ~$40.
Generic “DVB-T” dongles — $10-15. May be RTL2832U + R820T2 or other tuners; quality varies wildly.

For the uConsole, the AIO V2’s onboard RTL-SDR (Vol 7 §5.1) is functionally equivalent to an RTL-SDR Blog v3 — same R820T2 tuner, same TCXO, same 8-bit ADC.

3.3 HackRF One

The Great Scott Gadgets HackRF One¹ is the affordable transmit-capable SDR. ~$300-350.

Parameter	Value
Frequency range	1 MHz – 6 GHz
Sample rate	up to 20 Msps
ADC resolution	8 bits
TX/RX	Half-duplex (one or the other, not both at once)
TX power	-10 dBm (100 µW) typical
Interface	USB 2.0
Antenna	SMA-female

The frequency range covers everything from longwave to S-band. The 8-bit ADC is the same limitation as RTL-SDR (50 dB dynamic range). Half-duplex matters for any application that needs simultaneous TX and RX (full-duplex SDR work needs LimeSDR or USRP).

What HackRF lets you do that RTL-SDR doesn’t: transmit (with a licence — see §2), decode anything in the cellular bands (700 MHz – 2.6 GHz), do wider-bandwidth captures (full 20 MHz vs RTL-SDR’s 2 MHz).

3.4 LimeSDR family

The LimeSDR Mini and LimeSDR USB are full-duplex SDRs from Lime Microsystems². ~$200 (Mini) – ~$300 (USB).

Parameter	LimeSDR Mini	LimeSDR USB
Frequency range	10 MHz – 3.5 GHz	100 kHz – 3.8 GHz
Sample rate	up to 30.72 Msps	up to 61.44 Msps
ADC resolution	12 bits	12 bits
TX/RX	Full-duplex	Full-duplex
Channels	1 TX + 1 RX	2 TX + 2 RX
Interface	USB 3.0	USB 3.0

The 12-bit ADC delivers ~70 dB dynamic range vs HackRF/RTL-SDR’s 50 dB — a meaningful improvement. Full-duplex enables radar, repeater, or simultaneous TX-and-RX experiments. USB 3.0 matters for the uConsole — on V3.14 USB 2.0 you cap at ~35 MB/s practical, which limits sustained sample rates well below the LimeSDR’s 30 Msps capability. On V3.14_V5 + CM5 with USB 3.0 unlocked, you can hit closer to the LimeSDR’s nominal capability.

3.5 USRP family

The Ettus Research USRP family is the professional-tier SDR — used in research labs, cellular operators, and military communications. The B-series (B200, B210) are USB 3.0 connected; the X-series (X310, X410) are 10 GbE / PCIe. Prices range from $700 (B200mini) to $7,000+ (X410).

For the uConsole, the B-series is theoretically usable (USB 3.0 on V3.14_V5 + CM5) but the USRP is overkill for handheld work. A pen-test loadout doesn’t need 100 dB of dynamic range. Mention here for completeness; if you need a USRP, you probably don’t need the uConsole.

3.6 Comparison table

SDR	Price	Freq range	Sample rate	ADC	TX	uConsole fit
AIO V2 RTL-SDR	(in card)	100 kHz – 1.74 GHz	2.4 Msps	8-bit	No	Native; no extra USB used (Vol 7 §5.1)
RTL-SDR Blog v3/v4	$35	24 MHz – 1.77 GHz	2.4 Msps	8-bit	No	USB-A; trivial
HackRF One	$320	1 MHz – 6 GHz	20 Msps	8-bit	Yes	USB-A; bandwidth-limited on V3.14 USB-2
LimeSDR Mini	$200	10 MHz – 3.5 GHz	30.72 Msps	12-bit	Yes	USB-A; bandwidth-saturated on V3.14 USB-2; full on V5+CM5
LimeSDR USB	$300	100 kHz – 3.8 GHz	61.44 Msps	12-bit	Yes	Same
USRP B200mini	$760	70 MHz – 6 GHz	56 Msps	12-bit	Yes	Same; overkill for handheld

For most uConsole users, the answer is: AIO V2 (already integrated, no separate hardware) or RTL-SDR Blog v3 (~$35, plug-and-play). Step up to HackRF only when you need transmit capability or wider bandwidth. Step up to Lime/USRP only for specific full-duplex / high-dynamic-range requirements.

4. The uConsole’s SDR Hardware Paths

4.1 HackerGadgets AIO V2 RTL-SDR

The AIO V2’s RTL-SDR (Vol 7 §5.1) is functionally equivalent to an RTL-SDR Blog v3:

RTL2832U + R820T2 tuner.
TCXO frequency reference (low drift).
5V bias-tee output (toggleable; powers active antennas / LNAs).
HF direct-sampling mode (100 kHz – 28.8 MHz without upconverter).
Antenna IPEX socket → external SMA via the case-side feed-through.

