Band Conditions

14 March 2019

Receiver IF/LO Hunting

A discussion got started on another blog, and was cut short because the owner has a limit on how long comments stay open.

I first played around with this stuff back in the 1980s. One of the local hams sold me a Stoddart NM-20A for the then princely sum of $50. I later picked up an NM-30A.

First time I played with it, I thought "holy shit."  The thing would pick up colorburst and CPU signals at surprisingly and scary long distances. As a bonus, it also served as a pretty good shortwave receiver.

Many years later, I recall hearing on one of my receivers a local radio station on a frequency that it shouldn't have been heard on. I became really concerned when I heard the same music downstairs. A little sleuthing later and I discovered I was hearing the fifth harmonic of the cheap China-made boombox's LO. Not only was I hearing the LO, but the filtering was so poor that it was bleeding the received station's audio back into the LO.

I haven't screwed around with this sort of thing in many years, don't trust my recall, and only Odin himself knows where my original notes are. Time to fire up some test equipment in the lab and do proper research. I suspect with the continued cheapening of electronics, that the research might prove to be even more interesting.

For now, here is something written by a fellow hobbyist from England, back in 1990.

By Nigel Ballard
28 Maxwell Road, Winton, Bournemouth,
Dorset, BH9 1DL, England.
5 August 1990

Firstly, what is an 'I.F.'? Well, incoming signals to any modern radio
are mixed with a fixed internal signal , these are produced by a circuit
known as a local oscillator. Your incoming signal mixes with the fixed
internal signal and produces an Intermediate Frequency, or I.F.

The I.F. frequency always operates above or below the incoming
frequency. If the incoming occurred at the exact same frequency
as your receivers I.F., then your receiver would find this an impossible
signal to detect. As an example, many cheaper receivers have the all
important first I.F. at 10.7MHz, if you had a bug operating in your room on that exact frequency, then your average receiver would not aware of it's existence. This is not a BIRDIE in the classical sense, more a non-usable frequency. A normal Birdie is simply a dead channel caused by internally generated noise in the rf circuits. This 10.7MHz frequency is not blanked by internal noise, but simply dead because it falls on the same frequency that the I.F. operates on.

The I.F. frequency is thus generated, not by adding them together, but
by taking one from the other. The resultant freq is known as the first
I.F. frequency. Dependent on the radio type, and where in the spectrum
you are monitoring, the Local Oscillator may be operating above or below the received signal. Although we need to know the frequency of the radio's first I.F., it is the Local Oscillator's output we are interested in.

You don't have to have vast experience of TEMPEST and the like, to know that any piece of equipment that is turned on and uses crystal
controlled or ceramically resonated circuits, generates spurious output. Put an antenna on to this piece of supposedly dormant equipment, and you now have unwanted radiations, in effect when your radio or scanner is switched on and connected to an antenna, you are constantly transmitting a signal, small it may be, but it is there! And if an amateur like me can receive them at up to 50 feet, then how far can the pro's get! 'BULLSHIT' you say!

If I shoot the breeze in general terms for a while, just to convince you
that your Bearcat (example) scanner sat in your bedroom listening on one specific frequency, COULD be a dead giveaway to the authorities.

You don't need to convince the forces of both east and west that this
principle of detection works, they have been using it and trying to
defeat it in their own radio's for years and years.

In the UK, all handhelds used by the Police walking the beat are between 451.00 and 453.00MHz NFM, no ifs or buts, that's the band limits that they all operate in (London is excluded from this). Suppose you knew that the first I.F. of the latest Motorola radio's they used were 24MHz. Now suppose you came across an officer who just refused to key his radio up so that you could scan the 451 to 453 area with your scanner. Not daunted by this, you set your scanner to scan 24MHz below this band, i.e. 427.00 to 429.00MHz. Getting as close to your target as possible with a reasonable scanner using an external antenna tuned to this band, you proceed to tune over his L.O. output. If his radio is switched on, and he is NOT currently transmitting, as soon as you tune over his L.O. your scanner will stop on a weak but constant low tone. If your target then transmits the tone will disappear, as the L.O. can only be picked up in receive. Make a note of the L.O., say it was 428.500, add the original I.F. shift of 24MHz and hey presto you now have the EXACT frequency he is sat on. I make it 452.500. It is now a simple case of sitting on that spot until he decides to talk.

