Back in August 2019 the Chaos Communication Camp was held in Germany. This is a 5 day conference that covers a variety of hacker topics, sometimes including SDR. At the conference Osmocom developer Harald Welte (aka @LaF0rge) presented a talk titled "The Limits of General Purpose SDR devices". The talk explains how general purpose TX capable SDRs like HackRFs and LimeSDRs have their limitations when it comes to implementing advanced communications systems like cellular base stations.
Why an SDR board like a USRP or LimeSDR is not a cellular base station
It's tempting to buy a SDR device like a LimeSDR or USRP family member in the expectation of operating any wireless communications system out there from pure software. In reality, however, the SDR board is really only one building block. Know the limitations and constraints of your SDR board and what you need around it to build a proper transceiver.
For many years, there's an expectation that general purpose SDR devices like the Ettus USRP families, HackRF, bladeRF, LimeSDR, etc. can implement virtually any wireless system.
While that is true in principle, it is equally important to understand the limitations and constraints.
People with deep understanding of SDR and/or wireless communications systems will likely know all of those. However, SDRs are increasingly used by software developers and IT security experts. They often acquire an SDR board without understanding that this SDR board is only one building block, but by far not enough to e.g. operate a cellular base station. After investing a lot of time, some discover that they're unable to get it to work at all, or at the very least unable to get it to work reliably. This can easily lead to frustration on both the user side, as well as on the side of the authors of software used with those SDRs.
The talk will particularly focus on using General Purpose SDRs in the context of cellular technologies from GSM to LTE. It will cover aspects such as band filters, channel filters, clock stability, harmonics as well as Rx and Tx power level calibration.
The talk contains the essence of a decade of witnessing struggling SDR users (not only) with running Osmocom software with them. Let's share that with the next generation of SDR users, to prevent them falling into the same traps.
The LimeNet Micro is a is a $329 board that combines a Raspberry Pi 3 (compute module) together with a LimeSDR radio. The LimeRFE is an amplifier and filter board accessory designed to be used with LimeSDR units. When a LimeNET Micro and LimeRFE are used together, it is possible to create a transmit capable radio system that can be used for amateur radio.
In terms of software, Daniel is using a Python script that communicates with the Limesuite API for PTT control. For transmitting IQ data generated by GNU Radio he uses limesdr_send. So far he's been able to successfully test a CW beacon, SSB voice and waterfall text generated by gr-paint.
The LimeRFE is a power amplifier and filter bank solution designed for the low cost TX capable LimeSDR software defined radios. It has multiple bands from HF all the way up to 3.5 GHz, and is capable of putting out about 2W on the HF bands. Currently LimeRFE is crowdfunding over on CrowdSupply with a cost of US$599 or alternatively there is now a cheaper unit for US$449 without support for the cellular bands. The campaign is active for 4 more days from the time of this post, and after that the price is due to rise by another US$100.
The team at LimeMicro sent a unit to Daniel Estévez (EA4GPZ) for testing, and he has recently posted about his results and thoughts when using the LimeRFE for WSPR transmission with a 15m long wire antenna. Daniel connected his LimeRFE to his LimeSDR and used WSJT-X piped into SDRAngel via Pulseaudio to transmit WSPR on the 10m band. He notes that for lower bands, the LimeRFE will still need additional low pass filtering to attenuate harmonics. SDRAngel cannot yet control the LimeRFE so he also created a simple Python script for this purpose.
Unfortunately Daniel's unit only achieved 25dBm instead of the advertised 33dB, but in LimeMicro's post they note that they believe that this is due to shipping damage. However, even with only 0.3W power, Daniel's transmissions from Madrid were able to be picked up in the Canary Islands, Netherlands and Northern England.
Es’hailsat, otherwise known as QO-100 is the first geostationary satellite with an amateur radio payload on-board. The satellite contains both a Wide Band transponder for experimental modes and DVB-S Digital Television and a Narrow Band transponder used mostly for SSB voice and some digital mode contacts with other amateur operators. If you’re unfamiliar with this satellite we’ve covered it in previous articles, like in [Es’hail Transponder Now Active]
While many choose to use a transverter connected to a traditional amateur transceiver, others have turned to use Software Defined Radios to complete their satellite ground stations.
[Radio Innovation] posted a video back in March showing his contact on QO-100 using a LimeSDR Mini as the 2.4 GHz transmitter and a 10 GHz LNB for the downlink.
Calling cq on QO-100 with LIMESDR
The PlutoSDR has been frequently seen used for QO-100 satellite operation on the Wide Band transponder due to its ease of DVB-S transmission utilizing software such as [DATV Express] but more recently there have been more and more operators turning to SDR for their day to day satellite operation.
It will be interesting to see how these stations evolve, perhaps by the time North America has access to a similar satellite, we’ll be prepared to operate it.
