How to build a Flight Radar with your Raspberry Pi

Hello everybody!!

How are you doing in your holidays? Surely well, that’s why I bring you a very interesting topic and that can be quite curious to more than one. If you are getting bored on your holidays and you have a Raspberry Pi and an RTL-SDR (radio scanner) you can do it at home.

With these two stuff you can do a homemade flight radar and it works quite well, you learn to manage with Linux, libraries, dependencies, hardware, protocols and you will see your result in real time!

You will say, “I don’t have what it takes, besides, it is expensive”. Well, I say no, in addition to both devices can be used in countless applications and is one of the things that every hacker would like to have in his arsenal of tools. This whole procedure can be done under both Windows and Linux, so there is no excuse, so let’s do it.

Well, so that we know what the story is about, we are going to use the Dump1090 tool. This tool (among many other things) is responsible for processing the information of the ADS-B (Automatic dependent surveillance — broadcast) system that all or practically all airplanes have (it will begin to be mandatory in certain countries in 2020). This system is a cooperative surveillance technology in which an aircraft determines its position through satellite navigation and broadcasts it periodically, which allows it to be tracked. The information can be received by air traffic control ground stations as a replacement for secondary radar since it does not need to receive a signal from the ground to emit. Also, it can be received by other aircraft to provide knowledge of the situation and allow self-separation. Thanks to this system, our Raspberry Pi can be an air traffic radar! This system normally emits a signal at 1090 MHz and that our RTL-SDR can receive. 🙂

Well, what should I do or what do I need?

• A Raspberry Pi and its power supply, accompanied by an Ethernet cable. In my case, I have the Raspberry Pi 3 B kit.

• A radiofrequency spectrometer, also known as RTL-SDR (Software Defined Radio). It generally uses the RTL2832U chip to process the signal received from the antenna. Someday I will talk more about this wonderful tool. In my case, I have DVB-T-SDR.

• A microSD card (with its adapter to the PC) for the Raspberry Pi. I use an 8 GB, which in this case is worth a lot. If you want to continue using it for other applications, it may fall short.

• Raspbian, the Debian-based Linux operating system that we will use in the Raspberry Pi. It can be downloaded for free from its official website. Being a task that requires nothing more than the Raspberry Pi and the RTL-SDR we will download the basic OS without graphic system (command line only). The advantages are that weighs less, we save the graphic part, since we will not use the HDMI output at all, and therefore neither the keyboard and mouse; with all this, we will save unnecessary processing and above all energy.

We already have everything you need, get to work!

To begin, we will have to mount the image on the microSD so that the Raspberry Pi can boot and use the microSD as persistent memory, (all changes made will be saved even if we turn off the Raspberry Pi).

This point can be made in many ways; the official website recommends the use of Etcher, which is valid for both Linux and Windows distributions, as it has a very friendly interface. I personally, I always use Rufus, it has never failed me, it is portable and it seems for me the best of all (to taste the colours), the bad thing is that it is only under Windows. But as I said, all the development of this procedure can be done both under Windows and under Linux, so there would be no problem. Choose the one you like best.

We connect our microSD card to the PC and in my case with Rufus, we run Rufus and select the image of the OS and the microSD. Do not select anything else, the rest are advanced options that do not come to the subject. Ready, let’s get started!

Once the process is finished, we will have the microSD with our Raspbian operating system installed, and if we look, we will have two partitions. The boot partition that is used to boot the system and the rootfs partition that is where the OS file system is located.

As I mentioned before, we will not use a keyboard or mouse since it is not necessary. This causes a problem and is that by default (for security) the SSH server is disabled and we would need physical access to our Raspberry Pi, and then enable it. But we can solve it, we just have to create an empty file with name “ssh” without extension in the boot partition.

Ready, when we start our RaspberryPi, we will have the SSH server enabled to connect from our PC. As expected, we need to have remote access to our Raspberry Pi, so it would be ideal to connect the ethernet cable (which usually comes with the router) to the physical Ethernet port of the Raspberry Pi. We introduce the microSD and connect the power supply to 5V. Here we could use or a mobile charger of at least 1 A although 2.4 A is recommended (since in the worst case it is the largest current that can be consumed), but we are safe, since this will not be our case, because we will only have consumption mainly our RTL-SDR, Broadcom processor and ethernet controller. We could also use a portable battery (powerbank) that normally have 1 A and 2.4 A output. Choose what suits you best.

After a few seconds after startup, we will only have to know the local IP assigned to our Raspberry Pi, and then connect using SSH protocol.

• Linux:

 root@kali:/home/closer# netdiscover
 root@kali:/home/closer# ssh 192.168.1.40 -l pi

You will ask us for the password, which is raspberry and we will accept the request to connect as a custom fingerprint has been generated for the secure connection between our PC and our Raspberry Pi.

