A LoRa project has traditionally required a dedicated radio module, because it’s a commercially licenced protocol. But as the way it works has been progressively reverse engineered, it’s become ever more possible to produce a LoRA radio for yourself. But what about a LoRA radio without a radio at all? [CNLohr] has managed just that, by driving a microcontroller pin and relying on one of its harmonics to provide enough RF to be received by a LoRA gateway.
The video below the break goes into the process in great detail, revealing some of the tricks. Undersampling to create intentional aliasing for example allows subharmonic peaks to be produced in unexpected places. Most of the development is performed on Espressif microcontrollers, but as the code is optimised it becomes possible to use it on much more modest silicon. The dirt cheap CH32V003 RISC-V microcontroller for example can be a LoRA transmitter able to talk to a gateway at a range of hundreds of metres with the CH32 and 2.5km with the ESP32. The code can be found in this GitHub repository.
The CH32 can’t receive of course, and it relies on barfing harmonics all over the spectrum to work. But on the other hand its total RF output is so tiny that we’re guessing a filter for the LoRA band might even make it almost legal. He’s got a little way to go before beating the record though.
Very interesting to see how LoRA works, fundamentally. This tech is way ahead of its time, even if the transmit signal is weak, dirty, messages still pulls through.
You’d expect the receiver front end to include a bandpass filter of some sort which would stop the out of band signals so there’s no real reason a ‘dirty’ signal would be any less effective than a carefuly filtered one from a proper radio module as long as the content is correct.
Good thing those are so cheap.
https://youtu.be/L8jmHtfVmPY
LoRa actually isn’t special in any way really. At the end of the day, you are just limited by the Shannon limit. The FEC is actually very weak in LoRa so the receiver sensitivity isn’t as good as it should actually be if it were state of the art. It is just a relatively poor spread spectrum PHY protocol. Other spread spectrum protocols exist that perform better.
LoRa just happens to be a patented protocol that is relatively widely accepted.
Every circuit can be a radio (or a smoke machine) if you operate it wrong enough.
I will print on a tshirt
You forgot “or a light-source” and “or a heat-source”. :D
Ok, tbh, light and heat can be considered radiation, and so light- and heat-sources can be considered to be radios.
This little radiation of mine, I’m going to let it shine….
That said, suppose I wanted to connect two Arduino Unos over a couple meters for a simple demo.
The simple way to transmit is to put out a couple MHz square wave out of the timer PWM pin and briefly connect that to ground using another pin to “modulate” it. Connect a tuned antenna in the circuit and you’ve got transmission (all over the spectrum).
But how to receive it on the second Arduino in the simplest possible way?
Heinrich Hertz’ radio receiver was very simple; much simpler than the transmitter: it was a ring of wire with a spark gap in it. The simplest receiver today might be a few loops of wire with an LED across the ends. Haven’t tried it myself, but I’ve seen baubles made to adhere on cell phones that light up whenever the phone is transmitting, that were essentially this, with maybe a parallel capacitor to make it a tuned circuit. But you want to be able to detect it with the receiving Arduino. Well, the digital inputs on AVR microcontrollers are pretty high impedance, so you only need voltage, not much current at all. This can be done by using more turns on the coil, and a correspondingly smaller capacitor in the tuned circuit. Be prepared to experiment, for the size and number of loops, and size of capacitor. Connect one input to ground and the other to an I/O pin. But to prevent blowing up the input transistors, you need a pair of diodes to clamp the signal to ground and Vdd, preferably Schottky diodes. These are really cheap, as they are used everywhere for protecting input pins that face the real world. No detector needed, since this should just present square waves to the input pin, and it’s just a matter of either enabling the interrupt on that pin, or just reading the pin in a loop.
“briefly connect that to ground using another pin to “modulate” it.” You know you can do that in software, right?
Yes. Toggling the pin is done is software.
The usual way is actually to set the pin up as an input, and then toggle the PORTx register to switch the pull-up on and off, which changes the loading on the antenna circuit. That’s a one cycle operation, and you get to keep the oscillator on, so the carrier stays phase coherent and you get “proper” AM instead of simple OOK. Using more pins lets you modulate the signal at different levels, sending more bits per symbol and even coarse audio that you can hear out of a portable radio.
Of course you can just turn the clock to the timer on and off.
Okay, I see what you’re saying. I had no idea you were intending to maintain the phase of the carrier, and I’m not sure what the point of that would be anyway, unless you’re trying to recover the actual RF waveform as a digital signal. Which requires a lot of bandwidth to capture, anyway. I mean, to get a reasonable square wave out, you need at least the third harmonic to be present, so your square wave of “a couple” MHz, and we’ll just call that 2 MHz for argument, means that your receiver would have to pick up both the 2 MHz fundamental and the 6 MHz 3rd harmonic. You’re better off if you modulate your carrier. That is, you have a 2 MHz (again, just for the sake of argument) timer and you turn it on and off at a 1 kHz rate, you require a lot less bandwidth now because you only have to pick up the 2 MHz carrier and the sideband components at 1.997, 1.999, 2.001, and 2.003 MHz. And it no longer matters if your carrier is coherent.
This technique sounds like it would be more useful for airgap-jumping data exfiltration than anything else.
That’s why “airgap” is a bad term to use when considering security, since it implies that isolating your system electrically is sufficient for a high level of security.
i didn’t like the headline. it is not “with no radio”, it is “with a simple radio.” surprisingly simple radios are neat hacks in their own right. no reason to describe them incorrectly.
“…with no special radio hardware.”
As for spewing RF noise, at least add a SAW filter between the pin and the wire/antenna. They are cheap and plentiful for the ISM bands, readily available from your preferred distributor.
The tiny wire antenna they’re using is much shorter than the fundamental, so there’s your filter.
That still doesn’t filter out the higher harmonics.
The low ISM frequencies are chosen by a harmonic series, so the spurious emissions happen on another ISM frequency, but on the 868 or 915 Mhz frequencies that LoRa uses, the next even harmonic frequency up lands somewhere in the cellphone bands and that can get you in trouble.
It is always heartwarming to see the gatekeepers and hall monitors come out to encourage innovation and exploration.
The PIrate Radio project of some years back is much like this. Jiggle a pinout to the right freq and the world is your oyster. LORA holds the promise of low cost and adaptable communications where and when you need it, not just when and where you r are told to need it.
Good stuff, more like it.
This project is the transmitter. Combine that with the breadboard sdr (https://hackaday.com/blog/?s=Sdr) and a full transceiver.
So this is no longer LoRa, but SoRa or even ZeRa.
I like that:
“What kind of range do you get with that setup?”
“Sigh. ZeRa.”
Could you do a Lora receiver with an rtl-sdr?
yes? The spec is private and, as the video points out, most of the public info is wrong in some way. If you could figure out some of that, there’s no reason you couldn’t make a receiver with rtl-sdr. All of the modulations are <2MHz BW, so there shouldn't be any challenge there.
Well, I did eventually get a specific instance where gr-lora_sdr did actually work to get a packet decoded. But it just took a lot of playing around, and it has a number of limitations.