Hackaday's Hack Chats are a weekly live community chat session where some knowledgeable guests are brought in to chat with the audience. This weeks upcoming chat on Friday is all about GNU Radio, a block based programming language that is commonly used with SDRs like the RTL-SDR. They write:
Our guests for this week’s Hack Chat will be Derek Kozel and Nate Temple, officers of the GNU Radio project. They’re also organizers of this year’s GNU Radio Conference. Also joining in on the Hack Chat will be Martin Braun, community manager, PyBOMBS maintainer, and GNU Radio Foundation officer.
GNU Radio is perhaps the most important bit of any software defined radio toolchain. This is the software that provides signal processing blocks to implement software defined radios. GNU radio is how you take a TV tuner USB dongle and pull images from satellites. You can use it for simulation, and GNU Radio is widely used by hobbyists, academics, and by people in industry.
The Hack Chat starts on Friday August 31, 2018 at noon PDT. You can leave a comment for the Hack Chat now by leaving a comment on the event page.
Over the last few months we've been working on a 4-input coherent RTL-SDR called 'KerberosSDR' (formerly known as HydraSDR) that is designed to be a low cost way to get into applications such as RF direction finding, passive radar, beam forming and more. It can also be used as a standard 4-channel SDR for monitoring multiple frequencies as well.
Phase coherent RTL-SDRs have been worked on and demonstrated several times over the past few years, but we've been disappointed to find that so far there hasn't been any easy way to replicate these experiments. The required hardware has been difficult to build and access, and the software has been kept as unreleased closed source or has been too complicated to install and use. With KerberosSDR we aim to change that by making phase coherent applications easier to access and run by providing ready to use hardware and software.
Thanks to our developer Tamás Peto, a PhD student at Budapest University of Technology and Economics whom we hired via the ad in our previous post, and the Othernet (formerly Outernet) engineering team who are our partners on this project, we've been able to build a working system, and demonstrate coherent direction finding and passive radar working as expected (demo videos below). We plan to eventually release Tamás' code as open source so that the entire community can benefit and build on it. Also if KerberosSDR turns a profit, we plan to reinvest some of the profits into continually improving the software and expanding the list of use cases.
KerberosSDR will be usable for coherent applications from ~80-100 MHz up to 1.7 GHz (as a standard receiver it will work down to 24 MHz like a regular RTL-SDR). The lower coherent limitation is due to the phase calibration board, and could be improved by custom creating a larger calibration PCB.
At the moment we are finalizing our prototype, and plan to begin final production within the next 2-3 months.
If you have any interest in KerberosSDR, please sign up to our Kerberos mailing list.
Direction Finding
KerberosSDR can be used to find the bearing towards a signal using it's coherent direction finding capabilities. The software by Tamás currently implements several direction finding algorithms such as Bartlett, Capon, Maximum Entropy (MEM) and MUSIC. In the video below we show a quick test of the direction finding system working with a HackRF being used as a signal source, and four dipole antennas connected to KerberosSDR in a linear array. The MUSIC algorithm is used.
KerberosSDR Direction Finding Test
In the image below we also attempted to find the direction towards a known TETRA transmitter. We were able to confirm the direction with an Android compass app that points towards the known transmitter location. As the two angles match, we can be confident that Kerberos is finding the correct direction to the transmitter.
Finding the direction of a TETRA Transmitter
Passive Radar
KerberosSDR can also be used for passive radar. Normal radar systems work by transmitting a pulse of RF energy, and listening to the reflections from objects like planes, cars and ships. Passive radar works by using already existing transmitters such as those for FM/TV and listening for reflections that bounce of objects.
With a simple passive radar system you need two directional antennas and two coherent receivers. One antenna points at the transmitting 'reference' tower, and the other at the 'surveillance' area where you want to listen for reflections. It's important to try and keep as much of the reference signal out of the surveillance antenna as possible, which is why directional antennas like Yagi's are used.
The result is a doppler vs time delay graph, where the reflection of aircraft, cars, ships and other objects can be seen. The doppler gives you the speed of the object relative to your antenna and the transmitting tower, and the time delay gives you the distance relative to your antenna and the transmitter tower.
Below is an example time lapse video of KerberosSDR being used for passive radar. The reference antenna points towards a DVB-T transmitter at 588 MHz, and the surveillance antenna overlooks a small neighborhood, with aircraft sometimes flying over. The antennas we used were two very cheap TV Yagis.
You can constantly see the reflections from vehicles at small doppler values (low speeds), and every now and then you see an aircraft reflection which shows up at much higher doppler (speed) and further time delay (distance) points.