[@Lugigi Cruz] has announced on twitter that his latest PiSDR image now includes full PlutoSDR support. PiSDR is a pre-built Raspberry Pi distribution that supports several SDRs including the RTL-SDR. It comes with many applications and libraries ready for you to use some of which include GQRX and GNURadio Companion. PiSDR is available on [GitHub] and just needs to be burned to an SD card to be used. The PlutoSDR is a low cost (typically priced anywhere between $99 – $149 depending on sales) RX/TX capable SDR with up to 56 MHz of bandwidth and a 70 MHz to 6 GHz frequency range.
With this update support for the PlutoSDR has been added. This should allow for a host of new interesting uses for the image as it includes SDRAngel, an SDR application that works with transmit capable SDRs. While I’ve not yet tested the image myself, this should in theory mean that the PiSDR image could be used with a transmit capable SDR like a PlutoSDR or Lime/Mini SDR to both transmit and receive anything from DATV to voice and more.
Below you can see the image running the Raspbian desktop with the SDRAngel software connected to the PlutoSDR. Those with a keen eye may also see the LimeSDR mini laying on the desk s well. The concept of SDR on a small microcomputer such as the Raspberry Pi isn’t a new one, but the existence of this distribution makes it much easier for people to jump in and start using it without having to configure and install software from scratch which can sometimes be a daunting task.
Drone defense is a problem that is plaguing airports, cities, sensitive buildings and the military. These days anyone with a low cost off the shelf drone can cause havoc. Solutions so far have included net guns, drone deployed nets, wideband jammers, GPS spoofers, traditional and passive radar systems, visual camera detection, propeller noise detection, microwave lasers and SDR based point and shoot drone jamming guns like the IXI Dronekiller.
Both the expensive made for military IXI Dronekiller SDR gun, and the LimeSDR Dronesense work in a similar way. They begin by initially using their scanning feature to detect and find potential drone signals. If a drone signal is detected, it will emit a jamming signal on that particular frequency, resulting in the drone entering a fail-safe mode and either returning to base or immediately landing. Specifically targeting the drone's frequency should help make the jammers compliant with radio regulations as they won't jam other legitimate users at the same time. We note that this method might not stop drones using custom RF communications, or fully autonomous drones.
However, unlike the IXI Dronekiller gun, Dronesense requires no pointing and aiming of a gun like device. Instead it appears to be mounted on another drone, with an omnidirectional jamming antenna. It runs with a GNU Radio based flowgraph which decides if a detected signal is from a drone, and if so activates the jammer. Unfortunately the software and further details don't appear to be available due to non-disclosure agreements.
DroneSense Second Jamming Test (Software Defined Aerial Platform)
Galileo is a European Union owned satellite navigation system. Galileo was created so that the EU does not need to rely on the US GPS or the Russian GLONASS satellites, as there is no guarantee that these systems won't be purposely turned off or degraded by their governments at any time.
Unfortunately since July 11 the Galileo system has been out of service. Not much information about the outage has been provided, but it appears to be related to problems with the Italian ground based Precise Timing Facility which consists of two ultra high precision atomic clocks that keep the Galileo systems' reference time. (We note that recently within the last few hours of this post, most satellites seem to have come back into operational status, but the EGSA website still reports an outage.)
Over on his blog, Daniel Estevez has been using his LimeSDR and a small patch antenna to gather some more information about the outage directly from the Galileo satellites. His investigations found that the modulation and signal itself are still working correctly. However, by using the GNSS-SDR software to investigate the signal data he was able to obtain the ephemeris, and see that the ephemeris is stuck in the past. The ephemeris data is used to calculate compensations for orbital drift and without frequent ephermis updates, orbital errors add up within hours resulting in poor positioning accuracy. In order to generate the ephermis, the Precise Timing Facility must be operational.
Daniel's post goes into further technical details about the information he's collected, and it's definitely an interesting read. One interesting bit of information that you can read from his post explains why the service has gone from initially just heavily degraded accuracy from July 11, to completely nonsense results from July 15 onwards.
The Es'Hail-2 satellite is positioned at 25.5°E which is over Africa. It's reception footprint covers Africa, Europe, the Middle East, India, eastern Brazil and the west half of Russia/Asia. There are two amateur transponders on the satellite. One is a narrow band linear transponder which uplinks from 2400.050 - 2400.300 MHz and downlinks from 10489.550 - 10489.800 MHz. Another is a wide band digital transponder for digital amateur TV (DATV) which uplinks from 2401.500 - 2409.500 MHz and downlinks from 10491.000 - 10499.000 MHz.
Daniel's ground station uses a LimeSDR Mini running on a Beaglebone Black. A 2.4 GHz WiFi parabolic grid antenna is used to transmit to the satellites digital amateur TV uplink. In order to generate enough power for the uplink transmission a GALI-84 amplifier chip is cascaded with a 100W power amplifier. All the electronics are enclosed in a watertight box and placed outside.