After enabling the SDR subsystem (Vol 7 §5.2 GPIO power-gate sequence), it appears to Linux as a standard RTL-SDR USB device. No additional driver or configuration needed beyond rtl-sdr apt package. rtl_test confirms detection:

$ rtl_test
Found 1 device(s):
  0:  Realtek, RTL2838UHIDIR, SN: 00000001
Using device 0: Generic RTL2832U OEM
Found Rafael Micro R820T2 tuner
Supported gain values (29): 0.0 0.9 1.4 ... 49.6
[R82XX] PLL not locked!
Sampling at 2048000 S/s.
...

PLL not locked warning at idle is normal; goes away when you tune to a real frequency.

4.2 USB RTL-SDR dongle

For the second-RTL-SDR loadout (one for ADS-B, one for everything else), plug a USB RTL-SDR Blog v3 into the uConsole’s USB-A port:

sudo apt install -y rtl-sdr librtlsdr-dev

# Verify detection:
lsusb | grep RTL
# Should show "Realtek RTL2838 DVB-T"

# Verify reception:
rtl_test

Multiple RTL-SDRs can coexist; address by index -d 0 / -d 1 in tools, or by serial number with rtl_eeprom.

4.3 HackRF One via USB

sudo apt install -y hackrf libhackrf-dev

# Verify detection:
hackrf_info
# Should report:
# - Found HackRF
# - Serial number: 0000000000000000a06063c8...
# - Board ID: 2 (HackRF One)
# - Firmware version: 2024.02.1
# - Part ID: 0xa000cb3c 0x004f4751

Update firmware periodically:

hackrf_spiflash -R   # reset to ROM mode
hackrf_spiflash -i hackrf_one_usb.bin    # flash new firmware

4.4 LimeSDR Mini via USB

sudo apt install -y soapysdr-tools libsoapysdr-dev limesuite

# Verify detection:
SoapySDRUtil --probe="driver=lime"
# Should report device, channels, gain ranges, etc.

# Or via Lime's own tool:
LimeUtil --info
LimeUtil --update     # firmware update

4.5 The V3.14 USB-2 bandwidth ceiling

A reminder from Vol 7 §2.3: the V3.14 mainboard caps USB at 2.0 (480 Mbps theoretical, ~35 MB/s practical). For SDR sample-rate planning:

SDR + sample rate	Bytes/sec	USB 2.0 fit?
RTL-SDR @ 2.4 Msps × 2 bytes (cu8)	4.8 MB/s	Easy
RTL-SDR @ 3.2 Msps × 2 bytes	6.4 MB/s	Easy
HackRF @ 8 Msps × 2 bytes	16 MB/s	Comfortable
HackRF @ 10 Msps × 2 bytes	20 MB/s	Tight
HackRF @ 20 Msps × 2 bytes	40 MB/s	Saturates USB 2.0
LimeSDR @ 10 Msps × 4 bytes (cs16)	40 MB/s	Saturates
LimeSDR @ 30 Msps × 4 bytes	120 MB/s	Impossible on USB-2

For HackRF at full 20 Msps or LimeSDR at full rate, you need V3.14_V5 + CM5 (USB 3.0 unlock) or you run at reduced sample rate.

5. GQRX — the Canonical SDR GUI

GQRX³ is the long-running standard SDR GUI for Linux. Spectrum waterfall, demod, audio output, IQ recording — all in one application.

5.1 Install and first launch

sudo apt install -y gqrx-sdr

# Launch:
gqrx &

First-run dialog asks for the SDR device. Select your RTL-SDR / HackRF / Lime from the dropdown. Default device-string syntax:

Device	GQRX device string
RTL-SDR (default)	`rtl=0`
RTL-SDR (specific by serial)	`rtl=00000001`
HackRF One	`hackrf=0`
LimeSDR Mini	`lime=0`
File (replay IQ)	`file=/path/to/capture.cu8,rate=2.4e6,freq=100e6`

Hit OK. Sample rate defaults to 2.4 Msps for RTL-SDR. The main window has the spectrum + waterfall on top; tuning + audio controls on the right.

5.2 Tuning the receiver

Click directly on the spectrum / waterfall to tune.
Use the frequency display at top to enter a frequency precisely (in Hz, kHz, MHz — GQRX accepts units).
“Bookmarks” panel saves common frequencies for quick recall.

For broadcast FM (88-108 MHz in most regions), tune to a known-strong station first to verify reception.

5.3 Demodulation modes

The “Mode” dropdown selects the demod. Common picks:

Mode	Use case
WFM	Wide-band FM; broadcast FM stations
WFM stereo	Wide-band FM with stereo MPX
NFM	Narrow-band FM; ham 2m / 70cm voice, GMRS, FRS
AM	Aircraft band, longwave, shortwave broadcast
LSB / USB	Single-sideband; ham HF voice
CW	Morse code; ham CW
Raw	No demodulation — pure IQ to audio

For each mode, GQRX gives you a passband-edges control to widen/narrow the filter. Squelch threshold helps mute noise between transmissions.

