802.11ah Wi-Fi HaLOW: The 1 Kilometer WiFi Standard

January 7, 2024 by 31 Comments
You too can add long-distance WiFi to your laptop with this new not-quite dongle solution. (Credit: Ben Jeffery)
You, too, can add long-distance WiFi to your laptop with this new not-quite dongle solution. (Credit: Ben Jeffery)

The 802.11ah WiFi (HaLow) standard is fairly new, having only been introduced in 2017. It’s supposed to fall somewhere between standard WiFi used in domiciles and offices and the longer range but low-bitrate LoRaWAN, ZigBee, and others, with bandwidth measured in megabits per second. In a recent video, [Ben Jeffery] looks at the 802.11ah chipsets available today and some products integrating these.

The primary vendors selling these chipsets are TaiXin Semiconductor (TXW8301), Morse Micro (MM6108), and Newracom (NRC7394), with a range of manufacturers selling modules integrating these. Among the products using these, [Ben] found an Ethernet range extender kit (pictured) that takes 12V input as power, along with Ethernet. Running some distance tests in a quarry showed that 300 meters was no problem getting a strong signal, though adding some trees between the two transceivers did attenuate the signal somewhat.

Another interesting product [Ben] tested is what is essentially an 802.11ah-based WiFi extender, using an 802.11ah link between the server node – with an Ethernet socket – and a client that features a standard 2.4 GHz 802.11n that most WiFi-enabled devices can connect to. Using this, he was able to provide a solid ~10 Mbps link to a cabin near the main house (~10 meters) through two outside walls. What makes 802.11ah so interesting is that it is directly compatible with standard Ethernet and WiFi protocols and uses the 900 MHz spectrum, for which a wide range of alternative antennae exist that can conceivably extend the range even more.

(Thanks to [Keith Olson] for the tip)

Continue reading “802.11ah Wi-Fi HaLOW: The 1 Kilometer WiFi Standard”

Headset’s Poor Range Fixed By Replacing Antenna

May 27, 2023 by 14 Comments

[rafii6312]’s Corsair HS80 wireless headset had a big problem: short range. The sound quality was great, but the wireless range wasn’t winning any friends. Fortunately, the solution was just to swap the small SMT antenna on the USB transmitter for an external one.

Original SMT antenna (blue component) offers small size, but poor range.

This particular headset relies on a USB dongle to transmit audio from PC to headset over its own 2.4 GHz wireless connection. By popping open the USB dongle, [rafii6312] was able to identify an SMT antenna and easily desolder it, replacing it with a wired connection to a spare 2.4 GHz external antenna. That’s all it took to boost the headset’s range from barely one room to easily three rooms, which is a success by any measure.

Sadly, the USB transmitter dongle doesn’t have any intention of being opened and puts up a fight, so the process was a bit destructive. No problem, [rafii6312] simply fired up Fusion360 to design a new 3D-printed enclosure that accommodated the new antenna. Pictures, instructions, and 3D model files are all available on the project page, if you want to improve your headset, too.

This kind of antenna upgrade is reasonably straightforward, but if one is armed with the right knowledge, antenna upgrades from scratch using scrap wire and dollar store hardware are entirely possible. Just be sure to pick an antenna that doesn’t weigh down your headset.

Printing Antennas On Circuit Boards

April 6, 2023 by 19 Comments

Yagi-Uda antennas, or simply “Yagis”, are directional antennas that focus radio waves to increase gain, meaning that the radio waves can travel further in that direction for a given transmitter power. Anyone might recognize an old TV antenna on a roof that uses this type of antenna, but they can be used to increase the gain of an antenna at any frequency. This one is designed to operate within the frequencies allotted to WiFi and as a result is so small that the entire antenna can be printed directly on a PCB.

