Tagged: hackrf

HackRF Pro Pre-Order: Frequency Range and RF Performance Improvements, USB-C, TCXO Added

The HackRF by Great Scott Gadgets, released in 2014, remains among the most popular software-defined radios (SDRs) on the market due to its open-source nature, affordability, wideband tuning range, wide 20 MHz bandwidth, and transmit capability.

However, over the past 10 years, very little has changed with the HackRF, with most changes only being made out of necessity due to end-of-life components. It has mostly been the open-source community and clone manufacturers innovating on the circuit.

Today, Great Scott Gadgets has finally announced the HackRF Pro.

Key improvements include expanding the lower frequency limit from 1 MHz down to 100 kHz, integrating a TCXO for enhanced frequency stability, upgrading the microUSB port to USB-C, and improving RF performance with additional shielding, a flatter frequency response, and the elimination of the DC spike. They have also added more RAM and flash memory, and added a 16-bit output mode for low sample rates.

The product is available from their usual distributors (listed on the release page) and costs US$400. Note that the HackRF Pro is currently in pre-order, with production slated to begin in July 2025 and shipping in September 2025. 

The full release article from Great Scott Gadgets reads:

HackRF Pro from Great Scott Gadgets is a Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 kHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies, HackRF Pro is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation.

  • 100 kHz to 6 GHz operating frequency
  • Tunable from 0 Hz to 7.1 GHz
  • Half-duplex transceiver
  • Up to 20 million samples per second
  • 8-bit quadrature samples (8-bit I and 8-bit Q)
  • Compatible with GNU Radio, SDR#, and more
  • Software-configurable RX and TX gain and baseband filter
  • Software-controlled RF port power (50 mA at 3.3 V)
  • SMA RF connector
  • SMA clock input and output for synchronization and triggering
  • Convenient buttons for programming
  • Internal pin headers for expansion
  • High-Speed USB 2.0 with Type-C connector
  • USB-powered
  • Open source hardware

Compared to HackRF One, HackRF Pro introduces a host of new and updated features, including:

  • Wider operating frequency range
  • Improved RF performance with flatter frequency response
  • Modern USB Type-C connector
  • Built-in TCXO crystal oscillator for superior timing stability
  • Logic upgrade from a CPLD to a power-efficient FPGA
  • Elimination of the DC spike
  • Extended precision mode with 16-bit samples for low sample rates (typical ENOB: 9-11)
  • More RAM and flash memory for custom firmware
  • Installed shielding around the radio section
  • Trigger input and output accessible through clock connectors
  • Cutout in the PCB provides space for future add-ons
  • Improved power management

Software that works with HackRF One is already compatible with HackRF Pro. We designed HackRF Pro for backward compatibility, following the same basic architecture of HackRF One but with many small enhancements. Prior to shipping HackRF Pro, we will publish a migration guide that will show software developers how to take advantage of certain new capabilities of HackRF Pro, but out-of-the-box HackRF Pro will behave like HackRF One with superior performance. In addition to host software compatibility, our migration guide will address firmware, allowing developers to port custom firmware to the new platform and take advantage of its unique capabilities

The HackRF Pro
The HackRF Pro

TechMinds: Testing out the SDRBerry Software on a Pi 4 with Touchscreen

Over on the TechMinds YouTube channel, Matt has posted a video demonstrating the SDRBerry software, which can be used with many SDR devices, including the RTL-SDR, on a Raspberry Pi with a touchscreen.

The SDRberry software is designed to be used on a touchscreen. As Matt points out, it has an aesthetically pleasing user interface and is compatible with almost any SDR software via the Soapy interface. Combining an SDR with a Pi 4 touchscreen and SDRberry results in an excellent hand-held SDR system.

In the video, Matt demonstrates the features of SDRberry, showing its RX features as well as some of its TX features, such as speech transmission and FT8, via a built-in WSjtx tab. He then shows the optional web interface, which is still in the early stages of development. Finally, he shows how to install the software and dependencies onto a fresh Raspbian image. 

SDRBERRY - This User Interface Is Just GORGEOUS! AND IT USES SOAPY TOO!

Saveitforparts: Snooping on the SatGus Selfie Satellite

SatGus is a recently launched cubesat owned by CrunchLabs/Mark Rober, an extremely popular science and engineering YouTuber. The satellite is designed to take selfies of CrunchLabs customers' own photos in space, using a screen and a selfie camera mounted on the satellite. It then broadcasts the selfie image back down to a CrunchLabs ground station, where it is eventually emailed to the customer. Customers then claim that they've had their selfie taken in space.

Over on the saveitforparts YouTube channel, Gabe has been attempting to listen in on the SatGus downlink using a HackRF and a motorized satellite dish setup. SatGus transmits telemetry at 400.2 MHz and the payload dump at 2,262.5 MHz. While he is able to receive the signal, Gabe notes that it is encrypted, so not much can be done with it.

