Comparing a HackRF Clone against the Original

Over on the Great Scott Gadgets blog Michael Ossmann, the lead creator of the original HackRF has put out a post comparing his original HackRF with one of the many clones on the market. The HackRF is a low cost wideband transmit capable SDR that was released via Kickstarter crowd funding back in 2014. Even up until today it is one of the most popular SDRs for radio experimenters due to it's versatility, open source nature, and low cost.

Within the past few years Chinese clones of most SDRs including the HackRF have appeared on the market often at substantially reduced pricing. As the HackRF is fully open source hardware, copies are legally allowed, however buying a clone does not support the original developer and can put strain on their support services. The general consensus amongst clone purchasers is that they work fine, but when there are problems you take the risk of not being able to expect any sort of support or warranty from the the cloner. Also while the clones work fine, up until now we have not yet seen any performance comparisons yet.

In his post Michael Ossmann tests a clone which is even advertised to have improved upon the original design. Michaels post goes into more detail, but long story short, the clone has clear transmit performance issues above 1 GHz, and at the worst point produces 22 dB (150x) less power out compared to the original. In terms of receive performance the clone performs even worse, showing very poor sensitivity when compared to the original. Michael notes that this clone would not have passed the QC procedure used for the original.

We believe that the original HackRF has created significant value to the RF community through software, tutorials and their hardware. Over the years countless projects and research/conference papers have been enabled by the HackRF. So even regardless of potential performance and warranty issues we think it is ethical to support the original creators if your budget allows it.

HackRF Receive Performance Test. Above 5 GHz the test signal was below the noise floor.
Tweet14
Share
Reddit
Vote
Email
14 Shares

Video Introduction to Scattering Parameters with Animated Examples

Thank you to Apostolos for sharing with us his educational video that introduces "scattering parameters" (aka S-Parameters), and how these parameters relate to antennas and RF networks. S-Parameters are a matrix of values that can be used to describe an electrical network. Apostolos' video explains these parameters in detail, giving good visual examples. Apostolos writes:

Here are the topics I cover:

  • What is a 'Network'?
  • Power Waves
  • Complex Impedance & Phase Angle
  • S-Matrix & S-Parameters
  • Reflection & Transmission Coefficients
  • Standing Waves
  • Example Networks
  • Designating S-Parameters
  • Reciprocity & Losslessness
  • Reflection Coefficient and VSWR
A Visual Introduction to Scattering Parameters

Tweet
Share
Reddit
Vote
Email

Hacking a La Crosse Weather Station with an RTL-SDR, PlutoSDR and Universal Radio Hacker

Thank you to Ryan K for submitting his latest blog post where he gives an in depth explanation of how he reverse engineered his La Crosse weather station using an RTL-SDR, PlutoSDR and the Universal Radio Hacker (URH) software.

The La Crosse weather station system consists of a LCD base station, and various wireless sensors. Ryan first discovered that the devices used the 915 MHz frequency band via details written on the device itself. His next step was to open up Universal Radio Hacker and use one of his SDRs to record a packet.  URH then allowed him to convert that data into bits for packet analysis. The rest of his post goes into detail on how he set the symbol rate, discovered the preamble and reverse engineered the CRC code. 

The next step he took was to generate a spoofed packet generated by URH and transmitted by the PlutoSDR. This allowed him to set the base station display to any temperature that he specified. But he ran into a problem where only the first packet he sent after power up was received. Eventually he discovered that the system sets a randomized interval for each of the transmitters at startup, and data outside of that interval is ignored.

Ryan's post explains his whole though process and progress in detail, so is an excellent study for anyone looking to get into reverse engineering wireless signals.

Reverse Engineering a La Crosse Weather Station with a PlutoSDR and RTL-SDR
Tweet27
Share
Reddit
Vote
Email
27 Shares

Nils Critiques the MH370 WSPR Aircraft Scatter Theory

For some time now there has been chatter about the possibility of using WSPR logs to help track the mysterious disappearance of flight MH370. WSPR or the "Weak Signal Propagation Reporter" is a protocol typically used on the HF bands by amateur radio operators. The properties of the protocol allow WSPR signals to be received almost globally despite using low transmit power.  Amateur radio operators use it for making contacts, or for checking HF radio propagation conditions. MH370 is a flight that infamously vanished without a trace back in 2014.

The theory proposed by aerospace engineer Richard Godfrey is to use logs of sent and received WSPR transmissions that may have intersected the potential flight path of MH370, and to look for potential reflections or 'scatter' in the signal from the metal aircraft hull. From the reflections an approximate track of the aircraft could be calculated much in the same way that bistatic over the horizon radar systems work.

