Tapping into a Ham Radio’s Potential with SDRPlay

Software-defined radios are great tools for the amateur radio operator, allowing visualization of large swaths of spectrum and letting hams quickly home in on faint signals with the click of a mouse. High-end ham radios often have this function built in, but by tapping into the RF stage of a transceiver with an SDR, even budget-conscious hams can enjoy high-end features.

With both a rugged and reliable Yaesu FT-450D and the versatile SDRPlay in his shack, UK ham [Dave (G7IYK)] looked for the best way to link the two devices. Using two separate antennas was possible but inelegant, and switching the RF path between the two devices seemed clumsy. So he settled on tapping into the RF stage of the transceiver with a high-impedance low-noise amplifier (LNA) and feeding the output to the SDRPlay. The simple LNA was built on a milled PCB. A little sleuthing with the Yaesu manual — ham radio gear almost always includes schematics — led him to the right tap point in the RF path, just before the bandpass filter network. This lets the SDRPlay see the signal before the IF stage. He also identified likely points to source power for the LNA only when the radio is not transmitting. With the LNA inside the radio and the SDRPlay outside, he now has a waterfall display and thanks to Omni-Rig remote control software, he can tune the Yaesu at the click of a mouse.

If you need to learn more about SDRPlay, [Al Williams]’ guide to GNU Radio and SDRPlay is a great place to start.

Continue reading “Tapping into a Ham Radio’s Potential with SDRPlay”

A TEMPEST in a Dongle

If a couple of generations of spy movies have taught us anything, it’s that secret agents get the best toys. And although it may not be as cool as a radar-equipped Aston Martin or a wire-flying rig for impossible vault heists, this DIY TEMPEST system lets you snoop on computers using secondary RF emissions.

If the term TEMPEST sounds familiar, it’s because we’ve covered it before. [Elliot Williams] gave an introduction to the many modalities that fall under the TEMPEST umbrella, the US National Security Agency’s catch-all codename for bridging air gaps by monitoring the unintended RF, light, or even audio emissions of computers. And more recently, [Brian Benchoff] discussed a TEMPEST hack that avoided the need for thousands of dollars of RF gear, reducing the rig down to an SDR dongle and a simple antenna. There’s even an app for that now: TempestSDR, a multiplatform Java app that lets you screen scrape a monitor based on its RF signature. Trouble is, getting the app running on Windows machines has been a challenge, but RTL-SDR.com reader [flatfishfly] solved some of the major problems and kindly shared the magic. The video below shows TempestSDR results; it’s clear that high-contrast images at easiest to snoop on, but it shows that a $20 dongle and some open-source software can bridge an air gap. Makes you wonder what’s possible with deeper pockets.

RF sniffing is only one of many ways to exfiltrate data from an air-gapped system. From power cords to security cameras, there seems to be no end to the ways to breach systems.

Continue reading “A TEMPEST in a Dongle”

Skin (Effect) in the Game

We love to pretend like our components are perfect. Resistors don’t have capacitance or inductance. Wires conduct electricity perfectly. The reality, though, is far from this. It is easy to realize that wire will have some small resistance. For the kind of wire lengths you usually encounter, ignoring it is acceptable. If you start running lots of wire or you are carrying a lot of current, you might need to worry about it. Really long wires also take some time to get a signal from one end to the other, but you have to have a very long wire to really worry about that. However, all wires behave strangely as frequency goes up.

Of course there’s the issue of the wire becoming a significant part of the signal’s wavelength and there’s always parasitic capacitance and inductance. But the odd effect I’m thinking of is the so-called skin effect, first described by [Horace Lamb] in 1883. [Lamb] was working with spherical conductors, but [Oliver Heaviside] generalized it in 1885.

Put simply, when a wire is carrying AC, the current will tend to avoid traveling in the center of the wire. At low frequencies, the effect is minimal, but as the frequency rises, the area in the center that isn’t carrying current gets larger. At 60 Hz, for example, the skin depth for copper wire — the depth where the current falls below 1/e of the value near the surface — is about 0.33 inches. Wire you are likely to use at that frequency has a diameter less than that, so the effect is minimal.

However, consider a 20 kHz signal — a little high for audio unless you are a kid with good ears. The depth becomes about 0.018 inches. So wire bigger than 0.036 inches in diameter will start losing effective wire size. For a 12-gauge wire with a diameter of 0.093 inches, that means about 25% of the current-handling capacity is lost. When you get to RF and microwave frequencies, only the thinnest skin is carrying significant current. At 6 MHz, for example, copper wire has a skin depth of about 0.001 inches. At 1 GHz, you are down to about 0.000081 inches. You can see this (not to scale) in the accompanying image. At DC, all three zones of the wire carry current. At a higher frequency, only the outer two zones carry significant current. At higher frequencies, only the outer zone is really carrying electrons.

Continue reading “Skin (Effect) in the Game”

Friday Hack Chat: Fundamentals Of RF

Designing a system for communication over RF is a dark art. It’s an obscure domain filled with photonmancy, wires going every which way, and imaginary numbers. RF is reserved entirely for wizards. The guy who simplified Maxwell’s equations into the form we now use went literally insane and replaced all the furniture in his house with granite blocks. This is weird stuff, man.

For this week’s Hack Chat, we’re talking about RF. Everything from the capabilities of different bands, how bandwidth is incorporated into designs, different modulation schemes, RF concepts, I/Q, Nyquist, and other deep-dive topics that elucidate the mysteries of the universe and include all the math.

