The arrival of affordable software defined radio technologies over the last couple of decades has completely changed the way that radio amateurs and other radio enthusiasts approach the airwaves. There’s a minor problem with most software defined receivers though, being by their nature software driven they will usually rely on a host computer for their interface. Thus the experience is one of clicking mouse buttons or using keyboard shortcuts rather than the mechanical analogue dial interfaces that provided easy control of older radios.
Meccano encoder mounts for the win!
This is a problem that has been addressed by [Jon Hudson, G4ABQ], with one of his SDRplay receivers. He’s mounted it and its control PC in the chassis of a very aged and non-functional Marconi CR100 communication receiver, and given it a control interface that only uses the Marconi’s front panel controls (YouTube link). A rotary encoder has been grafted onto the Marconi tuning capacitor with what looks like some Meccano, and in turn that feeds an Arduino which behaves as a keyboard for the benefit of the PC. Some extra buttons have been added for mode selection, spectrum zoom and shift, and care appears to have been taken to give their labels a period feel. Arduino code came courtesy of [Mike Ladd, KD2KOG]. The result is a very controllable SDR receiver, albeit one in a rather large case.
If you are interested in the project then we are told that it will be on the RS stand at Electronica in Munich next week, meanwhile we’ve put the video below the break.
If you are someone whose interests lie in the field of RF, you won’t need telling about the endless field of new possibilities opened up by the advent of affordable software defined radio technology. If you are a designer or constructor it might be tempting to believe that these radios could reduce some of the problems facing an RF design engineer. After all, that tricky signal processing work has been moved into code, so the RF engineer’s only remaining job should be to fill the not-so-huge gap between antenna and ADC or DAC.
In some cases this is true. If you are designing an SDR front end for a relatively narrow band of frequencies, perhaps a single frequency allocation such as an amateur band, the challenges are largely the same as those you’d find in the front end of a traditional radio. The simplest SDRs are thus well within the abilities of a home constructor, for example converting a below-100kHz-wide segment of radio spectrum to the below-100kHz baseband audio bandwidth of a decent quality computer sound card which serves as both ADC and DAC. You will only need to design one set of not-very-wide filters, and the integrated circuits you’ll use will not be particularly exotic.
But what happens if the SDR you are designing is not a simple narrow-band device? [Chris Testa, KD2BMH] delivered a talk at this year’s Dayton Hamvention looking at some of the mistakes he made and pitfalls he encountered over the last few years of work on his 50MHz to 1GHz-bandwidth Whitebox handheld SDR project. It’s not a FoTW in the traditional sense in that it is not a single ignominious fail, instead it is a candid and fascinating examination of so many of the wrong turnings a would-be RF engineer can make.
The video of his talk can be found below the break, courtesy of Ham Radio Now. [Chris]’s talk is part of a longer presentation after [Bruce Perens, K6BP] who some of you may recognise from his activities when he’s not talking about digital voice and SDRs. We’re jumping in at about the 34 minute mark to catch [Chris], but [Bruce]’s talk is almost worth an article in itself..
Radio telescopes are one of the more high-profile pieces of scientific apparatus. There is an excitement to stories of radio astronomers of old probing the mysteries of the Universe on winter nights in frigid cabins atop massive parabolas, even if nowadays their somewhat more fortunate successors do the same work from the comfort of their labs using telescopes that may be on the other side of the world.
You might think if you look at the Arecibo Observatory, Lovell Telescope, or other famous pieces of apparatus, that this is Big Science, out of reach for mere mortals such as yourself without billion-dollar research programs. Maybe [Paul Scott] and [Allen Versfeld]’s Tiny Radio Telescope project will change that view.
The NRAO published a radio telescope design a few years ago for use mainly as an educational tool, the Itty Bitty Telescope. It used a satellite TV dish and LNB feeding a signal meter as a simple telescope to detect the Sun, and black body radiation from the surrounding objects. It’s a simple design for kids to get their heads around, and [Scott] and [Allen] have set out to turn it into something more useful with an RTL-SDR instead of a signal meter and a motorised mount for automated observations.
This is one of those projects on Hackaday.io that moves slowly but you know will eventually deliver on its promise. With a 1m dish and a consumer LNB it’s never going to make a discovery that will rock the world, but that’s not the point. It may be science that the astrophysicists moved on from decades ago, but it’s still quite an achievement that the radio sky can be imaged using such mundane equipment.
GNURadio is the swiss-army-knife of software-defined radio suites: it does everything and anything. It has a great GUI overlayer that makes creating radio flows fairly simple. There are only two areas where we could quibble with the whole system — it’s a gigantic suite of software, and it’s a lot harder to code up in Python than it is to use the GUI.
[Vanya Sergeev] started up his LuaRadio project to deal with these shortcomings. If you’re looking for the full-GUI experience, you’re barking up the wrong tree here. LuaRadio is aimed at keeping things easy to code and keeping the codebase small and tidy.
That doesn’t mean that it departs entirely from GNURadio’s very successful flow-graph programming paradigm, however, and if you’re comfortable with the procedure of hooking up a signal source to a filter block to an output, you’ll be doing fine here as well. Check out the obligatory FM radio demo — the “hello world” of SDR — and you’ll see how it works: instantiate the various blocks in code, and then issue “connect” commands to link them together.
