Tagged: internet of things

August 4, 2020

iotSDR Crowdfunding: An SDR Devboard for Designing Custom IoT Protocols and Gateways

A new SDR has recently launched on the CrowdSupply crowdfunding platform. This one is called "iotSDR" and is designed to be a software defined radio to help developers and enthusiasts design custom Internet of Things (IoT) algorithms and protocols.

It has a 2-channel AT86RF215 transceiver chip which is capable of tuning to all major IoT frequencies as well as a 13-bit ADC with sample rate of up to 4 MSPS. In addition is a MAX2769B chip which is used for the GNSS reception of GPS, GLONASS, Galileo and Beidou positioning satellites. An onboard ZYNQ XC7Z010 / XC7Z020 FPGA can be used for any hardware computing required.

iotSDR currently costs US$399 for the Zync XC7Z010 FPGA version, and US$599 for the Zynq XC7Z020 FPGA version. At the time of this post there are 37 days left in the campaign.

Embedding SDR in IoT

iotSDR provides a platform that allows SDR developers and enthusiasts to design innovative algorithms and cutting-edge products. While wide-band SDRs are more versatile, narrow-band transceivers perform better for many IoT-related applications. Accordingly, iotSDR hosts two narrow-band Microchip AT86RF215 transceivers that provide their own base-band cores and have the ability to handle their own I/Q signal streaming. The result is an extremely powerful tool for anyone who is looking to simplify the task of developing, testing, and deploying high-complexity frameworks.

A Powerful FPGA and a GNSS Chip to Round It Out

iotSDR’s Microchip transceivers are backed by a Zynq SoC—which provides an FPGA and a processing system in a single package—as well as a MAX2769 GNSS chip capable of streaming live signal records. That GNSS chip can be used for custom GPS, Galileo, BieDou, and GLONASS receiver development, and is perfect for projects in the location-based services (LBS) domain such as those related to navigation and surveying.

Use Existing Software, Design a Protocol, or Build a Gateway

You can drive the hardware described above using a wide variety of popular open source software, including the Xilinx PYNQ Python framework, Jupyter Notebooks, and GNU Radio.

And if your work is further down the stack, don’t worry. iotSDR still has you covered. If you want to design and implement a physical layer IoT protocol, for example—a protocol like LoRa, SigFox, WightLess, Bluetooth, BLE, 802.15.4, ZigBee, or something of your own design—this board is for you. It’s also a great place to start if you want to build a custom IoT gateway along the lines of The Things Network, LPWAN, or Google’s Thread.

Radio has long been a pillar of modernization and technology, and this remains true in the era of software-defined radio. The Internet of Things, in particular, stands to benefit from the latest advancements in SDR technology. With iotSDR, you can be part of the community that makes that happen.

Features & Specifications

RF Transceiver: 2x Microchip/Atmel AT86RF215

European band: 863-870 MHz / 870-876 MHz / 915-921 MHz

Chinese band: 470-510 MHz / 779-787 MHz

North American band: 902-928 MHz

Korean band: 917-923.5 MHz

Japanese band: 920-928 MHz

World-wide ISM band: 2400-2483.5 MHz

GNSS Receiver: Maxim MAX2769B supporting GPS, GLONASS, Galileo, and BieDou

SoC: Two options available

Xilinx ZYNQ XC7Z010-1CLG400C

Dual-core ARM Cortex-A9 MPCore

256 kb on-chip memory

DDR3 support

28,000 logic cells

17,600 LUTs

2.1 Mb block RAM

80 DSP slices

2x UART, 2x CAN 2.0 B, 2x I²C, 2x SPI, 4x 32-bit GPIO

FPGA configuration via JTAG

Xilinx ZYNQ XC7Z020-1CLG400C

Dual-core ARM Cortex-A9 MPCore

256 kb on-chip memory

DDR3 support

85,000 logic cells

53,200 LUTs

4.9 Mb block RAM

220 DSP slices

2x UART, 2x CAN 2.0 B, 2x I²C, 2x SPI, 4x 32-bit GPIO

FPGA configuration via JTAG

EEPROM Memory: 1x Microchip AT24MAC602 for RF transceiver MCU firmware and data

Flash Memory: 1x QSPI 128 Mb flash memory for firmware

RAM: 512 MB DDR3

SD Card: Micro SD card slot

General User Inputs/Outputs:

2x 8-bit PL (Programmable Logic) interfaces

1x 8-bit PS (Programmable Subsystems) interface

Connectivity:

1x Gigabit Ethernet

USB 2.0 High Speed (Microchip USB3310)

USB 2.0 Full Speed (Silicon Labs CP2104)

