Decoding the LoRa IoT Protocol with an RTL-SDR

The internet of things is set to become the next big thing in technology. The IoT consists of multiple networked devices such as sensors and computers connected in various ways such as via wireless communication protocols. LoRa is an abbreviation of “Long Range” and is one such wireless protocol that is being used in IoT devices. 

[LoRa] is a radio modulation format that gives longer range than straight FSK modulation. This is achieved by a combination of methods: it uses a spread spectrum technique called Chirp Spread Spectrum (CSS) and it uses forward error coding (in combination with whitening and interleaving).

Over at the RevSpace hackerspace, a hardware hacker called bertrik has been working with his RTL-SDR to try and reverse engineer the LoRa protocol. His goal is to make it so that anyone can receive and decode LoRa signals without needing to purchase specific hardware that supports the modulation. The reverse engineering work is not yet finished, but bertrik has already determined many parts of the protocol by looking at the signals in Audacity. He also writes that there is currently a ready made LoRa decoder available for sdrangelove, a Linux based SDR receiver application similar to GQRX and SDR#.

You might also be interested in this previous article we posted about the Z-Wave wireless networking protocol being hacked with a HackRF.

LoRa signals received in the frequency spectrum.
LoRa signals received in the frequency spectrum.

One comment

  1. Wolfgang Klenk

    In gqrx, how did you manage to make the signal visible in the waterfall diagram in this resolution? One can even see the ramps. I did not find a way to “focus in” that way that I can see the signal in this detail. I would also like to see the signal in FSK modulation, I should be able to see the frequency changes.

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>