5.4 Recording IQ and audio

Two recording modes:

Audio recording — saves the demodulated audio to WAV. “Audio” panel → REC button.
IQ recording — saves the raw baseband samples to a file. “Input controls” → “Rec” near the bottom. Format is .raw (cs16 — 16-bit signed I/Q interleaved) by default; can switch to cu8 (8-bit unsigned, smaller).

For long-running captures, IQ files grow fast. RTL-SDR @ 2.4 Msps × 2 bytes × 3600 sec = 17 GB per hour. Plan storage accordingly (USB-C SSD, not microSD).

5.5 The remote-control TCP interface

GQRX exposes a TCP control interface (default port 7356) that other apps can use to query/tune:

# Enable in GQRX: File → Remote Control settings → Enable Remote Control

# Then from another terminal:
echo "F 145000000" | nc localhost 7356   # tune to 145 MHz
echo "f" | nc localhost 7356               # query current frequency
echo "M FM" | nc localhost 7356           # set FM demod

Useful for scripted scanning, integration with hamlib, or controlling GQRX from a Python script.

6. SDR++ — the Modern Alternative

SDR++⁴ is a more recent SDR GUI that’s gained popularity in 2022+. Cross-platform (Linux/Windows/macOS), modular plugin architecture, more visually polished than GQRX.

6.1 Why SDR++ over GQRX

Better UI — modern Dear ImGui-based interface; smoother spectrum updates.
Module plugin system — extend by dropping .so files in a plugins directory.
Multiple receivers — open multiple demod sessions inside one SDR++ instance.
Active development — feature velocity is higher than GQRX.

When to prefer GQRX: you need the TCP remote-control interface (SDR++ has one but it’s less mature), you’ve memorised GQRX’s keyboard shortcuts, or you want the absolute lowest-resource baseline (GQRX uses slightly less RAM).

6.2 Install (Pi OS) vs pre-installed (Dragon OS)

On Pi OS:

# SDR++ doesn't have a Debian package on Pi OS apt, but you can build from source:
sudo apt install -y cmake libfftw3-dev libglfw3-dev librtlsdr-dev libhackrf-dev \
                     libsoapysdr-dev libairspy-dev libairspyhf-dev
git clone https://github.com/AlexandreRouma/SDRPlusPlus
cd SDRPlusPlus
mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make -j$(nproc)
sudo make install

On Dragon OS (Vol 5 §6), SDR++ is pre-installed — sdrpp from the application menu or terminal.

First launch: select the SDR source from the “Source” dropdown (top-left), pick a sample rate, hit Play.

6.3 Module ecosystem

SDR++ modules cover:

Module	What it does
`rtl_sdr_source`	RTL-SDR support
`hackrf_source`	HackRF support
`soapy_source`	SoapySDR backend (covers Lime, USRP, more)
`audio_sink`	Send demodulated audio to system audio out
`recorder`	Record IQ or audio
`network_sink`	Stream IQ over network
`meteor_demodulator`	Decode Meteor M2 weather satellite
`noaa_apt_demodulator`	Decode NOAA APT weather satellite
`digital_modes`	FT8, FT4, RTTY, etc.

Browse via the “Modules” tab in the SDR++ settings.

7. GNU Radio

GNU Radio⁵ is the underlying signal-processing framework on which GQRX, SDR++, and most other Linux SDR apps are built. For custom workflows — decoding a protocol nobody else has decoded, building a transmitter for a new mode, prototyping a digital filter — you write a flowgraph in GNU Radio.

7.1 What it is and why it matters

A GNU Radio flowgraph is a directed acyclic graph of signal-processing blocks. Each block has typed inputs and outputs (complex samples, real samples, bytes, packets). Blocks include sources (file, RTL-SDR, HackRF), sinks (audio, file, network), and processing (filter, FFT, decimate, demod, modulate). You wire them together; each tick of the runtime, samples flow from sources through processing to sinks.

For decoding workflows: this lets you say “RTL-SDR samples → 2.4 Msps → decimate to 240 ksps → LowPass filter → quadrature demod → audio” in a few minutes of GUI work instead of months of C++ DSP.

7.2 `gnuradio-companion` GUI

sudo apt install -y gnuradio gnuradio-dev gr-osmosdr

# Launch the GUI:
gnuradio-companion &

The GUI has a left sidebar of available blocks, a centre canvas for the flowgraph, and a right sidebar for the selected block’s parameters. Drag blocks onto the canvas, click an output port and the matching input port to wire them. Press F5 to generate the Python code for the flowgraph; F6 to run it.

For the uConsole, gnuradio-companion takes ~10 seconds to start (Python + GTK + GR runtime). Memory at idle: ~600 MB. With a complex running flowgraph: 1+ GB. Workable on 4 GB CM4; tight on 2 GB.