LuaRadio’s main selling points are its size and the ease of programming it by hand. It’s got great documentation to boot. It’s written as a library that’s embeddable in your C code, so that you can write standalone programs that make use of its functionality.
LuaRadio is a new project and it doesn’t have a GUI either. It may not be the ideal introduction to SDR if you’re afraid of typing. (If you are new to SDR, start here.) But if you want to code up your SDR by coding, or run your radio on smaller devices, it’s probably worth a look. It’s at v0.1.1, so we’re looking forward to hearing more from LuaRadio in the future. Any of you out there use it? We’d love to hear in the comments.
GOMX-3 is a CubeSat with several payloads. One of them is a software defined radio configured to read ADS-B signals sent by commercial aircraft. The idea is that a satellite can monitor aircraft over oceans and other places where there no RADAR coverage. ADB-S transmits the aircraft’s ID, its position, altitude, and intent.
The problem is that ADS-B has a short-range (about 80 nautical miles). GOMX-1 proved that the signals can be captured from orbit. GOMX-3 has more capability. The satellite has a helical antenna and an FPGA.
In the old days, if you wanted to listen to police, fire, or other two-way radio users, you didn’t need much more than a simple receiver. Today, you are more likely to need something a little more exotic thanks to the adoption of trunked radio systems. To pick up the control channels and all the threads of a talk group conversation, you might need a wide bandwidth receiver.
[Luke Berndt] found he needed 6 MHz to monitor the stations he wanted to hear. This is easily in the reach of dedicated software defined radios (SDR). However, [Luke] wanted to use cheap RTL-SDRs and their bandwidth is about 2 MHz. The obvious hacker solution? Use three of them!
If you haven’t looked at a trunked system before, it essentially allows a large number of users to share a relatively small number of channels. When someone wants to talk, they move to an unused channel just for that transmission. Suppose Alice asks Bob a question that happens to be on channel 12. Bob’s reply might be on channel 4. A follow up from Alice could be on channel 3.
In practice, this means that receiving the signal isn’t difficult to decode. It is just difficult to find (and follow as it jumps around). This is an excellent job for multiple SDRs and the approach even reduces the burden on the CPU, which doesn’t have to decode signals that aren’t essential to the conversation.
[Luke] includes source code and also notes how to change the serial numbers of the dongles since each has to be unique. We have seen so many great projects with the RTL-SDR that it is hard to choose our favorite. It is especially great knowing that the dongle was only meant to receive television, and all these projects are hacks in the best sense of the word.
Every once in a great while, a piece of radio gear catches the attention of a prolific hardware guru and is reverse engineered. A few years ago, it was the RTL-SDR, and since then, software defined radios became the next big thing. Last weekend at Shmoocon, [Travis Goodspeed] presented his reverse engineering of the Tytera MD380 digital handheld radio. The hack has since been published in PoC||GTFO 0x10 (56MB PDF, mirrored) with all the gory details that turn a $140 radio into the first hardware scanner for digital mobile radio.
The Tytera MD-380 digital radio
The Tytera MD380 is a fairly basic radio with two main chips: an STM32F405 with a megabyte of Flash and 192k of RAM, and an HR C5000 baseband. The STM32 has both JTAG and a ROM bootloader, but both of these are protected by the Readout Device Protection (RDP). Getting around the RDP is the very definition of a jailbreak, and thanks to a few forgetful or lazy Chinese engineers, it is most certainly possible.
The STM32 in the radio implements a USB Device Firmware Upgrade (DFU), probably because of some example code from ST. Dumping the memory from the standard DFU protocol just repeated the same binary string, but with a little bit of coaxing and investigating the terrible Windows-only official client application, [Travis] was able to find non-standard DFU commands, write a custom DFU client, and read and write the ‘codeplug’, an SPI Flash chip that stores radio settings, frequencies, and talk groups.
Further efforts to dump all the firmware on the radio were a success, and with that began the actual reverse engineering of the radio. It runs an ARM port of MicroC/OS-II, a real-time embedded operating system. This OS is very well documented, with slightly more effort new functions and patches can be written.
In Digital Mobile Radio, audio is sent through either a public talk group or a private contact. The radio is usually set to only one talk group, and so it’s not really possible to listen in on other talk groups without changing settings. A patch for promiscuous mode – a mode that puts all talk groups through the speaker – is just setting one JNE in the firmware to a NOP.
The Tytera MD-380 ships with a terrible Windows app used for programming the radio
With the help of [DD4CR] and [W7PCH], the entire radio has been reverse engineered with rewritten firmware that works with the official tools, the first attempts of scratch-built firmware built around FreeRTOS, and the beginnings of a very active development community for a $140 radio. [Travis] is looking for people who can add support for P25, D-Star, System Fusion, a proper scanner, or the ability to send and receive DMR frames over USB. All these things are possible, making this one of the most exciting radio hacks in recent memory.
Before [Travis] presented this hack at the Shmoocon fire talks, intuition guided me to look up this radio on Amazon. It was $140 with Prime, and the top vendor had 18 in stock. Immediately after the talk – 20 minutes later – the same vendor had 14 in stock. [Travis] sold four radios to members of the audience, and there weren’t that many people in attendance. Two hours later, the same vendor had four in stock. If you’re looking for the best hardware hack of the con, this is the one.
