Category: HackRF

Bouncing LoRa Signals off the Moon with a HackRF

One part of the amateur radio hobby is 'EME', or Earth-Moon-Earth. The idea is to bounce radio signals off the surface of the moon, and have them received over a vast distance. Typically weak signal amateur radio modulation schemes such as JT65 are used due to their ability to be decoded even with the very weak signals that come back from the moon bounce.

Recently a group of students from the College of New Jersey are attempting to bounce signals off the moon using the LoRa modulation scheme. LoRa is a modulation scheme designed to be used with IoT devices, however it also has great performance when signals are weak so it's a good candidate for moon bounce.

The students are using a HackRF and the SDR-Angel software with the signal being transmitted in the amateur radio bands at 1296 MHz. The antenna hardware consists of an 1296 MHz feedhorn attached to an 8-meter dish. They hope that the use of LoRa modulation can reduce the power requirements for EME.

The main goal of this project is to establish Earth-Moon-Earth communication with LoRa modulated signals. There are three main goals that this project is trying to accomplish. The three goals of our project are to reflect a signal off the Moon and receive it back here in New Jersey, transmit a signal from here in New Jersey, bounce it off of the Moon, and then receive the signal on a dish located in Alaska, and our final goal for this project is to establish two way communication between New Jersey and Alaska.

Our initial approach to this project is to use SDRAngel to modulate and demodulate our signal. SDRAngel is a free, open-source software that we can use to transmit and receive signals via SDR (Software Defined Radio).

Our modulation technique, LoRa, uses Chirp Spread Spectrum modulation that allows for low power, long range transmissions at the cost of a low data rate.

The peripheral of choice for this project is the HackRF One, a SDR peripheral that allows us to send and receive signals.

This story was also presented on Hackaday.

Bouncing LoRa Signals Off the Moon - TCF 2023, track 5, TCNJ student presentations

Great Scott Gadgets to Develop a Universal Radio Test Instrument (URTI)

Great Scott Gadgets (GSG), creators of the HackRF, YARD Stick One and Great FET (among other products) have announced that they are developing a device called a "Universal Radio Test Instrument (URTI)". They note that:

URTI will offer radio amateurs, researchers, educators, and professionals an affordable, compact RF test tool that could be used in place of multiple expensive pieces of traditional radio test equipment.

Our goal for URTI is to design a single hardware platform capable of serving as many popular types of one-port or two-port RF test instruments. We plan to build a directional coupler into a wideband, full-duplex SDR platform to enable URTI to function as a:

  • spectrum analyzer
  • vector network analyzer
  • vector signal generator
  • vector signal analyzer
  • antenna analyzer
  • power meter
  • frequency counter
  • full-duplex SDR transceiver

The design and hardware of the URTI appear to still be in the very early stages, with nothing other than early component lab tests released yet. However, given the track record of GSG products, we expect that they will release a high quality and completely open source product in time. We look forward to tracking the progress of the URTI.

More information about the device is available at https://greatscottgadgets.com/2023/05-04-development-of-a-universal-radio-test-instrument

Guglielmo FM and DAB Receiver Software Updated to Version 0.5

Thank you to Marco, the programmer of Guglielmo for letting us know that his software has recently been updated to Version 0.5.

Guglielmo is a Linux, Windows (and in this recent update x86 MacOS) based RTL-SDR FM and DAB tuner software that supports SDRs including the RTL-SDR, Airspy, SDRplay, HackRF and LimeSDR. It is designed to be an easy to use program designed for media users, rather than hobbyist technical users.

Regarding the release of Version 0.5, Marco writes:

This release sports full mac (x86 only, sorry) and windows installers, DAB and FM scans and a preset editor.

Guglielmo: Screenshot of the DAB Interface

Hacking Beepers at a Fish & Chip Shop with an RTL-SDR and HackRF

Over on YouTube Paul from "Tall Paul Tech" has uploaded a video showing how he was able to reverse engineer the wireless protocol used by a simple restaurant beeper (aka 'burger pager') notification system that is used to let customers know when their food is ready.

By reading the label on the base unit, Paul found that the beeper system transmits at 433 MHz. He was then able to record it's transmissions with an RTL-SDR. Then using Inspectrum, he was able to determine the bit string and the symbol period.

From there he was able to use a GNU Radio program to replicate the signal, allowing him to use a HackRF to activate the beepers on demand.

In the past we've posted similar stories [1][2][3].

Hacking A Fish & Chip Shop

Tech Minds: Testing an RTL-SDR Wideband Scanner with WebUI

Over on YouTube Matt from the Tech Minds YouTube channel has put up a video demonstrating an open source program released on GitHub called "RTL SDR Scanner", or "rtl-sdr-scanner-cpp". This program is compatible with RTL-SDR and HackRF software defined radios, and allows users to record multiple analogue FM audio channels within the active bandwidth simultaneously. 