7.3 Common flowgraphs

A few canonical flowgraphs worth saving in ~/projects/sdr/flowgraphs/:

FM broadcast demod (the “hello world” of GNU Radio):

RTL-SDR Source [2.4 Msps, freq=98.5e6, gain=49.6] →
  Rational Resampler [interp=1, decim=10] →
  WBFM Receive [audio_decimation=2] →
  Audio Sink [48 ksps]

FSK / MFSK decode for IoT bands (433 MHz remote, garage door, weather station):

RTL-SDR Source [1 Msps, freq=433.92e6] →
  Frequency Xlating FIR Filter [offset, decimate, taps=lowpass] →
  Quadrature Demod →
  Binary Slicer →
  Pack K Bits →
  File Sink [/tmp/decoded.bin]

GFSK transmitter (HackRF only) for sub-GHz experimentation (legal only on ISM bands):

File Source [/tmp/payload.bin] →
  GFSK Mod [samples_per_symbol=4, bt=0.5] →
  Multiply Const [scale to TX gain] →
  HackRF Sink [freq=915e6, sample_rate=2 Msps]

Decimating filter chain for narrowing bandwidth before saving IQ (saves disk):

HackRF Source [20 Msps, freq=center] →
  Frequency Xlating FIR Filter [offset, decim=20, taps=lowpass-1MHz] →
  File Sink [/tmp/narrow_capture.cs16]

7.4 Performance on the uConsole

GNU Radio is CPU-bound. A typical FM-demod flowgraph at 2.4 Msps uses ~10-15% of a CM4 core. Decimating from 20 Msps to 1 Msps with FIR filtering uses ~80-100% of a core. Multi-block flowgraphs spread across cores via GNU Radio’s scheduler.

On the CM4, expect:

Workload	CPU
FM demod @ 2.4 Msps	10-15% of one core
FFT visualisation @ 2.4 Msps	25% of one core
HackRF @ 8 Msps + decimate to 1 Msps	80% of one core
HackRF @ 20 Msps + decimate to 1 Msps	Saturates two cores
FT8 decode (every 15 seconds)	100% of one core for ~5 sec
Trunked-radio decode (op25, P25 phase 1)	60-80% of one core
GNSS / GPS receiver (full software)	100% of all four cores

CM5 is roughly 2× faster across the board. Radxa CM5 with NPU is meaningfully faster on FFT/correlator workloads.

For demanding flowgraphs, consider the gnuradio-companion “Scheduler” option set to TPB (thread-per-block) which spreads load across cores better than the default STS (single-thread scheduler).

8. ADS-B Aircraft Tracking

ADS-B (Automatic Dependent Surveillance-Broadcast) is the digital radio system aircraft use to broadcast their position. 1090 MHz, low data rate, easy to decode with an RTL-SDR. Popular hobbyist activity.

8.1 `dump1090` — the workhorse

sudo apt install -y dump1090-mutability

# Run with web interface:
sudo systemctl start dump1090-mutability
sudo systemctl enable dump1090-mutability

# Web UI:
xdg-open http://localhost:8080

The web UI shows a map with aircraft positions, altitudes, headings, ICAO addresses, callsigns, and tracks. Range depends on antenna and surrounding terrain — typical with the AIO V2’s stock antenna is 50-100 nautical miles.

8.2 Web UI and Skyview

The default dump1090 web UI is functional but plain. The “Skyview” UI ships with newer dump1090 builds and is much prettier — sectional charts overlay, better aircraft icons, history.

For a self-hosted Skyview, install skyaware978 from FlightAware or use the readsb/tar1090 pair:

git clone https://github.com/wiedehopf/tar1090
sudo bash tar1090/install.sh
# tar1090 web UI now at http://localhost/tar1090/

8.3 Feeding FlightAware / FlightRadar24

Sharing your ADS-B feeds is community currency — you contribute receiver coverage; you get a free premium account on the platform. For FlightAware:

wget https://flightaware.com/adsb/piaware/files/packages/pool/piaware/p/piaware-support/piaware-support_8.2_all.deb
sudo dpkg -i piaware-support_8.2_all.deb
sudo apt update
sudo apt install -y piaware
sudo piaware-config feeder-id <your-id>
sudo systemctl restart piaware

For FlightRadar24:

sudo bash -c "$(wget -O - https://fr24.com/install.sh)"
# Interactive setup: enter your email, sharing key, etc.
sudo systemctl start fr24feed

A uConsole running dump1090 + piaware + fr24feed in the corner of a room with the AIO V2’s antenna mounted in a window is a perfectly serviceable home-station ADS-B contributor — and the “free premium” benefits are non-trivial.

9. Trunked-Radio Decoding

Many public-safety, transit, and industrial radio systems use trunked digital protocols. Decoding requires more sophistication than analog FM voice — you need to track the control channel, follow voice channel assignments, and decode the digital voice codec.

9.1 P25 via SDRtrunk

SDRtrunk is a Java-based GUI for trunked-radio decoding. P25 Phase 1 (digital voice + control), DMR, NXDN. Cross-platform, well-documented.

sudo apt install -y default-jre
wget https://github.com/DSheirer/sdrtrunk/releases/latest/download/sdr-trunk-linux-x86_64-*.zip
unzip sdr-trunk-linux-x86_64-*.zip
cd sdr-trunk
./run.sh

Configure: select your RTL-SDR or HackRF as the SDR source; enter the P25 trunked system’s control channel frequency; SDRtrunk follows voice traffic automatically.

