Tagged: bladerf

uAVD: Analog Video Decoder Windows Software for SDRs

Thank yoy to Viol Tailer for submitting news about the release of his new software called "uAVD - Analog Video Decoder". uAVD is capable of demodulating the following:

  • AM (broadcast analog television - NTSC, PAL, SECAM)
  • FM (FPV drone video links)
  • RAW (composite output from VHS, camcorders, game consoles)

The software uses the uSDR software as a host, and it passes the IQ passband stream to the uAVD via a uSDR-TCP link. uSDR is a lightweight general purpose multimode software defined radio receiver Windows application that we have posted about on the blog in the past. Currently, it supports RTL-SDR, AirSpy, BladeRF, HackRF, FobosSDR, and LimeSDR devices.

The software supports full color and grayscale modes. With a wideband receiver, it will be possible to receive full-color video. With the reduced bandwidth available with an RTL-SDR, only grayscale will be available.

The code is not open-source, but the software is freely available from SourceForge.

The image below shows it being used to receive video from a camcorder composite video output. A FobosSDR used in direct sampling mode is used to receive the signal.

uAVD Receiving Camcorder Composite Video via the Direct Sampling Input in FobosSDR
uAVD Receiving Camcorder Composite Video via the Direct Sampling Input in FobosSDR

Below is a video from a user of the software demonstrating it in action.

uSDR and uAVD analog video decoder

BladeRF 2.0 Micro now supports up to 122.88 MHz of Bandwidth

A recent firmware upgrade to bladeRF SDR devices has brought with it a feature that allows it to double it's instantaneous bandwidth from 61.44 MHz all the way up to 122.88 MHz. The trade off limitation is that the 122.88 MHz bandwidth mode runs at a lower 8-bit ADC bit depth.

This increase bandwidth comes from a discovery made on the AD9361 RF transceiver chip which allows it to essentially be overclocked. However, outputting 122.88 MHz of RF bandwidth at the original 16-bit ADC depth would be impossible due to USB 3.0 bandwidth limitations. So the data is reduced to 8-bits, and then packed into the 16-bit buffer.

One of the use cases of such a wide bandwidth is that now the entire 79 channels of the 2.4 GHz Bluetooth band can be viewed at once.

The entire 2.4 GHz Bluetooth band visualized by a bladeRF with the new expanded bandwidth.

LimeSDR 2.0 Mini Now Crowdfunding, Standard LimeSDR Discontinued

Back in March we posted about the LimeSDR Mini 1.0 becoming end of life due to component shortages, and a slightly upgraded LimeSDR Mini 2.0 was being planned. The LimeSDR Mini 2.0 has just been released for preorder over on the CrowdSupply crowdfunding website with a price of US$399 + shipping. The first 1000 units are expected to be ready within 14-weeks, with subsequent batches out at 32-weeks.

The new pricing is at quite a premium over the original LimeSDR Mini which released in 2017 for US$139, and the standard LimeSDR which released in 2016 for US$249. However we of course must to take into account the extreme inflation of electronic parts pricing that has occurred over the past few years.

Lime Micro have also noted that the standard LimeSDR has also now been discontinued due to the same supply shortages. The standard LimeSDR had 2x2 RX/TX channels and was capable of a bandwidth of up to 61.44 MHz. In comparison, both versions of the LimeSDR Mini are a 1x1 channel product with 40 MHz of bandwidth.

The LimeSDR Mini 2.0 is almost identical to the LimeSDR Mini 1.0, both still making use of the LMS7002 RF transceiver as the main chip and using the same overall design. The only change is an upgrade to the FPGA, which replaces the Intel MAX 10 16k logic gate FPGA with a significantly more capable Lattice ECP5 44k logic gate FPGA.

Given the new pricing, people on the lookout for a new hacker/research/experimenter SDR in this price range might want to consider this brief comparison to find the best suited SDR for your needs:

  • LimeSDR Mini 2.0 - US$399
    1x1 channels, 40 MHz bandwidth, 10 MHz to 3.5 GHz, 12-bits.
     
