Getting Started with Radio Hacking – Part 2 – Listening to FM using RTL-SDR and GQRX

Hello Everyone.

Welcome to the 2nd post in Radio Hacking series. I hope you have gone through the 1st part. If not please check Part-1. Also, I hope you have installed GQRX on your PC/LAPTOP. Let’s start.

What we will learn – In this post, we will learn how to use GQRX along with RTL-SDR. We will be using RTL-SDR to receive FM signal for listening  a song.

Tools – We will use RTL-SDR and GQRX. Please install GQRX on your PC/LAPTOP.

What is RTL-SDR – RTL-SDR is a cheap USB dongle which can be used for “RECEIVING” Radio Signal. In our case, it will capture the FM signal. It’s price is around $20. RTL-SDR is also referred as RTL2832U, DVB-T SDR, RTL dongle or the “$20 Software Defined Radio”. There are many other software defined radios better than the RTL-SDR, but they all come at a higher price.

RTL-SDR looks like this –


RTL-SDR Frequency Range – RTL-SDR can receive any frequency within the range 52Mhz-2200Mhz. Thus, any radio signal being transmitted within the frequency range of 52Mhz-2200Mhz can be intercepted/received by RTL-SDR.

Process – To receive the data being sent by the FM channel – we need a receiver to receive the radio signal and a software to demodulate the data received in radio signal. Thus majorly 2 things are involved – receiving radio signal and demodulating the radio signal for extracting the data present in it. To receive the radio signal we will use RTL-SDR and to demodulate the received radio signal we will use GQRX. I hope roles of RTL-SDR and GQRX is clear.

Plug in your rtl-sdr into one of the USB port. To check whether it has been detected, run rtl_test command and if you see the output as shown below it means your rtl-sdr has been detected and is ready to use.

Press Ctrl+C to stop the test.

Start GQRX and you should see the screen as shown

The first step is to select the RTL-SDR as I/O device in GQRX. With this done, we can instruct RTL-SDR to listen to a particular frequency using GQRX. To do this, click on the green icon for selecting the RTL-SDR device as shown below. In the screenshot shown below – device name is RTL2838UHIDIRS. The name refers to RTL-SDR device and rest of the options can be left as is.

Now we have to turn on the capturing of Radio Signals. For that, click on the white icon(next to the green one) and the screen should look like this –

As seen, 144.50 is the frequency at which the RTL-SDR is tuned to or listening. Since we have to listen to an FM channel, we should tune RTL-SDR between 88-108Mhz(FM bandwith). Click on 144.50 and change it to 93.5Mhz for listening a song as shown –

As seen above, we are listening to 93.5 Mhz. The red line points to 93.5 as seen. Just below that, we can see densely populated yellow color lines. It actually represents data. I mean if at a particular channel some information/data is received, then it is represented in the form of yellow lines. This kind of representation is called as waterfall sink.

Are you able to listen to  a song???

No. Right ??

I know you are not able to listen to a song now. This is because, we have not demodulated the FM signal. To do that, select the mode on the right side as WFM(stereo) and increase the gain(in the bottom right corner) accordingly to listen to a song clearly. The essential settings have been shown below –

So, this is how you listen to any radio signal using RTL-SDR and GQRX. I know this was pretty easy to do. Just a few settings and you are done. In reality, we have to process the signal manually using different blocks. For that we have to use GNURadio. In the next part, I will show you how to process the Radio Signal manually using GNURadio. In that we will learn how to demodulate the FM signal manually for listening a song. This will give you an idea of what happpens in the background and how the signal is processed when we use GQRX  for listening a song.

That’s it for this post guys. See you in the next post.If you have any issue/doubt please comment.

By Nitesh Malviya

The author works as Security Consultant at Payatu Technologies.You can connect with Nitesh on Linkedin and Twitter

Payatu Labs offers quality IoT penetration testing services and Practical IoT Hacking training worldwide. If you are interested in corporate training or security testing of your IoT products, kindly get in touch with us – info [_a t_] payatu DOT com.

Leave a Reply

Your email address will not be published. Required fields are marked *

11 + nine =