Category: Other

SoDeRa: An upcoming low cost app-enabled open-source 100 kHz to 3.8 GHz SDR Transceiver

A new software defined radio called SoDeRa (SOftware DEfined RAdio) is currently under joint development by companies Canonical (the company behind the Ubuntu OS) and Lime Micro. SoDeRa is based on the new Lime Microsystems LMS7002M Transceiver chip which has a 100 kHz – 3.8 GHz range. The transceiver chip interfaces with an Altera Cyclone IV FPGA with 256 MB of RAM and a USB3 controller, and the whole radio will have 4x TX outputs and 6x RX inputs.

SoDeRa Block Diagram
SoDeRa Block Diagram

The people behind this SDR are currently marketing SoDeRa as “the Arduino of the Telecom and Radio Engineer”. It appears to be designed mainly to implement IoT and other radio communications protocols, but it also sounds like it could find excellent use in the hobby and amateur market as well as have benefits for the average person. Interestingly, the developers also plan to implement an app store which would allow you to essentially download a radio and instantly configure the SoDeRa SDR for any desired protocol or application. They write:

This is the first time that a revolutionary device for which we are organising a joint crowd-funding campaign with Lime Microsystems is made public. The #SoDeRa is the cheapest software defined radio you can buy. The #SoDeRa will have an app store and will be able to provide any type of (bi-directional) radio communication going from LTE, Lora, WiFi, GPS, Bluetooth, radar, radio-controlled toys/robots/drone, digital radio, digital TV to even MRI scanners, satellite and air traffic communications by just installing an app. The #SoDeRa is the Arduino of the Telecom and Radio Engineer.

The VP of IoT at Canonical also writes:

The SoDeRa is powerful enough to be a full MiMo LTE base station with long range coverage, provided you add the right antenna. You can via apps put other wireless communication protocols like LoRaWAN, Bluetooth, Zigbee, Z-Wave, GPS, Galileo, Airspace protocols, radar, MRI scanning RF, TV/Radio, any toy/robot/drone control, White Space, etc. But most importantly because of its price and ease of adding more protocols, the SoDeRa will enable anybody to define competing wireless communication protocols and put them into Github. Developers don’t like closed standards like LTE or complex standards like Bluetooth & Zigbee. The future will allow developers to compete against corporations and standardization bodies if they think current standards can be improved upon. The Internet has shown that this dynamic brought us easier standards through adoption like JSON and Yaml vs XML and EDI. Wireless, RF and telecom engineers never had an Arduino like the electronics engineers. The SoDeRa will plug this hole.

Development on SoDeRa is working towards a trend in radio systems where all radio devices are software defined, allowing for futuristic features like advanced spectrum control and the ability to change protocols on the fly. They write:

Including #SoDeRa in any type of smart device will greatly reduce the cost of deploying a mobile base station network because by open sourcing the hardware design it will become commodity. By including software defined radio in lots of devices, often with a completely different purpose, will allow these devices to become a smart cell via installing an extra app. In the future, support for software defined radio will likely be embedded directly in Intel and ARM chips. The foundational steps are already happening. This will likely reshape the telecom industry. Not only from a cost perspective but also from a perspective of who runs the network. Telecom operators that don’t deliver value will see their monopoly positions being put in danger. As soon as spectrum can be licensed on a per hour basis, just like any other resource in the cloud, any type of ad-hoc network can be setup. The question is not if but when. Open sourcing and crowdfunding will make that “when” be sooner than later. Smart operators that align with the innovators will win because they will get the app revenue, enormous cost reductions, sell surplus spectrum by the hour and lots of innovation. Other operators that don’t move or try to stop it will be disrupted. What do you want to be?

At first glance SoDeRa sounds like it will be an expensive device, but on their official website they are currently running a survey asking people what they would be willing to pay, and the lowest price given is $50 – $99. This makes it seem likely that in the future with enough volume SoDeRa could be sold at very low cost and become very popular.

I am willing to pay for 1 unit

  • $50 – $99 (lead time 9 months)
  • $100 – $199 (lead time 6 months)
  • $200 – $299 (lead time 3 months)
  • $300 – $399 (lead time 2 months)
  • $400 – $500 (lead time 1 month)

It sounds like the team behind SoDeRa are gearing up for a crowd funding campaign so we will be keeping an eye on this SDR.