Memory: SDRtrunk uses ~1-2 GB of RAM. Tight on 2 GB CM4; comfortable on 4 GB+.

The Reddit thread (u/needmorejoules) reports SDRtrunk + HackRF combo working on the uConsole — this is field-validated.

9.2 DMR via DSDPlus / DSD-FME

DMR (Digital Mobile Radio) is the ETSI standard used by Motorola MOTOTRBO, Hytera, and many commercial users. Decoding chain:

RTL-SDR or HackRF → DSDPlus (Windows-only, runs in Wine) or DSD-FME (Linux native).

DSD-FME:

sudo apt install -y dsd-fme   # may need community PPA
# Or build from source:
git clone https://github.com/lwvmobile/dsd-fme
cd dsd-fme
autoreconf -i && ./configure && make && sudo make install

# Run with audio piped in from rtl_fm:
rtl_fm -f 460e6 -s 24k -g 49 - | dsd-fme -i - -o /dev/audio

DSD-FME also handles NXDN, dPMR, and YSF (Yaesu System Fusion).

The Audioplatinum community fact (02-inputs/community_research_notes.md) — “using it as portable instrument for checking my DMR Tier-III network” — is the canonical use case. Field-validated on the uConsole.

9.3 NXDN, ProVoice, Tetra

NXDN: same DSD-FME chain works.

ProVoice (older Motorola-proprietary): DSDPlus only, runs in Wine.

Tetra (European public-safety): different decoder needed — tetra-rx from osmocom-tetra or commercial Pidalin.

9.4 `op25` — open-source P25 decoder

OP25 is the open-source P25 decoder, GNU-Radio-based:

sudo apt install -y gnuradio gnuradio-dev gr-osmosdr
git clone https://github.com/osmocom/op25
cd op25
./install.sh

# Run with a control channel + frequency list:
./op25/gr-op25_repeater/apps/rx.py --args 'rtl' -f 851025000 -T trunk.tsv -V -2 -U

OP25 is GUI-less but powerful; SDRtrunk is the GUI alternative covering the same protocol. Pick based on preference.

10. Meshtastic on the AIO V2’s SX1262

Meshtastic⁶ is an off-grid mesh-networking protocol over LoRa (sub-GHz long-range radio). The AIO V2’s onboard SX1262 LoRa chip can run Meshtastic firmware natively, turning the uConsole into a Meshtastic node.

10.1 What Meshtastic is

LoRa-based encrypted mesh:

Range: 1-10 km line-of-sight (depends on antenna, power, terrain).
Bandwidth: 250 bps – 11 kbps (LoRa is low-bandwidth, long-range).
Use case: text messaging + GPS location sharing + telemetry over an off-grid mesh.
Hardware ecosystem: hundreds of compatible LoRa boards (LilyGO TBeam, Heltec WiFi LoRa 32, RAK Wireless WisBlock).

For the uConsole, this is not a primary connectivity option — bandwidth is too low for real internet — but it’s a useful supplement for off-grid scenarios (camping, disaster response, group hikes).

10.2 Setup on the uConsole

The AIO V2’s SX1262 is exposed to Linux as a SPI device after the GPIO power-gating is enabled (Vol 7 §5.2). Driver: the Meshtastic Linux native client (meshtasticd).

# Install dependencies:
sudo apt install -y libpulse-dev libi2c-dev libssl-dev libgpiod-dev

# Build meshtasticd from source (no apt package on most distros):
git clone https://github.com/meshtastic/firmware
cd firmware
git checkout meshtasticd-portduino-stable

# Build for portduino (Linux native):
mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Release -DPORTDUINO=1 ..
make -j$(nproc)

# Run:
sudo ./meshtasticd

Configure the radio’s region (US, EU, JP), channel, and pre-shared key. The default region is US (915 MHz); EU (868 MHz) is the other common.

10.3 `meshtastic-cli` and the Python API

The CLI is the easiest way to interact with a running meshtasticd:

pip install --user meshtastic

# Show device info:
meshtastic --info

# Send a message:
meshtastic --sendtext "Hello mesh!"

# List known nodes:
meshtastic --nodes

# Set device name:
meshtastic --set-owner "uConsole-Node-1"

# Configure channel:
meshtastic --ch-set name MyMesh --ch-set psk 0x1234... --ch-index 0

For programmatic use, the Python API:

import meshtastic
import meshtastic.serial_interface

interface = meshtastic.serial_interface.SerialInterface()
interface.sendText("Hello from Python")
nodes = interface.nodes
for node_id, node in nodes.items():
    print(f"Node {node_id}: {node['user']['longName']}")

10.4 Pairing with handheld nodes

A common Meshtastic loadout pairs the uConsole (running meshtasticd) with handheld Meshtastic nodes — a LilyGO TBeam in your pocket, a Heltec board on each team-member’s belt, a stationary base node at home running solar-power. The uConsole acts as the lab/desk node where you compose long messages, view the full mesh topology, and bridge to email/SMS via internet uplink.

