Review: Airspy vs. SDRplay RSP vs. HackRF

asvsrspvshackrf

IMPORTANT NOTE: Please note that this review is now out of date as the SDRplay RSP line has received significant improvements to their hardware and Airspy have brought out a new SDR that is much better at HF.

Overall it is now difficult to pick a winner between Airspy and SDRplay products. However, our preference is the Airspy HF+ Discovery for HF signals, and the SDRplay RSP1A for generic wideband wide frequency range receiving.

When people consider upgrading from the RTL-SDR, there are three mid priced software defined radios that come to most peoples minds: The Airspy (store), the SDRplay RSP (store) and the HackRF (store).  These three are all in the price range of $150 to $300 USD. In this post we will review the Airspy, review the SDRplay RSP and review the HackRF and compare them against each other on various tests.

Note that this is a very long review. If you don't want to read all of this very long post then just scroll down to the conclusions at the end.

What makes a good SDR?

In this review we will only consider RX performance. So first we will review some terminology, features and specifications that are required for a good RX SDR.

SNR - When receiving a signal the main metric we want to measure is the "Signal to Noise" (SNR) ratio. This is the peak signal strength minus the noise floor strength.

Bandwidth - A larger bandwidth means more signals on the screen at once, and more software decimation (better SNR). The downside is that greater CPU power is needed for higher bandwidths.

Alias Free Bandwidth - The bandwidth on SDR displays tends to roll off at the edges, and also display aliased or images of other signals. The alias free bandwidth is the actual usable bandwidth and is usually smaller than the advertised bandwidth.

Sensitivity - More sensitive radios will be able to hear weaker stations easier, and produce high SNR values.

ADC - Analogue to digital converter. The main component in an SDR. It samples an analogue signal and turns it into digital bits. The higher the bit size of the ADC the more accurate it can be when sampling.

Overloading - Overloading occurs when a signal is too strong and saturates the ADC, leaving no space for weak signals to be measured. When overloading occurs you'll see effects like severely reduced sensitivity and signal images.

Dynamic Range - This is directly related to ADC bit size, but is also affected by DSP software processing. Dynamic range is the ability of an SDR to receive weak signals when strong signals are nearby. The need for high dynamic range can be alleviated by using RF filtering. Overloading occurs when a strong signal starts to saturate the ADC because the dynamic range was not high enough.

Images/Aliasing - Bad SDRs are more likely to overload and show images of strong signals at frequencies that they should not be at. This can be fixed with filtering or by using a higher dynamic range/higher bit receiver.

Noise/Interference - Good SDRs should not receive anything without an antenna attached. If they receive signals without an antenna, then interfering signals may be entering directly through the circuit board, making it impossible to filter them out. Good SDRs will also cope well with things like USB interference.

RF Filtering/Preselection - A high performance SDR will have multiple preselector filters that switch in depending on the frequency you are listening to. 

Center DC Spike - A good SDR should have the I/Q parts balanced so that there is no DC spike in the center.

Phase Noise - Phase noise performance is determined by the quality of the crystal oscillators used. Lower phase noise oscillators means better SNR for narrowband signals and less reciprocal mixing. Reciprocal mixing is when high phase noise causes a weak signal to be lost in the phase noise of a nearby strong signal.

Frequency Stability - We should expect the receiver to stay on frequency and not drift when the temperature changes. To achieve this a TCXO or similar stable oscillator should be used.

RF Design - The overall design of the system. For example, how many lossy components such as switches are used in the RF path. As the design complexity increases usually more components are added to the RF path which can reduce RX performance.

Software - The hardware is only half of an SDR. The software the unit is compatible with can make or break an SDRs usefulness.

Next we will introduce each device and its advertised specifications and features:

Device Introduction and Advertised Specifications & Features

  Airspy SDR Play RSP HackRF
Price (USD)

$199 / $ 249 USD (with Spyverter) + shipping ($5-$20).

As of April 2016, the Airspy Mini is now also for sale at $99 USD.

$149 USD + shipping ($20-$30 world, free shipping in the USA)

£99 + VAT + ~£10 shipping for EU.

