Tagged: Software-defined radio

PhaseLoom: A Software Defined Radio Powered by the Chip used in the Commodore 64, NES and other Early Home Computers

The MOS Technology 6502 is, by today's standards, an ancient chip, having just turned 50 this September 8. It was the chip behind the early age of home computing, powering iconic systems like the Apple I & II, Commodore 64, Atari, and Nintendo Entertainment System. It is, therefore, fascinating that someone has managed to use this chip as a core component in a modern software-defined radio system.

Over on his blog, Anders B Nielsen describes PhaseLoom, a 6502-based "Quadrature Sampling Detector Phase-Locked Loop SDR frontend". Realistically, we want to point out that the 6502 isn't actually doing any digital signal processing (DSP). The 6502 is used as an assembly programmed controller for a SI5351-based local oscillator and multiplexor chip that generates IQ data. Piping the IQ data into a PC with a soundcard is still required to actually get data out. However, Anders notes that he eventually hopes to get some DSP running on the 6502.

With the setup he is currently able to tune just to he 40m band, noting that performance isn't great, but at least it works!

Anders' video below explains the entire design and concept in detail, and we note that he is currently selling a full kit on his store and has uploaded the schematics to GitHub.

A 6502 Software Defined Radio

US Trains are Vulnerable to Derailment via RF Attacks to the End of Train Device

A recently published CVE (Common Vulnerabilities and Exposures) states that a software-defined radio can be used to remotely send a brake command signal to the End-Of-Train wirelessly linked control box.

Security researcher Neil Smith reported the vulnerability. Neil explains more in X, explicitly noting that he has been trying to get this published for 12 years and how no one from the American Association of Railroads (AAR) seems to consider this vulnerability a significant issue.

US trains use wireless RF communications devices, called "End-of-Train" (EoT) and "Head-of-Train" (HoT), to enable data communication between the head and end of the train. The two systems interface with the train's braking and control system, allowing the engineer to view information from both sides of the train, and command systems at ends of a long train instantaneously. Such signals can easily be received with an RTL-SDR and the softEOT decoder, or the PyEOT decoder.

The vulnerability stems from the fact that a software-defined radio can easily be used to replicate an EoT RF signal that can command braking. The signal could be transmitted over a long distance with an appropriate amplifier and antenna. Unexpected braking could cause derailment, amongst other problems.

As of right now, the vulnerability is still unpatched, but AAR have noted that they intend to replace the system with the 802.16t standard. However, in the X thread, Neil notes that this replacement won't be in place until 2027 in the best-case scenario.

If you're interested, another security researcher did a talk about railroad telemetry systems back at DEF CON 26, 6 years ago.

An EoT device (aka FRED) on a US Train. Attribution: https://commons.wikimedia.org/wiki/File:FRED_cropped.jpg

Proposing a Software Defined Radio based “AI Battle Buddy”

Over on YouTube, Isaac Botkin of TREX LABS has uploaded a video discussing how he proposes to build an "AI Battle Buddy" with a built-in software-defined radio. The idea is to combine a wide frequency range software-defined radio with AI tools that automatically determine and alert the device owner when something interesting occurs in the radio spectrum.

Isaac gives example use cases for the device, such as alerts when jamming is detected, drone detection alerts, alerts when there is suddenly increased public safety radio traffic or if there are nearby public safety radio transmissions, and information about nearby aircraft and NOAA weather alerts.

The device is proposed to have no screen, but would simply give audio alerts via Bluetooth earpiece, or text alerts via smartphone or smart watch. 

Ultimately, such a device has yet to be built for the general consumer market, but Isaac notes that AI-SDR devices like the Anduril Pulsar already exist for the military consumer.

How to Make an AI Battle Buddy for Electronic Warfare

Creating a Software Defined Radio from Tiny Tapeout Chips

Tiny Tapeout is a project that allows anyone to design and fabricate custom open ASIC silicon at a low cost by combining hundreds of projects from different people on the same chip. Each design on the the chip is freely available to use by others.

Over on Hackster.io, we've seen a post where Sylvain Munaut used two of these Tiny Tapeout chips to create a software defined radio.

On the Tiny Tapeout 6 chip, Sylvain discovered that Tiny Tapeout customer Carsten Wulff had implemented an 8-bit ADC on the chip. Then, on the Tiny Tapeout 7 chip, Sylvain found that Kolos Koblász had implemented an RF mixer. So, he decided to combine the two Tiny Tapeout chips together to build a software defined radio.

The entire build consists of the two Tiny Tapeout chips, a Glasgow Interface Explorer (USB interface), and a GNU Radio flowgraph to demodulate and display the signals received.

