Over on YouTube Andreas Spiess has uploaded a video titled "How does Software Defined Radio (SDR) work under the Hood?". The video is an entertaining introduction to how software defined radio works and begins from the beginning by explaining how basic analogue radios work with components such as modulators, demodulators, frequency generators, mixers and filters. After the basics he goes on to explain the digitization of radio signals that occurs in SDRs, and gives an introduction ADCs and how IQ sampling works.
Later in the video Andreas shows various applications for SDRs, discusses various SDRs on the market like RTL-SDR, HackRF, SDRplay, LimeSDR and PlutoSDR and introduces GNU Radio Companion and other SDR programs from our big list of software post.
How does Software Defined Radio (SDR) work under the Hood?
A modern digital oscilloscope uses an analogue to digital converter (ADC) and digital signal processing (DSP), just like a software defined radio does, so it stands to reason that with some software hacks an oscilloscope could be turned into an SDR.
To facilitate this, jmfriedt has just released his new software called "gr-oscillioscope" over on GitHub. GR-Oscilloscope allows you to use a digital oscilloscope as a software defined radio source in the latest GNU Radio 3.8. It has been tested with a Rohde & Schwarz RTO2034 and RTE1054, and should work on any RT series oscilloscope. The software works by using the VXI11 RPC protocol which is a protocol designed for connecting instruments like oscilloscopes to computers.
[Ben Hilburn] the president of the [GNU Radio Project] has recently started a new podcast called [Signals and Bits]. If you were unaware, GNU Radio is the defacto open source framework for implementing digital signal processing code. Without it, many SDR programs that we take for granted may have never been developed as it is responsible for a lot of community DSP knowledge and algorithm development.
This podcast is scheduled for a new release every Wednesday and will be composed in an interview style focusing on a multitude of topics from Software Defined Radio to Spectrum Enforcement, Radio Astronomy and so much more.
In the first episode Ben interviews Harold Giddings AKA Corrosive of [Signals Everywhere] where they discuss the state of Software-Defined radio and how he got started with radio communications having come from an IT/Computer Networking background.
Ben has already pre-recorded several episodes which will ensure great content is always just around the corner. Ben would love it if you could also send feedback his way over on the [Signals and Bits Twitter] page.
Back in March we posted about Qasim Chaudhari and his recently released book titled "Wireless Communications From the Ground Up - An SDR Perspective". The book covers advanced University level wireless topics, but he noted how he's attempted to keep the math at school complexity (although for most people we'd say it's still more at undergraduate Engineering school complexity).
Since the last post Qasim has received a lot of feedback from radio amateurs asking for a much simpler introduction to DSP concepts, without the use of University level math. Recently Qasim wrote in and noted how he's now created a set of online lectures that is intended for either professionals who want an overview of physical layer algorithms, or radio hobbyists and general technical persons who want to expand their knowledge.
YouTuber jmhrvy1947, has recently uploaded a number of videos giving an overview of how he built his own HF SDR transceiver using what he calls the “Lego build method”. The idea of the Lego build method was to build a transceiver with parts picked and pulled from eBay so that it could be easily reproduced by others. There are a few scratch made components however those designs are available on his GitHub page. The SDR only functions within about 100 kHz of spectrum at a time however for amateur radio HF work this is more than sufficient. Bare bones the radio puts out a mere 100 mW and although the output power is small, he’s made contacts up to 450 miles away using CW (Morse code). You also have the option of adding an amplifier on your output if you are looking for more power than that. His final revision currently puts out 100 Watts.
Using modified versions of fldigi and Quisk he is able to easily work various digital modes and sync the transmitter and receiver together. The only real down side to this radio is that you must switch out your receive and transmit filters whenever you wish to operate on different bands, a process that really only takes a moment or two.
Check out his videos on the project – it’s really amazing to see what can be done with a small budget these days in radio and with how far software defined concepts have brought us.
DIY SDR CW Xcvr Project
In the video below you’ll see an explanation of the software involved in this build.
His book covers University level wireless communications and digital signal processing (DSP) topics with a focus on SDR. Qasim writes that most DSP books that he's seen in the past were written for professional academics which made them difficult to for other technical (but non-mathematical) persons to understand. You can't explain DSP without equations, but Qasim notes that his book aims to keep the math content at school level only, and with plenty of figures to help with visualization. The description reads:
There are different angles from which this book contributes to the understanding of wireless communication systems from the perspective of a Software Defined Radio (SDR).
In my opinion, any language, including that of mathematics, is an unnatural mode of communication. For example, I can write the words darwaza, porte, puerta, umnyango, ovi and only certain people will understand what I mean. However, if I show you an image of a door, almost every single person on the planet will immediately get the concept. A figure imprints a massive amount of parallel information in our brains that is much easier to process and recall later. Since a human mind handles images very well, I try to visualize equations through beautiful figures which you will encounter throughout the text with logical and intuitive explanations.
If you are not a pure wireless communications academic, you would have found that the mainstream textbooks on this topic are filled with heavy mathematical details which makes this field an exclusive membership club for those who can understand several types of frequency variables and their corresponding Fourier transforms, probability and random processes and detection and estimation theories. While this is true for becoming a master, the Software Defined Radio (SDR) revolution and subsequent projects like GNU Radio have made it possible for anyone to sit down and construct their own unique radio by writing code. Many even do not need to know most of the above mentioned topics. All they need to understand is why an algorithm does what it does so that they know how to write its code, or modify it in an even better way. For this purpose, I have only relied on school level mathematics to explain all the concepts. You will not find any e or j of complex numbers here, nor will you encounter any integrals, probability theory and detection or estimation theory. The only things to know are a sine, cosine and a summation as well as a derivative (which I have occasionally used).