  • HackRF One - US$330 (~$150 clones)
    1x1 channels (half-duplex), 20 MHz bandwidth, 1 MHz to 6 GHz, 8-bits.
     
  • PlutoSDR - US$229.18
    1x1 channels, 20 MHz bandwidth, 325 MHz to 3.8 GHz, 12-bits.
     
  • bladeRF 2.0 Micro xA4 - US$540
    2x2 channels, 61.44 MHz bandwidth, 47 MHz to 6 GHz. 12-bits.
The LimeSDR Mini 2.0

Nils Reviews our RTL-SDR Blog L-Band Active Patch Antenna

Over on his blog Nils Schiffhauer (DK8OK) has recently uploaded a review of our RTL-SDR Blog Active L-Band Patch Antenna (original site is down - archive.org link). This is a satellite patch antenna designed for experimenters who want to receive Inmarsat, Iridium, GPS and other GNSS signals. It covers 1525 - 1660 MHz. (Please note it does not cover GOES or other L-band weather satellites as these are much weaker signals that require a dish). The antenna comes as a set with mounting hardware and extension cable and can be purchased on our store for $49.95 including free worldwide shipping to most countries.

In his review Nils tests the patch antenna with his wideband BladeRF software defined radio showing a wide 60 MHz of bandwidth being received. He then goes on to show it being used to receive AERO, via the JAERO decoder, and STD-C via the Tekmanoid decoder.

We want to take this opportunity to pre-announce that due to rising shipping costs the price of this antenna set will be going up by $10 in early 2022. Before the price raise we will put out another post, but if you are interested in one we'd recommend picking one up soon.

Nils tests the water resistance of the antenna.

DragonOS: BladeRF-wiphy Demonstration

Recently we posted about bladeRF-wiphy which is open source code that can turn a bladeRF software defined radio into a software defined WiFi access point. The bladeRF 2.0 is a relatively low cost SDR which costs $420 for the low end version. It is capable of both transmit and receive (2x2 MIMO) with a 47 MHz to 6 GHz frequency range and 61.44 MHz sampling rate.

Over on YouTube Aaron who created DragonOS has uploaded a video demonstrating bladeRF-wiphy in action. He writes:

This video demonstrates Nuand’s new open source 802.11 modem/FPGA available for the bladeRFxA9. Everything will be Pre included in DragonOS Focal to setup an open AP and hopefully whatever’s required for use within Kismet.

Minor configuration is needed for the open AP, while Kismet integration should be pretty straight forward.

This is an awesome addition to the bladeRF and I look forward to seeing what else is possible with this new open source 802.11 compatible modem!

DragonOS Focal BladeRF-wiphy w/ Open Wi-Fi AP and Splash page (bladeRFxA9)

bladeRF-wiphy: Open Source WiFi Access Point on a BladeRF

Back in August 2020 we posted about OpenWiFi , an open source implementation of the full IEEE802.11/Wi-Fi stack for FPGA and SDR combo board. Recently the team at Nuand have released their own WiFi implementation called "bladeRF-wiphy" for their bladeRF 2.0 software defined radio. The code is implemented in VHDL, which runs directly on the bladeRF's on board micro xA9 FPGA.

The bladeRF-wiphy project is an open-source IEEE 802.11 compatible software defined radio VHDL modem. The modem is able to modulate and demodulate 802.11 packets (the protocol WiFi is based on), and run directly on the bladeRF 2.0 micro xA9’s FPGA.

The bladeRF-wiphy coupled with Linux mac80211 allows the bladeRF 2.0 micro xA9 to become a software defined radio 802.11 access point! 802.11 packets (PDUs) are modulated and demodulated directly on the FPGA, so only 802.11 packets are transferred between the FPGA and libbladeRF.