After accepting, we are already connected to our Raspberry Pi!

• Windows:

By default, Windows before Windows 10 does not bring any clients to connect via SSH, but there are tools like Puttythat makes us as a client. To download the portable version, just go to the “Alternative binary files” section and select our version of the binary “putty.exe” (x64 or x86). If you use Windows 10 (as of April 2018), the SSH client comes by default.

Once in our hands, in the command window we will launch:

 C:\Users\Closer> arp -a | findstr b8-27-eb

With “arp -a” we will show the ARP (Address Resolution Protocol) table that is responsible for associating dynamic and static IPs with MAC addresses. Since the ARP table can be a bit extensive and it is not clear what the IP of our Raspberry Pi is, we can filter it with “findstr b8-27-eb” since in the MAC address assignment industry each manufacturer is assigned a range MAC addresses, in this case, Raspberry Pi Foundation is assigned MAC addresses B8: 27: EB: xx: xx: xx. Therefore our exit could be such that:

Now, yes, knowing the IP to which we have to connect, we open Putty (if we have one), write the IP, declare that we want to connect by SSH with port 22 (default for TCP) and we will connect:

We will get the notice as before in Linux, to confirm the fingerprint for the secure connection, we accept, and we will have access to our Raspberry Pi, it will ask the user for the login that as you know is pi and the password raspberry.

If you have Windows 10, the command is the same as in Linux.

From here, it is already the same for both Linux and Windows, I will continue on Linux. Let’s go ahead.

First of all, do not forget to change the default password of the Raspberry Pi.

Primarily and as the image of our Raspberry Pi may have some time, that is, be slightly outdated (it has been a while since the release), and the content of the repositories may have changed, this, our Raspbian does not know. Therefore, it is advisable to update the list of packages, to have the most recent version of them and see which ones are necessary to update and to which version, if an installation is required.

pi@raspberrypi:~ $ sudo apt-get update

When our Raspbian already has the updated list of packages, it will be necessary to install the dependencies. Will you say dependencies on what? The dependencies that are definitely libraries (in this case packages) that are necessary to be able to install the tool with which we are going to play. 🙂

Thanks to the good repositories it will not be necessary to complicate our lives. Unless we want to download a specific library/package or a version that is not in the repo, the ideal would be to take the one they offer and install it, since they are libraries that are already more than tested and are packed (we save the process of compilation and what that entails, since for some libraries it is a bit tedious). We install the following libraries:G

pi@raspberrypi:~ $ sudo apt-get install -y debhelper libusb-1.0-0-dev librtlsdr-dev librtlsdr0 rtl-sdr lighttpd

If you have downloaded, for any reason, another release of Raspbian (with a graphic environment for example) it may be that one is already installed. For this case, those libraries are all necessary, and in fact, some are dependencies of other libraries and the order matters. With -y you will not ask for confirmation of installation and memory reservation in the microSD drive (all to “yes”).

Finally, we have to install the tool with which we will play. This tool is the well-known dump1090although throughout its life (its last development was 7 years ago) it has been mutating and Github users have been making forks of it and there are modified versions and with new features. There are a couple of companies that make extensive use of this tool and with their own modifications, in the end, I will tell you that they are going about. We will install the last one, called dump1090-mutability. I must say that it is not really the last one since FlightAware made a fork of this and has introduced new features, but I have opted for mutability because FA has adapted it to its modified OS. As I said, in the end, I will comment better on this.

Well, go ahead:

pi@raspberrypi:~ $ sudo apt-get install -y dump1090-mutability

If everything went well (which should), when the installation process is finished, the package configuration wizard is automatically launched. Where a window like the following will appear:

It will ask us that if we want it to be launched automatically when we start our Raspberry Pi, we indicate “Yes” if we want it to be that way, otherwise, we would have to launch it by hand every time we want to use it. As my intention is later to continue adding features to our Raspberry, I do.

On the other hand, this wizard has assigned us a default configuration in “/etc/default/dump1090-mutability“. At this point, two things can be done; if we do “dpkg-reconfigure dump1090-mutability” the wizard will appear again asking us one by one, a series of configurations/parameters (which we would mostly leave by default) that we could change them, or, edit the file on the previous route mentioned. So that I want not to extend this, I will leave the configuration found in “/etc/default/dump1090-mutability” that should be used so that we can have our flight radar with the minimum characteristics (which we could modify in the future).

