Category: LimeSDR

Creating a Multicarrier Base Station Transceiver For DMR, YSF, M17 and more with MMDVM and LimeSDR

Thank you to Adrian, creator of the QRadioLink software for writing in and sharing with us his post about how he uses a LimeSDR as an Multi Mode Digital Voice Modem (MMDVM) for various modes including DMR, YSF and M17. 

A MMDVM is usually a computing device running multiple radios, each of which is used for a separate channel with it's own filters and power amplifier hardware. Each channel can run a separate protocol if desired. 

However in order to save on radio hardware, Adrian wanted to use his LimeSDR as the radio hardware in his MMDVM system. The LimeSDR is a transceiver which has enough bandwidth to implement several channels just by itself. To do this Adrian uses his MMDVM-SDR software.

His implementation runs multiple instances of MMDVM-SDR, one instance for each channel. Then a GNU Radio flowgraph with LimeSDR block connects to each of these instances, transferring data between GNU Radio and MMDVM-SDR via ZeroMQ or TCP sockets. The bulk of Adrian's post explains the architecture in detail. Adrian writes:

The setup can transmit 7 digital carriers in 200 kHz occupied spectrum, and each radio channel can be assigned to a different mode or digital voice network as configured in MMDVMHost.

This is based on the work of Jonathan Naylor G4KLX and Rakesh Peter (r4d10n).

Adrian also notes that this is still a work in progress and there are still several limitations including high latency and issues with filtering, overload and poor channel rejection. 

Multi-Channel MMVDM LimeSDR Architecture Overview

Guglielmo FM and DAB Receiver Software Updated to Version 0.5

Thank you to Marco, the programmer of Guglielmo for letting us know that his software has recently been updated to Version 0.5.

Guglielmo is a Linux, Windows (and in this recent update x86 MacOS) based RTL-SDR FM and DAB tuner software that supports SDRs including the RTL-SDR, Airspy, SDRplay, HackRF and LimeSDR. It is designed to be an easy to use program designed for media users, rather than hobbyist technical users.

Regarding the release of Version 0.5, Marco writes:

This release sports full mac (x86 only, sorry) and windows installers, DAB and FM scans and a preset editor.

Guglielmo: Screenshot of the DAB Interface

SDRangel Now Available on Android: Mobile ADS-B, AIS, APT, Digital Voice, POCSAG, APRS, RS41 Radiosonde Decoders

SDRangel is a free open source software defined radio program that is compatible with many SDRs, including RTL-SDRs. SDRAngel is set apart from other programs because of it's huge swath of built in demodulators and decoders.

Thank you to reader Jon for writing in and noting that SDRangel has recently been released for Android as a free Google Play download. This is an amazing development that could open up many doors into portable decoding setups as the Android version supports almost every decoder implemented on the desktop version. Jon writes:

It includes most of the functionality of the desktop version of SDRangel, including:

  • AM, FM, SSB, Broadcast FM and DAB, AIS, ADS-B, Digital Voice (DMR, dPMR, D-Star, FreeDV), Video (DVB-S, DVB-S2, NTSC, PAL), VOR, LoRa, M17, Packet (AX.25), Pager (POCSAG), Radiosonde (RS41), Time signal (MSF, DCF77, TDF and WWVB) modems.
  • RTL SDR, Airspy, Airspy HF, LimeSDR, HackRF and SDRplay support via USB OTG as well as networked SDRs
  • 2D and 3D signal analysis in both time and frequency domain with statistical measurements of SNR, THD, THD+N, SINAD, SFDR and channel power
  • Satellite tracker, star tracker, maps and rotator controller

It should work on Android 6 and up. It’s a straight port of the desktop application, so although it will run on a phone, probably best used on a large tablet with a stylus or mouse.

