It’s a staple of our community’s work, to make electronic devices do things their manufacturers never intended for them. Analogue synthesisers using CMOS logic chips for example, or microcontrollers that bitbang Ethernet packets without MAC hardware. One of the most fascinating corners of this field comes in the form of software defined radios (SDRs), with few of us not owning an RTL2832-based digital TV receiver repurposed as an SDR receiver.
The RTL SDR is not the only such example though, for there is an entire class of cable modem chipsets that contain the essential SDR building blocks. The Hermes-Lite is an HF amateur radio transceiver project that uses an AD9866 cable modem chip as the signal end for its 12-bit SDR transceiver hardware with an FPGA between it and an Ethernet interface. It covers frequencies from 0 to 38.4 MHz, has 384 kHz of bandwidth, and can muster up 5W of output power.
It’s a project that’s been on our radar for the past few years, though somewhat surprisingly this is the first mention of it here on Hackaday. Creator [Steve Haynal] has reminded us that version 2 is now a mature project on its 9th iteration, and says that over 100 “Hermes-Lite 2.0” units have been assembled to date. If you’d like a Hermes-Lite of your own it’s entirely open-source, and they organise group buys of the required components.
Before swearing my fealty to the Jolly Wrencher, I wrote for several other sites, creating more or less the same sort of content I do now. In fact, the topical overlap was enough that occasionally those articles would get picked up here on Hackaday. One of those articles, which graced the pages of this site a little more than seven years ago, was Getting Started with RTL-SDR. The original linked article has long since disappeared, and the site it was hosted on is now apparently dedicated to Nintendo games, but you can probably get the gist of what it was about from the title alone.
When I wrote that article in 2012, the RTL-SDR project and its community were still in their infancy. It took some real digging to find out which TV tuners based on the Realtek RTL2832U were supported, what adapters you needed to connect more capable antennas, and how to compile all the software necessary to get them listening outside of their advertised frequency range. It wasn’t exactly the most user-friendly experience, and when it was all said and done, you were left largely to your own devices. If you didn’t know how to create your own receivers in GNU Radio, there wasn’t a whole lot you could do other than eavesdrop on hams or tune into local FM broadcasts.
Nearly a decade later, things have changed dramatically. The RTL-SDR hardware and software has itself improved enormously, but perhaps more importantly, the success of the project has kicked off something of a revolution in the software defined radio (SDR) world. Prior to 2012, SDRs were certainly not unobtainable, but they were considerably more expensive. Back then, the most comparable device on the market would have been the FUNcube dongle, a nearly $200 USD receiver that was actually designed for receiving data from CubeSats. Anything cheaper than that was likely to be a kit, and often operated within a narrower range of frequencies.
Today, we would argue that an RTL-SDR receiver is a must-have tool. For the cost of a cheap set of screwdrivers, you can gain access to a world that not so long ago would have been all but hidden to the amateur hacker. Let’s take a closer look at a few obvious ways that everyone’s favorite low-cost SDR has helped free the RF hacking genie from its bottle in the last few years.
When the RTL2832-based USB digital TV sticks were revealed to have hidden capabilities that made the an exceptionally cheap software-defined radio receiver, it was nothing short of a game-changing moment for the home radio experimenter. The RTL might not be the best radio available, but remains a pretty good deal for only $10 from your favourite online supplier.
Having bought your RTL SDR, you will soon find yourself needing a few accessories. A decent antenna perhaps, an HF upconverter, and maybe an attenuator. To help you, [IgrikXD] has come up with a repository containing open-source implementations of all those projects and more. There’s an HF upconverter handily in both SMD and through-hole versions, as well as a wideband active antenna. A resonant antenna for a single band will always out-perfom a wideband device if your interest lies on only one frequency, but when your receiver has such a wide range as that of the RTL it’s irresistible to look further afield so the wideband antenna is a useful choice.
The RTL SDR is a device that just keeps on giving, and has featured innumerable times here since since its first appearance a few years ago. Whether you are into passive radar or using it to decode data from RF-equipped devices it’s the unit of choice, though we rather like it as a piece of inexpensive test equipment.
It’s fair to say that software-defined radio represents the most significant advance in affordable radio equipment that we have seen over the last decade or so. Moving signal processing from purpose-built analogue hardware into the realm of software has opened up so many exciting possibilities in terms of what can be done both with more traditional modes of radio communication and with newer ones made possible only by the new technology.
It’s also fair to say that radio enthusiasts seeking a high-performance SDR would also have to be prepared with a hefty bank balance, as some of the components required to deliver software defined radios have been rather expensive. Thus the budget end of the market has been the preserve of radios using the limited baseband bandwidth of an existing analogue interface such as a computer sound card, or of happy accidents in driver hacking such as the discovery that the cheap and now-ubiquitous RTL2832 chipset digital TV receivers could function as an SDR receiver. Transmitting has been, and still is, more expensive.
A new generation of budget SDRs, as typified by today’s subject the LimeSDR Mini, have brought down the price of transmitting. This is the latest addition to the LimeSDR range of products, an SDR transceiver and FPGA development board in a USB stick format that uses the same Lime Microsystems LMS7002M at its heart as the existing LimeSDR USB, but with a lower specification. Chief among the changes are that there is only one receive and one transmit channel to the USB’s two each, the bandwidth of 30.72 MHz is halved, and the lower-end frequency range jumps from 100 kHz to 10 MHz. The most interesting lower figure associated with the Mini though is its price, with the early birds snapping it up for $99 — half that of its predecessor. (It’s now available on Kickstarter for $139.)
