Category: Other

PicoADSB: An Ultra-Compact All-in-One ADS-B Receiver Now on Kickstarter

Over on Kickstarter, Lambda58 LLC has released a campaign for their PicoADSB product, a self-contained 1090 MHz ADS-B receiver that replaces a typical SDR plus Raspberry Pi feeder setup with a single SD-card-sized PCB measuring 25mm x 15mm and weighing only 3 grams. At the time of this post, the campaign has reached around $12,700 against a $10,000 goal, and closes on May 16. The maximum claimed reception range is 500km+. At this time, there is no support for 978 MHz UAT, though they mention staying tuned for updates.

A photo of the board shows that it is based on an ESP32-C3-Mini-1 for the WiFi web server, and on what appears to be a separate microcontroller and an L-band tuner chip. The antenna input is fed via a U.FL connector to a 1090 MHz SAW filter, an LNA, and then the tuner. We suspect that the microcontroller is used for its ADC and for ADS-B demodulation. 

PicoADSB appears to compete with ADSBee, which we previously covered. ADSBee is based on the Raspberry Pi Pico chip. However, ADSBee supports both 1090 MHz and 978 MHz on the same board, but costs a little more at US$152 for a set.

PicoADSB with SDCard for Comparison
PicoADSB with SDCard for Comparison

SPECTRAL-GSM: A Web-Based GSM Interception Platform Built on OsmocomBB

OsmocomBB is an open-source project that replaces the stock baseband firmware on old Motorola phones (C118, C139, etc.) that use the Texas Instruments Calypso chipset. By flashing custom "layer23" firmware over serial, these cheap legacy handsets become capable of accessing raw GSM radio data at the baseband level, enabling cell scanning, burst capture, and passive subscriber identity harvesting.

SPECTRAL-GSM builds on this by wrapping OsmocomBB into a full GSM intelligence suite controlled from a single browser tab. The system supports up to five phones simultaneously and provides a structured pipeline: scan local GSM cells, capture raw bursts on a target channel, crack the A5/1 encryption using rainbow tables on a 2 TB SSD, and then use the recovered session key for real-time voice and SMS decryption. Additional modules handle passive IMSI catching, targeted single-IMSI surveillance, silent SMS location probing via a USB modem, and OpenCellID cell tower mapping.

The developer notes that the platform is intended for authorized research, law enforcement, and educational use. At the moment, Mini0com has not provided a link or website to the software, only providing a PDF file, and video demonstrations of the system on their YouTube channel. Contact details for Mini0com can be found in the description on the YouTube videos below.

Spectral-GSM OsmocomBB

OTP Capture Demonstration Using Spectral-GSM OsmocomBB



 
 

TRNXSDR-Carrier: A Modular Baseboard for SDR Modules

Over on GitHub, user acruxcz has released the TRNXSDR-carrier, an open hardware baseboard platform designed to host and interconnect multiple SDR modules. The board is built around a Xilinx XC7Z015 FPGA with 1 GB of DDR3 RAM at 1066 MHz, and features four SMA RF connectors, Gigabit Ethernet, an SFP optical port (with GTX support planned for up to 5 Gbit throughput), and USB-C with Power Delivery. It is not a standalone SDR, instead it acts as a central hub that requires external SDR modules connected via its expansion slots.

The slot system is a defining feature. The baseboard provides two high-speed primary slots (one with JESD204B support via GTX), two lower-speed primary slots, and room for an expansion board adding a further six slots and ten module positions in total. Planned RF modules include Lime Microsystems LMS6002D and LMS7002M chips, as well as Analog Devices AD9361/AD9363/AD9364 transceivers. A custom GNU Radio OOT source block is already functional, and initial RX testing at 433 MHz shows a clean signal with minimal noise floor. SoapySDR driver support, which would bring compatibility with SDR++, SDRangel, and other tools, is planned.

The hardware design is at Rev 1.0 with a Rev 2.0 in progress to address known bugs. The project is actively under development. It is not yet known if the developers plan to sell hardware, or leave it as open-source plans. 

The TRNXSDR-Carrier Board
The TRNXSDR-Carrier Board

PhaseLatch: Using a 1970’s Microprocessor Chip with a Modern 20 MSPS ADC

Back in September 2025 we posted about Anders Nielsen's PhaseLoom, an SDR based on the MOS Technology 6502 chip - the chip behind the early age of home computing, powering iconic systems like the Apple I & II, Commodore 64, Atari, and Nintendo Entertainment System.

