Oscillator Design by Simulation

[Craig] wanted to build a 19.2 MHz crystal oscillator. He knew he wanted a Pierce oscillator, but he also knew that getting a good design is often a matter of trial and error. He used a 30-day trial of a professional simulation package, Genesys from Keysight, to look at the oscillator’s performance without having to build anything. He not only did a nice write up about his experience, but he also did a great video walkthrough (see below).

The tool generates a sample schematic, although [Craig] deleted it and put his own design into the simulator. By running simulations, he was able to look at the oscillator’s performance. His first cut showed that the circuit didn’t meet the Barkhausen criteria and shouldn’t oscillate. Unfortunately, his prototype did, in fact, oscillate.

Continue reading “Oscillator Design by Simulation”

Licence-Exempt Network Has High Ambitions

It’s safe to say that the Internet of Things is high on the list of buzzwords du jour. It was last seen rapidly ascending towards the Peak of Inflated Expectations on the Gartner Hype Cycle, and it seems that every startup you encounter these days is trying to place an IoT spin on their offering. Behind all the hype though lie some interesting wireless technologies for cheaply making very small microprocessors talk to each other and to the wider world.

Today we’d like to draw your attention to another wireless technology that might be of interest to Hackaday readers working in this area. UKHASnet is a wireless network developed from within the UK high-altitude ballooning community that uses cheap licence-exempt 868MHz radio modules in Europe and 915MHz in the Americas. The modules they are using have a surprisingly usable power output for licence exempt kit at 100mW, so the system has been designed for extensibility and bridging through nodes mounted on balloons, multirotors, or even seaborne buoys.

All UKHASnet packets are sent as human-readable plaintext ASCII, and the system borrows some of the features of amateur radio’s APRS. All packets are considered unreliable, all nodes repeat the packets they receive with their own node ID appended, and there are gateway nodes that make the packets available to the internet. There is a repeat number built into each packet to stop packets continuing ad infinitum.

Building a node is a simple process, requiring only the radio module, a microcontroller, and a battery. As examples they provide an implementation for the Arduino, and one for the LPC810 microcontroller. Their preferred radio module is the HopeRF RFM69HW, however the system will be capable of running on other modules of the same type.

So far the UKHASnet people have proven the system over a 65km range, created nodes on the sea, attached it to quadcopters, and built a host of other nodes.

This network differs from its commercial counterparts in that it has no proprietary IP or licencing from a standards body. And despite the name, you don’t have to be in the UK to use it. All data is in the clear, and thus it is likely that you won’t see it in mass-market commercial products. But it is exactly these features that are likely to make it attractive to the maker community. Your scribe will probably not be the only person who goes away from this article to suggest that their local hackspace finds the space for a UKHASnet node.

This is the first time we’ve featured UKHASnet here at Hackaday. Plenty of projects using licence-free radio modules have made it onto these pages, though, including this extreme-range remote controller for model aircraft, and this weather station sensor network that could have probably found UKHASnet useful had its creator had it to hand.

Tiny Raspberry Pi Shield for High-Quality RF Signals

Among its many tricks, the Raspberry Pi is capable of putting clock signals signal out on its GPIO pins, and that turns out to be just the thing for synthesizing RF signals in the amateur radio bands. What [Zoltan] realized, though, is that the resulting signals are pretty dirty, so he came up with a clever Pi shield for RF signal conditioning that turns a Pi into a quality low-power transmitter.

[Zoltan] stuffed a bandpass filter for broadband noise, a low-pass filter for harmonics, and a power amplifier to beef up the signal a bit into a tiny shield that is cleverly engineered to fit any version of the Pi. Even with the power amplifier, the resulting transmitter is still squarely in the realm of QRP, and the shield is optimized for use as a WSPR beacon on the 20-meter band. But there’s plenty of Pi software available to let hams try other modes, including CW, FM, SSB, and even SSTV, and other signal conditioning hardware for different bands.

Yes, these are commercially available products, but even if you’re not in the market for a shield like this, or if you want to roll your own, there’s a lot to learn from [Zoltan]’s presentation at the 2015 TAPR Digital Communications Conference (long video below). He discusses the difficulties encountered getting a low-profile shield to be compatible with every version of the Pi, and the design constraints that led to the decision to use SMT components.