2x SMA RF connector for Low Frequency IoT band

2x SMA RF connector for 2.4 GHz band

1x SMA connector for GNSS receiver

FPGA JTAG connector for external JTAG programmer/debugger

Clock System:

Single clock source for both RF frontends

Separate clock for GNSS receiver

Board Dimensions: 76.2 mm x 101.6 mm

July 30, 2018

Helium: The SDR Based Cryptocurrency for IoT

Helium is a cryptocurrency being designed for internet of things (IoT) sensors which will be based on low cost software defined radio (SDR) technology - that's a lot of buzzwords!. The idea is to design a system that will pay people to run an internet connected gateway which will receive data from wireless sensors, and put that data onto the internet. A use case that Helium has already developed is providing services to track and monitor medicine and food supplies. The linked article gives a good example of this use case:

...let’s say you have a gateway in your house: if a vial of medicine were to enter your coverage zone, it would send its location and temperature data to your gateway, which would then send it to its proper destination in return for a previously agreed upon cryptocurrency fee. These steps would then be cryptographically verified and recorded in the distributed ledger.

In terms of IoT network competition, LoraWan and SigFox IoT networks are already popular and established in several places in the world, but wireless coverage isn't great because these networks rely on companies to build gateway infrastructure. Helium crowd sources this infrastructure instead, which could result in greater coverage.

Most cryptocurrencies base the security of their network on the 'proof of work' process, which is a way to ensure that the miners get rewarded for the heavy cryptographic computations that they do in order to secure the network. Instead of proof of work, Heliums idea is to use a 'proof of coverage' system, where other gateways will confirm if a gateway is providing coverage and is in the correct location. Helium cryptocurrency 'miners' will be the people running the internet connected gateways, and they will be paid for any devices that use their wireless coverage.

According to one of their latest blog posts, the wireless gateway radio system is to be based on a software defined radio architecture. The reasoning behind using SDR is that they need to support potentially thousands of wireless sensor channels, require the sensors to be able to be geolocated, and require the radio to be low cost and energy efficient. For geolocation of sensors they are considering the use of radio direction finding techniques that we assume will be based on pseudo-doppler, or alternatively they will use the time difference of arrival (TDoA) technique which requires the signal to be received by multiple gateways. The SDR will be developed on a dual core TI SoC, with four programmable realtime units (PRU), which they'll use to interface with the RF chips.

At the moment Helium is just a whitepaper, and we haven't seen any concrete evidence of a working SDR design yet, but according to their website they plan to launch gateway hardware in Q4 2018 for a cost of $495.

May 3, 2017

Identifying Issues that can be used to Disable IoT Alarms

Seekintoo cybersecurity researcher Dayton Pidhirney has been investigating security flaws in wireless IoT (Internet of Things) based alarm systems, and has identified six issues that can be used to bypass or disable an alarm. Five attack the RF portion of the IoT device, and one through the traditional IP network.

In his post he specifically attacks the iSmartAlarm (ISM). This is an IoT home alarm system that comes with several sensors, and can be controlled via an app on your smartphone. The unit uses the Texas Instruments CC1110 RF SoC, which implements the SimpliciTI low-power radio network protocol. Dayton notes that the majority of attacks not specific to a single manufacturer, and could be applied to other IoT devices as well.

Using a variety of hardware including a logic analyzer, Yardstick One, GoodFET, RFCat, USRP B210 software defined radio and several pieces of software including GNU Radio, GQRX, Baudline, Audacity, Dayton was able attack the alarm in the following ways:

Brute-force attack on the alarm system device source addresses.

Remotely clone authenticated devices used to interact with the alarm system security features.

Decryption of authenticated devices radio communications, allowing remote attackers to craft packets used to send arbitrary commands to the alarm system.

RF Jamming.

Assisted replay attack.

The post goes into deep detail on the methods he used to reverse engineer the device and is a great tutorial for anyone wanting to get into wireless IoT security research.

The iSmartAlarm IoT wireless alarm system

February 24, 2016

SoDeRa: An upcoming low cost app-enabled open-source 100 kHz to 3.8 GHz SDR Transceiver

A new software defined radio called SoDeRa (SOftware DEfined RAdio) is currently under joint development by companies Canonical (the company behind the Ubuntu OS) and Lime Micro. SoDeRa is based on the new Lime Microsystems LMS7002M Transceiver chip which has a 100 kHz – 3.8 GHz range. The transceiver chip interfaces with an Altera Cyclone IV FPGA with 256 MB of RAM and a USB3 controller, and the whole radio will have 4x TX outputs and 6x RX inputs.

