Tapping into a Ham Radio’s Potential with SDRPlay

Software-defined radios are great tools for the amateur radio operator, allowing visualization of large swaths of spectrum and letting hams quickly home in on faint signals with the click of a mouse. High-end ham radios often have this function built in, but by tapping into the RF stage of a transceiver with an SDR, even budget-conscious hams can enjoy high-end features.

With both a rugged and reliable Yaesu FT-450D and the versatile SDRPlay in his shack, UK ham [Dave (G7IYK)] looked for the best way to link the two devices. Using two separate antennas was possible but inelegant, and switching the RF path between the two devices seemed clumsy. So he settled on tapping into the RF stage of the transceiver with a high-impedance low-noise amplifier (LNA) and feeding the output to the SDRPlay. The simple LNA was built on a milled PCB. A little sleuthing with the Yaesu manual — ham radio gear almost always includes schematics — led him to the right tap point in the RF path, just before the bandpass filter network. This lets the SDRPlay see the signal before the IF stage. He also identified likely points to source power for the LNA only when the radio is not transmitting. With the LNA inside the radio and the SDRPlay outside, he now has a waterfall display and thanks to Omni-Rig remote control software, he can tune the Yaesu at the click of a mouse.

If you need to learn more about SDRPlay, [Al Williams]’ guide to GNU Radio and SDRPlay is a great place to start.

Continue reading “Tapping into a Ham Radio’s Potential with SDRPlay”

Eavesdropping With An ESP8266

In the old days, spies eavesdropped on each other using analog radio bugs. These days, everything’s in the cloud. [Sebastian] from [Hacking Beaver]  wondered if he could make a WiFi bug that was small and cheap besides. Enter the ESP8266 and some programming wizardry.

[Sebastian] is using a NodeMCU but suggests that it could be pared down to any ESP8266 board — with similar cuts made to the rest of the electronics — but has this working as a proof of concept. A PIC 18 MCU samples the audio data from a microphone at 10 kHz with an 8-bit resolution, dumping it into a 512-byte buffer. Once that fills, a GPIO pin is pulled down and the ESP8266 sends the data to a waiting TCP server over the WiFi which either records or plays the audio in real-time.

[Sebastian] has calculated that he needs at least 51.2 ms to transfer the data which this setup easily handles, but there are occasional two to three second glitches that come out of the blue. To address this and other hangups, [Sebastian] has the ESP8266 control the PIC’s reset pin so that the two are always in sync.

Continue reading “Eavesdropping With An ESP8266”

Scratch That SDR!

When you think of a software defined radio, what language might you consider reaching for to create the software part of the equation? C? C++, maybe?

How about Scratch?

“What, Scratch as in the visual programming language aimed at young people?”, we hear you cry incredulously. It’s not exactly the answer you’d expect for an SDR, but thanks to [Andrew Back]’s work there is now ScratchRadio, a set of Scratch extensions for software defined radio. Why on earth do this? The aim is to lower the barrier to entry for software defined radio as far as possible, and to place it in a learning environment such as Scratch seems an ideal way to achieve that.

Of course, Scratch itself isn’t powerful enough for the heaviest of heavy lifting, so in reality this is a Scratch wrapper for a LuaRadio backend. It was created with the LimeSDR Mini in mind, but given that LuaRadio is not specific to that hardware we’d expect it to work with other SDRs such as the ever-popular RTL chipset TV sticks. It gives an owner of a Raspberry Pi 3 the ability to experiment with SDR coding without the need for a huge level of experience, and that to our mind can only be a good thing.

If you fancy trying ScratchRadio, you can find the code in its GitHub repository, and take it from there. Meanwhile we covered LuaRadio last year, so if Scratch is a little basic for you and GNU Radio too advanced, give it a try.

Radio icon: [Sakurambo], (CC BY-SA 3.0).

Scratch cat logo: MIT Media Lab.

Cheap, Full-Duplex Software Defined Radio With The LimeSDR

A few years ago, we saw the rise of software-defined radios with the HackRF One and the extraordinarily popular RTL-SDR USB TV tuner dongle. It’s been a few years, and technology is on a never-ending upwards crawl to smaller, cheaper, and more powerful widgets. Now, some of that innovation is making it to the world of software-defined radio. The LimeSDR Mini is out, and it’s the cheapest and most capable software defined radio yet. It’s available through a Crowd Supply campaign, with units shipping around the beginning of next year.

