Radio Hacks

1315 Articles

Build Your Own GSM Base Station For Fun And Profit

April 8, 2016 by 35 Comments

Over the last few years, news that police, military, and intelligence organizations use portable cellular phone surveillance devices – colloquially known as the ‘Stingray’ – has gotten out, despite their best efforts to keep a lid on the practice. There are legitimate privacy and legal concerns, but there’s also some fun tech in mobile cell-phone stations.

Off-the-shelf Stingray devices cost somewhere between $16,000 and $125,000, far too rich for a poor hacker’s pocketbook. Of course, what the government can do for $100,000, anyone else can do for five hundred. Here’s how you build your own Stingray using off the shelf hardware.

[Simone] has been playing around with a brand new BladeRF x40, a USB 3.0 software defined radio that operates in full duplex. It costs $420. This, combined with two rubber duck antennas, a Raspberry Pi 3, and a USB power bank is all the hardware you need. Software is a little trickier, but [Simone] has all the instructions.

Of course, if you want to look at the less legitimate applications of this hardware, [Simone]’s build is only good at receiving/tapping/intercepting unencrypted GSM signals. It’s great if you want to set up a few base stations at Burning Man and hand out SIM cards like ecstasy, but GSM has encryption. You won’t be able to decrypt every GSM signal this system can see without a little bit of work.

Luckily, GSM is horribly, horribly broken. At CCCamp in 2007, [Steve Schear] and [David Hulton] started building a rainbow table of the A5 cyphers that is used on a GSM network between the handset and tower. GSM cracking is open source, and there are flaws in GPRS, the method GSM networks use to relay data transmissions to handsets. In case you haven’t noticed, GSM is completely broken.

Thanks [Justin] for the tip.

Getting Serious About Crystal Radios

April 7, 2016 by 45 Comments

The crystal radio is a timeless learning experience, often our first insight into how a radio works. For some of us that childhood fascination never dies. Take for example Jim Cushman, this guy loves to work on vintage scooters, motorcycles, and especially crystal radios (special thanks to fellow coil-winding enthusiast M. Rosen for providing the link). Digging more deeply we find an entire community devoted to crystal radio design. In this article we will get back to basics and study the fundamentals of radio receiver design.

How it works:

A crystal radio is basically a high Q resonator tied to an antenna and an envelope detector. These days the envelope detector is a point contact diode such as a 1N34 Germanium diode.

cs09-schematic

The resonant circuit passes a specific wavelength (or more specifically range of wavelengths depending on its Q). The diode detector provides the amplitude or envelope of the signal(s) within that wavelength. A high impedance or highly sensitive ear piece converts this envelope to an audible signal that you can listen to.

The neat thing about crystal radios is that no active RF amplification is used. The radio is powered by the incoming radio signal that it is tuned to. More sophisticated crystal sets might have more than one tuned stage, perhaps 3 or 4 to minimize receiver bandwidth for maximum sensitivity and selectivity.

Continue reading “Getting Serious About Crystal Radios”

DVB-S From A Raspberry Pi With No Extra Hardware

April 3, 2016 by 19 Comments

An exciting aspect of the trend in single board computers towards ever faster processors has been the clever use of their digital I/O with DSP software to synthesize complex signals in the analogue and RF domains that would previously have required specialist hardware. When we use a Raspberry Pi to poll a sensor or flash an LED it’s easy to forget just how much raw processing power we have at our fingertips.

One of the more recent seemingly impossible feats of signal synthesis on a Raspberry Pi comes from [Evariste Courjaud, F5OEO]. He’s created a DVB-S digital TV transmitter that produces a usable output direct from a GPIO pin, with none of the external modulators that were a feature of previous efforts required. (It is worth pointing out though that for legal transmission a filter would be necessary.)

DVB is a collection of digital TV standards used in most of the world except China and the Americas. DVB-S is the satellite version of DVB, and differs from its terrestrial counterpart in the modulation scheme it employs. [Evariste] is using it because it has found favor as a digital mode in amateur radio.

This isn’t the first piece of [F5OEO] software creating useful radio modes from a GPIO pin. He’s also generated SSB, AM, and SSTV from his Pi, something which a lot of us in the amateur radio community have found very useful indeed.

We’ve covered digital TV creation quite a few times in the past on these pages, from the first achievement using a PC VGA card almost a decade ago to more recent Raspberry Pi transmitters using a USB dongle and a home-built modulator on the GPIO pins. Clever signal trickery from digital I/O doesn’t stop there though, we recently featured an astoundingly clever wired Ethernet hack on an ESP8266, and we’ve seen several VHF NTSC transmitters on platforms ranging from the ESP to even an ATtiny85.

