Homebrew SDR HF transceiver


Simonhk (G0FCU) wrote a series of posts on building homebrew SDR HF transceiver:

However, what you might notice is the presence of image products in the waterfall. The processing of the signal suppresses all but the very strongest of these so they don’t appear as audio but it is mighty confusing when they are on the waterfall but actually not there (if you see what I mean)!
I am in the process of building a QSD or Tayloe Detector, which should provide better rejection of images. I have breadboarded one of these, it works but not very well. I think that this might be due to the length of leads I have on the breadboard so I am trying to use Eagle CAD to design a circuit board to overcome these problems.

Check out the video after the break.


An open source VOR receiver for Airspy and RTL-SDR


A simple VOR receiver for Airspy and RTL-SDR called Vortrack by Thierry Leconte, that is available on GitHub:

In the past we’ve seen several other posts about RTL-SDRs being used to decode VOR signals, but Thierry’s implementation appears to be the easiest way to get a bearing straight away. You’ll get the most use out of the software if you install it on a portable device like a Raspberry Pi and take it out for a drive as you’ll be able to see the VOR angle changing then.

Via RTL-SDR.com.

A digital communication project using OFDM and 32-QAM

1OFDM system

Tahmid blogged about a digital communication project using OFDM and 32-QAM as their ECE4670 final project:

This builds on a previous lab, where orthogonal frequency division multiplexing (OFDM) is used with on/off keying to send data over the channel. This scheme achieved a data rate of about 14,000 bits per second with zero errors, resulting in a figure of merit of about 14,000. The high performance design utilizes orthogonal frequency division multiplexing (OFDM) and quadrature amplitude modulation (QAM) to achieve a figure of merit much higher than the previous lab.
The overall OFDM system block diagram is shown below (taken from Professor Wagner’s course’s Scribe notes)

See the full post on his blog.

SDR radio breathes life into a 75 year old Marconi CR100



Jon Hudson over at DesignSpark‎ writes:

This is a belated post of a fun project we did for RS Components. With the upcoming 80th anniversary of the founding of ‘RadioSpares’ – the original name for UK-based RS-Components, and the creation of an “Engineers’ Playground” as a feature of the 2016 Electronica event in Munich, we thought it might be fun to create an exhibit which could celebrate aspects of Radio receivers spanning that whole period. What if we were to take an ancient short wave receiver from the late nineteen thirties with its magnificent construction and rugged controls, and to replace the circuitry with a modern Software Defined Radio from SDRplay? What a great combination that would be! And so the project began.

More details at rs-online.com

Shmoocon 2017: A Simple Tool For Reverse Engineering RF

Anyone can hack a radio, but that doesn’t mean it’s easy: there’s a lot of mechanics that go into formatting a signal before you can decode the ones and zeros.

At his Shmoocon talk, [Paul Clark] introduced a great new tool for RF Reverse Engineering. It’s called WaveConverter, and it is possibly the single most interesting tool we’ve seen in radio in a long time.

If you wanted to hack an RF system — read the data from a tire pressure monitor, a car’s key fob, a garage door opener, or a signal from a home security system’s sensor — you’ll be doing the same thing for each attack. The first is to capture the signal, probably with a software defined radio. Take this data into GNU Radio, and you’ll have to figure out the modulation, the framing, the encoding, extract the data, and finally figure out what the ones and zeros mean. Only that last part, figuring out what the ones and zeros actually do, is the real hack. Everything before that is just a highly advanced form of data entry and manipulation.

[Paul]’s WaveConverter is the tool built for this data manipulation. Take WaveConverter, input an IQ file of the relevant radio sample you’d like to reverse engineer, and you have all the tools to turn a radio signal into ones and zeros at your disposal. Everything from determining the preamble of a signal, figuring out the encoding, to determining CRC checksums is right there.

All of this is great for reverse engineering a single radio protocol, but it gets even better. Once you’re able to decode a signal in WaveConverter, it’s set up to decode every other signal from that device. You can save your settings, too, which means this might be the beginnings of an open source library of protocol analyzers. If someone on the Internet has already decoded the signals from the keyfob of a 1995 Ford Taurus, they could share those settings to allow you to decode the same keyfob. This is the very beginnings of something very, very cool.

The Github repo for WaveConverter includes a few sample IQ files, and you can try it out for yourself right now. [Paul] admits there are a few problems with the app, but most of those are UI changes he has in mind. If you know your way around programming GUIs, [Paul] would appreciate your input.

Filed under: cons, radio hacks

Shmoocon 2017: So You Want To Hack RF

Far too much stuff is wireless these days. Home security systems have dozens of radios for door and window sensors, thermostats aren’t just a wire to the furnace anymore, and we are annoyed when we can’t start our cars from across a parking lot. This is a golden era for anyone who wants to hack RF. This year at Shmoocon, [Marc Newlin] and [Matt Knight] of Bastille Networks gave an overview of how to get into hacking RF. These are guys who know a few things about hacking RF; [Marc] is responsible for MouseJack and KeySniffer, and [Matt] reverse engineered the LoRa PHY.