Defcon 2020 Online Talks: Satellite Eavesdropping & Detecting Fake 4G Base Stations

DEFCON 2020 was held online this year in and the talks were released a few days ago on their website and on YouTube. If you weren't already aware Defcon is a major yearly conference all about information security, and some of the talks deal with wireless and SDR topics. We found two very interesting SDR and wireless related talks that we have highlighted below. The first talk investigates using commercial satellite TV receivers to eavesdrop on satellite internet communications. The second discusses using a bladeRF or USRP to detect fake 4G cellphone basestations. Slides for these talks are available on the Defcon Media server under the presentations folder.

DEF CON Safe Mode - James Pavur - Whispers Among the Stars

Space is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look at the considerations an attacker may take when targeting satellite broadband communications networks. Using $300 of widely available home television equipment I show that it is possible to intercept deeply sensitive data transmitted on satellite links by some of the world's largest organizations.

The talk follows a series of case studies looking at satellite communications affecting three domains: air, land, and sea. From home satellite broadband customers, to wind farms, to oil tankers and aircraft, I show how satellite eavesdroppers can threaten privacy and communications security. Beyond eavesdropping, I also discuss how, under certain conditions, this inexpensive hardware can be used to hijack active sessions over the satellite link.

The talk concludes by presenting new open source tools we have developed to help researchers seeking to improve satellite communications security and individual satellite customers looking to encrypt their traffic.

The talk assumes no background in satellite communications or cryptography but will be most interesting to researchers interested in tackling further unsolved security challenges in outer space.

DEF CON Safe Mode - James Pavur - Whispers Among the Stars

DEF CON Safe Mode - Cooper Quintin - Detecting Fake 4G Base Stations in Real Time

4G based IMSI catchers such as the Hailstorm are becoming more popular with governments and law enforcement around the world, as well as spies, and even criminals. Until now IMSI catcher detection has focused on 2G IMSI catchers such as the Stingray which are quickly falling out of favor.

In this talk we will tell you how 4G IMSI Catchers might work to the best of our knowledge, and what they can and can't do. We demonstrate a brand new software project to detect fake 4G base stations, with open source software and relatively cheap hardware. And finally we will present a comprehensive plan to dramatically limit the capabilities of IMSI catchers (with the long term goal of making them useless once and for all).

GitHub: https://github.com/EFForg/crocodilehunter

DEF CON Safe Mode - Cooper Quintin - Detecting Fake 4G Base Stations in Real Time

DragonOS Updated: Now with OP25 Installed and many new YouTube Tutorials

Last month we posted about Aaron's "DragonOS" project, which is a ready to install Linux ISO aimed to make getting started with SDR software easy by providing several programs preinstalled, as well as providing multiple video tutorials. Recently he's updated the build, this time basing it on Lubuntu 18.04 allowing for Legacy and UEFI support, along with disk encryption. The OS supports RTL-SDRs as well as the HackRF and bladeRF and probably supports most other SDRs via the SoapySDR interface.

In terms of software he's also added OP25 and bladeRF support. Other programs pre-installed include rtl_433, Universal Radio Hacker, GNU Radio, Aircrack-ng, GQRX, Kalibrate, hackrf, wireshare, gr-gsm, rtl-sdr, HackRF, IMSI-catcher, Zenmap, inspectrum, qspectrumanalyzer, LTE-Cell-Scanner, CubicSDR, Limesuite, ShinySDR, SDRAngel, SDRTrunk, Kismet, BladeRF.

His DragonOS YouTube tutorial channel is also growing fast, with several tutorials showing you how to use DragonOS to perform tasks like listen to trunked mobile radios, use QSpectrumAnalyzer with a HackRF, receive NOAA APT weather satellite images, retrieve cellular network information via a rooted Samsung Galaxy S5, create a ShinySDR server with rtl_433 and how to capture and replay with a HackRF.

DragonOS running CubicSDR
DragonOS running CubicSDR