sdr

302 Articles

Hackaday Dictionary: Software Defined Radio (SDR)

May 30, 2016 by 42 Comments

We are entering a new era of radio technology. A new approach to building radios has made devices like multi-band cell phones and the ubiquitous USB TV receivers that seamlessly flit from frequency to frequency possible. That technology is Software Defined Radio, or SDR.

A idealized radio involves a series of stages. Firstly, an antenna receives the radio signal, converting it into an electrical signal. This signal is fed into a tuned resonator which is tuned to a particular frequency. This amplifies the desired signal, which is then sent to a demodulator, a device which extracts the required information from the carrier signal. In a simple radio, this would be the audio signal that was encoded by the transmitter. Finally, this signal is output, usually to a speaker or headphones.

A replica foxhole crystal set. Photo: Bill Jackson
A replica foxhole crystal set. Photo: Bill Jackson

That’s how your basic crystal radio works: more sophisticated radios will add features like filters that remove unwanted frequencies or additional stages that will process the signal to create the output that you want. In an FM radio, for example, you would have a stage after the demodulator that detects if the signal is a stereo one, and separates the two stereo signals if so.

To change the frequency that this radio receives, you have to change the frequency that the resonator is tuned to. That could mean moving a wire on a crystal, or turning a knob that controls a variable capacitor, but there has to be a physical change in the circuit. The same is true of the additional mixing stages that refine the signal. These circuits may be embedded deeply in the guts of the radio, but they are still there. This is the limitation with normal receivers: the radio can’t receive a signal that is outside the range that the resonator circuit can tune to, or change the way it is demodulated and processed. If you want to receive multiple frequency bands or different types of signals, you need to have separate pathways for each band or type of signal, physically switching the signal between them. That’s why you have physical AM/FM switches on radios: they switch the signal from an AM radio processing path to an FM one.

Software Defined Radios remove that requirement. In these, the resonator and demodulator parts of the radio are replaced by computerized circuits, such as analog to digital converters (ADCs) and algorithms that extract the signal from the stream of data that the ADCs capture. They can change frequencies by simply changing the algorithm to look for another frequency: there is no need for a physical change in the circuit itself. So, an SDR radio can be tuned to any frequency that the ADC is capable of sampling: it is not restricted by the range that a resonator can tune to. Similarly, the demodulator that extracts the final signal you want can be updated by changing the algorithm, changing the way the signal is processed before it is output.

This idea was first developed in the 1970s, but it didn’t really become practical until the 1990s, when the development of flexible field-programmable gate array (FPGA) chips meant that there was enough processing power available to create single chip SDR devices. Once programmed, an FPGA has no problem handing the complex tasks of sampling, demodulating and processing in a single device.

Most modern SDRs don’t just use a single chip, though. Rather than directly converting the signal to digital, they use an analog front end that receives the raw signal, filters it and converts it down to a fixed frequency (called the intermediate frequency, or IF) that the ADCs in the FPGA can more easily digitize. This makes it cheaper to build: by converting the frequency of the signal to this intermediate frequency, you can use a simpler FPGA and a cheaper ADC, because they don’t have to directly convert the maximum frequency you want to receive, only the IF. As long as the front end can convert a band of signals down to an intermediate frequency that the FPGA can digitize, the SDR can work with it.

bladerf
The BladeRF, a modern SDR device that can receive and transmit signals between 300 MHz and 3 GHz

This flexibility means that SDR devices can handle a huge range of signals at relatively low cost. The $420 BladeRF, for instance, can receive and transmit signals from 300 MHz to 3.8 GHz at the same time, while the $300 HackRF One can work with signals from 1 MHz up to an incredible 6 GHz. The ability of the BladeRF to both receive and transmit means that you can use it to build your own GSM phone network, while the low cost of the HackRF One makes it a favorite of radio hackers who want to do things like make portable radio analyzers. Mass produced models are even cheaper: by hacking a $20 USB TV receiver that contains an SDR, you can get a radio that can, with a suitable antenna, do things like track airplanes or receive satellite weather images. And all of this is possible because of the idea of Software Defined Radio.

[Main image source: DVB dongle by Dsimic on Wikipeda CC-BY-SA]

The Booths Of Hamvention

May 25, 2016 by 12 Comments

Hamvention was last weekend in Dayton, Ohio. Last weekend was also the Bay Area Maker Faire, and if you want tens of thousands of people who actually make stuff there’s really only one place to be. Bonus: you can also check out the US Air Force Museum at Wright-Patterson AFB. The ‘Space’ hangar was closed, so that’ll be another trip next year.

The biggest draw for Hamvention is the swap meet. Every year, thousands of cars pull up, set up a few tables and tents, and hock their wares. Everything from radios from the 1920s to computers from the 1980s can be found at the swap meet. This post is not about the swap meet; I still have several hundred pictures to go through, organize, label, and upload. Instead, this post is about the booths of Hamvention. Everything imaginable could be found at Hamvention, from the usual ARRL folks, to the preppers selling expired MREs, and even a few heros of Open Hardware.

Continue reading “The Booths Of Hamvention”

$25 Satellite Tracker Boasts “Usefulness Optional”

May 19, 2016 by 54 Comments

[Paul] is very up-front about the realities of his $25 Satellite Tracker, which aims a tape measure yagi antenna at a satellite of choice and keeps it tracking the satellite as it moves overhead. Does it work? Yes! Is it cheap? Of course! Is it useful? Well… did we mention it works and it’s cheap?