SDRangel on Android
SDRangel on Android

Fissure: An Open Source RF Reverse Engineering Framework

FISSURE (Frequency Independent SDR-Based Signal Understanding and Reverse Engineering) is a recently released open source framework that runs on Linux, and includes a whole suite of previously existing software that is useful for analyzing and reverse engineering RF signals. On top of that it includes a custom GUI with a bunch of custom software that ties everything together in a full reverse engineering process.

Recently the developers spoke at this years Defcon conference, and the talk video is supplied at the end of this post. In their talk they explain the purpose of FISSURE, before going on to demonstrate it being used to reverse engineer a wireless X10 doorbell. FISSURE makes analyzing the signal easy, starting with spectrum analysis to find the signal, then signal recording, signal cropping, signal replay, crafting packets and crafting attacks.

News and developments about FISSURE can also be seen on their Twitter.

FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions.

The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. FISSURE contains a growing library of protocol and signal information to assist in identification, packet crafting, and fuzzing. Online archive capabilities exist to download signal files and build playlists to simulate traffic and test systems.

The friendly Python codebase and user interface allows beginners to quickly learn about popular tools and techniques involving RF and reverse engineering. Educators in cybersecurity and engineering can take advantage of the built-in material or utilize the framework to demonstrate their own real-world applications. Developers and researchers can use FISSURE for their daily tasks or to expose their cutting-edge solutions to a wider audience. As awareness and usage of FISSURE grows in the community, so will the extent of its capabilities and the breadth of the technology it encompasses.

FISSURE RF Framework - Griffiss Institute & AIS Monthly Lecture + Education Series

LimeSDR 2.0 Mini Now Crowdfunding, Standard LimeSDR Discontinued

Back in March we posted about the LimeSDR Mini 1.0 becoming end of life due to component shortages, and a slightly upgraded LimeSDR Mini 2.0 was being planned. The LimeSDR Mini 2.0 has just been released for preorder over on the CrowdSupply crowdfunding website with a price of US$399 + shipping. The first 1000 units are expected to be ready within 14-weeks, with subsequent batches out at 32-weeks.

The new pricing is at quite a premium over the original LimeSDR Mini which released in 2017 for US$139, and the standard LimeSDR which released in 2016 for US$249. However we of course must to take into account the extreme inflation of electronic parts pricing that has occurred over the past few years.

Lime Micro have also noted that the standard LimeSDR has also now been discontinued due to the same supply shortages. The standard LimeSDR had 2x2 RX/TX channels and was capable of a bandwidth of up to 61.44 MHz. In comparison, both versions of the LimeSDR Mini are a 1x1 channel product with 40 MHz of bandwidth.

The LimeSDR Mini 2.0 is almost identical to the LimeSDR Mini 1.0, both still making use of the LMS7002 RF transceiver as the main chip and using the same overall design. The only change is an upgrade to the FPGA, which replaces the Intel MAX 10 16k logic gate FPGA with a significantly more capable Lattice ECP5 44k logic gate FPGA.

Given the new pricing, people on the lookout for a new hacker/research/experimenter SDR in this price range might want to consider this brief comparison to find the best suited SDR for your needs:

  • LimeSDR Mini 2.0 - US$399
    1x1 channels, 40 MHz bandwidth, 10 MHz to 3.5 GHz, 12-bits.
     
  • HackRF One - US$330 (~$150 clones)
    1x1 channels (half-duplex), 20 MHz bandwidth, 1 MHz to 6 GHz, 8-bits.
     
  • PlutoSDR - US$229.18
    1x1 channels, 20 MHz bandwidth, 325 MHz to 3.8 GHz, 12-bits.
     
  • bladeRF 2.0 Micro xA4 - US$540
    2x2 channels, 61.44 MHz bandwidth, 47 MHz to 6 GHz. 12-bits.
The LimeSDR Mini 2.0

Running GR-GSM and IMSI Catcher on a Raspberry Pi 4 with Dragon OS

DragonOS is a ready to use Ubuntu Linux image that comes preinstalled with multiple SDR software packages. The creator Aaron also runs a YouTube channel showing how to use the various packages installed. 