In their talk, [Marc] and [Matt] outlined five steps to reverse engineering any RF signal. First, characterize the channel. Determine the modulation. Determine the symbol rate. Synchronize a receiver against the data. Finally, extract the symbols, or get the ones and zeros out of the analog soup.

From [Marc] and [Matt]’s experience, most of this process doesn’t require a radio, software or otherwise. Open source intelligence or information from regulatory databases can be a treasure trove of information regarding the operating frequency of the device, the modulation, and even the bit rate. The pertinent example from the talk was the FCC ID for a Z-wave module. A simple search revealed the frequency of the device. Since the stated symbol rate was twice the stated data rate, the device obviously used Manchester encoding. These sorts of insights become obvious once you know what you’re looking for.

In their demo, [Marc] and [Matt] went through the entire process of firing up GNU Radio, running a Z-wave decoder and receiving Z-wave frames. All of this was done with a minimum of hardware and required zero understanding of what radio actually is, imaginary numbers, or anything else a ham license will hopefully teach you. It’s a great introduction to RF hacking, and shows anyone how to do it.

Filed under: cons, radio hacks

Software Defined Radio IC Decap: R820/RTL2832U


Software Defined Radio teardown: R820/RTL2832U Decap

Recently there has been much interest in two integrated circuit which were originally designed to receive FM radio and DVB-T TV (as used in Europe).
Some enterprising people quickly realised that since they were based on software-defined techniques they could be quickly re purposed for all sorts of clever things.
I bought one of Amazon and de-capped the two main ASICs inside.
The 1st one was the TV tuner from Rafael Micro, the R820
The 2nd is the COFDM demodulator from Realtek, the RTL2832U

More details at Electronupdate blog.

Check out the video after the break.

Portable Classroom Upgrade: Smaller, Cheaper, Faster

[Eric] at MkMe Lab has a dream: to build a cheap, portable system that provides the electronic infrastructure needed to educate kids anywhere in the world. He’s been working on the system for quite a while, and has recently managed to shrink the suitcase-sized system down to a cheaper, smaller form-factor.

The last time we discussed [Eric]’s EduCase project was as part of his Hackaday Prize 2016 entry. There was a lot of skepticism from our readers on the goals of the project, but whatever you think of [Eric]’s motivation, the fact remains that the build is pretty cool. The previous version of the EduCase relied on a Ku-band downlink to receive content from Outernet, and as such needed to stuff a large antenna into the box. That dictated a case in the carry-on luggage size range. The current EduCase is a much slimmed-down affair that relies on an L-band link from the Inmarsat satellites, with a much smaller patch antenna. A low-noise amp and SDR receiver complete the downlink, and a Raspberry Pi provides the UI. [Eric]’s build is just a prototype at this point, but we’re looking forward to seeing everything stuffed into that small Pelican case.

Yes, Outernet is curated content, and so it’s not at all the same experience as the web. But for the right use case, this little package might just do the job. And with a BOM that rings up at $100, the price is right for experimenting.

[via r/raspberry_pi]

Filed under: misc hacks

Five-Watt SDR Transciever for Hams

The availability of cheap SDR hardware created a flourishing ecosystem for SDR software, but a lot of the hardware driving the revolution was still “cheap”. In the last few years, we’ve seen quality gear replacing the TV dongles in many setups, and down-converters designed for them to allow them to work on the ham bands.

But something that’s purpose-built might be a better option if ham radio, particularly the shortwave portion thereof, is your goal. First off, you might want to transmit, which none of the TV dongles allow. Then, you might want a bit of power. Finally, if you’re serious about short-wave, you care more about the audio quality than you do immense bandwidth, so you’re going to want some good filters on the receiving end to help you pull the signal out of all the noise.

rs-hfiq_block_diagram_featuredThe RS-HFIQ 5 W SDR transciever might be for you. It’s up on Kickstarter right now, and it’s worth looking at if you want a fully open source (schematics, firmware, and software) shortwave SDR rig. It’s also compatible with various open frontends.

The single-board radio isn’t really a full SDR in our mind — it demodulates the radio signal and sends a 96 kHz IQ signal across to your computer’s soundcard where it gets sampled and fully decoded. The advantage of this is that purpose-built audio rate DACs have comparatively high resolution for the money, but the disadvantage is that you’re limited to 96 kHz of spectrum into the computer. That’s great for voice and code transmissions, but won’t cut it for high-bandwidth data or frequency hopping applications. But that’s a reasonable design tradeoff for a shortwave.

Still, an SDR like this is a far cry from how simple a shortwave radio can be. But if you’re looking to build up your own SDR-based shortwave setup, and you’d like to hack on the controls more than on the radio itself, this looks like a good start.

Filed under: radio hacks