Well get a friend with a h/held to let you try it out. All you need is
the radio's first I.F.. Remember in a previous article I told you to
collect all the leaflets on PMR radio's you could, well most of the
catalogues will tell you the first I.F. of each and every radio they
sell. Pretty sneaky eh!

Why do you think that our lot have a pre-occupation in getting hold of
the latest radio's from their lot. Well firstly there is the overall
capability of the radio. Then there is the RADIO SIGNATURE, each and every type of radio ever produced, gives a unique if not slight, radio signature, the right equipment can tell the exact model of radio
transmitting. Further analysis by computer can even tell a particular
radio from another radio of the exact same type and model. Very handy if the net is encrypted, thus no voice patterns can be analysed. Military producers go to great lengths to try and set all radio's up as close together as possible, thus reducing the possibility of radio

The radio analyst's Then connect a standard combat antenna to the radio and see how far away they can detect the L.O., the better the radio, the more it will have been suppressed. And of course, the first I.F. is recorded and passed around to the specialist units whose job it is to work out where the enemy is listening.

Just as an antenna increases it's TX output and RX input as you increase the gain. The same applies to the L.O. output. Take any Russian embassy, our boys will not be far away with the most sensitive receivers known to man. Not just hunting for their next transmission, that's child's play with spectrum analysers and panadaptors. The trick now is to find out WHAT they are listening to. Don't be fooled by all those antenna's on embassy roofs, it's 50% talking and 50% listening to domestic traffic. And I don't necessarily mean distant military exercises, they have their own FERRET SATS for that, I mean the Senator that's a bit too descriptive on his car phone etc etc. And please don't think the Russians are the bad boys, no sir, we do it just as much and just as well, if not a little better. Western monitoring technology being what it is!

The cheaper the radio, the greater the chances that the L.O. omissions
will be greater. Some domestic scanners put out a horrendous signal that can be detected streets away. So in future don't think that just because you're not transmitting, that no one can tell who, or on what frequency you are monitoring, because they CAN!

Ever read those dear BOB letters in the back of MT? "Dear Bob, why when cellular is on 800MHz does My ****** scanner also pick them up on 900Mhz?" The answer always comes back, "well fred, it's the old low I.F. giving false images" The rule of thumb is, the higher the first I.F., the greater the change of your receiver filtering out the false images, overloading and general crud found in cheapo scanners.

Once again that's about it. I could have gone much deeper into this subject, but I value my freedom too much. If you have an inquisitive nature, then try and think of some other ways this principle could be put to good use.



p.s. To those of you not in the know, TEMPEST is the military term used to describe case emissions from both civilian and military equipment used in the armed services. Take an ordinary computer, it's emissions can be picked up blocks away. In step's a tempest specialist. Case's are sprayed with nickel and coated in foil. All wires are screened. All cables are wrapped around ferrite rings. VDU screens have transluscent conductive film glued to them. Peripherals, especially printers get similar treatment, including soundproofing, this is because just like the unique signature made my a radio,
printers, especially dot matrix types are a real give-away. Finally,
the equipment is run through a series of stringent TEMPEST approval trials. If it passes then the military can buy it, and the specialist company has a  license to print money.

Remember, security Doesn't come cheap!

13 March 2019

Guns. Open thread.

I always like to bitch about M4 clones as it seems to be the default small arm of choice by certain types I often detest. Actually, I ran a CAR-15 clone as a homestead gun out west since most of the time I was dealing with feral dogs and coyotes at 200 yards max. Always had something .30 caliber nearby in case I needed to reach out further. Since they are illegal in my current state, I traded it before I moved back for a car, and a .410 shotgun for my wife. It was just a tool. In retrospect I should have bought one of those short Ruger bolt guns in .223 or that mag-fed Henry, but if you buy the Henry you might as well just get it in .243, no?