The specs for the LimeSDR mini are quite good, even when compared to kilobuck units from Ettus Research. The frequency range for the LimeSDR Mini is 10 MHz – 3.5 GHz, bandwidth is 30.72 MHz, with a 12-bit sample depth and 30.72 MSPS sample rate. The interface is USB 3.0 (the connector is male, and soldered to the board, but USB extension cables exist), and the LimeSDR is full duplex. That last bit is huge — the RTL-SDR can’t transmit at all, and even the HackRF is only half duplex. This enormous capability is thanks to the field programmable RF transceiver found in all of the LimeSDR boards. We first saw these a year or so ago, and now these boards are heading into the hands of hackers. Someone’s even building a femtocell out of a Lime board.

The major selling point for the LimeSDR is, of course, the price. The ‘early bird’ rewards for the Crowd Supply campaign disappeared quickly at $99, but there are still plenty available at $139. This is very inexpensive and very fun — on the Crowd Supply page, you can see a demo of a LimeSDR mini set up as an LTE base station, streaming video between two mobile phones. These are the golden days of hobbyist SDR.

Attack Some Wireless Devices With A Raspberry Pi And An RTL-SDR

If you own one of the ubiquitous RTL-SDR software defined radio receivers derived from a USB digital TV receiver, one of the first things you may have done with it was to snoop on wide frequency bands using the waterfall view present in most SDR software. Since the VHF and UHF bands the RTL covers are sometimes a little devoid of signals, chances are you homed in upon one of the ISM bands as used by plenty of inexpensive wireless devices for all sorts of mundane control tasks. Unless you reside in the depths of the wilderness, ISM band sniffing will show a continuous procession of chirps; short bursts of digital data. It is surprising, the number of radio-controlled devices you weren’t aware were in your surroundings.

Some of these devices, such as car security keys, are protected by rolling encryption schemes to deter would-be attackers. But many of the more harmless devices simply send a command in the open without the barest of encryption. The folks at RTL-SDR.com put up a guide to recording these open data bursts on a Raspberry Pi and playing them back by transmitting them from the Pi itself.

It’s not the most refined of attack because all it does is take the recorded file and retransmit it with the [F5OEO] RPiTX software. But they do demonstrate it in action with a wireless lightbulb, a door bell, a wireless relay, and a remote-controlled switched socket. Since the data in question is transmitted as OOK, or on-off keying, the RPiTX AM mode stands in for the transmitter.

You can see it in action in the video below the break. Now, have you investigated the ISM band chirps in your locality?

Continue reading “Attack Some Wireless Devices With A Raspberry Pi And An RTL-SDR”

19 RTL-SDR Dongles Reviewed

Blogger [radioforeveryone] set out to look at 19 different RTL-SDR dongles for use in receiving ADS-B (that’s the system where airplanes determine their position and broadcast it). Not all of the 19 worked, but you can read the detailed review of the 14 that did.

Granted, you might not want to pick up ADS-B, but the relative performance of these inexpensive devices is still interesting. The tests used Raspberry PI 3s and a consistent antenna and preamp system. Since ADS-B is frequently sent, the tests were at least 20 hours in length. The only caveat: the tests were only done two at a time, so it is not fair to directly compare total results across days.

Continue reading “19 RTL-SDR Dongles Reviewed”

ColibriNANO USB SDR Receiver Reviewed

At first glance, the ColibriNANO SDR looks like another cheap SDR dongle. But after watching [Mile Kokotov’s] review (see video below), you can see that it was built specifically for software defined radio service. When [Mile] takes the case off, you notice the heavy metal body which you don’t see on the typical cheap dongle. Of course, a low-end RTL-SDR is around $20. The ColibriNANO costs about $300–so you’d hope you get what you pay for.

The frequency range is nominally 10 kHz to 55 MHz, although if you use external filters and preamps you can get to 500 MHz. In addition to a 14-bit 122.88 megasample per second A/D converter, the device sports an Altera MAX10 FPGA.

Continue reading “ColibriNANO USB SDR Receiver Reviewed”