Continue reading “Tiny Raspberry Pi Shield for High-Quality RF Signals”

ARM Board Transmits FM

There is more than a casual link between computer people and musicians. Computers have created music since 1961 when an IBM7094 sang the song Daisy Bell (later inspiring another computer, the HAL 9000, to do the same).

[Vinod.S] wanted to create music on an STM32F407 Discovery board, but he also wanted it to play on his FM radio. He did it, and his technique was surprising and straightforward. The key is that the ARM processor on the Discovery board uses an 8MHz crystal, but internally (using a phase-locked loop, or PLL) it produces a 100MHz system clock. This happens to be right in the middle of the FM radio band. Bringing that signal back out of the chip on a spare output pin gives you the FM carrier.

That’s simple, but a carrier all by itself isn’t sufficient. You need to FM modulate the carrier. [Vinod.S] did the music playback in the usual way and fed the analog signal via a resistor to the crystal. With some experimentation, he found a value that would pull the crystal frequency enough that when multiplied up to 100MHz, it would produce the desired amount of FM deviation. You can see a video of the whole thing in action, below.

Continue reading “ARM Board Transmits FM”

How Low Can You Go? The World of QRP Operation

Newly minted hams like me generally find themselves asking, “What now?” after getting their tickets. Amateur radio has a lot of different sub-disciplines, ranging from volunteering for public service gigs to contesting, the closest thing the hobby has to a full-contact sport. But as I explore my options in the world of ham radio, I keep coming back to the one discipline that seems like the purest technical expression of the art and science of radio communication – low-power operation, or what’s known to hams as QRP. With QRP you can literally talk with someone across the planet on less power than it takes to run a night-light using a radio you built in an Altoids tin. Now that’s a challenge I can sink my teeth into.

Continue reading “How Low Can You Go? The World of QRP Operation”

Triple Threat RTL-SDR System Reads Trunked Radio

In the old days, if you wanted to listen to police, fire, or other two-way radio users, you didn’t need much more than a simple receiver. Today, you are more likely to need something a little more exotic thanks to the adoption of trunked radio systems. To pick up the control channels and all the threads of a talk group conversation, you might need a wide bandwidth receiver.

[Luke Berndt] found he needed 6 MHz to monitor the stations he wanted to hear. This is easily in the reach of dedicated software defined radios (SDR). However, [Luke] wanted to use cheap RTL-SDRs and their bandwidth is about 2 MHz. The obvious hacker solution? Use three of them!

If you haven’t looked at a trunked system before, it essentially allows a large number of users to share a relatively small number of channels. When someone wants to talk, they move to an unused channel just for that transmission. Suppose Alice asks Bob a question that happens to be on channel 12. Bob’s reply might be on channel 4. A follow up from Alice could be on channel 3.

In practice, this means that receiving the signal isn’t difficult to decode. It is just difficult to find (and follow as it jumps around). This is an excellent job for multiple SDRs and the approach even reduces the burden on the CPU, which doesn’t have to decode signals that aren’t essential to the conversation.

[Luke] includes source code and also notes how to change the serial numbers of the dongles since each has to be unique. We have seen so many great projects with the RTL-SDR that it is hard to choose our favorite. It is especially great knowing that the dongle was only meant to receive television, and all these projects are hacks in the best sense of the word.

Thanks [WA5RRior] for the tip.

RF Hacking: How-To Bypass Rolling Codes

The RF signal transmitted from a modern key fob and received by the associated vehicle is only used once. If the vehicle sees the same code again it rejects the command, however there is a loophole in those carefully chosen words. The code must be received by the vehicle’s computer before it can be added to the list of spent codes. [AndrewMohawk] goes through the process of intercepting a code sent from a key fob transmitter and preventing the vehicle from receiving it in a thorough post to his blog. You can see this attack working in his studio quality reenactment video after the break.

[Andrew] uses the YARD Stick One (YS1) which is a sub-GHz wireless tool that is controlled from a computer. The YS1 uses RfCat firmware, which is an interactive python shell that acts as the controller for the wireless transceiver.

This system is not without its problems: different frequencies are often used for different commands, [Andrew]’s scripts are designed to work with On-Off keying (OOK) leaving it useless when attacking a system that uses Frequency-Shift Keying (FSK). There is also the issue of rendering a target key fob non-functional but you’ll have to pop over to [Andrew]’s blog to read more about that.

Continue reading “RF Hacking: How-To Bypass Rolling Codes”