If you’ve ever wondered how bits get turned into radio waves, what all the PSKs and SSBs are all about, and how bandwidth and range of a radio system play into what frequencies are used, this is the Hack Chat for you.

Our guest for this week’s Hack Chat is [Nick Kartsioukas]. He’s an infosec engineer, an amateur radio operator with an Extra license, hardware hacker, plays around with radio and antenna projects, SDR, and he’s an RC pilot. There’s a lot of RF swimming around [Nick], and he’s got the skills to pay the bills.

This is a community Hack Chat, and we’re taking questions from the community. If you have a question or something you’d like to discuss, add it to the sheet.

join-hack-chatOur Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. This Hack Chat is going down noon, PDT, Friday, November 3rd. Do you wish every time zone was UTC? Yeah, it’s a great idea, but when you really think about it, it would be terrible. Here’s a time zone converter!

Click that speech bubble to the left, and you’ll be taken directly to the Hack Chat group on Hackaday.io.

You don’t have to wait until Friday; join whenever you want and you can see what the community is talking about.

We’re also looking for new Hack Chat hosts! If you’ve built something cool, you’re working on an interesting project, or you’re about to introduce a really cool product, hit us up! Email our wonderful community managers, and we’ll see if we can slot you in.

Friday Hack Chat: Energy Harvesting

Think about an Internet-connected device that never needs charging, never plugs into an outlet, and will never run out of power. With just a small solar cell, an Internet of Thing module can run for decades. This is the promise of energy harvesting, and it opens the doors to a lot of interesting questions.

Joining us for this week’s Hack Chat will be [John Tillema], CTO and co-founder of TWTG. They’re working on removing batteries completely from the IoT equation. They have a small device that operates on just 200 lux — the same amount of light that can be found on a desktop. That’s a device that can connect to the Internet without batteries, wall warts, or the black magic wizardry of RF harvesting. How do you design a device that will run for a century? Are caps even rated for that? Are you really going to download firmware updates several decades down the line?

For this week’s Hack Chat, we’ll be discussing what energy harvesting actually is, what TWTG’s ‘light energy’ technology is all about, and the capabilities of this technology. Going further, we’ll be discussing how to design a circuit for low-power usage, how to select components that will last for decades, and how to measure and test the entire system so it lives up to the promise of being always on, forever, without needing a new battery.

This is a community Hack Chat, so of course we’ll be taking questions from the community. If you have a question, add it to the discussion sheet

join-hack-chatOur Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. This Hack Chat will be going down noon, Pacific time on Friday, October 20th. Is it always five o’clock somewhere? Yes, so here’s a time zone converter!

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io.

You don’t have to wait until Friday; join whenever you want and you can see what the community is talking about.

Hybrid Technique Breaks Backscatter Distance Barrier

Low cost, long range, or low power — when it comes to wireless connectivity, historically you’ve only been able to pick two. But a group at the University of Washington appears to have made a breakthrough in backscatter communications that allows reliable data transfer over 2.8 kilometers using only microwatts, and for pennies apiece.

For those unfamiliar with backscatter, it’s a very cool technology that modulates data onto RF energy incident from some local source, like an FM broadcast station or nearby WiFi router. Since the backscatter device doesn’t need to power local oscillators or other hungry components, it has negligible power requirements. Traditionally, though, that has given backscatter devices a range of a few hundred meters at most. The UW team, led by [Shyamnath Gollokota], describe a new backscatter technique (PDF link) that blows away previous records. By combining the spread-spectrum modulation of LoRa with the switched attenuation of incident RF energy that forms the basis for backscatter, the UW team was able to cover 2800 meters for under 10 microwatts. What’s more, with printable batteries or cheap button cells, the backscatter tags can be made for as little as 10 cents a piece. The possibilities for cheap agricultural sensors, ultracompact and low power wearable sensors, or even just deploy-and-forget IoT devices are endless.

We’ve covered backscatter before, both for agricultural uses and for pirate broadcasting stations. Backscatter also has also seen more cloak and dagger duty.

Continue reading “Hybrid Technique Breaks Backscatter Distance Barrier”

Doppler Module Teardown Reveals the Weird World of Microwave Electronics

Oscillators with components that aren’t electrically connected to anything? PCB traces that function as passive components based solely on their shape? Slots and holes in the board with specific functions? Welcome to the weird and wonderful world of microwave electronics, brought to you through this teardown and analysis of a Doppler microwave transceiver module.

We’ve always been fascinated by the way conventional electronic rules break down as frequency increases. The Doppler module that [Kerry Wong] chose to pop open, a Microsemi X-band transceiver that goes for about $10 on eBay right now, has vanishingly few components inside. One transistor for the local oscillator, one for the mixer, and about three other passives are the whole BOM. That the LO is tuned by a barium titanate slug that acts as a dielectric resonator is just fascinating, as is the fact that PB traces can form a complete filter network just by virtue of their size and shape. Antennas that are coupled to the transceiver through an air gap via slots in the board are a neat trick too.

[Kerry] analyzes all this in the video below and shows how the module can be used as a sensor. If you need a little more detail on putting these modules to work, we’ve got some basic circuits you can check out.

Continue reading “Doppler Module Teardown Reveals the Weird World of Microwave Electronics”