Thanks to RTL-SDR.com reader Serdar (TA3AS) for submitting news about SoDeRa to us.

The SoDeRa SDR
The SoDeRa SDR
The SoDeRa PCB
The SoDeRa PCB

Red Pitaya and Software Defined Radio

The Red Pitaya is marketed as a type of digital oscilloscope, and is more accurately described as a type of digital measurement and control tool that sells for about $220 USD. However the technology behind its operation (high speed ADCs) is basically the same as what is used in a software defined radio like the RTL-SDR. By using the correct software, and by reconfiguring it’s onboard Xilinx FPGA, the Red Pitya can be turned into an SDR transceiver. 

Until recently SDR projects for the Red Pitaya have been rare and so Pavel Demin decided to create his own. So far he’s managed to create a dual channel SDR transceiver that is compatible with SDR#, HDSDR, GNU Radio as well as with HPSDR. It can tune from 0 – 50 MHz with a bandwidth of up to 500 kHz, sampling with its 14-bit ADC.

More information on setting the Red Pitaya up as a SDR transceiver with software like SDR# and HDSDR can be found on Pavels website.

The Red Pitaya
The Red Pitaya

Competition Winners Announced!

Firstly, thanks to all who entered our competition. We saw a huge response and learned a great deal about what the RTL-SDR community is up to these days. I encourage everyone to take a look through the comments on the competition post if you’re looking for project inspiration.

We ran competitions on Twitter, Facebook, the competition post itself and on our mailing list. We randomly chose 5 winners from each competition and will be sending them each one of our RTL-SDR Blog dongles. The 20 winners have now been selected. If you missed out, don’t worry – we hope to do more competitions like this again this year!

Facebook Winners!

Winners, please check your Facebook private messages. If you don’t see it, the message may be hidden in the spam inbox.

Zim Zimmerman – Currently working hard to overcome the NOISE related to living in an apartment complex in a Seattle suburb! TWO band pass filters; shielding via Al foil wrap and a directional antenna have helped. As hams say; “Good luck in the contest OM!” 73 K4IES

Sammy Truong – Exploring quickpass highway toll system.

Jimmy Vance – Just getting started with SDR dongles. For now will use them as general purpose receivers and spectrum analyzers

Amy Cstar – I’m a newbie and I’m hoping to use this to listen to the ISS 

Cezar Lesanu – Already running a radio meteor detection setup on RMOB and frequency stability and shielding are issues:http://www.rmob.org/livedata/main.php#Cezar Lesanu_ROAN@USV

Twitter Winners!

Winners, we’ve publicly tweeted you asking you to please email us directly. Please also tweet back at us confirming that you’ve received our notification.

Xizt ‏@RECEPTORR – Will use RTL-SDR dongle for learning wide band signals and monitoring Ham radio bands.

Rooster Mcdoogle ‏@RoosterMcdoogle – My first SDR project is going to be identifying/decoding local signals, and then satellites.

Sparkie Nelson ‏@SparkieNelson – Need a cheap spectrum analyzer for balloon beacon transmitter development.

DPini ‏@DPini – Right now, I’m trying to build a QFH antenna. My intention is to recieve NOAA and CubeSats

D M Miller ‏@bentmg – Hoping to set up a dedicated sdr to decode some DMR and NXDN signals in my area for streaming if I win the giveaway!

Blog Comment Winners!

We’ve emailed all blog comment winners using the email address that was provided. Please check your spam folder if you don’t see it, or contact us directly.

Jeff – Portable rf spectrum analysis

Stephen McBain – Starting out at the basics and using a dongle to decode different signals and just learning radio.

Matt – I’m working on building a WebSDR in Bucharest with full coverage from ~15mhz to ~1700mhz (R820T2 upper limit)

John Wilkerson – I use dual dongles for monitoring p25 trunked systems, as well as aircraft tracking.

Bryan – I’m pairing the RTL-SDR with my TS-940SAT and DXLab Commander + SDR# FTW.