The people behind this SDR are currently marketing SoDeRa as “the Arduino of the Telecom and Radio Engineer”. It appears to be designed mainly to implement IoT and other radio communications protocols, but it also sounds like it could find excellent use in the hobby and amateur market as well as have benefits for the average person. Interestingly, the developers also plan to implement an app store which would allow you to essentially download a radio and instantly configure the SoDeRa SDR for any desired protocol or application. They write:

This is the first time that a revolutionary device for which we are organising a joint crowd-funding campaign with Lime Microsystems is made public. The #SoDeRa is the cheapest software defined radio you can buy. The #SoDeRa will have an app store and will be able to provide any type of (bi-directional) radio communication going from LTE, Lora, WiFi, GPS, Bluetooth, radar, radio-controlled toys/robots/drone, digital radio, digital TV to even MRI scanners, satellite and air traffic communications by just installing an app. The #SoDeRa is the Arduino of the Telecom and Radio Engineer.

The VP of IoT at Canonical also writes:

The SoDeRa is powerful enough to be a full MiMo LTE base station with long range coverage, provided you add the right antenna. You can via apps put other wireless communication protocols like LoRaWAN, Bluetooth, Zigbee, Z-Wave, GPS, Galileo, Airspace protocols, radar, MRI scanning RF, TV/Radio, any toy/robot/drone control, White Space, etc. But most importantly because of its price and ease of adding more protocols, the SoDeRa will enable anybody to define competing wireless communication protocols and put them into Github. Developers don’t like closed standards like LTE or complex standards like Bluetooth & Zigbee. The future will allow developers to compete against corporations and standardization bodies if they think current standards can be improved upon. The Internet has shown that this dynamic brought us easier standards through adoption like JSON and Yaml vs XML and EDI. Wireless, RF and telecom engineers never had an Arduino like the electronics engineers. The SoDeRa will plug this hole.

Development on SoDeRa is working towards a trend in radio systems where all radio devices are software defined, allowing for futuristic features like advanced spectrum control and the ability to change protocols on the fly. They write:

Including #SoDeRa in any type of smart device will greatly reduce the cost of deploying a mobile base station network because by open sourcing the hardware design it will become commodity. By including software defined radio in lots of devices, often with a completely different purpose, will allow these devices to become a smart cell via installing an extra app. In the future, support for software defined radio will likely be embedded directly in Intel and ARM chips. The foundational steps are already happening. This will likely reshape the telecom industry. Not only from a cost perspective but also from a perspective of who runs the network. Telecom operators that don’t deliver value will see their monopoly positions being put in danger. As soon as spectrum can be licensed on a per hour basis, just like any other resource in the cloud, any type of ad-hoc network can be setup. The question is not if but when. Open sourcing and crowdfunding will make that “when” be sooner than later. Smart operators that align with the innovators will win because they will get the app revenue, enormous cost reductions, sell surplus spectrum by the hour and lots of innovation. Other operators that don’t move or try to stop it will be disrupted. What do you want to be?

At first glance SoDeRa sounds like it will be an expensive device, but on their official website they are currently running a survey asking people what they would be willing to pay, and the lowest price given is $50 – $99. This makes it seem likely that in the future with enough volume SoDeRa could be sold at very low cost and become very popular.

I am willing to pay for 1 unit

$50 – $99 (lead time 9 months)

$100 – $199 (lead time 6 months)

$200 – $299 (lead time 3 months)

$300 – $399 (lead time 2 months)

$400 – $500 (lead time 1 month)

It sounds like the team behind SoDeRa are gearing up for a crowd funding campaign so we will be keeping an eye on this SDR.

Thanks to RTL-SDR.com reader Serdar (TA3AS) for submitting news about SoDeRa to us.

February 1, 2016

Decoding the LoRa IoT Protocol with an RTL-SDR

The internet of things is set to become the next big thing in technology. The IoT consists of multiple networked devices such as sensors and computers connected in various ways such as via wireless communication protocols. LoRa is an abbreviation of “Long Range” and is one such wireless protocol that is being used in IoT devices.

[LoRa] is a radio modulation format that gives longer range than straight FSK modulation. This is achieved by a combination of methods: it uses a spread spectrum technique called Chirp Spread Spectrum (CSS) and it uses forward error coding (in combination with whitening and interleaving).

Over at the RevSpace hackerspace, a hardware hacker called bertrik has been working with his RTL-SDR to try and reverse engineer the LoRa protocol. His goal is to make it so that anyone can receive and decode LoRa signals without needing to purchase specific hardware that supports the modulation. The reverse engineering work is not yet finished, but bertrik has already determined many parts of the protocol by looking at the signals in Audacity. He also writes that there is currently a ready made LoRa decoder available for sdrangelove, a Linux based SDR receiver application similar to GQRX and SDR#.

You might also be interested in this previous article we posted about the Z-Wave wireless networking protocol being hacked with a HackRF.

LoRa signals received in the frequency spectrum.