A Comparison Of Hacker Friendly SDRs

In the market for a software defined radio? [Taylor Killian] wrote a comprehensive comparison of several models that are within the price range of amateurs and hobbyists.

You can get started with SDR using a $20 TV tuner card, but there’s a lot of limitations. These cards only work as receivers, are limited to a small chunk of the radio spectrum, and have limited bandwidth and sample rates. The new SDRs on the market, including the bladeRF, HackRF, and USRP offerings are purpose built for SDR experimentation. You might want an SDR to set up a cellular base station at Burning Man, scan Police and Fire radio channels, or to track ships.

[Taylor] breaks down the various specifications of each radio, and discusses the components used in each SDR in depth. In the end, the choice depends on what you want to do and how much you’re willing to spend. This breakdown should help you choose a hacker friendly SDR.

61 thoughts on “A Comparison Of Hacker Friendly SDRs

    1. I’ve been looking for a comparison since HackRF went kickstarter the other day and I missed out. Don’t know of another site where I can park and wait for a post like this.

    1. It’s similar to why software is almost always more flexible than hardware: reprogrammability and universality. With a non-software tuner, you’re limited to one swath of frequencies, since the tuner has to be designed for them. With sdr, you get a huge range of spectrum, almost all practically useful spectrum (except the very lower end for now, just how low depending on the sdr). You could build sniffers for any wireless technology, receivers, transmitters (mind the law there), and also use your computer to analyze the spectrum (i.e., view a spectrogram). They’re commercially useful, too. Sprint is replacing all of their tower radios with sdr, so if they launch a new wireless technology, even on a different band, in the future, they can do it with a firmware update.

    2. I allows you to have software that uses radio as data, for instance there is a program that draws a map then captures all the codes planes send out and draws them on a map for a life tracking of airtraffic around you as seen by trafficcontrollers.
      And there are also programs that use the data captured from satellites like weathermaps and such.
      Basically it enabled life processing that would not be possible otherwise

    3. http://websdr.ewi.utwente.nl:8901

      go check that out. play around, listen to some radio. hear all the different stations that one device is recieving (there’s a ton of ’em). Once you see how cool that is, scroll down a little more. Look and see how many users are currently listening. (when I went, it was 49). Think about that: there are 49 people, listening to 49 different radio stations at the same time, all using that one single radio.

      SDR is very powerful. It is very likely that if something uses a frequency in the range of what the SDR is capable of, the SDR can decode it. Different channel bandwidths, like wifi? Easy. Channel hopping, like bluetooth. Doable. It can also be made into a passive sniffer, or even an active man in the middle attack.

      These things are so incredibly versatile that asking if there’s anything useful that can be done with them shows an extreme lack of knowledge of SDR, and it is really stupid do imply these are useless when you know so little about them.

      1. I guess I am stupid. Decoding data from frequency hopping transmitters (Bluetooth) seems pretty niche. Tuning in to all the other stuff seems like a scanner could do it. I’m highly familiar with radio. I just find it interesting that people jump on the SDR wagon intending general consumption, when in reality it seems like there are far less expensive and far simpler radio setups which can do the things that it seems most people may be interested in. Again, I’m familiar with SDR and impressed by emerging developments – I just don’t see it being something most people would benefit (or be interested) in owning as compared to simpler cheaper radio receivers. Help me understand! Thanks for your input

        1. You seem to have glossed over being able to transmit in your reasoning.

          Even as a receiver, it’s a question of versatility and bandwidth. Scanners don’t have wide bandwidth and much of what they do is fixed. If it’s not FM, NFM, AM, LSB or USB you are probably stuffed.

          SDR doesn’t care about the modulation – you can decode it in software.

          FHSS isn’t niche at all. It’s used for lots of different systems. An SDR allows you too capture the entire band and work out the hopping sequence using that, rather than with most receivers that require retuning to scan the band.

        2. The cheaper argument has some merit, seeing that this article talks about ‘cheap/affordable’ and then mean between $300 up to $1100, and $1100 doesn’t seem that cheap, especially in this age of ready-made complex very fast chips and GHz transistors by the boatload, I don’t quite see why they have to get to $1100 really.

          1. If you look at the BOM for any of these, I don’t think huge profits are being made. Fast ADCs and DACs aren’t cheap, decent RF front ends aren’t cheap, they need powerful microcontrollers which aren’t cheap, and the very expensive ones have a huge chunk of their cost wrapped up in a massive FPGA to perform fast operations on data from the ADC.

            The Ettus boards need that kind of power to deal with WiFi MIMO and act as cell stations.

          2. Why would fast ADCs cheap? What would you use them for, what would drive demand that would bring economies of scale? Hint, it would probably look a lot like software defined radio.