The antenna consists of what is effectively a dipole antenna, sandwiched in between a reflector and three directors. The reflector and directors are passive elements in that they interact with the radio wave to focus it in a specific direction, but the only thing actually powered is the dipole in the middle. It looks almost like a short circuit at first but thanks to the high frequencies involved in this band, will still function like any other dipole antenna would. [IMSAI Guy], who created the video linked above which goes over these details also analyzed the performance of this antenna and found it to be fairly impressive as a WiFi antenna, but he did make a few changes to the board for some other minor improvements in performance.

The creator of these antennas, [WA5VJB] aka [Kent Britain] is an antenna builder based in Texas who has developed a few unique styles of antennas produced in non-traditional ways. Besides this small Yagi, there are other microwave antennas available for direction-finding, some wide-band antennas, and log-periodic antennas that look similar to Yagi antennas but are fundamentally different designs. But if you’re looking to simply extend your home’s WiFi range you might not need any of these, as Yagi antennas for home routers can be a lot simpler than you ever imagined.

Continue reading “Printing Antennas On Circuit Boards”

PCB antenna rendered useless by overly enthusiastic copper fill.

The Many Ways You Can Easily Ruin Your PCB Antenna Design

November 1, 2022 by 28 Comments
PCB antenna impaired by copper fill and other attenuation sources.
PCB antenna impaired by copper fill and other attenuation sources.

We have all seen Printed Circuit Board (PCB) antennas: those squiggly bits of traces on PCBs connected often to a Bluetooth, WiFi or other wireless communication chip. On modules like for the ESP8266 and ESP32 platforms the PCB antennas are often integrated onto the module’s PCB, yet even with such a ready-made module it’s possible to completely destroy the effectiveness of this antenna. These and other design issues are discussed in this article by [MisterHW].

It covers a range of examples of poor design, from having ground fill underneath an antenna, to having metal near the antenna, to putting dielectric materials near or on top of the antenna. The effect of all of these issues is generally to attenuate the signal, sometimes to the point where the antenna is essentially useless.

Ultimately, the best PCB antenna design is one where there is no nearby copper fill, and there are no traces running near or on layers below the antenna. After all, any metal trace or component is an antenna, and any dielectric materials will dampen the signal. Fortunately, there is e.g. a free KiCad library with ready-to-use PCB antenna designs to help one get started with a custom design, as well as many other resources, covered in the article.

If you want to get really professional about checking the effectiveness of an antenna design, you’ll want to use a Network Vector Analyzer. These will also help you with tuning the capacitors used with the PCB antenna.

(Featured image: PCB antenna rendered useless by overly enthusiastic copper fill.)

DIY Video Transmitter Turned WiFi Jammer

August 27, 2022 by 31 Comments

The proliferation of FPV drones has brought a flood of cheap wireless video tech. After flying and crashing a cheap FPV drone for a bit, [GreatScott] decided to try his hand at building his own video transmitter, which turned out to be a lot harder than expected.

While digital technology has caught up to the FPV world, a lot of systems still use analog video, especially for drone racing. The video quality isn’t great, but it has the advantage of very low latency. The technology is very similar to the old analog TV broadcasts, but mainly uses the 5.8 GHz license-free bands. It is essentially analog video signal, frequency modulated onto a 5.8 GHz carrier signal transmitted through an appropriately sized antenna.

After a brief failed experiment with a simple circuit built from discrete components, [GreatScott] turned his attention to voltage-controlled oscillators (VCO). He bought a couple of 5.8 GHz VCOs from Aliexpress, and created and used a simple opamp circuit to boost the FPV camera video signal to the required input level for the VCO. This failed to produce any identifiable image on his video receiver goggles. In an attempt to confirm that the VCOs produced the desired frequency, he ordered a similar 2.4 GHz VCOs and built a short range (20 cm) WiFi jammer. With a signal generator to create a simple input signal, and confirmed that it interfered with his laptop’s WiFi connection.

After more experimentation with other VCOs, the closest [GreatScott] came to success was a barely identifiable image transmitted using a Maxim 2.4 GHz VCO. If you have any ideas on what is missing in the VTX circuit, drop them in the comments below.

