Tagged: hackrf

HackRF Pro Updates: Sensitivity and Noise Figure Measurements + Free Stuff Program

Over on the Great Scott Gadgets blog, Mike Walters, one of the team behind the HackRF Pro has uploaded a post detailing the HackRF Pro's sensitivity and noise figure measurements.

If you are unaware, the HackRF One has long been a core staple in the SDR community. While it is not classed as a high-performance SDR for optimized reception, it is one of the most versatile hacker/experimenter SDR's on the market with a wide frequency range, wide bandwidth and RX and TX capability. The soon-to-be-released HackRF Pro is an upgrade from the original HackRF One.

The measurements by Mike show that the HackRF Pro has significantly lower noise figure across all frequencies compared to the HackRF One. A lower noise figure equates to improved receiver sensitivity. However, although improved, the noise figure is still high enough that you'll probably want to use a low-noise amplifier (LNA) for optimizing reception of weaker signals. 

HackRF Pro vs HackRF One Noise Figure Measurements
HackRF Pro vs HackRF One Noise Figure Measurements

Mike also confirms the noise figure improvements equate to improved real world performance by receiving ADS-B signals from aircraft, with the HackRF Pro showing increased range and doubling the number of messages received.

HackRF Pro (Blue) vs HackRF One (Red) ADS-B Range Comparison
HackRF Pro (Blue) vs HackRF One (Red) ADS-B Range Comparison

Also, in related news from a post a few days earlier, Maggie Way wrote about the Great Scott Gadgets free stuff program. This program allows people in the open source hardware community to submit a request for free hardware from Great Scott Gadgets if they have intentions to use the hardware to spread education, support community projects, or contribute to open source projects or research

Demonstrating a Rollback Attack on a Honda via HackRF Portapack and an Aftermarket Security Solution

Over on YouTube "Obsessive Vehicle Security" has uploaded a video demonstrating a rollback attack against a Honda vehicle using a HackRF Portapack and the "Remote" function on the Mayhem firmware. His recent blog post also succinctly explains the various types of keyless vehicle theft used by modern thieves, including Roll-Jam, Relay Amplification and Rollback attacks. Regarding rollback attacks he explains:

A Rollback Attack works by capturing remote signals and replaying them. In theory this should not be possible with a rolling code remote system, however, a large number of vehicles are vulnerable to it. Including my 2015 Honda Vezel!

For it to work on the Honda I need to capture 5 consecutive remote signals. It does not matter if the car has seen these or not, when I replay them it re-syncs and unlocks the car. I have tested this and can replay the sequence as many times as I like. It always works.

He also mentions in the video how an aftermarket security system can partially mitigate these attacks.

In the past we also posted about Flipper Zero based rollback attacks.

Rollback Attack on Honda - HackRF One Bypasses Rolling Code Security

Two YouTube Reviews of the new PortaRF – A New HackRF Portapack Combo

Recently, OpenSourceSDRLab, a Chinese store and lab that sells existing SDR products, and some unique products of their own design, has started taking pre-orders for their new "PortaRF" product

The PortaRF melds the HackRF and Portapack into a single PCB. They advertise it as an evolution of the PortaPack H4M, which is their popular clone of the original PortaPack, upgraded from the original. The PortaPack H4M has become one the most recommended HackRF PortaPack options on the market, even surpassing the original HackRF PortaPack, due to its high quality, excellent features, and significantly lower cost compared to the original.

The PortaRF features several improvements, including a larger 4" IPS screen compared to the 3.2" non-IPS screen on the H4M, increased flash storage from 1MB to 2MB, a higher internal battery capacity of 3000 mAh, and the addition of a new joystick control. Interestingly, OpenSourceSDRLab has also indicated that the production version may come with an AI module, which will allow the PortaRF to respond to voice commands.

The PortaRF is expected to ship around November 20, and it costs US$220, shipped from China. In comparison, the PortaPack H4M sells for US$165, shipped from China.

