A Review of the HackRF PortaPack (With Havoc Firmware)

The PortaPack is a US$220 add-on for the HackRF software defined radio (HackRF + PortaPack + Accessory Amazon bundle) which allows you to go portable with the HackRF and a battery pack. It features a small touchscreen LCD and an iPod like control wheel that is used to control custom HackRF firmware which includes an audio receiver, several built in digital decoders and transmitters too. With the PortaPack no PC is required to receive or transmit with the HackRF.

Of course as you are fixed to custom firmware, it's not possible to run any software that has already been developed for Windows or Linux systems in the past. The official firmware created by the PortaPack developer Jared Boone has several decoders and transmitters built into it, but the third party 'Havoc' firmware by 'furrtek' is really what you'll want to use with it since it contains many more decoders and transmit options.

As of the time of this post the currently available decoders and transmit options can be seen in the screenshots below. The ones in green are almost fully implemented, the ones in yellow are working with some features missing, and the ones in grey are planned to be implemented in the future. Note that for the transmitter options, there are some there that could really land you in trouble with the law so be very careful to exercise caution and only transmit what you are legally allowed to.

Some screenshots from the HackRF Portapack Havok Firmware
Some screenshots from the HackRF Portapack Havoc Firmware
More Havok firmware screenshots from the GitHub page.
More Havoc firmware screenshots from the GitHub page.

Although the PortaPack was released several years ago we never did a review on it as the firmware was not developed very far beyond listening to audio and implementing a few transmitters. But over time the Havok firmware, as well as the official firmware has been developed further, opening up many new interesting applications for the PortaPack.

Doing a replay attack on a wireless keyfob using the Portapack.
Doing a replay attack on a wireless keyfob using the PortaPack.

Testing the PortaPack with the Havoc Firmware

Capture and Replay

One of the best things about the PortaPack is that it makes capture and replay of wireless signals like those from ISM band remote controls extremely easy. To create a capture we just need to enter the "Capture" menu, set the frequency of the remote key, press the red 'R' Record button and then press the key on the remote. Then stop the recording to save it to the SD Card.

Now you can go into the Replay menu, select the file that you just recorded and hit play. The exact same signal will be transmitted over the air, effectively replacing your remote key.

We tested this using a simple remote alarm system and it worked flawlessly first time. The video below shows how easy the whole process is.

Portapack Microphone Transmitter
PortaPack Microphone Transmitter

Microphone TX

Using the 3.5mm audio jack the Portapack can also be used as a standard Push to Talk or voice activated walkie talkie radio. With a microphone plugged into the audio jack simply hold down the right button to push to talk. If required you can also enable multiple CTCSS tone options, as well as tones that look like they enable transmission to wireless headphones.

Portapack SSTV Transmitter
PortaPack SSTV Transmitter

Other Transmitters

We also briefly tried transmitting with the SSTV feature and we were easily able to receive the transmitted image on a PC using an RTL-SDR and SSTV decoding software. Other ham modes available for transmitting include APRS and Morse code.

There is also a generic OOK transmitter which can be programmed with custom data. This mode might be useful for experimenting with simple keyfobs, or things like home automatation switches.

What might be disturbing to some is that there are also numerous transmit modes implemented that are illegal in most countries and could get you into huge trouble. One obvious one is the signal jammer. To test the jammer we connected the PortaPack to a dummy load to prevent the signal from travelling more than a few centimeters away, and placed an RTL-SDR with antenna nearby. With that it was easy to see the jamming signal as shown in the image below.

Jamming with the Portapack
Jamming with the PortaPack

There are also more niche troubling transmitters implemented such as the NTTworks burger pager transmitter, which presumably activates some of those small pagers that you receive at some restaurants to tell you when the food is ready. There is also a Keyfob transmitter which looks like it might possibly be able to lock and unlock certain models of older flawed Subaru vehicles. Then there's a BHT Xy/EP transmitter which we think might be able to turn on and off street lights in some European countries, and the implementation of TEDI/LCR which is possibly used for French electronic street signs. Also troubling is the implementation of an ADS-B and POCSAG transmitter.