            It is a growing market, but still relatively small. Small markets have smaller economies of scale. Current manufacturing technology carries a particular premium for smaller run components.

            Also, you seem to be glossing over the fact that analog circuits aren’t really subject to Moore’s law. Did you know that Canon is still building image sensors on fabs with feature sizes that would be considered ancient in the digital world?

        3. There’s more and more hi-tec radio appearing in people’s pockets, month by month. The ISM band’s bursting with new and old ideas. One of the big advantages of SDR, is it supports standards and methods that haven’t been thought of yet!

          It’s much easier to write and share new software for a radio, than it would be to distribute bags of components and new PCBs. And RF designs aren’t always designed with modification in mind, especially not stuff with GHz of range!

          I read on here one of the cellular (IIRC) carriers is implementing SDR in all their base stations. If they have the range, the sensitivity, and enough CPU power, then rolling out 5G and 6G could be simple as just transmitting them some new software. In practice it might be a bit more than that, but the point of SDR is it’s versatility. That, and one day somebody noticed that CPU clock speeds were getting into the VHF range.

  1. Me thinks it’s the same reason that some hackers are lock picking adept. It’s not that they will ever steal anything, rather it’s just some control freak saying “No, you can’t!” and the hacker replying “Yes I can!”. The federal gov control freaks prohibit retailers from selling receivers which can pick up what they say are Forbidden Frequencies. With an SDR, the hacker says “Yes I can!”, even though he probably never will. Anyways, that’s my theory. . .

    1. It has nothing to do with picking up frequencies. In the US, there is only one frequency band that it’s illegal to sell a receiver capable of receiving, the one used for the old analog cellular AMPS cellular phones, that’s no longer in use. Other than that, receivers are available for any frequency. Even transmitters are not controlled devices in the US (but of course their use is), you can go to any online ham radio store and buy one. Ham licenses aren’t checked nor required to be.

      The benefits of sdr are purely technical and economic. You can now get access to most of the spectrum (again, speaking technically and not legally) for very little money compared to pre-sdr.

  2. I wonder how these guys making these things get around the FCC? Under the law if it transmits I believe you are allowed to build up to 5 devices without FCC testing and approval (provided it complies with the rules). Build more than that then it must be tested and approved in each configuration it is to be used. With SDR that could be billions of configurations. Also note that even kit sales must be FCC approved.

  3. Why are there no SDR’s that go from DC to say 100MHz, what is the problem with the lower frequencies ?

    I’m am curious as to why the lower end of the frequency range for SDR devices is always like 10,30,50,300MHz.

    Ok, I get that with radio signals that you are looking to detect microvolts and nanowatts, which is not easy.

    Is it because there is so much Electromagnetic interference at low frequencies that you would need a massive dynamic range (1464 bit ADC)
    Does the quadrature sampling detector have a lower frequency limit. Does the non-linear charge/discharge curves of the four sampling capacitors becomes an issue at lower frequencies ?

      1. As with all commentsections, it strips some stuff and has some commands to enhance things.
        Square bracketed b and slash-b was bold I think? Let me test if it works [b]test[b/]

        1. Yep, that was it, LT and GT with b and slash b, hard to keep every site’s specifics in mind So looking up the old info I get the following supported commands:
          XHTML: You can use these tags:
          a href=”” title=”” rel=””
          abbr title=””
          acronym title=””
          blockquote cite=””
          del datetime=””
          q cite=””

    1. There are upconverters which service this particular segment of the spectrum, such as the HamItUp or the CT1FFU design, of which there are a few variants. These can be connected to any radio capable of tuning in the 100MHz range, for example an RTL3283-based DVB-T stick or an original FunCube Dongle Pro, though whatever you connect it to must be capable of demodulating AM in that band, so a regular FM radio won’t do.

      There are also RTL-based sticks available with basic upconverters hacked into them like KN0CK’s modified RTL dongle. The FunCube Dongle Pro+ will also go down to ~150kHz, though being based on a soundcard type interface it has a smaller concurrent bandwidth than the RTL-based options, but it does include better filtering. So there are indeed options which handle the range you’re after, and not necessarily that expensive either, you can pick up a HamItUp and RTL2832 dongle for about $60 when you include the necessary adapters to connect the two.

      1. Thank you, I do know that things like ham-it-up exist. What I’m asking is “why” no SDR’s by default go from DC to say 10MHz ? There has to be a technical reason, I am curious as to what that reason is.