More information about KerberosSDR
KerberosSDR includes:
4x Coherent R820T2 based RTL-SDR dongles with standard 24 MHz - 1.7 GHz frequency range
On board GPIO switched wide band noise source for sample sync and phase calibration
Special phase calibration PCB for 4x inputs. Required to make the Kerberos phase coherent.
On board USB Hub, so only one USB port is required on the PC
Shielded metal enclosure
KerberosSDR can also be extended to 8x receivers by daisy chaining two boards together, so that their clocks and noise sources are connected. We've also taken into account undesirable effects such as heat related PLL drift which can be an issue for phase coherence.
At the moment we are also investigating whether singleboard computers like the Raspberry Pi 3 or Tinkerboard can be used, and there will be a header available for powering them via the Kerberos PCB. In the future we also plan to work on optimizing the code and potentially using CUDA/OpenCL GPU optimizations for passive radar so everything runs smoothly.
Once released we plan to have extensive tutorials and documentation that show exactly how to set up and replicate direction finding and passive radar experiments with low cost antennas.
Screenshots of KerberosSDR software:
Screenshots of each KerberosSDR software screen
Remember, if you're interested please sign up to the KerberosSDR mailing list for announcements and the chance to get in early with the cheaper first 100 units.
Be on the look out for more interesting demos that will be posted in the coming weeks!
[the_ad id="14114"]
Update: Please note that due to a Trademark complaint, we have changed the name of this unit from HydraSDR to KerberosSDR.
KerberosSDR Updates: 27 August 18
This week we've managed to get the KerberosSDR demo software made by Tamás Peto functioning on a TinkerBoard. The TinkerBoard is a US$60 single board computer. It's similar to a Raspberry Pi 3, but more powerful. We've also tested the app running on the Raspberry Pi 3 and Odroid XU4. The Pi 3 is capable of running the software but it is a little slow, and the Odroid XU4 is a little faster than the TinkerBoard. In the future we hope to further optimize the code so even Raspberry Pi 3's will be smooth.
In the video below we used a circular array of four whip antennas connected to KerberosSDR. The TinkerBoard is connected to KerberosSDR and is set up to generate a WiFi hotspot, which we connect to with an Android phone and a Windows laptop. The Windows laptop connects to the TinkerBoard's desktop via VNC, and the Android phone receives an HTML/JavaScript based compass display via an Apache server running on the Tinkerboard. With this setup we can wirelessly control and view information from KerberosSDR and the TinkerBoard.
We've also tested the KerberosSDR system on a real signal, and have found it to work as expected. More demo's of that coming later.
KerberosSDR Direction Finding Test 2: Tinkerboard + Circular Array
KerberosSDR Prototype with TinkerBoard Running Computations
KerberosSDR Updates: 4 September 2018
In this post we'll show an experiment that we performed which was to pinpoint the location of a transmitter using KerberosSDR's coherent direction finding capabilities. RF direction finding is the art of using equipment to determine the location of a transmitting signal. The simplest way is by using a directional antenna like a Yagi to try and determine the bearing based on signal strength. Another method is using a pseudo-doppler or coherent array of antennas to determine a bearing based on phase information.
For the test we tuned the KerberosSDR RTL-SDRs to listen to a signal at 858 MHz and then drove to multiple locations to take direction readings. The antennas were set up as a linear array of four dipole antennas mounted on the windshield of a car. To save space, the dipoles were spaced at approximately a 1/3 the frequency wavelength, but we note that optimal spacing is at half a wavelength. The four dipole antennas were connected to KerberosSDR, with a laptop running the direction finding demo software.
Low cost direction finding array mounted to vehicle windshield.
Our open source demo software (to be released later when KerberosSDR ships) developed by Tamás Peto gives us a graph and compass display that shows the measured bearing towards the transmitter location. The measured bearing is relative to the antenna array, so we simply convert it by taking the difference between the car's bearing (determined approximately via road direction and landmarks in Google Earth) and the measured bearing. This hopefully results in a line crossing near to the transmitter. Multiple readings taken at different locations will end up intersecting, and where the intersection occurs is near to where the transmitter should be.
KerberoSDR SDR Directing Finding DOA Reading
In the image below you can see the five bearing measurements that we made with KerberosSDR. Four lines converge to the vicinity of the transmitter, and one diverges. The divergent reading can be explained by multipath. In that location the direct path to the transmitter was blocked by a large house and trees, so it probably detected the signal as coming in from the direction of a reflection. But regardless with four good readings it was possible to pinpoint the transmitting tower to within 400 meters.
In the future we hope to be able to automate this process by using GPS and/or e-compass data to automatically draw bearings on a map as the car moves around. The readings could also be combined with signal strength heatmap data for improved accuracy.