Mailing List Winners! (Emails obscured for privacy)

We’ve obscured the winning emails for privacy, but we’ve emailed these winners now. Please check your spam inbox too!

g___e__e.r_i___i@____.com

j____p__a@____.com

v___o_t@________.ca

m_r___n@________.net

d_b___l_+_t_s_r@_____.com

Reverse Engineering Cheap Chinese Radio Firmware

This post isn’t related to SDR, however it may interest many readers as it has the potential to become the “RTL-SDR” of handheld hardware radios. Recently at Shmoocon 2016 (a yearly hacking and security themed conference), hardware hacker Travis Goodspeed showed how he was able to reverse engineer the firmware of a cheap Chinese made Tytera MD380 DMR digital handheld radio transceiver.

The reverse engineering feat essentially means that custom firmware can now be written to the radio. They’ve already managed to add a promiscuity mode that allows the radio to be able to receive from all talk groups on a known repeater and timeslot. Access to he firmware now also means that custom decoders for protocols such as P25, D-Star or System Fusion can potentially be added to the radio’s features in the future. In the end this could turn this cheap $140 radio into a more featured radio that would be worth much more.

See the full story over at Hackaday and the white paper here (start at page 76) and the video of the talk below.

Jailbreaking a Digital Two Way Radio Travis Goodspeed travisgoodspeed

Inside the Tytera MD380
Inside the Tytera MD380

PiTX QRP TX Shield for WSPR on 20M Now For Sale

Back in October 2015 we posted about a piece of software for the Raspberry Pi called PiTX. PiTX allows you to turn your Raspberry Pi into a fully functional RF transmitter. When combined with an RTL-SDR a full transceiver radio can be built using the QTCSDR software.

PiTX works by modulating the GPIO pins on the Pi in such a way that it is able to produce FM modulation. The major problem with using this method of producing radio is that it creates large amounts of harmonics and interference outside of the intended transmit frequency. Interference like this is illegal and could potentially disrupt life critical radio systems such as emergency services, cellphones and air traffic control.

In order to cleanly transmit with PiTX an output RF filter should be used. Recently, the team over at TAPR.org have released a 20M WSPR TX filter shield. WSPR is pronounced “Whisper” and is short for “Weak Signal Propagation Reporter Network“. It is a type of amateur radio signal that can be broadcast and received around the world by using very low transmit power. Radio amateurs use it to see how far their signal can travel when using very low power (QRP) and to investigate signal propagation conditions. 

The 20M WSPR shield sells for $20 at www.tapr.org/kits_20M-wspr-pi.html.

The WSPR shield sitting on top of a Raspberry Pi.
The WSPR shield sitting on top of a Raspberry Pi.

Demonstrating the ARM Radio

Back in November 2015 we posted about the ARM Radio, a minimalist direct sampling software defined radio that runs almost entirely on an ARM processor on a STM32F429 discovery board. It can tune from about 8 kHz up to 900 kHz, which covers the VLF, LF and some of the MF bands. 

Now over on YouTube amateur radio hobbyist W9RAN has uploaded a video where he demonstrates an ARM Radio that he built. He shows the radio in operation with it clearly receiving some NDB’s and some AM broadcast stations.

ARM Radio demo BY W9RAN

Solving the Mystery of a Keyless Vehicle Entry RF Deadspot in a Carpark with a FUNcube Dongle

The Brisbane Times ran a story today that discussed an interesting RF phenomenon that was solved using a FUNcube dongle software defined radio. The Funcube dongle is a SDR similar to the RTL-SDR. The issue was that vehicle wireless entry keyfobs would not work at a particular location within an outdoor shopping centre car park.

The story goes like this – First a user on a local Brisbane subreddit message board posted about how he had noticed that his cars wireless entry keyfob would not work when he parked in a certain area of the shopping area car park. The user wrote:

I walked out to my car from Bunnings, and there was a new HSW Maloo parked in front of me with the owner staring at his key fob and shaking his head.

I said “let me guess, car won’t open?” and he said yeah, and he’d been trying for about 5 minutes. I said that I’d had the same thing happen to me a few months back in the same spot, and then went to open my car.

Nothing. No beep, door stayed locked. Looked around and there was another couple trying to get into their car as well (late model C Class).

It took about 5 minutes of me trying the door every 20 seconds or so before it opened. HSV owner was still there when I left. The only thing he and I could think of causing it was the mobile phone tower in front of Aldi.