Anders has now moved on and created PhaseLatch, which combines the 6502 with a modern ADC that can be memory-mapped directly onto the 6502's data bus. Although achieving the theoretical max ADC bandwidth of 20 MSPS is not possible with the underpowered 6502, Ander's notes that when combined with some external RAM he was still able to perform some DSP on the 6502 such as tone detection.

The entire project is open source on GitHub, and Anders sells pre-made boards for experimentation.

6502 SDR with 20MHz ADC!

Integrive-100: A Standalone MIMO SDR for Real-Time Precision

Thank you to Jayoung from HTWAVE for submitting news about the upcoming crowdfunding campaign for their "Integrive-100" software-defined radio. The Integrive-100 is an AD9361 based SDR with 70 MHz – 6 GHz tuning range, 2x2 MIMO TX/RX channels and up to 56 MHz bandwidth per channel.

They note a defining feature is a pre-built and validated FPGA-based PHY baseline with API access, allowing researchers to skip the basic infrastructure development steps and move straight to developing onboard DSP algorithms on the AMD Zynq-7020 FPGA/ARM CPU.

They write:

SDRs have long served as flexible testbeds for wireless communication research. Their ability to define functions through software makes them ideal for rapid prototyping. However, many SDRs struggle with non-deterministic latency caused by relying on a host PC for real-time signal processing where samples must traverse a communication interface and be handled by a non-real-time OS. This makes it difficult to accurately measure real-time performance, a fundamental requirement for 5G/6G research. This challenge is exactly why we decided to build our own SDR from the ground up.

By leveraging FPGA acceleration, we offloaded real-time signal processing entirely to the board, eliminating host PC dependency. While PC connectivity remains an option for monitoring and logging, the critical signal processing is handled on-board, ensuring that jitter is minimized and allowing you to test your algorithms in the most precise environment possible. Furthermore, by integrating an ARM processor and Embedded Linux, we’ve enabled high-level resource management and seamless compatibility with existing SDR software stacks.

In MIMO environments or scenarios involving high mobility, phase noise and phase synchronization are significant hurdles. Since our goal was industrial-grade deployment, we focused intensely on phase coherence. Unlike low-quality oscillators that degrade RF signal quality, we utilized high-performance components to achieve ultra-low phase noise and synchronized dual oscillators to ensure inter-channel phase consistency.

The best indicator of this stability is our OFDM 256-QAM constellation, which demonstrates the superior phase stability and synchronization our platform can achieve. Furthermore, our real-time video streaming demo, successfully transmitting high-throughput data with zero errors, stands as a testament to the integrity of our synchronization and phase noise control.

Finally, we provide robust API access (C, C++, Python), allowing users to control the system through simple function calls without needing deep FPGA expertise. By supporting standard software frameworks, researchers can easily port their existing projects to our hardware. Our goal is to eliminate the days or weeks spent on infrastructure setup. We want you to achieve productivity from Day 1.

HTWAVE MIMO SDR Video transmission

Left: Integrive-100, Right: OFDM 256-QAM constellation Stability Demo
Left: Integrive-100, Right: OFDM 256-QAM constellation phase stability demo

PimpMyGRC: A GUI Makeover for GNURadio Companion

Thank you to Ryan for writing in and sharing his project "PimpMyGRC" with us, which he jokingly refers to as "Solving the Problem Nobody Had With GNU Radio".

If you were unaware, GNURadio is a powerful tool for implementing digital signal processing pipelines for software-defined radios. The 'companion' tool lets you build these pipelines using a block-diagram flowgraph structure. However, as Ryan notes, the interface is very utilitarian, and staring at it for hours on end can be tiring. Ryan writes:

GNU Radio Companion is powerful but visually… utilitarian. PimpMyGRC gives your flowgraphs an entirely unnecessary makeover with cyber-style backgrounds and aesthetic tweaks. It does absolutely nothing for your signal processing, but it makes your blocks look fantastic while doing it.

I started out wanting the simplest thing imaginable in GNU Radio: a plain black background so my eyes could survive late-night debugging, and somehow that tiny request snowballed into a full-blown Geocities monstrosity with loud gradients, chaotic accents, and enough visual noise to make every flowgraph feel like a 1999 fan page. It is the definition of a first-world problem: I have powerful SDR tools, real technical work to do, and my biggest daily obstacle is that my interface now looks like it lost a fight with a glitter GIF archive, all because I tried to make one harmless cosmetic tweak.

What it does:

Replaces GRC's stock look with fully themed colors, block rendering, connections, and ports. Includes a GTK4 theme switcher with a live animated preview so you can see exactly what you're getting into before you commit.