This sort of capability could be useful for finding the transmit location of a mystery signal, locating a lost beacon, locating pirate or interfering transmitters, determining a source of noise and more.
KerberosSDR pinpointing a transmitters location
KerberosSDR Updates 7 September 2018
For this test we parked our car to the side of a highway and pointed a cheap DVB-T Yagi antenna towards a DVB-T transmission tower, and another cheap Yagi down the road. The video shown below displays the results captured over a 5 minute period. The blips on the top half of the display indicate vehicles closing on our location (positive doppler shift), and the blips on the bottom half indicate objects moving away (negative doppler shift).
DVB-T Antennas In Car
The resolution of each individual vehicle is not great, but it is sufficient to see the overall speed of the highway and could be used to determine if a road is experiencing traffic slowdowns or not. When larger vehicles pass by it is also obvious on the display by the brighter blip that they show. The display also shows us that the highway direction coming towards us is much busier than the direction moving away.
In the future we'll be working on optimizing the code so that the display updates much faster and smoother. It may also be possible in the future to use the third and fourth tuners to obtain even greater object resolution.
KerberosSDR Updates 27 September 2018
In this post we're showing some more passive radar demos. The first video is a time lapse of aircraft coming in to land at a nearby airport. The setup consists of two DVB-T Yagi antennas, with KerberosSDR tuned to a DVB-T signal at 584 MHz. The reference antenna points towards a TV tower to the west, and the surveillance antenna points south. Two highlighted lines indicate roughly where reflections can be seen from within the beam width (not taking into account blockages from mountains, trees etc).
The second video shows a short time lapse of a circling helicopter captured by the passive radar. The helicopter did not show up on ADS-B. On the left are reflections from cars and in the middle you can see the helicopter's reflection moving around.
We are expecting to receive the final prototype of KerberosSDR within the next few weeks. If all is well we may begin taking pre-orders shortly after confirming the prototype.
Cyberspectrum #23 is now live and can be viewed via the YouTube live stream below. It should be available for delayed viewing after the event as well. The talks include SDR and radio related topics on subjects such as:
HAARP ionosphere research
An open source implementation of DVB-S2 and DVB-S2X for both satellite and terrestrial amateur radio use
An open source SpyServer based tool for automatically demodulating/recording and parsing RF data
Reverse engineering X-Band satellites
An RTL-SDR powered web based trunking scanner with timeshifting capabilities.
Cyberspectrum Special: DEF CON Wireless Village
Since out last post previewing the event, some new talks have been added, and we've posted the line up and info below.
At this years DEFCON conference SDR evangelist Balint Seeber will be hosting Cyberspectrum #23. DEFCON is a yearly conference with a focus on hacker topics, which often include SDRs and other radio topics too. This years conference will be help on August 9 - 12 a Caesars Palace & Flamingo in Las Vegas. Cyberspectrum is an almost monthly meetup of SDR enthusiasts and researchers that is normally held in the San Francisco Bay Area, but often hosts remote speakers via teleconference. This months meetup will be held at DEFCON on August 9, hosted by the Wireless Village.
Chris Fallen, Ph.D. (@ctfallen):"Opportunities for radio enthusiasts and heaters of the ionosphere: HAARP is just another instrument, or is it?"
Preview of a future #cyberspectrum talk: Background of passive and active ways to get involved with HAARP experiments (and perhaps with other natural natural ionosphere events) based on prior and ongoing work.
Open Research Institute (ORI) is a new non-profit research and development organization which provides all of its work to the general public under the principles of Open Source and Open Access to Research.
One of our projects is called Phase 4 Ground. Our mission is to provide an open source implementation of DVB-S2 and DVB-S2X for both satellite and terrestrial amateur radio use. Phase 4 Ground radio system has a 5GHz uplink and a 10GHz downlink. We are developing SDR software that heavily leverages IP multicast and RTP protocols to set up and tear down distributed remote radio functions.
The reference designs are in GNU Radio and we will provide recipes for as many SDRs as possible.
Phase 4 Ground radios are intended to be reusable and reconfigurable, supporting payloads at GEO (AMSAT Phase 4B), HEO (AMSAT Phase 3E), and beyond (such as NASA's Cube Quest Challenge). Additionally, our radios will work as terrestrial microwave stations. These 'Groundsats' on mountaintops or towers establish a fun and flexible digital microwave experience. If you want to build up your radio from SDRs, you can. If you want to build it entirely from scratch, then you can. Our manufacturing partner for an off-the-shelf design is Flex Radio.