In his latest video Aaron tests his Pi64 image with GR-GSM and IMSI Catcher running with the GNU Radio 3.10 platform on a Raspberry Pi 4. He tests operation with an RTL-SDR and LimeSDR.

GR-GSM is a GNU Radio based program capable of receiving and analyzing mobile GSM data. We note that it cannot decode actual messages without additional information about the encryption key, but it can be interesting to investigate the metadata. GSM is mostly outdated these days, but still used in some areas by some older phones and devices. IMSI Catcher is a script that will record all detected GSM 'IMSI' numbers received by the mobile tower which can be used to uniquely identify devices.

Short video setting up and testing GR-GSM on DragonOS Pi64 w/ GNU Radio 3.10 and the RTL-SDR. The current DragonOS Pi64 build has GNU Radio 3.8 and all the necessary tools to accomplish what's shown in this video. If you'd like to test the build shown in this video, it's temporarily available here until I finish and put it on Source Forge.

https://drive.google.com/drive/u/1/fo...

A LimeSDR and DragonOS Focal's Osmo-NITB-Scripts was used to create the GSM900 lab environment. The RTL-SDR was able to see and decode the GSM900 network and although only briefly shown in the video, the IMSI Catcher script works.

Here's the fork used for this video and for testing. There's also a pull request on the main GR-GSM repo for this code to be added.

https://github.com/bkerler/gr-gsm

DragonOS Pi64 Testing GR-GSM + IMSI Catcher w/ GNU Radio 3.10 (RTLSDR, Pi4, LimeSDR, OSMO-NITB)

Lightweight Windows Software uSDR Updated to Version 1.5.0

Since 2021 we've posted about Viol Tailor's "uSDR" (microSDR) software a couple of times. uSDR is a lightweight general purpose multimode program for Windows that supports the RTL-SDR, Airspy, BladeRF, HackRF and LimeSDR radios. The software can be downloaded from SourceForce.

Viol notes that recently the project has been updated to V1.5.0 which brings the following new features and changes.

  • lock device frequency on zoom option
  • keep waterfall history – the very great option, do not lose any rare signals
  •  advanced passband IQ recorder
  • passband IQ TCP server for remote processing, C/C++ client source examples included
  • advanced audio player, auto selectable sample rate, separate left/right channels
  • CTCSS decoder
  • markers import option convenient for merge markers 
  • Ctrl+Shift+Drag Up/Down – change spectrum magnitude offset
  • Ctrl+Shift+Mouse Wheel – change spectrum magnitude range (vertical zoom)
  • Ctrl+Mouse Hover – highlight nearest marker
  • Ctrl+Double Click– tune to highlighted nearest marker
  • band plan visualization, simple text format
  • frontend interface improvements
  • GUI improvements
  • spectrum and waterfall popup menus improvements
  • a lot of bug fixes
uSDR aka microSDR. A lightweight SDR receiver program from Windows.

SignalsEverywhere: Setting up and using SDR++ Server

On this weeks SignalsEverywhere episode, Sarah demonstrates and shows us how to use the SDR++ Server, which was released as a beta earlier this year. SDR++ Server is similar to software like rtl_tcp, and Spyserver as it allows us to connect to a remote networked SDR like an RTL-SDR. Compared to rtl_tcp and Spyserver however, SDR++ Server has a huge advantage in that it is compatible with almost any SDR, and enables the full range of control options for RTL-SDRs.

In the video Sarah shows us how to activate the SDR++ server module and how to connect to a remote RTL-SDR running the SDR++ server on a Raspberry Pi. She goes on to show how to connect to other SDRs running on the Raspberry Pi as well, such as the SDRplay RSP Duo, LimeSDR, Airspy R2 and Airspy HF+ Discovery. Finally she goes on to show how to set up the server on Windows and a Raspberry Pi.