I've got a serious fetish for Enfields and especially lever guns. I suppose I was a Brooklyn Cowboy long before moving out west, but if all you're doing is going after is whitetail and black bear in the Northeast, what more do you need?

Not sure about the need, but I want something in .35 Remington.

Your turn. Keep it civil please.

Free Classes

This is for my New England readers.

I am a member of a hackerspace in Connecticut. You know the one.

I'm willing to do short free classes on various topics I'm semi-qualified to talk about. Like building simple antennas or basic RF test equipment.

The only cost would be a donation (as you see fit) to the space. A few bucks would do.

Unlike my out of state classes, which cost me some $$$ to set up, the overhead of doing a short class at the space is almost non-existent, and helping support them would be a good thing.

Let me know.

Day Job Work

I don't usually talk about what I do during the day, because compartmentalization is a good thing. With that said, I've worked or contracted in the past for Motorola, Raytheon, MCI, United Technologies, and General Dynamics to name a few. Most of the time it had to do with electronic communications, a few times doing working on some minor defense projects.  All those gigs BTW were decades ago, and of minor consequence in the grand scheme of things now. I was also offered, but did not accept, a job working for Kurt Saxon. 

So here is what I'm currently working with:

Tiny Linux computers for embedded applications.

The development kit is a little spendy, and this isn't a recommendation.  However you are now aware of something maybe new to you. This is something you might find on some retired engineer's estate table at a hamfest. They are also in a common electronic device used by many corporations, so you will find them in the wild.

I'll leave potential applications of a really tiny Linux computer up to your imagination.

12 March 2019

It was all really about the tech.

I started this thing, originally, in 1990.  It has only been for about the past 4-5 years that I worked on the experiment that has been known as "Sparks31."

Sparks31 originally started because I wrote a couple small articles for the SFU, having met one of the editors of The Resistor through a third party, whose ODA I taught how to phone phreak back in 2001 or so during one very cool drill weekend.

"Sparks" is the nickname of a radio operator. "31" was the Army Signal Corps MOS identifier, although the people who fix the radios are actually in the Ordinance Corps. Since "Sparks" is too common a moniker, it became "Sparks31."

In the past 4-5 years I met a lot of cool people. I also met a lot of asshats. I was thrown into a bitchfest between certain bloggers back in 2014-15 who all wanted me to pick a side. My advice at the time to all of them at the time was to ignore the others and concentrate on their own stuff, which they promptly disregarded.  I had the Oathkeepers come to my classes so they could reuse my material without so much as a thank you or giving me credit. I've had people attempt to discuss illegal matters in my class, resulting in me having to say at the beginning of each class, "Don't say anything in this class you wouldn't repeat under oath on a witness stand."

I'm glad I'm almost done with throwing 30 years worth of pearls at swine. All that's left are two more classes, a book, and Signal-3, which will resume under a different name. To those of you who were cool enough to support me and patiently wait for the next release, thank you! If your email has changed over the years please let me know. If you think the new format is going to offend your sensibilities, email me and I'll send you a refund for the remaining subscription. Likewise, if you signed up for a class and now want a refund, let me know and I'll make it happen.

If you want basic comms stuff, go find an elmer at a local ham club. If you live within driving distance of Waterbury, CT you can come to my free basic classes at the local hackerspace and I'll be your elmer. If you want more experimental R&D type learning, come to my class. If you're really smart, but poor, get in touch with me and I'll help you out.

You know, in retrospect, the pirate radio operators I knew who were affiliated with the anarchist scene in NYC in the late 1980s/early 1990s were a hell of a lot cooler, less uptight, and had their act together better than most of the threepers, oathkeepers, and other similar types I've come across as of late. They were at least willing to look outside their paradigm. Hell, my fellow EHS classmates to a person were cooler and had their act together better. I could at least have a beer and intelligent conversation with them.