Lucas Teske (@lucasteske): SegDSP SpyServer Segment Digital Signal Processor
SegDSP is a WIP "Segment Digital Signal Processor" that is tuned for connecting into a SPY Server and do automatically demodulation/recording/parsing of RF data. This talk will be about what it does today, how was the development, how it works, how it will work and what are the uses for it. Tired of losing the pass of a LEO satellite? Want to hear the recording from last week? SegDSP is a Open Source tool made in Go for both learning and monitoring Satcom and Terrestrial Com.
Luigi Freitas (@luigifcruz): "Reverse Engineering X-Band Satellites Datalink And The Worst Software Defined Radio Ever"
This talk will be about the reverse engineering process of the next generation X-Band datalink signal on-board of Sun Synchronous Satellites like Suomi (NPP) and NOAA-20 (NPOESS/JPSS-1). From the RAW I/Q recording to the decompressed high-resolution Earth pictures. This is the latest addition to the Open Satellite Project, a non-profit organization that is committed to develop and publish software tools and hardware projects that enable the Open-Source Community to access spacecraft non-sensitive data.
The other half (or so) of this talk will be about the “Worst SDR Ever” that is made entirely of dirty cheap parts readily available from China. This project is intended to demonstrate how a Software Defined Radio works utilizing real hardware and comprehensive modular software.
At this years DEFCON conference SDR evangelist Balint Seeber will be hosting Cyberspectrum #23. DEFCON is a yearly conference with a focus on hacker topics, which often include SDRs and other radio topics too. This years conference will be help on August 9 - 12 a Caesars Palace & Flamingo in Las Vegas. Cyberspectrum is an almost monthly meetup of SDR enthusiasts and researchers that is normally held in the San Francisco Bay Area, but often hosts remote speakers via teleconference. This months meetup will be held at DEFCON on August 9, hosted by the Wireless Village.
The planned talk overviews are listed below, and Balint would like to note that any physical attendees are welcome to get in contact with him and submit more talks. Previous Cyberspectrum talks can be viewed on this YouTube playlist.
Open Research Institute (ORI) is a new non-profit research and development organization which provides all of its work to the general public under the principles of Open Source and Open Access to Research.
One of our projects is called Phase 4 Ground. Our mission is to provide an open source implementation of DVB-S2 and DVB-S2X for both satellite and terrestrial amateur radio use. Phase 4 Ground radio system has a 5GHz uplink and a 10GHz downlink. We are developing SDR software that heavily leverages IP multicast and RTP protocols to set up and tear down distributed remote radio functions.
The reference designs are in GNU Radio and we will provide recipes for as many SDRs as possible.
Phase 4 Ground radios are intended to be reusable and reconfigurable, supporting payloads at GEO (AMSAT Phase 4B), HEO (AMSAT Phase 3E), and beyond (such as NASA's Cube Quest Challenge). Additionally, our radios will work as terrestrial microwave stations. These 'Groundsats' on mountaintops or towers establish a fun and flexible digital microwave experience. If you want to build up your radio from SDRs, you can. If you want to build it entirely from scratch, then you can. Our manufacturing partner for an off-the-shelf design is Flex Radio.
Lucas Teske (@lucasteske): SegDSP SpyServer Segment Digital Signal Processor
SegDSP is a WIP "Segment Digital Signal Processor" that is tuned for connecting into a SPY Server and do automatically demodulation/recording/parsing of RF data. This talk will be about what it does today, how was the development, how it works, how it will work and what are the uses for it. Tired of losing the pass of a LEO satellite? Want to hear the recording from last week? SegDSP is a Open Source tool made in Go for both learning and monitoring Satcom and Terrestrial Com.
Luigi Freitas (@luigifcruz): "Reverse Engineering X-Band Satellites Datalink And The Worst Software Defined Radio Ever"
This talk will be about the reverse engineering process of the next generation X-Band datalink signal on-board of Sun Synchronous Satellites like Suomi (NPP) and NOAA-20 (NPOESS/JPSS-1). From the RAW I/Q recording to the decompressed high-resolution Earth pictures. This is the latest addition to the Open Satellite Project, a non-profit organization that is committed to develop and publish software tools and hardware projects that enable the Open-Source Community to access spacecraft non-sensitive data.
The other half (or so) of this talk will be about the “Worst SDR Ever” that is made entirely of dirty cheap parts readily available from China. This project is intended to demonstrate how a Software Defined Radio works utilizing real hardware and comprehensive modular software.
Last month we posted that the website for the popular NOAA APT weather satellite decoding software known as WxtoImg went down. Since then we've been in contact with the developer of the software, and he did indicate that he may restore the site at some time in the future, but is currently busy with other projects so doesn't have much time to devote to his old software at the moment.