 $299 USD + shipping
Freq. Range (MHz) 24 - 1800
0 - 1800 (with Spyverter addon)		 0.1 - 2000 0.1 - 6000
ADC Bits 12 (10.4 ENOB) 12 (10.4 ENOB) 8
Bandwidth (MHz)

10 (9 MHz usable)

6 MHz (5 MHz usable) (AS Mini)

 8 (7 MHz usable) (10 MHz in SDRuno/~9 MHz usable) 20
TX No No Yes (half duplex)
Dynamic Range (Claimed)(dB) 80 67 ~48
Clock Precision (PPM) 0.5 PPM low phase noise TCXO 10 PPM XO 30 PPM XO
Frontend Filters Front end tracking IF filter on the R820T2 chip. 8 switched preselection filters + switchable IF filter on MSI001 chip Two very wide preselection filters - 2.3 GHz LPF, 2.7 GHz HPF
ADC, Frontend Chips LPC4370 ARM, R820T2 MSi2500, MSi001 MAX5864, RFFC5071 
Additional Features 4.5v bias tee, external clock input, expansion headers. LNA on the front end 5v bias tee, LNA on front end, external clock input, expansion headers.
Notes

The Airspy is designed by Benjamin Vernoux & Youssef Touil who is also the author of the popular SDR# software. 

Of note is that there has been a misconception going around that the Airspy is an RTL-SDR/RTL2832U device. This is not true; there are no RTL2832U chips in the Airspy. The confusion may come from the fact that they both use the R820T2 tuner. The RTL2832U chip is the main bottleneck in RTL-SDR devices, not the R820T2. When coupled with a better ADC, the R820T2 works well and can be used to its full potential.

The Airspy team write that they sell units mostly to universities, governments and professional RF users. However, they also have a sizable number of amateur users.

Update: As of April 2016 the Airspy Mini is now for sale for $99 USD. The main difference is a 6 MHz bandwidth and fewer expansion headers, but all other specs appear to be the same.

The SDR Play Radio Spectrum Processor (RSP) is designed by UK based engineers who appear to be affiliated with Mirics, a UK based producer of SDR RF microchips.

The chips used in the SDRplay RSP are dedicated SDR chips which were designed for a wide variety of applications such as DVB-T tuners. The RSP uses these chips and improves on their front end capabilities by adding an LNA and filters in order to create a device capable of general SDR use.

Initially when writing this review we had deep problems with the imaging of strong signals on the RSP. However, a recent Dec 22 update to the drivers has fixed this imaging problem tremendously.

The SDRplay is currently selling about 1000 units a month according to electronicsweekly.com.

The HackRF is designed by Micheal Ossmann a computer security researcher who was given a development grant from DARPA. His company is called "Great Scott Gadgets".

The HackRF's most unique feature when compared to the other two SDR's is that it is capable of both receiving and transmitting.

There is also a clone called the HackRF Blue out on the market which is about $100 cheaper, but they don't seem to have stock or be producing these any more.

From the specs it is clear from the ADC sizes that both the Airspy and SDRplay RSP are in a different class of RX performance when compared to the HackRF. However, people always compare the Airspy and SDRplay with the HackRF due to their similar price range, so we will continue to compare the three here in our review, but with more of a focus on comparing the Airspy and SDRplay RSP.

In order to use the Airspy on HF (0 - 30 MHz) frequencies a $50 add on called the Spyverter is required. This is an upconverter that is designed for use with the Airspy's high dynamic range and bias tee power port. However, one hassle is that the Spyverter must be connected/disconnected each time you want to switch between HF and VHF/UHF reception as it does not have VHF/UHF passthrough. The RSP and HackRF on the other hand can receive HF to UHF without the need of an upconverter or the need to change ports. A single port for HF to UHF can be very useful if you have a remote antenna switcher.

Post continues. Note that this is a long post with many images.

Continue reading

Tweet
Share
Reddit
Vote
Email

Using AIS Share, OpenCPN and an RTL-SDR on a Sailboat

AIS Share is an app for Android that allows you to turn an Android device into an AIS receiver by using an RTL-SDR. AIS stands for Automatic Identification System and is used by ships to broadcast their GPS locations, to help avoid collisions and aid with rescues. An RTL-SDR with the right software can be used to receive and decode these signals, and plot ship positions on a map.

