Tagged: Software-defined radio

Converting an Old Cable Modem into an SDR

Over on his github blog, user stdw has uploaded a comprehensive post explaining how he investigated and turned an old Motorola MB7220 cable modem that was sitting in his closet into a fully functional software defined radio.

To begin the investigation stdw first opened the case and looked for a serial UART port. After finding one he connected the UART up to a Raspberry Pi and was almost immediately able to connect to the device's terminal. From the information displayed during the boot process, stdw was able to determine that the modem was running the eCos operating system on a Broadcom BCM3383 SoC. Unfortunately after receiving that information the UART connection is dropped, preventing any further terminal investigation.

To get around this issue, stdw decided to dump the flash memory via an SPI memory chip he saw on the board. Again using the Raspberry Pi he was able to connect via SPI and use the flashrom tool to read the memory. Next using a tool called bcm2-utils, stdw was able to parse and actually modify the configuration information stored in the flash memory. With this he was able to modify the configuration so that the serial connection did not drop after boot. 

With terminal access gained, stdw was now able to reverse engineer the firmware, and after a lot of searching eventually find a console command which would perform a bandpower measurement for a given frequency range. He found that IQ data for this scan was stored in a buffer which he could then stream out via a TCP connection. With the IQ data finally available on another PC he was then able to use Python libraries to compute an FFT and actually visualize the scanned spectrum. Some further investigation yielded actually demodulated FM audio, and the realization that the usable bandwidth is 7.5 MHz.

Unfortunately there were some limitations. There is only enough RAM to store less than a second of data at a time at max bandwidth and precision, which meant that a lot of data needed to be dropped in between captures. Further investigation yielded methods to reduce the sample rate down to 464 kHz which meant that only 12% of data was ever dropped - enough to stream a wideband FM radio signal.

If you wanted to try investigating the modem yourself, the Motorola MB7220 is available second hand on eBay for prices ranging between US$15 - US$40, and new on Amazon for $46.99. Although the usability of the modem for any real SDR applications may not be great, further investigation may yield better results. And if not, following along with the process stdw took looks to be a great reverse engineering learning experience. Other modems that use similar Broadcom chips may also be worth investigating.

The Motorola MB7220 connected to a Raspberry Pi for reverse engineering

Nils Reviews the RX-888: A Sub $200 16-Bit 32 MHz Bandwidth SDR

A lot of affordable Chinese clone SDRs have been coming onto the market recently, and the RX-888 is one of the most interesting. The RX-888 appears to be an improved clone of the RX-666 which in turn is a clone derived from Oscar Steila (IK1XPV)'s BBRF103 original open source design.

The RX-888 is based on the LTC2208 16-bit ADC chip which is capable of streaming the entire 1 kHz to 32 MHz frequency range to the PC over USB 3.0 with direct sampling. Frequencies from 32 MHz to 1.8 GHz can also be received via an R820T2 tuner which is on the board (the same tuner used in most RTL-SDRs). Due to the bandwidth restrictions of the R820T2 silicon, the bandwidth above 32 MHz is restricted to 8 - 10 MHz. The main change when compared to the RX-666 appears to be that there is an LNA which improves medium wave and small antenna performance which was a problem on the RX-666. The RX-888 also adds several heat sinks to the enclosure, as excessive heat generation of the LTC2208 ADC appears to also be an issue.

The RX-888 Software Defined Radio

Recently Nils Shiffhauer (DK80K) wrote up a great review of the RX-888. In the review he covers the specs, shows a few screenshots of some signals he's received and also provides multiple audio samples of signals received.

The RX-888 is currently available on marketplace sites like Aliexpress and eBay priced at around US$180. In the past SDRs that could receive the entire HF band at once were rare, with the only affordable SDR with this capability being the KiwiSDR. So it is good to see that we may now be entering a stage of new advancement in affordable SDRs.

One thing to note is that this design can be considered a clone. However the original design by Oscar is open source and from this post on his blog he seems happy and accepting of the clones.

We note that we have ordered a unit and will be uploading a review once we test it.