PimpMyGRC: Themes for GNURadio Companion
PimpMyGRC: Themes for GNURadio Companion

WARNING: A user has reported that installing PimpMyGRC has destroyed his GNU Radio installation. Please do your own due diligence and install at your own risk.

ESP32 Bus Pirate: Update Brings Waterfall Displays, Cellular Modem Support and External Radio Expander

Back in September 2025, we posted about the "ESP32 Bus Pirate" firmware, which transforms an ESP32-S3 into a multi-protocol debugging and hacking tool. Although the ESP32 does not have true SDR capabilities, it can leverage its numerous built-in radio hardware components to achieve a range of interesting feats. Recently, "Geo," the creator of the ESP32 Bus Pirate, wrote in to share some recent firmware updates with us. He writes:

The ESP32-Bus-Pirate project is an open-source firmware that transforms inexpensive ESP32-S3 boards into versatile hardware hacking and debugging tools. Inspired by tools like the Bus Pirate and Flipper Zero, the firmware allows a single ESP32 device to interact with a wide range of digital buses, radios, and hardware interfaces.

Because ESP32 boards include integrated WiFi and Bluetooth radios and can interface with many external modules, the firmware makes it possible to experiment with both hardware protocols and RF systems using very low-cost hardware.

The firmware currently supports a wide range of protocols and devices including:

I²C, SPI, UART, CAN, 1-Wire, infrared, smartcards, Sub-GHz radios, RF24 modules, WiFi, Bluetooth and cellular modems.

Major New Features in v1.5

The latest release adds several major capabilities useful for hardware analysis and RF experimentation.

Waterfall Spectrum Displays

Multiple RF modules can now display real-time waterfall visualizations, showing signal peaks and activity across frequencies. This is available for:

• Sub-GHz radios
• RF24 modules
• FM radio modules
• WiFi channel activity

This makes it easier to visually monitor RF environments directly from the device.

Sub-GHz Improvements

The Sub-GHz subsystem has been completely reworked for improved reliability when recording, replaying and receiving RF frames. Raw payload transmission is also supported.

Cellular Modem Support

ESP32-Bus-Pirate can now interact with cellular modem modules, allowing users to inspect modem and network information and perform operations such as:

• Dumping SIM card data
• sending SMS
• dialing calls

External Radio Expander

The firmware now supports an **external UART radio expansion module** called the **ESP32 Bus Expander**, which allows adding additional RF hardware modules to the system, notably for the WiFi 5GHz.

Links

Project:
https://github.com/geo-tp/ESP32-Bus-Pirate

Web Flasher:
https://geo-tp.github.io/ESP32-Bus-Pirate/webflasher/

Documentation:
https://github.com/geo-tp/ESP32-Bus-Pirate/wiki

Scripts collection:
https://github.com/geo-tp/ESP32-Bus-Pirate-Scripts

ESP32 Bus Expander:
https://github.com/geo-tp/ESP32-Bus-Expander

ESP32 Bus Pirate. Left - Running on COTS ESP32-S3 based devices. Right - ESP32 Bus Pirate Interface
ESP32 Bus Pirate. Left - Running on COTS ESP32-S3 based devices. Right - ESP32 Bus Pirate Web Interface

Setting RF Based Atomic Clocks via Computer Speakers

Over on YouTube, Jeff Geerling has uploaded an interesting video showing how RF-based atomic clocks can be set via signals generated from a computer speaker. In the USA, RF-based atomic clocks typically receive their atomic time signal from the WWVB 60 kHz longwave radio station, operated near Fort Collins, Colorado. In other countries, different time signal transmitters operate on different frequencies. However, these time signals cannot be received everywhere due to interference or geographic limitations, making RF atomic clocks useless in these situations. 

As Jeff points out, a Time Station Emulator program can be used to locally emulate the WWVB or other time signals, which, while not providing atomic time accuracy, could still make these clocks useful again.

Most interestingly, the emulator program requires no special RF transmission hardware. Instead, it simply uses your computer speakers to broadcast the time signal.

By carefully crafting a waveform at a specific audio frequency (out of normal human hearing range), the digital-to-analog converter will generate higher frequency RF harmonics, and one harmonic will match the time signal frequency required by the RF-based atomic clock. The wires running to the speakers, and the speakers themselves, will act as antennas, leaking these harmonics into the surrounding environment. This means that cheaper unshielded speakers, such as those found in phones and tablets, tend to work better.  

In the video, Jeff uses a HydraSDR and an upconverter to receive the time signal generated by the speakers. While the time signal cannot be seen on the spectrum itself, in the demodulated audio, you can hear the signal's pulses.

Van Eck Phreaking time to atomic clocks