While it is an exciting theory, it is unfortunately considered by most experts as highly unlikely to yield any suitable results with the main problems being WSPR transmission power too weak to detect reflections from an aircraft, and the effect of the ionosphere too difficult to account for. 

Over on his blog Nils Schiffhauer (DK8OK) has posted a thorough critique of the idea, explaining the theory, technical details and difficulties in depth, ultimately coming to the conclusion that the idea is based more in wishful thinking than in fact. Nils summarizes:

Time and again, there are news stories in the professional and popular press about the fact that log data from the WSPR data network can help locate aircraft. In particular, the effort is to determine the actual crash site of flight MH370. This effort essentially amounts to detecting "unusual" level jumps and frequency changes ("drift") in the archived WSPR log data and attributing them to reflections from specific aircraft ("aircraft scatter").

In a blog entry, Nils Schiffhauer, DK8OK, for the first time critically evaluates this theory. On the one hand, this is based on years of observation of aircraft scatter on shortwave as well as an investigation of about 30 Doppler tracks. The results of this complex analysis of more than 10,000 data in one example alone are sobering: The effects of aircraft scatter on the overall signal are almost always well below 0.3 dB.

To prove a correlation between level changes of the overall signal and aircraft scatter seems hardly possible on the basis of the WSPR data material. The reasons are manifold, but lie mainly in shortwave propagation, where level changes of 30 dB within a few seconds are the rule rather than the exception.

However, since the local and temporal state of the ionosphere is not known in previous investigations on the WSPR data material - it is recorded in parallel in professional OTH radar systems and calculated out of the received signal - level jumps can hardly be clearly assigned from the sum signal alone. This finding is supported by further arguments in the blog:
https://t1p.de/t5kr

Nils demonstrates aircraft scatter on China Radio International, a 500kW transmitter.
Tweet24
Share
Reddit
Vote
Email
24 Shares

SDRAngel Features Overview: ADS-B, APT, DVB-S, DAB+, AIS, VOR, APRS, and many more built-in apps

SDRAngel is a general purpose software defined radio program that is compatible with most SDRs including the RTL-SDR. We've posted about it several times before on the blog, however we did not realize how much progress has occurred with developing various built in plugins and decoders for it.

Thanks to Jon for writing in and sharing with us a demonstration video that the SDRAngel team have released on their YouTube channel. From the video we can see that SDRAngel now comes stock with a whole host of built in decoders and apps for various radio applications making it close to an all-in-one SDR platform. The built in applications include:

  • ADS-B Decoder: Decodes aircraft ADS-B data and plots aircraft positions on a map
  • NOAA APT Decoder: Decodes NOAA weather satellite images (in black and white only)
  • DVB-S: Decodes and plays Digital TV DVB-S and DVB-S2 video
  • AIS: Decodes marine AIS data and plots vessel positions on a map
  • VOR: Decodes VOR aircraft navigational beacons, and plots bearing lines on a map, allowing you to determine your receivers position.
  • DAB+: Decodes and plays DAB digital audio signals
  • Radio Astronomy Hydrogen Line: With an appropriate radio telescope connected to the SDR, integrates and displays the Hydrogen Line FFT with various settings, and a map of the galaxy showing where your dish is pointing. Can also control a dish rotator.
  • Radio Astronomy Solar Observations: Similar to the Hydrogen line app, allows you to make solar measurements.
  • Broadcast FM: Decoding and playback. Includes RDS decoding.
  • Noise Figure Measurements: Together with a noise source you can measure the noise figure of a SDR.
  • Airband Voice: Receive multiple Airband channels simultaneously
  • Graves Radar Tracker: For Europeans, track a satellite and watch for reflections in the spectrum from the French Graves space radar. 
  • Radio Clocks: Receive and decode accurate time from radio clocks such as MSF, DCF77, TDF and WWVB.
  • APRS: Decode APRS data, and plot APRS locations and moving APRS enabled vehicles on a map with speed plot.
  • Pagers: Decode POCSAG pagers
  • APRS/AX.25 Satellite: Decode APRS messages from the ISS and NO-84 satellites, via the built in decoder and satellite tracker.
  • Channel Analyzer: Analyze signals in the frequency and time domains
  • QSO Digital and Analog Voice: Decode digital and analog voice. Digital voice handled by the built in DSD demodulator, and includes DMR, dPMR and D-Star.
  • Beacons: Monitor propagation via amateur radio beacons, and plot them on a map.

We note that the video doesn't show the following additional features such as an analog TV decoder, the SDRAngel "ChirpChat" text mode, a FreeDV decoder and several other features.