AIS Share is a dual channel decoder that outputs decoded NMEA messages via UDP, so that plotting software like OpenCPN can be used to display the ships on a map. AIS Share had been around before in another form known as rtl_ais_android which we posted before, but this version of AIS Share is a newly updated and improved version that now includes a very nice GUI. The app costs about $2 and is available on the Google Play store, but there is a demo available that will work up until 1000 messages are received. You will need an RTL-SDR and a USB OTG cable to run the app.

Recently the author of the app received word from a user called Harmen who has successfully been using his AIS Share app on his sailboat. Harmen uses the app on an Android tablet which is enclosed in a waterproof box. For an antenna he uses a coax collinear.

In the future the author writes that he’d like to update the app to support things like the ability to change more dongle settings like bandwidth/sample rate and add the possibility of using the internal phone/tablet GPS. He is also open to any community suggestions.

AIS Share Receiver on the sailboat in a waterproof case.
AIS Share Receiver on the sailboat in a waterproof case.
The back of the Android Tablet, showing the RTL-SDR and the antenna connection.
The back of the Android Tablet, showing the RTL-SDR and the antenna connection.
The AIS Share main screen GUI.
The AIS Share main screen GUI.

https://www.youtube.com/watch?v=ApGk8P82THs (Unfortunately the video has been removed)

Tweet13
Share
Reddit
Vote
Email
13 Shares

Broadcasting Analgoue NTSC TV with a $7 ESP8266

The ESP8266 is a $7 WiFi module that can be used to give any microcontroller access to a WiFi network. It is designed for creating Internet of Things (IoT) devices and has various features such as it’s ability to host it’s own web applications. The ESP8266 also has a I2S output with DMA support. By hooking up this I2S output pin to a short wire, YouTuber CNLohr has demonstrated that he is able to use the ESP to broadcast full color NTSC TV.  This works in a similar way to how PiTX works, by using the pin to modulate a radio signal. CNLohrs code note only broadcasts color NTSC, but also provides a full web interface for controlling it.

In the first video CNLohr shows off his initial work at getting the NTSC output working and in the second video he shows color working. Later in the second video he also uses an RTL-SDR to check on the NTSC spectrum that is being output.

Broadcasting Analog TV on an ESP8266!

Broadcasting COLOR Channel 3 on an ESP

Tweet21
Share
Reddit
Vote
Email
21 Shares

Testing a frequency synthesizer with an RTL-SDR

Harris Butler is designing his own software defined radio out of a Cypress PSOC5 (processor and ADC), an RF mixer, LNA and a frequency synthesizer (for use as a local oscillator) all purchased from eBay. Recently he wrote in to let us know that he had been testing the Frequency Synthesizer that he purchased and wanted to share his results.

When testing the frequency synthesizer Harris found that it could be fairly well calibrated to sit on a desired local oscillator frequency. Originally he had been testing the generator with it directly connected to the RTL-SDR, however later he added some attenuation to prevent the RTL-SDR from overloading. Despite this even with the attenuation he found that the frequency generator seemed to be fairly noisy and poor in terms of the strength of the harmonics produced. He notes that to use in a real application it will probably require good filtering.

In the video shown below Harris demonstrates the frequency generator output and harmonics using the RTL-SDR.

freq_harmonic

Tweet12
Share
Reddit
Vote
Email
12 Shares

How to use DSD+ with WineSkin on OSX

Last week we posted about how Matthew Miller deomnstrated that he was able to get the Windows digital speech decoder (DSD+) software running under OSX with WineSkin. DSD+ allows you to decode digital voice signals such as P25 and Motorola DMR. A few users asked how to actually use WineSkin to create a wrapper, so now Matthew has uploaded a new tutorial video showing how to use WineSkin to get DSD+ running on OSX.

In the video he shows how to download and install WineSkin, and how to create a wrapper that allows DSD+ to run on OSX. The process is relatively simple and only involves using GUI based tools.