When [Paul] found himself wanting to see how cheaply he could make a satellite tracker he already had an RTL-SDR (which we have seen used for satellite communication before) and a yagi antenna made out of a tape measure, but wanted some way to automatically point the antenna at a satellite as it moved across the sky. He also wanted to see just how economically it could be done. Turns out that with some parts from China and code from SatNOGS (open-source satellite tracking network project and winner of the 2014 Hackaday Prize) you have most of what you need! A few modifications were still needed, and [Paul] describes them all in detail.

Satellite Tracker In Parking Lot ThumbnailSo is a $25 Satellite Tracker useful? As [Paul] says, “Probably not.” He explains, “Most people want satellite trackers so that they can put them outside and then control the antenna from inside, which someone probably can’t do with mine unless they live in a really nice place or build a radome. […] Driving somewhere, setting it up correctly (which involves reprogramming the Arduino for every satellite), and then sitting around is pretty much the opposite of useful.”

It might not be the most practical but it works, it’s cool, he learned a lot, and he wrote up the entire process for others to learn from or duplicate. If that’s not useful, we don’t know what is.

Satellite tracking is the focus of some interesting projects. We’ve even seen a project that points out satellite positions by shining a laser into the sky.

Software Defined Radio App Store

May 7, 2016 by 87 Comments

Software defined radios (SDRs) can–in theory–do almost anything you need a radio to do. Voice? Data? Frequency hopping? Trunking? No problem, you just write the correct software, and you are in.

That’s the problem, though. You need to know how to write the software. LimeSDR is an open source SDR with a crowdfunding campaign. By itself, that’s not anything special. There are plenty of SDR devices available. What makes LimeSDR interesting is that it is using Snappy Ubuntu Core as a sort of app store. Developers can make code available, and end-users can easily download and install that code.

Continue reading “Software Defined Radio App Store”

Build Your Own GSM Base Station For Fun And Profit

April 8, 2016 by 35 Comments

Over the last few years, news that police, military, and intelligence organizations use portable cellular phone surveillance devices – colloquially known as the ‘Stingray’ – has gotten out, despite their best efforts to keep a lid on the practice. There are legitimate privacy and legal concerns, but there’s also some fun tech in mobile cell-phone stations.

Off-the-shelf Stingray devices cost somewhere between $16,000 and $125,000, far too rich for a poor hacker’s pocketbook. Of course, what the government can do for $100,000, anyone else can do for five hundred. Here’s how you build your own Stingray using off the shelf hardware.

[Simone] has been playing around with a brand new BladeRF x40, a USB 3.0 software defined radio that operates in full duplex. It costs $420. This, combined with two rubber duck antennas, a Raspberry Pi 3, and a USB power bank is all the hardware you need. Software is a little trickier, but [Simone] has all the instructions.

Of course, if you want to look at the less legitimate applications of this hardware, [Simone]’s build is only good at receiving/tapping/intercepting unencrypted GSM signals. It’s great if you want to set up a few base stations at Burning Man and hand out SIM cards like ecstasy, but GSM has encryption. You won’t be able to decrypt every GSM signal this system can see without a little bit of work.

Luckily, GSM is horribly, horribly broken. At CCCamp in 2007, [Steve Schear] and [David Hulton] started building a rainbow table of the A5 cyphers that is used on a GSM network between the handset and tower. GSM cracking is open source, and there are flaws in GPRS, the method GSM networks use to relay data transmissions to handsets. In case you haven’t noticed, GSM is completely broken.

Thanks [Justin] for the tip.

SDR Cape For BeagleBone

March 23, 2016 by 26 Comments

In the old days if you wanted to listen to shortwave you had to turn a dial. Later, you might have been able to tap in a frequency with a keypad. With modern software-defined radio (and the right hardware) you can just listen to the entire high-frequency spectrum at one time. That’s the idea behind KiwiSDR, an open source daughterboard (ok, cape) for the BeagleBone.

The front end covers 10 kHz to 30 MHz and has a 14-bit converter operating at 65 MHz. There is a Xilinx Artix-7 A35 FPGA onboard and a GPS, too. The design is open source and on GitHub.

The interface uses the OpenWebRX project for a powerful HTML 5 interface. You can see a video of its operation below or, if you can get one of the four available slots, you can listen online. From a network point of view, the demo station in Canada worked best for us. However, there are also stations in New Zealand and Sweden.

Continue reading “SDR Cape For BeagleBone”

RF Hacking: How-To Bypass Rolling Codes

March 6, 2016 by 19 Comments

The RF signal transmitted from a modern key fob and received by the associated vehicle is only used once. If the vehicle sees the same code again it rejects the command, however there is a loophole in those carefully chosen words. The code must be received by the vehicle’s computer before it can be added to the list of spent codes. [AndrewMohawk] goes through the process of intercepting a code sent from a key fob transmitter and preventing the vehicle from receiving it in a thorough post to his blog. You can see this attack working in his studio quality reenactment video after the break.

[Andrew] uses the YARD Stick One (YS1) which is a sub-GHz wireless tool that is controlled from a computer. The YS1 uses RfCat firmware, which is an interactive python shell that acts as the controller for the wireless transceiver.

This system is not without its problems: different frequencies are often used for different commands, [Andrew]’s scripts are designed to work with On-Off keying (OOK) leaving it useless when attacking a system that uses Frequency-Shift Keying (FSK). There is also the issue of rendering a target key fob non-functional but you’ll have to pop over to [Andrew]’s blog to read more about that.

Continue reading “RF Hacking: How-To Bypass Rolling Codes”