SDRangel

Tweet39
Share
Reddit
Vote
Email
39 Shares

Technical Details on an SDR Supercluster with Eight HackRFs

A few weeks ago we posted about Reddit member u/OlegKutkov who used his HackRF supercluster to receive Starlink beacons, but details on the HackRF supercluster project itself were a little sparse. Now Oleg has posted a full description about the HackRF supercluster, noting that the 8 HackRF's in the system can provide up to 160 MHz of live monitoring bandwidth.

Oleg shows how each of the boards are connected to the same GPS disciplined 10 MHz clock source, how it uses an RF splitter with LNA and how it requires 8 separate host controllers connected to individual PCIe lines in his computer system to overcome the USB2.0 data bandwidth limits. He also shows the GNU Radio script he's created that combines the 8 sources into one.

Oleg writes how he's using the HackRF supercluster together with a TV Ku-Band LNB and satellite dish for wideband satellite monitoring.

HackRF Supercluster Block Diagram
The HackRF Supercluster
Tweet30
Share
Reddit1
Vote
Email
31 Shares

Multichannel ALE and GMDSS Decoding with Black Cat Systems Software

Black Cat Systems have recently released two new programs that may be of interest to HF monitoring enthusiasts. The first is a multichannel capable ALE decoder and the second is a multichannel GMDSS-DSC decoder. Both programs are not free, with an (introductory) price tag of $29.99 each for three parallel input channels, and $99 for up to 24 parallel input channels.

With an appropriate HF capable SDR, like a SDRplay, Airspy HF+ Discovery, or even an RTL-SDR V3 in direct sampling mode, these programs allow you to set up a home monitoring station. 

ALE or Automatic Link Establishment is a digital RF protocol that enables users to initiate a reliable call over HF frequencies, by automatically choosing the best frequency based on propagation conditions, allowing for telephone like calling operation, and enabling short text messages.

GMDSS or Global Maritime Distress and Safety System is a set of radio protocols that enables digital text communications between ship to ship and the shore, as well as weather broadcasts, and distress beacons. 

Over on his blog Nils Schiffhauer (DK8OK) has been testing these two programs out. In his first post about the ALE decoder, Nils explains ALE in more depth, and demonstrates how he uses the multi-channel capable SDR-Console with Virtual Audio Cable to feed 16 ALE channels into the decoder. He goes on to show how to filter by callsign and provides some tips for best reception. He notes that with ALE you might receive messages from:

... forces, diplomatic services, emergency agencies, police, militia, UN missions, drug enforcement, border control and even amateur radio. It is used from aircraft like AWACS, as from aircraft carriers, from mobile units to fixed stations. 

In his second post Nils tests out the GMDSS decoder noting that it is an "extraordinary sensitive decoder" and "it also includes smart processing of the data – from looking up vessel’s complete data from ITU’s Ship Station List (internet connection needed) to saving all data to a fully-fledged database". His post goes on to explain the GMDSS format in more detail and demonstrate multichannel decoding.

Black Cat Systems ALE and GMDSS Decoders demonstrated by Nils Schiffhauer (DK8OK)
Tweet12
Share
Reddit
Vote
Email
12 Shares

Receiving Starlink Beacons with an RTL-SDR and LNB

Derek OK9SGC has recently posted a write-up of how they’ve been able to receive the Ku-band beacon signals from the Starlink constellation of communication satellites continually launched by SpaceX since 2015. While we recently covered Starlink Beacons being captured with a HackRF Supercluster Derek has noted that receiving the beacons requires little more than an LNB, a low-cost SDR such as the RTL-SDR V3 and a power injector to provide 12V DC to the LNB. Derek notes that a dish is not even required as the beacons transmit with high power.

Starlink Beacon Receiver Setup

Due to the low earth orbit and thus high speed of travel of the Starlink constellation you’ll notice strong Doppler effect drifts in your received signal. Derek notes that it may be interesting to perform Doppler analysis on the satellites with the satellite tracking toolkit for radio observations (strf) software. He also noted that in the 30 minutes he was receiving for, there was almost no point in time where a beacon was not being received, indicating that the Starlink constellation is close to achieving 100% sky coverage. 

Derek has made the process easy to understand and illustrates just how easy it is to listen to these beacon signals. Of course we note that these are just the beacons, and they carry no data. Still they are fun signal to receive, and doppler analysis could reveal interesting information about orbits. 

Starlink beacons shown in a fast FFT (LEFT), and slow FFT (RIGHT)
Tweet27
Share
Reddit1
Vote
Email
28 Shares