In the meantime (or perhaps permanently) a WXtoImg fan has created a clone of the original website which he's called "WXtoImg Restored". The site contains most of the downloads as well as a professional edition update key, which was released for free by the original author before. If you don't trust the third party site, some downloads are also still available from the internet archival project's copies of the original WXtoImg website.
There are still some files missing on WXtoImg Restored, and these are outlined on the new website's homepage, so if you have them please contribute them to the site email.
Thanks to the work of Lucas Teske, GQRX is now able to connect to SpyServer servers. SpyServer is the IQ streaming server software solution developed by the Airspy SDR developers. It can support Airspy and RTL-SDR devices, and can be used to access these SDRs remotely over a network connection. It is similar to rtl_tcp, but a lot more efficient in terms of network usage, meaning that it performs well over an internet connection. On a previous post we have a tutorial about setting up a SpyServer with an RTL-SDR.
The code modified by Lucas is the gr-osmosdr module, and Lucas' code can be downloaded from his GitHub at github.com/racerxdl/gr-osmosdr. It doesn't yet appear to have been merged into the official osmocom branch. The gr-osmosdr module is a generic block used to access various SDR hardware, so any software that utilizes it (such as GNU Radio) should be able to connect to a SpyServer connection too.
moRFeus is a low cost wideband signal generator and frequency mixer. It can be used to generate a tone anywhere from 85 MHz to 5400 MHz, and can also be used as a frequency mixer, allowing you to implement upconverters and downconverters. In past posts we've reviewed and seen it being used as a PC based signal generator with open source GUI's, downconverter, CW generator, and most recently as a tracking generator for measuring filters and antenna VSWR.
Currently Outernet are having a half price sale on the moRFeus. Normally it's US $199, but now with the coupon code "rtlsdrblog" it's only US $99. The sale only lasts until Saturday 09 June 2018, so get in fast if you want one.
Osmocom are some of the people behind the original discovery and development of the RTL-SDR (in particular Steve M), and today it looks like they have done it again by releasing exciting news of a way to turn a commodity $5 USB to VGA adapter into a TX-only capable SDR. They call their discovery 'osmo-fl2k', as the magic chip that makes it all happen is a Fresco Logic FL2000.
Examples of compatible Osmo-FL2K USB to VGA Adapters.
The discovery is based on the fact that the VGA specific HYSYC/VSYNC synchronizations on the FL2000 chip can be disabled, allowing for a continuous stream of samples to be sent to the VGA digital to analog converter (DAC). The FL2000 also implements a cheaper method of streaming data compared to other devices which allows these to be $5 devices.
The supported hardware appears to be any USB to VGA adapter that uses the FL2000 chip. They note that these are often advertised as "USB 3.0 to VGA" adapters with a maximum resolution of 1920 x 1080 for USB 3.0 and 800 x 600 for USB 2.0. Over on Amazon the cheapest one we've found (note not yet confirmed to be compatible) that meets the Osmocom description appears to be going for $7.49 and is fulfilled by Amazon. We've seen prices of $5.11 on Aliexpress and $5.99 on eBay too. There appears to be no difference between the brands of these units, as the 'brands' are just private labelled from the same factory, as anyone can add a brand to a generic product.
Once sellers catch on to the fact that these devices are going to be popular we expect them to most likely start raising prices.
The Fresco Logic FL2000 Chip
In terms of TX performance and functionality, osmo-fl2k should be better than RPiTX as it uses an actual DAC, instead of just PWMing a pin. It appears that the device can transmit on a fundamental frequency anywhere from HF up to about 157 MHz, and then signal harmonics can be used to extend the range all the way up to around 1.7 GHz or maybe even higher. Having harmonics does mean that like other cheap TX methods, the signal is not clean and so proper filtering would be required before any sort of higher power transmission would be legal.
The highest fundamental frequency available also appears to be related to the performance of your PC's USB 3.0 controller. The worst USB 3.0 controller that they tested maxed out at 115 MS/s, whereas the best was 157 MS/s (theoretical max should be 160 MS/s). A USB 2.0 controller only gets a maximum sample rate of 14 MS/s.
So far the team have released software examples for transmitting DVB-T, GSM, UMTS (3G) and GPS, and have mentioned that they have also successfully transmitted LTE and DAB too. There is also an example for transmitting WBFM audio with RDS via the pacat Linux command and sox. The image below shows the FL2K-SDR working as a GSM base station.
Osmo-FL2K being used as a GSM Basestation
If you're interested in more information, Osmocom have released the slides from a presentation that they made at a OsmoDevCon presentation on April 22. The video presentation is also expected to be released soon at media.ccc.de.