Recently, two reviews of the PortaRF were uploaded to YouTube. The first is by TechMinds, which provides an overview of the features and opens it up, showing the internals.

PortaRF - A NEW HackRF PortaPack Combo In One Single Board

The second review is from sn0ren who also reviews the features, and shows the internals. Sn0ren also makes some notes about his likes and dislikes with the new design.

HackRF Portapack Evolved? This is PortaRF

SignalsEverywhere Android Project Updates: Satellite Tracker, HackTV NTSC Transmitter, OBS To HackTV, PacketShare and More

Recently, Sarah Rose Giddings (aka SignalsEverywhere) has been actively developing several radio and SDR based projects for Android, and she would like to provide an update on them.

First, as mentioned in a previous post, Sarah has been developing APRS.chat, an online mailbox system for APRS messages sent over RF. She has also been making progress on various other projects, including various useful Android apps, which she has updated interested people on in her latest livestream.

Hangout Chat | Linux | HackRF NTSC Transmission | Android APPS and More!

Some of the links to the Android software she's working on have been provided below:

Works with Benshi Protocol Radios (VR-N76 UV-PRO etc)

Stuff Created After The Livestream

Help beta test Play Store Releases (Benshi Dash, Benshi Commander, APRS Chat): https://docs.google.com/forms/d/e/1FAIpQLSfNTrCBofQYam6f6CrZ8XxTxZw2vlOiaD6ehGs5NBOAbKkHWw/viewform?usp=header

Screenshots from Sarah's HackTV NTSC Transmitter
Screenshots from Sarah's HackTV NTSC Transmitter

TEMPEST-LoRa: Emitting LoRa Packets from VGA or HDMI Cables

University researchers from China have recently shown in a research paper that it is possible to maliciously cause a VGA or HDMI cable to emit LoRa compatible packets by simply displaying a full-screen image or video. This has potential security implications as a malicious program could be used to leak sensitive information over the air, completely bypassing any internet or air-gap security systems.

In the past, we have demonstrated that TEMPEST techniques can be used to spy on monitors and security cameras by analyzing the unintentional signals they emit. This research takes the idea a step further by determining what particular images need to be displayed to create a LoRa packet with data. 

In the paper, the researchers mention using either off-the-shelf LoRa devices or low-cost SDRs such as the HackRF to receive the packets. The advantage of the SDR method is that it allows for customization of the frequency and the use of LoRa-like packets, which can achieve even longer ranges and higher data rates. The team show that they were able to achieve a receive range of up to 132 meters and up to 180 kbps of data rate.

TEMPEST-LoRa Test Setup
TEMPEST-LoRa Test Setup
Geek Trick! This picture is transmitting LoRa wireless signals!

Michael Ossmann Gives A First Look at the HackRF Pro in YouTube Video

Recently, Great Scott Gadgets announced the upcoming September release of their HackRF Pro, an upgrade to their popular HackRF software-defined radio. 

On YouTube, Michael Ossmann, the founder of Great Scott Gadgets, has just uploaded a video explaining the improvements that the HackRF Pro will bring. Apart from the change from microUSB to USB-C, Michael demonstrates how the HackRF Pro has achieved improved performance by eliminating the DC spike and reducing the number of strong signal mirror images.

First Look at HackRF Pro

uAVD: Analog Video Decoder Windows Software for SDRs

Thank yoy to Viol Tailer for submitting news about the release of his new software called "uAVD - Analog Video Decoder". uAVD is capable of demodulating the following:

  • AM (broadcast analog television - NTSC, PAL, SECAM)
  • FM (FPV drone video links)
  • RAW (composite output from VHS, camcorders, game consoles)

The software uses the uSDR software as a host, and it passes the IQ passband stream to the uAVD via a uSDR-TCP link. uSDR is a lightweight general purpose multimode software defined radio receiver Windows application that we have posted about on the blog in the past. Currently, it supports RTL-SDR, AirSpy, BladeRF, HackRF, FobosSDR, and LimeSDR devices.