In his YouTube video, Sylvain demonstrates the software defined radio in action, showing that it has 2 MHz of bandwidth and is capable of receiving FM signals.

SDR with custom silicon ! Combining TinyTapeout projects.

Using an EFR32 IoT Microcontroller Transceiver as an SDR

Thank you to Joshua R. for writing in and sharing some links on how an EFR32 microcontroller can be used as a software-defined radio. The EFR32 is a microcontroller designed for IoT applications such as Zigbee, Z-Wave, Thread, Bluetooth. Of interest to us is that the EFR32 has a special mode that allows for the demodulator/modulators to be switched off and instead allowing for raw IQ data to be transferred from the chip.

An example of the EFR32 being used as an SDR has been provided by OH2EAT/tejeez and can be found in this write-up and in his 'geckokapula' GitHub repo. This MIT-licenced repo provides hardware schematics and software for creating a full handheld FM, AM, USB, LSB, and CW receiver with FM, CW, USB, and LSB transmit capabilities. It also supports a 12 kHz waterfall display. The tuning range is nearly 13.2 MHz to 2.9 GHz, but there are some gaps.

This Knowledge Article by Silicon Labs also explains the SDR mode of the EFR32.

This is an interesting low-cost chip, but the limiting factor appears to be the small bandwidth.

An EFR32 SDR by Tejeez/OH2EAT
An EFR32 SDR by Tejeez/OH2EAT

Setting up a Dual RX System with an SDR and Ham Radio Rig via an SDRSwitch

There are two common options when using an SDR together with a ham radio rig. You can either create an IF tap within your ham radio and connect the SDR to that, or connect the SDR directly to the antenna via a switch that switches the SDR out when transmitting.

Over on YouTube, Ham Radio DX has uploaded a video discussing the latter option and revealing its advantages. In the video, he mentions results by HB9VQQ that show that connecting an Airspy HF+ directly to an antenna via an SDR switch from SDRSwitch.com results in 60% more spots on WSPR, compared to using an IF tap from an FT450D ham radio rig.

He goes on to explain and demonstrate his setup and the recommended switch that he is using, which is the SDRSwitch by N2EME, available at SDRSwitch.com. He notes that this switch is recommended due to its very low insertion loss and high isolation specifications and compares it against an MFJ switch, which has some rather terrible specifications.

Add a SDR Receiver to ANY Ham Radio Rig!

SignalSDR Pro: An Upcoming SDR with 70 MHz to 6 GHz, 12 Bit ADC, 61.44 MHz Bandwidth and 2TX/2RX Channels

Over on CrowdSupply, a new software-defined radio called the 'SignalSDR Pro' made by Hong Kong company Signalens has recently been announced. The SignalSDR Pro is roughly the size of a credit card or Raspberry Pi and has a 70 MHz to 6 GHz tuning range, 12-bit ADC, 61.44 MHz of bandwidth, and 2RX/2TX channels.

The SDR is based on the AD9361 chipset, used by several other SDRs, including the PlutoSDR and Ettus USRP B210. It also comes with an AMD Zynq 7020 FPGA. Of note is a feature that allows the device to emulate a PlutoSDR and USRP B210, instantly making it compatible with software written specifically for those devices.

In the video below, creator KaiJern Lau introduces the SignalSDR Pro and explains the motivation behind creating it.

The project is currently in the pre-crowdfunding stage, and you can sign up for updates on its Crowd Supply page

The SignalSDR Pro
The SignalSDR Pro

BSidesPGH 2024 Talk: Introduction to Software Defined Radio For Offensive and Defensive Operations

Over on the YouTube channel "SecPGH" a talk by Grey Fox titled "Introduction to Software Defined Radio For Offensive and Defensive Operations" has been uploaded from the BSidesPGH 2024 conference. BSidesPGH 2024 was a security conference held in Pittsburgh, PA, USA on July 25.

The talks are generally about network security, however, Fox's talk is all about RF security topics and software defined radio. In the talk, he introduces SDR, and devices like the Flipper Zero and demonstrates various basic examples such as receiving FM from a handheld radio and ADS-B.

Next, he goes on to demonstrate security topics such as showing how to capture and analyze signals from a 433 MHz security alarm using an RTL-SDR and Flipper Zero, and how to jam frequencies and replay captured signals. Finally, he demonstrates WiFi cracking with the help of Kali Linux and Flipper Zero with WiFi dev board attached.

BSidesPGH 2024 Track 2 Grey Fox Introduction to Software Defined Radio For Offensive and Def