11. Spectrum Analysis Workflows

Beyond listen-and-decode, SDRs are spectrum analysers. Useful for: surveying an unknown band, hunting interference, locating a signal source.

11.1 `SoapyRemote` for headless capture

For “uConsole is far from where the antenna is” scenarios, SoapyRemote splits the SDR’s location from the analysis location. The SDR plugs into a remote Linux box (a Pi 4 in a window with a great antenna view); the uConsole connects over network.

# On the remote (where the SDR is):
sudo apt install -y soapyremote-server
sudo systemctl start SoapySDRServer

# On the uConsole:
sudo apt install -y soapyremote
SoapySDRUtil --probe="driver=remote,remote=192.168.1.10:55132"

GQRX, SDR++, and GNU Radio all accept the SoapyRemote string as a device source.

11.2 GNU Radio FFT visualisation

For a custom spectrum-analyser flowgraph:

HackRF Source [10 Msps, freq=center, gain=20] →
  QT GUI Frequency Sink [FFT size 4096, average=0.1]

This gives you a 10 MHz instantaneous bandwidth view that you can sweep across frequencies by retuning the HackRF.

For wider surveys, the “Frequency Sweep” template flowgraph (in gnuradio-companion’s example menu) does swept-frequency capture with stitching.

11.3 Long-baseline waterfall recording

For “what was on this band over the last 24 hours?” surveys:

# Use rtl_power for ultra-wideband sampling:
rtl_power -f 25M:1750M:25k -g 49 -i 60 -e 24h survey.csv

# - -f frequency_start:stop:bin_size
# - -i integration_time (seconds per sample)
# - -e end_after duration

# After completion, plot with heatmap.py:
python3 heatmap.py survey.csv survey.png

Output is a 2D heatmap: frequency (X) × time (Y) × power (colour). Reveals time-of-day patterns, intermittent transmitters, propagation conditions on HF.

11.4 Survey patterns for unknown bands

When asked “what’s on this band?”:

Wide swept survey (rtl_power -f start:stop:bin -i 1 -e 1h) — get an overview.
Identify candidates — peaks in the heatmap. Note their frequencies.
Tune in GQRX — listen / inspect each candidate for 30 seconds.
Classify — analog (FM voice, AM voice, SSB), digital (FSK, FM data, OFDM, LoRa), or noise (broadband, narrowband, periodic).
Decode — if digital, identify the protocol via constellation, baud rate, FFT pattern. URH (§12.4) is the protocol-RE tool.
Document — annotated frequency list with notes for each.

The uConsole is excellent for this workflow because the screen is right there during the survey.

12. Recording and Post-Processing IQ

For protocol reverse engineering, regulatory analysis, or detailed signal characterisation, you record raw IQ samples and analyse offline.

12.1 File formats — `.cu8`, `.cs16`, `.cf32`, SigMF

Format	Bytes/sample	What it is
`.cu8`	2 (1+1)	Complex 8-bit unsigned (RTL-SDR native)
`.cs8`	2 (1+1)	Complex 8-bit signed
`.cs16`	4 (2+2)	Complex 16-bit signed (HackRF, Lime native)
`.cf32`	8 (4+4)	Complex 32-bit float (highest precision)
`.iq`	varies	Generic; check sidecar metadata
`.sigmf-data` + `.sigmf-meta.json`	varies	Standardised metadata-rich format

SigMF is the modern open standard — pairs a binary .sigmf-data file with a JSON .sigmf-meta.json describing sample rate, centre frequency, format, capture context, optional annotations. Increasingly supported by tools.

For sharing or archiving captures, save as SigMF. For lightweight scripting, use .cu8 from RTL-SDR or .cs16 from HackRF.

12.2 `baudline` for visual analysis

baudline is an old but powerful spectrum analyser for IQ files. Real-time waterfall, multiple measurement modes, sample-accurate cursor.

# Download (no apt package):
wget https://www.baudline.com/baudline_1.08_linux_x86_64.tar.gz
tar xf baudline_1.08_linux_x86_64.tar.gz
cd baudline_1.08

# Open a cu8 file:
./baudline -stdin -channels 2 -quadrature -format u8 -samplerate 2400000 < /tmp/capture.cu8

Caveat: the binary is 32-bit i386 in older releases; you may need libc6:i386. The 64-bit build is more recent.

12.3 `inspectrum` for digital signals

inspectrum is a focused spectrogram inspector for figuring out digital signals. Click-and-drag to measure frequency, time, baud rate; designed for protocol reverse engineering.

sudo apt install -y inspectrum

inspectrum /tmp/capture.cs16 --rate 8000000

For an unknown signal, the workflow is:

Open in inspectrum.
Visually identify the signal’s bandwidth and centre frequency.
Use the cursor to measure the symbol period (1 / baud rate).
Identify the modulation (FSK shows two clear peaks; PSK shows constellation in time-domain; OFDM shows wide flat-top spectrum).
Pass to URH for full decode.