After reading the post, user u/riumplus decided to go out to the same spot with his Funcube dongle SDR and see if there was any interference that might explain the issues. But he found no such interference. However, when he pressed the wireless entry on his own keyfob he noticed reflections from the main transmission that were coming from the buildings walls. He wrote:

So I pulled out my SDR and I did a complete frequency sweep from 100kHz to 2.2GHz and… also nothing. Everything completely normal. Nothing on that frequency, nor anything odd anywhere else on the spectrum. Couldn’t see any of the usual potential harmonics from RFID or standard WiFi gear. Here’s the output at 433.3MHz(forgot to grab a screenshot centred right at 433.92Mhz but it was also empty, as was 315MHz).

Here’s where it gets interesting – I noticed that that location is almost in the middle of the car park between the three buildings, and they all have large amounts of metal flashing on their fronts. On a whim I watched the output when I pressed my own keyfob. And what do you know, I could see distorted reflections from my own signal bouncing off these buildings right back at me. My guess is that this is what was causing you issues!

It may sound counter-intuitive, but next time it happens try cupping the keyfob in your hand to weaken the signal. It should still be strong enough to trigger your car to open, but then the reflections will be weak enough they won’t cause you trouble.

So it seems that the layout of the buildings caused a focal point for reflections at that particular location which affected some wireless keyfobs.

The location in the carpark of the deadzone.
The location in the carpark of the deadzone.

Live Right Now: The 12th Cyberspectrum Software Defined Radio Meetup

Cyberspectrum is a monthly software defined radio meetup that is held in San Francisco. During this meetup presenters show and discuss their SDR related work. The 12th Cyberspectrum meetup is occurring right now and this time there will be presentations from amateur radio astronomer Marcus Leech from Canada and wireless security researcher Tobias Zillner from Austria.

There is a live stream on YouTube shown below, and after it finishes it will also be available for viewing:

Edit: Stream is over. Marcus Leech gave a nice talk that gave an overview or amateur radio astronomy and explained some of his set up where he uses RTL-SDR dongles as the receiver.

Cyberspectrum: Bay Area Software Defined Radio #12 (Dec 2015)

The overview of today’s presentations are as follows:

Marcus Leech from SBRAC“An integrated proof-of-concept ‘all-digital’ feed for 21cm radio astronomy”

We show ongoing work in designing and building a proof-of-concept ‘all digital’ feed for 21cm radio astronomy experiments. While many professional radio astronomy observatories are using “digitize at the feed” techniques, amateur experiments (and successes) in this are very close to non-existent.

Digitizing at the feed carries many advantages, including overall system gain stability, and the ability to carry signals over cheap ethernet-over-fiber links.

We’ll show an example feed arrangement that uses a differential radiometry approach, and does much of the initial processing right at the feed, including radiometry and spectral calculations, sending summary data to an ordinary PC host over ethernet.

Challenges and pitfalls will be discussed.

Tobias Zillner from Cognosec: “ZigBee Smart Homes – A Hacker’s Open House”

ZigBee is one of the most widespread communication standards used in the Internet of Things and especially in the area of smart homes. If you have for example a smart light bulb at home, the chance is very high that you are actually using ZigBee by yourself. Popular lighting applications such as Philips Hue or Osram Lightify and also popular smart home systems such as SmartThings or Googles OnHub are based on ZigBee. New IoT devices have often very limited processing and energy resources. Therefore they are not capable of implementing well-known communication standards like Wifi. ZigBee is an open, public available alternative that enables wireless communication for such limited devices.

ZigBee provides also security services for key establishment, key transport, frame protection and device management that are based on established cryptographic algorithms. So a ZigBee home automation network with applied security is secure and the smart home communication is protected?

No, definitely not. Due to “requirements” on interoperability and compatibility as well as the application of ancient security concepts it is possible to compromise ZigBee networks and take over control of all included devices. For example it is easily possible for an external to get control over every smart light bulb that supports the ZigBee Light Link profile. Also the initial key transport is done in an unsecured way. It is even required by the standard to support this weak key transport. On top of that another vulnerability allows third parties to request secret key material without any authentication and therefore takeover the whole network as well as all connected ZigBee devices. Together with shortfalls and limitations in the security caused by the manufacturers itself the risk to this last tier communication standard can be considered as highly critical.

This talk will provide an overview about the actual applied security measures in ZigBee, highlight the included weaknesses and show also practical exploitations of actual product vulnerabilities. Therefore new features in the ZigBee security testing tool SecBee will be demonstrated and made public available.