        1. It’s hard to cover that kind of range. DC has a (theoretically) infinite wavelength, 10MHz has a wavelength of 30M. Even SDRs have an analog component to them, and this is going to limit the possible bandwith with the device. There are tricks to increasing the bandwith. For examples of this, compare an older HF rig that covers just one or two bands (or you have to switch between bands) with a modern HF rig that has continuous coverage. Also, these boards are based around various commercially produced SDR chips. Their coverage range will vary based on the chip, and it’s relatively easy to make a transverter that will shift the frequency, and the higher the frequency, the wider the bandwith can be made reasonably easily. Also, the manufacturers of these chips look at where they can sell them. This means commercial uses. There’s a lot more commercial uses in VHF/UHF/SHF than there are in LF/MF/HF

        2. The closer you get to DC, the harder things get. DC bias voltages can do horrible things to the input circuitry of an ADC.
          Then there’s mains hum. That 50 or 60 Hertz mains radiating out of the power cables in your walls is a lot closer than the radio signal you’re chasing. Yes, you can talk about Spurious Free Dynamic Range – but it’s a lot easier just to choke off anything below about 500 KHz (start of AM band).
          To cover the HF spectrum (3 – 30MHz) you could get away with an ADC running at 60MHz, but higher is better. Let’s say 120MHz, with a high pass filter cutting out stuff below 500KHz, and a low pass attenuating stuff over 30MHz. That’s possible.
          BUT THEN – you get people who want higher and higher frequencies. Someone designs a chip to cater for them, and everything we just designed gets thrown out the window. You can have a cheap chip that doesn’t do what you want, or you can design it all yourself.
          FWIW – yes, I’m designing an SDR receiver board. It’s an ADC running at 120MHz, feeding an FPGA which cuts the data down to USB2 – compatible size. And the combination of analog & digital is pushing my humble skills to their limit.

          1. Cutting out everything below 500kHz is one way but there are interesting things below there, RFID is one that comes to mind.

            I am more interested in seeing what is in the lower frequency bands. And I am also toying with the idea to make an SDR receiver.

            So what I was thinking was to band pass filter each range that I was interested in and then oversample as much as I can.

            I was thinking of Oversampling for higher resolution (better SNR)

            And maybe even using a bunch (2/4/8/16) of really cheap ADC’s interleaved to increase the sample rate.

            “And the combination of analog & digital is pushing my humble skills to their limit.” – so true.

    1. Why would you want to ? A jammer could cause someone to die. e.g. someone has a medical emergency (heart attack/drown/…) within range of the jammer and no one can call for an ambulance. You could technically be responsible for murder using a jammer.

      1. Looking at the site you gave the jammer’s output power is 1W (high bands) and .3W (low bands). If the SDR is getting its power from USB 5v/500mA, and considering the complexity of the circuit, I honestly can’t see them outputting more than a few miliwatts of RF power.

        1. Whilst there are many sensible reasons for and against building a jammer, this one is pretty silly.

          Many people rely on their mobile phones now – we don’t have a land line. Jamming could mean that we had no way to call for help.

          But comparing it to a time before mobile phones is pretty silly. Mobiles do make it easier and quicker to communicate in an emergency. Taking that away could harm people.

          1. Oh noes Mr. Whiteknight, an insignificant number of people every year could be harmed!!! I bet you dont drive a car too, because it is more likely to kill you than a firearm. I bet you dont take any medications out of fear of a lethal side effect. I bet you dont go out side out of fear of getting skin cancer.

          2. @Matt, that’s ridiculous. Jamming is an intentional act, a car accident is a possible side effect of driving. Do you go outside with a gun and just spray rounds, because an insignificant number of people might be harmed? What a stupid thing to say.

  4. What’s with the micro USB connector on both the Ettus B200 and bladeRF? It’s just waiting to be torn off, running the whole board. I wonder why they didn’t use a standard 3.0 B connector?

  5. Not for anything but I’m not gonna drop $300+ for one of these. The prices need to come WAY down. Besides, if I’m gonna spend that kind of money I’m going to get the Red Pitaya instead. Much more useful to me.

    1. They are completely different devices though. SDR allows receive and transmit up to several GHz. Red Pitaya does direct sampling at much lower frequencies and is being pitched as test equipment,

      $300 to receive and transmit pretty much any frequency I want is peanuts. My scanner cost more than that.

        1. Indeed – and if you are happy with that you don’t need SDR.

          I am interested in monitoring FHSS signals from burglar alarms. Currently I use CC1110 chips, pushing them to hop quicker than they are meant to so I can scan all the possible frequencies quickly enough. It still limits me – the timings mean I haven’t got the new frequency until the end of the pre-amble and sync word. With HackRF I will be able to just receive the entire band and see the hopping sequence outright.

          I can also transmit under the control of a microcontroller to perform active attacks against the system. The freedom I have here is huge.

        2. You have to understand, while software radio has seen some amateur radio adoption that in no way the target market for these platforms. There is an overlap in capabilities, which is great and all, but these platforms (certainly the B2xx and for the most part the bladeRF) were made for MUCH more advanced applications than amateur radio.

          If your VX-7R meets your needs, these products were not marketed at you.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.