DSD Plus on OSX with WineSkin - RTL SDR

Tweet
Share
Reddit
Vote
Email

New L-Band Filters from Adam Available

Adam (9A4QV) is well known in the RTL-SDR community for producing the LNA4ALL low noise amplifier as well as various RF filters that work well with the RTL-SDR. Adam is now selling some L-Band filters designed for improving reception with Inmarsat, Thuraya, Iridium, GPS satellites. It can be used for example when trying to received STD-C EGC or AERO data from Inmarsat satellites.

Adam writes that the filter will be most useful for those living in urban areas that are close to radio and TV towers. The filter is built on his standard filter PCB which also has the ability to add a simple bias tee circuit for powering externally positioned LNA’s such as his LNA4ALL which are necessary for good reception at L-band with an RTL-SDR.

He is currently selling it fully assembled for 20 euros, plus 5 euros for worldwide shipping.

Adam's L-Band Filter Characteristics.
Adam’s L-Band Filter Characteristics.
Tweet10
Share
Reddit
Vote
Email
10 Shares

KiwiSDR: 30 MHz Bandwidth SDR for VLF/LF/MF/HF

The KiwiSDR is an up and coming VLF/LF/MF/HF capable SDR that has a large 30 MHz of instantaneous bandwidth and coverage from 10 kHz to 30 MHz. It is designed to be low cost and used as an online internet based SDR in a similar way to how WebSDR is used, however KiwiSDR is designed to be used with the OpenWebRX software from András Retzler, HA7ILM. It uses a LTC 14-bit 65 MHz ADC and Xilinx Artix-7 A35 FPGA, and also has an integrated SDR based GPS receiver which is used to automatically compensate for any frequency drift from the main 66.6 MHz oscillator. The features of the KiwiSDR include:

  • 100% Open Source / Open Hardware.
  • Includes VLF-HF active antenna and associated power injector PCBs.
  • Browser-based interface allowing multiple simultaneous user web connections (currently 4).
  • Each connection tunes an independent receiver channel over the entire spectrum.
  • Waterfall tunes independently of audio and includes zooming and panning.
  • Multi-channel, parallel DDC design using bit-width optimized CIC filters.
  • Good performance at VLF/LF since I personally spend time monitoring those frequencies.
  • Automatic frequency calibration via received GPS timing.
  • Easy hardware and software setup. Browser-based configuration interface.

The KiwiSDR is currently in beta testing and has released two OpenWebRX beta test sites which can be used at:

http://kiwisdr.sk3w.se:8073/
http://kiwisdr.ece.uvic.ca:8073/

The KiwiSDR
The KiwiSDR
KiwiSDR running on OpenWebRX.
KiwiSDR running on OpenWebRX.

Tweet24
Share
Reddit
Vote
Email
24 Shares

Bypassing Rolling Code Systems – CodeGrabbing/RollJam

A while back we posted about Samy Kamkars popular “RollJam” device, which was a $32 home made device that was able to defeat rolling code based wireless security systems such as those used on modern cars.

Wireless security researcher Andrew Macpherson became interested in RollJam and has now written up a post showing how to create a similar device using the YardStickOne and RFcat wireless tools. In his post Andrew shows how he automates the replay attack side of things using a Python script and two RFcat devices. He also fully explains how rolling codes work and how to attack them using the CodeGrabbing/RollJam technique. Andrew explains the RollJam technique as follows:

  1. Target parks their car, gets out the carAttacker launches a jammer that prevents the car from receiving the code from the remote
  2. Target presses the remote, car does NOT lock and the attacker obtains the first keypress
  3. Target presses the remote a second time and the attacker obtains the second keypress
  4. Attacker then sends the first key press to lock the car, car locks as per normal
  5. Target assumes all is well and carries on about their day
  6. Attacker then sends the second keypress to the car, unlocking it
  7. Profit.
  8. Target returns to the vehicle and remote works as per normal

In the video below Andrew uses an SDR to help demonstrate the RollJam attack.

6. jam and replay rolling code rolljam codegrabbing

Showing how the RollJam attack works.
Showing how the RollJam attack works.
Tweet15
Share
Reddit
Vote
Email
15 Shares