12.4 Universal Radio Hacker (URH)

URH is the swiss-army knife of protocol reverse engineering — capture, analyse, and replay digital signals.

sudo apt install -y python3-pip
pip install --user urh
urh &

Workflow:

Interpretation tab — record signal from RTL-SDR or load a .cs16 file. URH auto-detects bit boundaries.
Analysis tab — cluster messages, identify common patterns, find CRC fields.
Generator tab — modify the captured data; regenerate the IQ.
Simulator tab — replay the modified signal via HackRF (legal only on ISM bands you’re authorised for).

URH is the right tool for: garage door remotes, weather stations, IoT sensors, smart-meter ERT, RFID-class signals. Do not use it on bands where you’re not licensed.

13. Antenna Selection

Volume 7 §8 has the antenna-routing reference and the case-side IPEX/SMA feed-throughs. For SDR-specific antenna choices:

Frequency range	Antenna	Use cases
HF (3-30 MHz)	Long wire, mag-loop, MLA-30+	Shortwave, ham HF, WSPR
30-300 MHz (VHF)	Telescopic dipole (RTL-SDR Blog kit)	Aircraft, marine, ham 2m
300-3000 MHz (UHF)	Discone, log-periodic	TV, ham 70cm, GMRS, ADS-B
1090 MHz (ADS-B)	1090 MHz collinear	Aircraft tracking
433/868/915 MHz (ISM)	Short whip; SX1262 LoRa antenna	LoRa, Meshtastic, weather stations
2.4 GHz	Small SMA whip; patch antenna for direction	WiFi monitor, zigbee, BLE scan
50-1500 MHz (broad)	Great Scott Gadgets short-form-factor	Talking Sasquach recommendation

The Talking Sasquach short-form-factor antenna recommendation is for ~50-1500 MHz general SDR work — compact, doesn’t snag on bag straps, decent gain through the band.

For ADS-B specifically, a tuned 1090 MHz collinear gives ~3-5 dB more sensitivity than a generic broadband antenna. Big difference in coverage.

14. The Field SDR Loadout

Recommended physical setup for an SDR-primary loadout:

Item	Why
uConsole + AIO V2	Primary radio + RTC + GPS + LoRa
Dragon OS on a microSD	All SDR tools pre-installed (Vol 5 §6)
RTL-SDR Blog v3 USB dongle	Second SDR for ADS-B background-running
HackRF One	Wideband + transmit (when licensed)
Telescopic dipole + tripod	General-purpose VHF/UHF antenna
1090 MHz collinear (small)	Dedicated ADS-B antenna
Great Scott Gadgets short-form	Compact 50-1500 MHz antenna for mobile
LMR-240 coax patch cables (1 m, 2 m)	Better than thin RG-174 for low loss
Bias-tee filter (SAW)	Reject out-of-band intermod
USB-C power bank (10000 mAh)	Extends runtime for long captures
USB-C SSD (256+ GB)	IQ recording
Notebook + pen	Manual frequency log; old habit, useful

Set up:

Boot Dragon OS (or Pi OS + manual SDR install).
Verify all SDR hardware detects: rtl_test, hackrf_info.
Mount external SSD for capture rotation.
Start dump1090 background service for ADS-B.
Open SDR++ for active operations.
Note GPS lock from AIO V2 (gpspipe -w).
Begin survey.

15. Vol 12 Cheatsheet Updates

The following one-pagers go into Vol 12:

§4 (SDR quick-start): rtl_test / hackrf_info detection commands; GQRX device-string syntax from §5.1.
§5 (Demod modes): the GQRX mode-vs-use-case table from §5.3.
§11 (ADS-B): dump1090 install + web UI URL + piaware/fr24feed setup.
§12 (Trunked-radio): SDRtrunk + DSD-FME quick recipes.
§13 (Meshtastic): meshtastic-cli essential commands.
§15 (Error → fix): “PLL not locked” warning at idle = normal; “no devices found” for HackRF = check lsusb / firmware update; “USB sample rate too high” = drop sample rate or upgrade to V3.14_V5+CM5.
§17 (Antenna table): the antenna-by-frequency-range table from §13.
§19 (Field SDR loadout): the §14 checklist condensed.