The software supports full color and grayscale modes. With a wideband receiver, it will be possible to receive full-color video. With the reduced bandwidth available with an RTL-SDR, only grayscale will be available.

The code is not open-source, but the software is freely available from SourceForge.

The image below shows it being used to receive video from a camcorder composite video output. A FobosSDR used in direct sampling mode is used to receive the signal.

uAVD Receiving Camcorder Composite Video via the Direct Sampling Input in FobosSDR
uAVD Receiving Camcorder Composite Video via the Direct Sampling Input in FobosSDR

Below is a video from a user of the software demonstrating it in action.

uSDR and uAVD analog video decoder

HackRF Pro Pre-Order: Frequency Range and RF Performance Improvements, USB-C, TCXO Added

The HackRF by Great Scott Gadgets, released in 2014, remains among the most popular software-defined radios (SDRs) on the market due to its open-source nature, affordability, wideband tuning range, wide 20 MHz bandwidth, and transmit capability.

However, over the past 10 years, very little has changed with the HackRF, with most changes only being made out of necessity due to end-of-life components. It has mostly been the open-source community and clone manufacturers innovating on the circuit.

Today, Great Scott Gadgets has finally announced the HackRF Pro.

Key improvements include expanding the lower frequency limit from 1 MHz down to 100 kHz, integrating a TCXO for enhanced frequency stability, upgrading the microUSB port to USB-C, and improving RF performance with additional shielding, a flatter frequency response, and the elimination of the DC spike. They have also added more RAM and flash memory, and added a 16-bit output mode for low sample rates.

The product is available from their usual distributors (listed on the release page) and costs US$400. Note that the HackRF Pro is currently in pre-order, with production slated to begin in July 2025 and shipping in September 2025. 

The full release article from Great Scott Gadgets reads:

HackRF Pro from Great Scott Gadgets is a Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 kHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies, HackRF Pro is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation.

  • 100 kHz to 6 GHz operating frequency
  • Tunable from 0 Hz to 7.1 GHz
  • Half-duplex transceiver
  • Up to 20 million samples per second
  • 8-bit quadrature samples (8-bit I and 8-bit Q)
  • Compatible with GNU Radio, SDR#, and more
  • Software-configurable RX and TX gain and baseband filter
  • Software-controlled RF port power (50 mA at 3.3 V)
  • SMA RF connector
  • SMA clock input and output for synchronization and triggering
  • Convenient buttons for programming
  • Internal pin headers for expansion
  • High-Speed USB 2.0 with Type-C connector
  • USB-powered
  • Open source hardware

Compared to HackRF One, HackRF Pro introduces a host of new and updated features, including:

  • Wider operating frequency range
  • Improved RF performance with flatter frequency response
  • Modern USB Type-C connector
  • Built-in TCXO crystal oscillator for superior timing stability
  • Logic upgrade from a CPLD to a power-efficient FPGA
  • Elimination of the DC spike
  • Extended precision mode with 16-bit samples for low sample rates (typical ENOB: 9-11)
  • More RAM and flash memory for custom firmware
  • Installed shielding around the radio section
  • Trigger input and output accessible through clock connectors
  • Cutout in the PCB provides space for future add-ons
  • Improved power management

Software that works with HackRF One is already compatible with HackRF Pro. We designed HackRF Pro for backward compatibility, following the same basic architecture of HackRF One but with many small enhancements. Prior to shipping HackRF Pro, we will publish a migration guide that will show software developers how to take advantage of certain new capabilities of HackRF Pro, but out-of-the-box HackRF Pro will behave like HackRF One with superior performance. In addition to host software compatibility, our migration guide will address firmware, allowing developers to port custom firmware to the new platform and take advantage of its unique capabilities

The HackRF Pro
The HackRF Pro