The best books written on implementing digital communication systems using Digital Signal Processing (DSP) algorithms are by fred harris (Multirate signal processing for communication systems) and Michael Rice (Digital communications – A discrete-time approach). As often happens with the grandmasters, they walk on a trail without exactly clarifying it for others. After reading their books, I started to feel that fred harris has mainly focused on `how' of communication systems in an unprecedented detail while Michael Rice has mainly covered `what' of communication systems in his simple and beautiful style. In this process, there were many `why' generated in my mind for which I had to find satisfactory answers. This book is a collection of those simple answers.
An extra little bonus is a one page summary of the crux of Rx algorithms, clarifying the role of particular parameters in the signal waveform. Most of the algorithm design can be understood by just grasping the concepts on this one page.
A common theme in this text is that some concepts seem easier in time domain and some others are simpler in frequency domain, while their mathematical derivations reinforce the idea. It is fun to grasp a concept covering all three sides. Finally, the book contains a few examples from GNU Radio that explain how to set the parameters in some blocks (e.g., Costas loop, band edge FLL, polyphase clock sync, etc.).
The book is currently available on Amazon, and on Amazon you can see a preview of some pages from the book. Qasim also has a website for the book here.
This blog is mostly concerned with software defined radios that are affordable to most hobbyists, but if you've ever wondered what the cutting edge is, take a look at the recently released Per Vices Cyan. This is a US$73,500 one channel RX/TX SDR with a tuning range from 100 kHz up to 18 GHz, ADC resolution of up to 16 bits, a maximum instantaneous bandwidth of up to 1 GHz (with 16 GHz if all channels are required), and an on board Stratix 10 FPGA. There are also higher end Cyan's, with the Cyan Mid having 8 RX/TX channels for USD$149,500, and the Cyan Pro with 16 RX/TX channels for USD$289,000.
Obviously Cyan is aimed at the research, industrial and possibly military market, but maybe this is the sort of capability we will all have in 10-20 years.
Their press release reads:
Per Vices Releases New High Bandwidth, Compact Software Defined Radio Platform
Ontario, Canada- February 20th, 2019
Per Vices, an industry leader in wireless platforms in North America, has been developing Software defined radio (SDR) solutions since 2006, offering customers high performance solutions. Continuing to grow their influence in the wireless communications, radar, signals intelligence, defence, medical imaging, and test and measurement markets. Their newest product, Cyan, is the best SDR available on the market, offering the highest bandwidth on a compact radio platform. Cyan continues to fulfill the company’s legacy by providing the market with the highest performance radio solutions.
Cyan is designed to offer users with a customizable number of independent, phase coherent radio channels, up to 16 total, each offering a standard 1GHz instantaneous RF bandwidth. Featured on a high channel count, ultra wide band, high gain direct conversion quadrature transceiver and signal processing platform. Cyan provides the highest RF and digital bandwidth with an onboard DSP in a compact form factor.
On the digital front, the platform is designed around an Intel Stratix 10 FPGA SoC enabling significant DSP resources for a variety of applications. The platform also features 4 x 40 Gbps digital backhaul enabling ultra-high data throughput while maintaining low latency for applications that require raw radio data to be transferred to another platform.
To learn more about Cyan, Per Vices, or their other product offerings, contact Brandon Malatest at +1 (647) 534-9007, or email [email protected], or visit the website at www.pervices.com
Recently, the RF research team at Trend Micro released a very nice illustrated report, technical paper and several videos demonstrating how they were able to take control of building cranes, excavators, scrapers and other large industrial machines with a simple bladeRF software defined radio. Trend Micro is a well known security company mostly known for their computer antivirus products.
Trend write that the main problem stems from the fact that these large industrial machines tend to rely on proprietary RF protocols, instead of utilizing modern standard secure protocols. It turns out that many of the proprietary RF commands used to control these machines have little to no security in place.
Five different kinds of attack were tested. They included: a replay attack, command injection, e-stop abuse, malicious re-pairing and malicious reprogramming. The replay attack sees the attackers simply record commands and send them again when they want. Command injection sees the hacker intercept and modify a command. E-stop abuse brings about an emergency stop, while malicious re-pairing sees a cloned controller take over the functions of the legitimate one. And malicious reprogramming places a permanent vulnerability at the heart of the controller so it can always be manipulated.
So straightforward were the first four types of attack, they could be carried out within minutes on a construction site and with minimal cost. The hackers only required PCs, the (free) code and RF equipment costing anywhere between $100 and $500. To deal with some of the idiosyncracies of the building site tech, they developed their own bespoke hardware and software to streamline the attacks, called RFQuack.
Being a responsible security firm, Trend Micro has already notified manufacturers of these vulnerabilities, and government level advisories (1, 2) and patches have already been rolled out over the last year. However the Forbes article states that some vulnerabilities still remain unpatched to this day. Of interest, the Forbes articles writes that for some of these vendors the simple idea of patching their system was completely new to them, with the firmware version for some controllers still reading 0.00A.
The videos showing the team taking control of a model crane, real crane and excavator are shown below. The video shows them using bladeRF 2.0 SDRs which are relatively low cost TX/RX capable software defined radios. We also recommend taking a look at Trends web article as it very nicely illustrates several different RF attack vectors which could apply to a number of different RF devices.