Building RF circuits that interfere with the legitimate signal around you, or broadcasting out of band, is generally not a great idea, and could earn you an unpleasant visit from the authorities. If you want to build your own digital video transmission, take a look at the Wifibroadcast project.

Continue reading “DIY Video Transmitter Turned WiFi Jammer”

SATAn Turns Hard Drive Cable Into Antenna To Defeat Air-Gapped Security

July 22, 2022 by 19 Comments

It seems like [Mordechai Guri]’s lab at Ben-Gurion University is the place where air-gapped computers go to die, or at least to give up their secrets. And this hack using a computer’s SATA cable as an antenna to exfiltrate data is another example of just how many side-channel attacks the typical PC makes available.

The exploit, deliciously designated “SATAn,” relies on the fact that the SATA 3.0 interface used in many computers has a bandwidth of 6.0 Gb/s, meaning that manipulating the computer’s IO would make it possible to transmit data from an air-gapped machine at around 6 GHz. It’s a complicated exploit, of course, and involves placing a transmitting program on the target machine using the usual methods, such as phishing or zero-day exploits. Once in place, the transmitting program uses a combination of read and write operations on the SATA disk to generate RF signals that encode the data to be exfiltrated, with the data lines inside the SATA cable acting as antennae.

SATAn is shown in action in the video below. It takes a while to transmit just a few bytes of data, and the range is less than a meter, but that could be enough for the exploit to succeed. The test setup uses an SDR — specifically, an ADALM PLUTO — and a laptop, but you can easily imagine a much smaller package being built for a stealthy walk-by style attack. [Mordechai] also offers a potential countermeasure for SATAn, which basically thrashes the hard drive to generate RF noise to mask any generated signals.

While probably limited in its practical applications, SATAn is an interesting side-channel attack to add to [Dr. Guri]’s list of exploits. From optical exfiltration using security cameras to turning power supplies into speakers, the vulnerabilities just keep piling up.

Continue reading “SATAn Turns Hard Drive Cable Into Antenna To Defeat Air-Gapped Security”

Sketch of the two proprietary carriers showing their differences - one of them has a cutout under the antenna, while the other one does not.

Design Your CM4 Carrier With WiFi Performance In Mind

June 27, 2022 by 7 Comments

The Raspberry Pi Compute Module 4 has a built-in WiFi antenna, but that doesn’t mean it will work well for you – the physical properties of the carrier board impact your signal quality, too. [Avian] decided to do a straightforward test – measuring WiFi RSSI changes and throughput with a few different carrier boards. It appears that the carriers he used were proprietary, but [Avian] provides sketches of how the CM4 is positioned on these.

There’s two recommendations for making WiFi work well on the CM4 – placing the module’s WiFi antenna at your carrier PCB’s edge, and adding a ground cutout of a specified size under the antenna. [Avian] made tests with three configurations in total – the CMIO4 official carrier board which adheres to both of these rules, carrier board A which adheres to neither, and carrier board B which seems to be a copy of board A with a ground cutout added.

Graph plotting WiFi RSSI for each of the three carriers in each of the six locations. CMIO4 consistently outperforms both, while carrier B outperforms the carrier A, but by a more narrow margin.After setting up some test locations and writing a few scripts for ease of testing, [Avian] recorded the experiment data. Having that data plotted, it would seem that, while presence of an under-antenna cutout helps, it doesn’t affect RSSI as much as the module placement does. Of course, there’s way more variables that could affect RSSI results for your own designs – thankfully, the scripts used for logging are available, so you can test your own setups if need be.

If you’re lucky to be able to design with a CM4 in mind and an external antenna isn’t an option for you, this might help in squeezing out a bit more out of your WiFi antenna. [Avian]’s been testing things like these every now and then – a month ago, his ESP8266 GPIO 5V compatibility research led to us having a heated discussion on the topic yet again. It makes sense to stick to the design guidelines if WiFi’s critical for you – after all, even the HDMI interface on Raspberry Pi can make its own WiFi radio malfunction.