Thanks [SopaXorzTaker] for the nudge to finally feature this one.

Co-Exist With Your Coax: Choose The Right Connector For The Job

March 31, 2016 by 66 Comments
Just a selection from the author's unholy assortment of adaptors.
Just a selection from the author’s unholy assortment of adaptors.

If you do any work with analogue signals at frequencies above the most basic audio, it’s probable that somewhere you’ll have a box of coax adaptors. You’ll need them, because the chances are your bench will feature instruments, devices, and modules with a bewildering variety of connectors. In making all these disparate devices talk to each other you probably have a guilty past: at some time you will have created an unholy monster of a coax interface by tying several adaptors together to achieve your desired combination of input and output connector. Don’t worry, your secret is safe with me.

Continue reading “Co-Exist With Your Coax: Choose The Right Connector For The Job”

Spark Gap And Coherer Meet Beagle Bone

March 29, 2016 by 8 Comments

Getting back to basics is a great way to teach yourself about a technology. We see it all the time with computers built from NAND gates or even discrete transistors. It’s the same for radio – stripping it back to the 19th century can really let you own the technology. But if an old-school wireless setup still needs a 21st-century twist to light your fire, try this spark gap transmitter and coherer receiver with a Beagle Bone Morse decoder.

At its heart, a spark gap transmitter is just a broadband RF noise generator, and as such is pretty illegal to operate these days. [Ashish Derhgawen]’s version, which lacks an LC tuning circuit, would be especially obnoxious if it had an antenna. But even without one, the 100% electromechanical transmitter is good for a couple of feet – more than enough for experimentation without incurring the wrath of local hams.

The receiver is based on a coherer, a device that conducts electricity only when a passing radio wave disturbs it. [Ashish]’s coherer is a slug of iron filings between two bolts in a plastic tube. To reset the coherer, [Ashish] added a decoherer built from an electromagnetic doorbell ringer to tap the tube and jostle the filings back into the nonconductive state. He also added an optoisolator to condition the receiver’s output for an IO pin on the Beagle, and a Python script to decode the incoming Morse. You can see it in action in the video below.

If this build looks familiar, it’s because we’ve covered [Ashish]’s efforts before. But this project keeps evolving, and it’s nice to see where he’s taken it and what he’s learned – like that MOSFETs don’t like inductive kickback much.

Continue reading “Spark Gap And Coherer Meet Beagle Bone”

Improving The RTL-SDR

March 28, 2016 by 29 Comments

The RTL-SDR dongle is a real workhorse for radio hacking. However, the 28.8 MHz oscillator onboard isn’t as stable as you might wish. It is fine for a lot of applications and, considering the price, you shouldn’t complain. However, there are some cases where you need a more stable reference frequency.

[Craig] wanted a stable solution and immediately thought of a TCXO (Temperature Compensated “Xtal” Oscillator). The problem is, finding these at 28.8 MHz is difficult and, if you can find them, they are relatively expensive. He decided to make an alternate oscillator using an easier-to-find 19.2 MHz crystal.

Continue reading “Improving The RTL-SDR”

RF Biscuit Is A Versatile Filter Prototyping Board

March 26, 2016 by 5 Comments

As anyone who is a veteran of many RF projects will tell you, long component leads can be your undoing. Extra stray capacitances, inductances, and couplings can change the properties of your design to the point at which it becomes unfit for purpose, and something of a black art has evolved in the skill of reducing these effects.

RF Biscuit is [Georg Ottinger]’s attempt to simplify some of the challenges facing the RF hacker. It’s a small PCB with a set of footprints that can be used to make a wide range of surface-mount filters, attenuators, dummy loads, and other RF networks with a minimum of stray effects. Provision has been made for a screening can, and the board uses edge-launched SMA connectors. So far he’s demonstrated it with a bandpass filter and a dummy load, but he suggests it should also be suitable for amplifiers using RF gain blocks.

Best of all, the board is open source hardware, and as well as his project blog he’s made the KiCad files available on GitHub for everyone.

It’s a tough challenge, to produce a universal board for multiple projects with very demanding layout requirements such as those you’d find in the RF field. We’re anxious to see whether the results back up the promise, and whether the idea catches on.

This appears to be the first RF network prototyping board we’ve featured here at Hackaday. We’ve featured crystal filters before, and dummy loads though, but nothing that brings them all together. What would you build on your RF Biscuit?