16. Resources

Source	URL
RTL-SDR Blog	`https://www.rtl-sdr.com/`
RTL-SDR project (osmocom)	`https://osmocom.org/projects/rtl-sdr/wiki`
HackRF One	`https://greatscottgadgets.com/hackrf/one/`
LimeSDR	`https://limemicro.com/products/`
USRP / Ettus Research	`https://www.ettus.com/`
GQRX	`https://gqrx.dk/`
SDR++	`https://github.com/AlexandreRouma/SDRPlusPlus`
GNU Radio	`https://www.gnuradio.org/`
dump1090 (mutability fork)	`https://github.com/mutability/dump1090`
readsb / tar1090	`https://github.com/wiedehopf/tar1090`
FlightAware piaware	`https://flightaware.com/adsb/piaware/`
FlightRadar24 sharing	`https://www.flightradar24.com/share-your-data`
SDRtrunk	`https://github.com/DSheirer/sdrtrunk`
DSD-FME	`https://github.com/lwvmobile/dsd-fme`
OP25	`https://osmocom.org/projects/op25/wiki`
Meshtastic	`https://meshtastic.org/`
Meshtastic firmware	`https://github.com/meshtastic/firmware`
SoapySDR	`https://github.com/pothosware/SoapySDR/wiki`
baudline	`https://www.baudline.com/`
inspectrum	`https://github.com/miek/inspectrum`
Universal Radio Hacker (URH)	`https://github.com/jopohl/urh`
SigMF	`https://github.com/sigmf/SigMF`
Dragon OS	`https://cemaxecuter.com/`
ARRL Handbook	`https://home.arrl.org/`

17. Footnotes

(Footnotes are listed inline above; this section is a placeholder anchor for the index.)

18. Index

A — ADS-B — §8. Aircraft tracking — §8. Antenna selection — §13.

B — baudline — §12.2. Bias-tee — §3.2, §4.1. Bandwidth ceiling (USB 2.0) — §4.5.

C — cs16 / cu8 / cf32 — §12.1. Comparison table (SDR) — §3.6. Cross-references (Vol 7 §5) — §4.1.

D — Decimating filter — §7.3. Demod modes — §5.3. dump1090 — §8.1. DMR — §9.2. DSD-FME — §9.2. Dragon OS — §6.2 (cross-ref Vol 5 §6).

E — Encryption (legal note) — §2.

F — FFT visualisation — §11.2. FlightAware — §8.3. FlightRadar24 — §8.3. FM broadcast demod (flowgraph) — §7.3. FSK decode (flowgraph) — §7.3. Field SDR loadout — §14.

G — GFSK transmit (flowgraph) — §7.3. GNU Radio — §7. gnuradio-companion — §7.2. GQRX — §5. GPS (AIO V2) — §14.

H — HackRF One — §3.3. ham radio (cross-ref Vol 10) — §10.

I — inspectrum — §12.3. IQ recording — §5.4, §12. ISM bands — §2, §10.

J, K — None.

L — Latency tradeoffs (cross-ref Vol 8) — N/A. Legal/ethics — §2. LimeSDR — §3.4.

M — Meshtastic — §10. meshtastic-cli — §10.3. Modes (demod) — §5.3.

N — NXDN — §9.3.

O — OP25 — §9.4.

P — P25 — §9.1, §9.4. PLL not locked (warning) — §4.1. ProVoice — §9.3.

Q — qFlipper (cross-ref Vol 8) — N/A.

R — Recording IQ — §5.4, §12. Remote control (TCP) — §5.5. RTL-SDR — §3.2. RTL-SDR Blog v3/v4 — §3.2.

S — Sample rate budget — §4.5. SoapyRemote — §11.1. SoapySDR — §6.3, §11.1. SDR++ — §6. SDRtrunk — §9.1. Skyview — §8.2. Spectrum analysis — §11. SigMF — §12.1. SX1262 (cross-ref Vol 7) — §10.

T — tar1090 — §8.2. TCXO — §3.2. Tetra — §9.3. Trunked radio — §9.

U — Universal Radio Hacker (URH) — §12.4. USRP — §3.5.

V — Vol 5 §6 (Dragon OS) — §6.2, §14. Vol 7 §5 (AIO V2) — §4.1. Vol 7 §8 (antennas) — §13.

W — Waterfall recording — §11.3. WBFM Receive — §7.3.

X, Y — None.

Z — None.

HackRF One product page: https://greatscottgadgets.com/hackrf/one/. Open-source firmware and hardware. The cellular-frequency tuning + transmit capability is what makes it the canonical “general-purpose SDR” in the hacker community. ↩
Lime Microsystems product line: https://limemicro.com/products/. The LimeSDR uses a different SoC architecture (LMS7002M) than RTL-SDR or HackRF; full-duplex operation is the headline feature. ↩
GQRX project page: https://gqrx.dk/. Built on top of GNU Radio + Qt5. First released 2012; actively maintained. Standard in every Linux SDR distribution including Pi OS and Dragon OS. ↩
SDR++ source: https://github.com/AlexandreRouma/SDRPlusPlus. Pre-built for many distributions; pre-installed on Dragon OS (Vol 5 §6). ↩
GNU Radio project: https://www.gnuradio.org/. C++ + Python framework with a GUI flowgraph builder (gnuradio-companion). Runs on Linux, Windows, Mac. The de facto SDR framework for research and academia. ↩
Meshtastic project: https://meshtastic.org/. Open-source firmware originally targeting ESP32 boards; the SX1262 in the AIO V2 is the same chip the firmware supports. ↩

RF / SDR Workflows

Contents