Snooping On SatGus Again

Video on the Basics of SDR for Hackers

On YouTube, An0n Ali posted a video providing a good overview of the basics of using a software-defined radio for hacking. The video introduces RTL-SDR and how it can be used to listen to unencrypted communications, the HackRF and how it can be used for replay and jamming attacks, and the Flipper Zero, noting how it is a more beginner-friendly entry into the world of RF security.

SDR Basics for HACKERS!

DragonOS: Setting up AISMon with WINE and Virtual Audio Sink for HackRF and RTL-SDR

Over on his YouTube channel Aaron, creator of the DragonOS image (a Linux image with many built-in SDR compatible programs) has uploaded a new video showing how it is possible to run the Windows only AISMon software on Linux, using WINE. WINE is a Windows emulator for Linux which allows users to run some Windows software on Linux.

In the video Aaron shows how to set up WINE on the DragonOS Linux image, how to run AISMon with it, and how to set up the Virtual Audio Cable sink which is required to pass the audio from SDR++ to AISMon. He also shows how he tests his setup using the AIS-Simulator software with a HackRF, and an RTL-SDR for receiving.

DragonOS FocalX Setup AISMon with WINE + Virtual Audio Sink (HackRF, RTLSDR, SDR++, AIS-Simulator)

Using a HackRF and JavaScript Browser App to Perform Rolljam Replay Attacks on a Car

Over on her website, Charlie Gerard has uploaded a page showing how she was able to perform a replay attack on a car's wireless entry system using a HackRF and a JavaScript browser app she wrote.

Previously, Charlie had already written a JavaScript browser app for ADS-B tracking with an RTL-SDR. To achieve this she used the WebUSB API, which allows USB devices to connect to JavaScript apps in a web browser.

Having recently purchased a HackRF she wanted to see if something similar was possible with the HackRF. In her post, Charlie shows and explains the JavaScript code required to connect to the HackRF from a Chrome browser, and how settings like gain, frequency and sample rate can be adjusted. She then shows how to use the Canvas API to visualize the received data. Finally, she shows how to use the File System Web API to record data, and ultimately retransmit the recorded data with the HackRF.

The replay attack itself is based on the rolljam idea. She uses two HackRF's, with one sitting closer to the car's receiver and jamming it, and another recording the car's keyfob. This prevents the car from incrementing the keyfob's rolling code, allowing it to be recorded and used again at a later time.

Charlie has also posted a video of her tests, which we embedded below.

Hacking my friend's car using JavaScript

A Review of the New HackRF PortaPack H4M

The PortaPack H4M by OpenSourceSDRLab is a new design of the HackRF PortaPack which comes with various improvements. The PortaPack H4M adds I2C capable GPIO ports, a USB-C connector, a built-in speaker and microphone, a better screen, a proper on/off button that won't easily activate in a bag, flat design for easier storage, and improved charging speed.

The PortaPack H4M is currently available as a bundle for US$152 from Chinese manufacturer OpenSourceSDRLab. The bundle includes the PortaPack H4M PCB, and a HackRF R10c clone.  This is exceptionally good value, considering that an original HackRF (just the HackRF without PortaPack) sells for US$319. However, just be aware that by purchasing clones you are not supporting GreatScottGadgets, the original developers of the HackRF.

If you were unaware, the HackRF PortaPack is an accessory for the HackRF SDR that enables portable use, with a display, controls, and onboard processing for direct signal demodulation, modulation, decoding, and encoding, all without needing a computer.

Over on YouTube RocketGod has uploaded a video showing some of the PortPack H4M's new features, how to install the Mayhem Firmware, and then showing it in action with it receiving a few signals.

HackRF Portapack H4M - Getting Started Guide

We've also seen another video by sn0ren that also introduces and shows the PortaPack H4M in action.

The new HackRF Portapack H4M

hackrf_sweeper: A Reimplementation of hackrf_sweep as a Library

Information security company Subreption recently wrote in and wanted to share their recently released 'hackrf_sweeper' library. This library is based on the official hackrf_sweep code, which enabled HackRF SDR devices to sweep across a wide frequency range and rapidly build up a wideband spectral plot. They write:

This is a refactoring or reimplementation of hackrf_sweep as a library, providing a carefully chosen API to leverage the HackRF sweeping capabilities in a reusable, low-frustration fashion. The library provides support for user-supplied callbacks to process raw transfer buffers or the already calculated FFT bins, including a bypass mode to allow for entirely off-loading the data processing to the caller. It also implements a rudimentary opaque mutex (locking) state for multi-thread applications.

A demo application is a re-implementation of the original hackrf_sweep tool as a CURVE-encrypted publisher sending msgpack frames to any receivers subscribed to it. A companion demo application is included in the form of a Python program that processes these frames and generates a real-time plot of the RF spectrum, the last peak detections and the absolute peaks -maximum observed-.

Past projects attempting to provide similar capabilities include hackrf-spectrum-analyzer (https://github.com/pavsa/hackrf-spectrum-analyzer). hackrf_sweeper provides continuous sweeping support instead of one-shot sweeps, besides the aforementioned improvements.

The team also notes that they are soon planning on releasing a GNU Radio block that leverages the library.

Example output from hackrf_sweeper
Example output from hackrf_sweeper