To get a wider bandwidth, you can use a HackRF as your SDR, or you can also use multiple RTL-SDR dongles, or a device like the KrakenSDR which has multiple RTL-SDRs built into it. Alternatively, you can also have the software scan a much larger swath of bandwidth, however this could result in some transmissions being missed. 

The audio is recorded as a wav file, and can be accessed through a web UI. We note that currently only FM recordings are supported but AM may be supported in the future.

RTL SDR Scanner - FULL Bandwidth Recording With WEB UI

SDRangel Now Available on Android: Mobile ADS-B, AIS, APT, Digital Voice, POCSAG, APRS, RS41 Radiosonde Decoders

SDRangel is a free open source software defined radio program that is compatible with many SDRs, including RTL-SDRs. SDRAngel is set apart from other programs because of it's huge swath of built in demodulators and decoders.

Thank you to reader Jon for writing in and noting that SDRangel has recently been released for Android as a free Google Play download. This is an amazing development that could open up many doors into portable decoding setups as the Android version supports almost every decoder implemented on the desktop version. Jon writes:

It includes most of the functionality of the desktop version of SDRangel, including:

  • AM, FM, SSB, Broadcast FM and DAB, AIS, ADS-B, Digital Voice (DMR, dPMR, D-Star, FreeDV), Video (DVB-S, DVB-S2, NTSC, PAL), VOR, LoRa, M17, Packet (AX.25), Pager (POCSAG), Radiosonde (RS41), Time signal (MSF, DCF77, TDF and WWVB) modems.
  • RTL SDR, Airspy, Airspy HF, LimeSDR, HackRF and SDRplay support via USB OTG as well as networked SDRs
  • 2D and 3D signal analysis in both time and frequency domain with statistical measurements of SNR, THD, THD+N, SINAD, SFDR and channel power
  • Satellite tracker, star tracker, maps and rotator controller

It should work on Android 6 and up. It’s a straight port of the desktop application, so although it will run on a phone, probably best used on a large tablet with a stylus or mouse.

SDRangel on Android
SDRangel on Android
SDRangel

Car Hacking in the Mr Robot TV Show Explained

Over on YouTube David Bombal has uploaded a video titled "Warning! This is how cars are hacked. Just like in Mr Robot." which explains how the car hacking scenes in Mr Robot worked. Mr Robot is a TV drama series about cybersecurity hackers, and it is known for portraying realistic hacks and scenarios. Back in 2019 we posted about an episode where they used a HackRF and Raspberry Pi to jam a garage door, before using the HackRF as an IMSI catcher. RTL-SDRs were also briefly used in some episodes.

David's video goes into greater detail about how realistic the hacking concepts displayed in the Mr Robot series are and if they would work in real time. In this video he goes into particular detail about car hacking. He uses a HackRF and RTL-SDR and demonstrates attacks like jamming, and signal replay.

This video is a part of a series exploring the hacks shown on Mr Robot. The full playlist can be found here.

Warning! This is how cars are hacked. Just like in Mr Robot.

HackRF Opera Cake Released: A Rapid RF Switching Board

Back in 2016 Michael Ossmann, founder of Great Scott Gadgets and creator of the HackRF released schematics for 'Opera Cake', a rapid RF switching add on board for the HackRF. We also saw back in a January 2018 post how Opera Cake was capable of being used as the switching hardware for Pseudo-Doppler direction finding. Up until now Opera Cake has only been available as a schematic, for advanced hackers who could produce and build the board themselves.

Earlier this week Opera Cake was released for sale via various resellers in the US, UK and EU. The pricing from the US reseller is US$190.

Opera Cake is an antenna switching add-on board for HackRF One that is configured with command-line software either manually, or for automated port switching based on frequency or time. It has two primary ports, each connected to any of eight secondary ports, and is optimized for use as a pair of 1x4 switches or as a single 1x8 switch. Its recommended frequency range is 1 MHz to 4 GHz.

When HackRF One is used to transmit, Opera Cake can automatically route its output to the appropriate transmit antennas, as well as any external filters, amplifiers, etc. No changes are needed to the existing SDR software, but full control from the host is available.

Opera Cake also enhances the HackRF One’s use as a spectrum analyzer. Antenna switching works with the existing hackrf_sweep feature, which can sweep the whole tuning range in less than a second. Automatic switching mid-sweep enables the use of multiple antennas when sweeping a wide frequency range.

Opera Cake connected to multiple antennas
Opera Cake connected to multiple antennas