If you are experimenting with the PortaPack and the aptly named 'Havoc' firmware be very careful not to activate these modes unless you have some legit purpose as they could indeed cause some serious trouble, possibly even landing you in jail.

Receivers

By connecting speakers to the Portapack's 3.5mm audio jack we were easily able to listen in on standard NFM and WFM audio signals. The displayed bandwidth is only as wide as the signals are, so it can be a bit hard to explore the frequency bands if you don't already known the frequencies, so we'd recommend having a frequency list handy first.

Receiving WFM and NFM audio with the Portapack.
Receiving WFM and NFM audio with the PortaPack.

We also tested ADS-B reception with our ADS-B LNA. The bias tee on the HackRF can be easily enabled on the PortaPack by selecting the inductor and lightning symbol on the top right. With the bias tee enabled we were able to receive aircraft.

Conclusion

The PortaPack is a very handy partner to the HackRF. It allows you to experiment with, record, listen, decode and transmit RF signals out in the field, without the need for any computer. You do need to be responsible and careful with the device though, as there is the huge potential of getting in trouble with it if you start transmitting illegal things.

The biggest use that we see for the PortaPack is for testing capture and replay attacks, and perhaps for capturing IQ data out in the field, for later analysis back in the lab on a computer. But many of the receivers and transmitters implemented can be fun to play around with too.

Subscribe
Notify of
guest

35 Comments
Inline Feedbacks
View all comments
Anonymous

Your comment is so much worse, Reddit.

terry mensen

So this is a battery powered product that one needs to turn on/off. No documentation on this but tapping in on the rotary knob will turn it off. Long single tap will turn it back on again. Usually it powers up if the USB is connected. (((((((((((((((((((((Power off: Two Taps)))))))))))))))))))
(((((((((((((((((((((power on: One tap))))))))))))))))))

Though I saw this nowhere I discovered it while using the unit.
I was getting ready to put a switch on the battery….good thing I found this.
Still having trouble with the ADSB world map, but I found a sample sdcard contents and installed the contents to a sd card and installed it.

Nat

I have come looking for a solution with that exact use case. I am not sure where to go to find the sdcard contents. Can you point us in the right direction?

deez

Literally right above the firmware on their github.

Willard

I’ve procured the Chinese portapack setup, from Banggood and he pulls in ADSB reception very well, with his stock antenna. No external amp needed.

Pac-Man

At what distance can this device continue to capture and relay signals from key fob/ remotes ? I assume there is an antenna that is needed?

Timmy

Probably more than a half a meter (~20″) and definitely far far less than 2299km (~1429 miles; ~20% of the diameter of earth) at a guess 🙂
https://twitter.com/argilo/status/501515208280375296
https://twitter.com/argilo/status/501421835364630529
(WSPR is a special digital mode, transmitting only 50 bits of data which are encoded with lots of error correction codes at low power over 2 minutes. So not the same as a typical keyfob. But just an example to give you an idea of how difficult your question is to answer without ALL the information. The exact make and model of all the hardware and ideally FCC certification numbers, transmit frequency (needed for calculations using the FSPL equation), modulation used, forward error correcting codes used, with transmit and receive antenna gains.)

So with I’ll answer your vague question with an equally vague answer, probably about half the length of a room (That room might be a massive empty concert hall or maybe a very small empty janitor’s closet).

John

This comment impresses no one, and will be posted to r/iamverysmart to laugh at you in unison. Go outside. Touch grass. Get sunlight. No one cares about your specific subset of knowledge and how superior it makes you feel.

Norman Crompton.

Which button battery is used in the Porta pak 2016, 2025, 2032?
What is the highest gigabyte capacity sd card can be used in a Hack RF Porta Pack?