We are entering a new era of radio technology. A new approach to building radios has made devices like multi-band cell phones and the ubiquitous USB TV receivers that seamlessly flit from frequency to frequency possible. That technology is Software Defined Radio, or SDR.
A idealized radio involves a series of stages. Firstly, an antenna receives the radio signal, converting it into an electrical signal. This signal is fed into a tuned resonator which is tuned to a particular frequency. This amplifies the desired signal, which is then sent to a demodulator, a device which extracts the required information from the carrier signal. In a simple radio, this would be the audio signal that was encoded by the transmitter. Finally, this signal is output, usually to a speaker or headphones.
That’s how your basic crystal radio works: more sophisticated radios will add features like filters that remove unwanted frequencies or additional stages that will process the signal to create the output that you want. In an FM radio, for example, you would have a stage after the demodulator that detects if the signal is a stereo one, and separates the two stereo signals if so.
To change the frequency that this radio receives, you have to change the frequency that the resonator is tuned to. That could mean moving a wire on a crystal, or turning a knob that controls a variable capacitor, but there has to be a physical change in the circuit. The same is true of the additional mixing stages that refine the signal. These circuits may be embedded deeply in the guts of the radio, but they are still there. This is the limitation with normal receivers: the radio can’t receive a signal that is outside the range that the resonator circuit can tune to, or change the way it is demodulated and processed. If you want to receive multiple frequency bands or different types of signals, you need to have separate pathways for each band or type of signal, physically switching the signal between them. That’s why you have physical AM/FM switches on radios: they switch the signal from an AM radio processing path to an FM one.
Software Defined Radios remove that requirement. In these, the resonator and demodulator parts of the radio are replaced by computerized circuits, such as analog to digital converters (ADCs) and algorithms that extract the signal from the stream of data that the ADCs capture. They can change frequencies by simply changing the algorithm to look for another frequency: there is no need for a physical change in the circuit itself. So, an SDR radio can be tuned to any frequency that the ADC is capable of sampling: it is not restricted by the range that a resonator can tune to. Similarly, the demodulator that extracts the final signal you want can be updated by changing the algorithm, changing the way the signal is processed before it is output.
This idea was first developed in the 1970s, but it didn’t really become practical until the 1990s, when the development of flexible field-programmable gate array (FPGA) chips meant that there was enough processing power available to create single chip SDR devices. Once programmed, an FPGA has no problem handing the complex tasks of sampling, demodulating and processing in a single device.
Most modern SDRs don’t just use a single chip, though. Rather than directly converting the signal to digital, they use an analog front end that receives the raw signal, filters it and converts it down to a fixed frequency (called the intermediate frequency, or IF) that the ADCs in the FPGA can more easily digitize. This makes it cheaper to build: by converting the frequency of the signal to this intermediate frequency, you can use a simpler FPGA and a cheaper ADC, because they don’t have to directly convert the maximum frequency you want to receive, only the IF. As long as the front end can convert a band of signals down to an intermediate frequency that the FPGA can digitize, the SDR can work with it.
This flexibility means that SDR devices can handle a huge range of signals at relatively low cost. The $420 BladeRF, for instance, can receive and transmit signals from 300 MHz to 3.8 GHz at the same time, while the $300 HackRF One can work with signals from 1 MHz up to an incredible 6 GHz. The ability of the BladeRF to both receive and transmit means that you can use it to build your own GSM phone network, while the low cost of the HackRF One makes it a favorite of radio hackers who want to do things like make portable radio analyzers. Mass produced models are even cheaper: by hacking a $20 USB TV receiver that contains an SDR, you can get a radio that can, with a suitable antenna, do things like track airplanes or receive satellite weather images. And all of this is possible because of the idea of Software Defined Radio.
[Texane] is developing a system to monitor his garage door from his apartment. Being seven floors apart, running wires between the door and apartment wasn’t an option, so he turned to a wireless solution. Testing this wireless hardware in an apartment is no problem, but testing it in situ is a little more difficult. For that, he turned to software defined radio with an RTLSDR dongle.
The hardware for this project is based around a TI Stellaris board and a PTR8000 radio module. All the code for this project was written from scratch (Github here), making it questionable if the code worked on the first try. To test his code, [Texane] picked up one of those USB TV tuner dongles based around the RTL2832U chipset. This allowed him to monitor the frequencies around 433MHz for the packets his hardware should be sending.
After that, the only thing left to do was to write a frame decoder for his radio module. Luckily, the datasheet for the module made this task easy.
[Texane] has a frame decoder for the NRF905 radio module available in his Git. It’s not quite ready for serious applications, but for testing a simple radio link it’s more than enough.
We’re sure that most of our readers are familiar with Software Defined Radio (SDR), which not so long ago became popular when some engineer discovered hidden registers inside Realtek RTL2832U chip, allowing many DVB-T dongles to be converted into RF listening devices. Unfortunately for [Omri], most of them have a maximum listening frequency of 2.2GHz, while the NRF24L01+ emits at 2.4GHz. The solution? Buy a 2.2-2.4GHz antenna from Aliexpress with a low-noise block downconverter (LNB), used for a Multichannel Multipoint Distribution Service (MMDS). The LNB therefore takes the 2.2-2.4GHz signal and downconverts it to around 400MHz, allowing any RTL-SDR-compatible DVB-T dongle to listen to the NRF communications. A program was then written to decode the RF signal and output the sniffed data in realtime.