Anyway, I don't want to end this post on a sour note, so here is some SDR info.

From what I have seen, the top two contenders for wideband SDR transceivers are the HackRFOne and the LimeSDR. So, for those of you considering one those are the two you'll probably want to look at.

There might be others that are just as good. Look around.

Most of my "weak signal" ham buddies have picked the LimeSDR. FWIW, I have a HackRFOne because one of my cooler students swapped it for a class slot. I think either one would be a good choice for you, the reader, because they both have a lot of hobbyist support.

If you have one of these, you should at least have a Tech class ham license so you have some spectrum to legally play in with it.

Finally, please note new blog address.


11 March 2019


A simple chip to work with, although only good up to 3 MHz or so. Hobbyist reports indicate the sensitivity may still be adequate enough above 3 MHz. to hear some of the higher-powered shortwave broadcasters.

Google it.

This would be a good place for a beginner to start.

Or someone ready to do real radio and roll their own gear.

Finding Learning Tools at Target

I visited a Target store a couple days ago, and found these while wandering through the electronics section:

Three different RaspberryPi kits. Walk in, pay with anonymous cash, and it's yours.

When I started learning about computers, it was with a 2K Timex Sinclair 1000 that cost $100 in 1983 money. Now you can get something orders of (the) magnitude better for a third of the cost, in 2019 money.

Why is this important?

If you are serious about state-of-the-art electronic communications systems for ultimate future use, and want to start with self-study, this is one of the platforms I recommend. Several hobbyists have mated this with various SDRs, and you can find their work via a Google search.

This is an example of the stuff I'll be teaching at upcoming classes. When the instructor has over 30 years of professional and hobbyist experience, you can expect significantly more than a weekend of basic stuff that you can learn by joining your local ham club, participating in Field Day, and keeping your mouth shut. If you do need help with that stuff because you can't find a good elmer,, come to one of my free basic classes in Connecticut and I'll be your Elmer.

Or you can be like this guy.

Don't be that guy. Be this guy instead.
Because applied knowledge is power.
I know. Dressing like a real-world human being and learning about specialized electronics isn't as sexy as strapping on an M4orgey with all the assorted tactical fooferaw and getting in some camerman's face, armed with something that it easily outclassed in the high desert by a common varmint rifle, let alone an M24 in capable hands.

09 March 2019

Lynchburg, VA Sparks31 Class - June 1-2, 2019

Sparks31 Technology, Communications, and Intelligence (TICOM) Class

Lynchburg, VA
June 1-2, 2019

This intensive two-day class covers instruction on Technology, Intelligence, and Communications. Subject matter includes intelligence preparation to support SIGINT, signals & communications intelligence (SIGINT & COMINT), open source intelligence (OSINT), communications systems available for groups and individuals, communications interoperability, electronic surveillance systems/countermeasures, and related support technology.

Learn how to identify your intelligence requirements, how to really identify and then bypass "fake news" as it applies to your intelligence requirements, collect intelligence information via SIGINT, COMINT, & OSINT, what communications services/systems are available to you & the advantages/disadvantages of each, and how to interoperate with ad hoc assemblies of groups and individuals in a "come as you are" scenario.

This is a class suitable for both renaissance individuals looking to expand their skill base, or a group's "go-to" person for tech-type stuff. No equipment is required to attend, but attendees are encouraged to "come as you are" with whatever gear you have. You will have an opportunity to play with it Saturday night and Sunday, iron out bugs, and see how well you can interoperate with others. Otherwise, this class is best for people who have some electronic communications and tech experience as we get into some advanced material.

The early bird rate (expires April 1st, 2019) for this class is $300 for individuals, $500 for two people. I encourage you to bring your spouse, significant other, war buddy, or whomever to come learn with you. Enroll via