The configuration file should look like this:

# dump1090-mutability configuration file
# this is a POSIX shell fragment.
# You can edit this file directly, or use
# "dpkg-reconfigure dump1090-mutability"

# Set to "yes" to start dump1090 on boot.
START_DUMP1090="yes"

# User to run dump1090 as.
DUMP1090_USER="dump1090"

# Logfile to log to
LOGFILE="/var/log/dump1090-mutability.log"

#
# Receiver options
#

# RTLSDR device index or serial number to use
# If set to "none", dump1090 will be started in --net-only mode
DEVICE="0"

# RTLSDR gain in dB.
# If set to "max" (the default) the maximum supported gain is used.
# If set to "agc", the tuner AGC is used to set the gain.
GAIN="max"

# RTLSDR frequency correction in PPM
PPM="0"

#
# Decoding options
#

# If yes, fixes messages with correctable CRC errors.
FIX_CRC="yes"

# If set, supplies a reference location for local position decoding.
LAT="LATITUDE"
LON="LONGITUDE"

# If set, provides the absolute maximum receiver range used to
# filter bad position reports, and to determine when local position
# decoding is safe to use. Specify this in nautical miles (NM).
MAX_RANGE="300"

#
# Networking options
#

# Port to listen on for raw (AVR-format) input connections. 0 disables.
RAW_INPUT_PORT="30001"

# Port to listen on for raw (AVR-format) output connections. 0 disables.
RAW_OUTPUT_PORT="30002"

# Port to listen on for SBS-format output connections. 0 disables.
SBS_OUTPUT_PORT="30003"

# Port to listen on for Beast-format input connections. 0 disables.
BEAST_INPUT_PORT="30004,30104"

# Port to listen on for Beast-format output connections. 0 disables.
BEAST_OUTPUT_PORT="30005"

# TCP heartbeat interval in seconds. 0 disables.
NET_HEARTBEAT="60"

# Minimum output buffer size per write, in bytes.
NET_OUTPUT_SIZE="500"

# Maximum buffering time before writing, in seconds.
NET_OUTPUT_INTERVAL="1"

# TCP buffer size, in bytes
NET_BUFFER="262144"

# Bind ports on a particular address. If unset, binds to all interfaces.
# This defaults to binding to localhost. If you need to allow remote
# connections, change this.
NET_BIND_ADDRESS=""

#
# Misc options
#

# Interval (in seconds) between logging stats to the logfile. 0 disables.
STATS_INTERVAL="3600"

# Path to write json state to (for use with an external webserver). Blank disables.
JSON_DIR="/run/dump1090-mutability"

# Interval between writing json state (in seconds). 0 disables.
JSON_INTERVAL="1"

# Accuracy of receiver location to write to json state, one of "exact" / "approximate" / "none"
JSON_LOCATION_ACCURACY="approximate"

# Set to yes to log all decoded messages
# This can get large fast!
LOG_DECODED_MESSAGES="no"

# Additional options that are passed to the Daemon.
EXTRA_ARGS=""

The white parameters are the default or not very relevant to what we want, and the blue ones are the ones that are really important to change, as the configuration says. Of course, do not forget to change the parameters LATITUDE and ALTITUDE of the configuration with the latitude and longitude of the location of your Raspberry Pi.

Finally, we must ensure that the use of the lighttpd library for dump1090 has been enabled, it should have been done at the end of the installation of the tool. In case it has not been enabled we would have to enable it and forced to restart the service with:

pi@raspberrypi:~ $ lighty-enable-mod dump1090
pi@raspberrypi:~ $ sudo service lighttpd force-reload

Finally, we restart the dump1090-mutability service. It can be done in several ways, such as the previous one from lighttpd, using service, but it could also be done from the Linux services administrator, systemctl. Choose the one you want, for this case it doesn’t matter.

pi@raspberrypi:~ $ sudo systemctl restart dump1090-mutability.service

We already have it all!

We go to the IP address of our Raspberry Pi to see the map.

In my case http://192.168.1.40/dump1090/gmap.html

Look how it looks!

And that’s how the system is!

To who likes this world, I recommend you research and read more about this. In addition with Dump1090, you can do something else, such as adding altimetry traces on the map, since this also has its study. For example, we have used a distance of 300 nautical miles by default and that makes maximum use of the gain, etc., this is sometimes not the case or is not what we want, since it depends a lot on the circumstances in which we are located. As I said, this has its study, such as the refraction of waves, which will limit us as if we are in a low place, or with trees, the arrival of radio waves.A

In short, who likes this there are several platforms that are dedicated to this exclusively and are quite good, such as FlightRadar24 or Flighaware that as I mentioned already use their variations of Dump1090, in fact, they have operating systems specialized in this, that is an “all-in-one” that you install on your Raspberry Pi and with Internet access, send the data to the platforms, and make a WORLDWIDE radar. If you are interested, in each of the platforms, they tell you how to do it step by step.

I hope I explained clearly and that you liked it. If you liked this world, maybe one day I will make a post to capture the signal of a satellite that transmits images. 😏

See you in the next post! 😉

Happy Hacking!

Author: Rafael Moreno López.