Dirk

Battery: 2032
uSD Card: don’t know the limit, but FAT32 adresses 32 GB directly, so I use this capacity.

Andy

I used h2format to format a 64GByte card with fat32. No issues so far.

Comms

That’s quite the throne you are sitting on. I keep forgetting that anti-intellectualism has become so trendy and fashionable.

As a society, we are fortunate that you’ve elected yourself to be one of many leaders in the “Race to the base” of the IQ scale and we all owe you a great debt of gratitude.

In my view, the answer was accurate, specific and respectful, considering the question was indeed rather vague (akin to asking “How long is a piece of string?”

If anything, it offered insight into many fundamental concepts for further research in the field of RF communications. Why spend money on something you don’t feel like learning? I hope the OP was able to gain some insight from this.

Anyhow, if you’re looking for me, I’ll be out back touching grass and getting some sun. It’s likely I’ll be reading a book, because I value knowledge far more than online trolling.

James french

You sir, inspire me. Shame on this new generation and their idiotic idea that society “owes” them anything. Read a book, take a class or for Christ sake, GET A JOB!!

Claudio A. Periolo

Buy hackrf and portapack on aliexpres.com, perfect, everything works and well, it is worth it, it just does not have the transceiver function and does not transmit on ssb.

Bob

So many degenerates in these comments.

doe

agree

Clint

There’s no degenerate comments here. Quit taking meth and get a job. Ur life will improve

bubba

so many trailer park names in the comments.

gerryk

Having issues building due to compiler incompatibilities.
Can you post the firmware you used?

unixpunk
gerryk

Cheers. I got it compiling in the end.

max

hi I bought a PortaPack last week and the LCD is not working, what do I do?

Onkel

Is this worth buying today? Hackrf is old hardware and portapack too. 700$ is not exactly cheap. I love the idea but will there be anything like this but new version?

Hackrf 2.0
Limesdr mini

Adrian

80-100 euro – hackrf one (board from China, YES is working very well)
120 euro – portapack (from China, I didn’t tried it, yet.)

gerryk

I have a Chinese HackRF & Portapack. Both work well. Noisefloor on the HackRF is roughly the same as my previous GreatScott unit. Occasional hangs when I go to Capture Mode on Havoc f/w. but that could be a firmware issue.

RadioEarz

“….be very careful not to activate these modes unless you have some legit purpose as they could indeed cause some serious trouble, possibly even landing you in jail.”

Two years inside for building, owning or operating a mobile phone jammer in Australia, ouch.

Although as a clean skin SDR geek you will probably get 6 month first offence.

Siva_Tango_Delta

Backed HackRF on KS & love it.
Is the PortaPack software available for use on other platforms so we can use it on a laptop, tablet or cell phone?

unixpunk

@Siva_Tango_Delta – No, only runs on the little processor on the portapack I believe, not sure it can be cross-compiled due to the specific hardware used.

Are you sure ?

I’m about 99% sure that all the code runs on processor in the HackRF.

unixpunk

Nope not 100% sure at all, doesn’t really change things IMO though. Let us know how it goes!

Care to check again ?

#hackrf: There’s no processor on the PortaPack H1, it’s all going on in the HackRF One’s LPC4320.

Short: No

> Is the PortaPack software available
The full GPL source code is available.
https://github.com/sharebrained/portapack-hackrf
https://github.com/furrtek/portapack-havoc

> For use on other platforms so we can use it on a laptop, tablet or cell phone?
Short answer: Nope.

Long answer: Your question is a lot like asking can the engines from a Saturn V rocket be installed on a pickup truck. The software is custom written and extremely optimized for one physical device, to modify that would require a massive amount of work and some crazy outside the box thinking. Even then not everything will function. There will be latency issues, with the CPU directly connected to the ADC/DAC latency is of the order of nanoseconds to microseconds (Port-a-pack). But accessing an SDR over USB 2.0 the latency is in the order of milliseconds, somethings will just never work with 1000 times the delay (two way protocol handshakes).