The RX-888 PCB

OpenWiFi: Open Source FPGA and SDR Based WiFi Implementation

OpenWiFi is a Linux mac80211 compatible full-stack IEEE802.11/Wi-Fi design based on an FPGA and SDR (Software Defined Radio). It aims to be the first full open source implementation of the entire WiFi stack. While the current design does not provide any feature benefits over commercial closed source chips, it is beneficial from an education standpoint, and also from a security view as any open source FPGA code can be verified to not have backdoors. The SDRs used in the project are typically not ones seen on this blog as they mostly exist on research dev boards optimized for the 2.4 GHz band.

Recently the FOSDEM 2020 conference talks from February 2020 have been released on YouTube and a talk titled Opensource "Wi-Fi chip design" and Linux drivers by Xianjun Jiao was uploaded. The talk explains OpenWiFi in detail, and why or why not you might want to use it. 

Individuals, SMEs, opensource communities and big companies have shown big interests on the openwifi project. They also asked many questions, such as MIMO support, CSI information support, roadmap and opensource license consideration. One new interesting message, which is not expected before, is that: People are willing to pay more for a WiFi chip not because the chip’s performance is better but just because they can check the chip silicon source code (Verilog/VHDL/C) on github if they have privacy/security concern. So far, not any commercial WiFi chip discloses their silicon source code. After the FOSDEM, the project has reached 545 stars on github.

Openwifi talk at FOSDEM 2020

SDRA2020 Online Conference Videos

The Software Defined Radio Academy is an organization that holds a conference within the yearly HAMRADIO fair in Friedrichshafen, Germany. This year due to the pandemic the conference was held online, and recently videos from the various talks have begun to slowly get uploaded to their YouTube channel.

The talks are typically very technical in nature, but if you're interested in cutting edge SDR research and applications then these are good talks to get caught up on. Currently there are seven videos that have been uploaded, but we are expecting that there are more to come since there are more talks listed in their programme. They appear to be uploading one video per day at the moment so get subscribed to their YouTube channel for the upcoming videos.

The currently uploaded talks include:

  • A Keynote interview with N1UL Dr. Ulrich Rohde
  • Laurence Barker G8NJJ: Using Xilinx Vivado for SDR Development
  • Edwin Richter DC9OE, Crt Valentincic S56GYK: Usage of higher order Nyquist Zones with Direct Sampling Devices
  • Prof. Dr. Michael Hartje DK5HH: Signalprocessing in the man made noise measurement system ENAMS
  • Bart Somers PE1RIK: Long term spectrum monitoring using GNUradio and Python

We are looking forward to the upcoming talks like the one by Dr. Bastian Bloessl DF1BBL that discusses the GNU Radio on Android implementation.

SDRA2020 - 03/04 - Laurence Barker: Using Xilinx Vivado for SDR Development

Talks from the 2020 HamSCI Convention (Held Online)

HamSCI is an organization dedicated citizen radio science and specifically the "publicity and promotion of projects that advance scientific research and understanding through amateur radio activities". Recently they held their HamSCI 2020 workshop online, and the videos are now available on the Ham Radio 2.0 YouTube channel. Several of the projects mentioned in the talks involve the use of software defined radios.

Come join HamSCI at its third annual workshop! Due to restrictions caused by the COVID-19 Coronavirus, this year's workshop will he held as a virtual, eletronic workshop. The meeting will take place March 20-21, 2020 using Zoom Webinar Services hosted by The University of Scranton in Scranton, PA . The primary objective of the HamSCI workshop is to bring together the amateur radio community and professional scientists. The theme of the 2020 HamSCI Workshop is "The Auroral Connection: How does the aurora affect amateur radio, and what can we learn about the aurora from radio techniques?" Invited speakers include Dr. Elizabeth MacDonald, NASA Scientist and founder of Aurorasaurus, Dr. James LaBelle, Dartmouth Space Scientist and expert on radio aurora, and Dave Hallidy K2DH, an expert in ham radio auroral communication.

One talk discusses the HamSCI personal weather station project, which is an SDR and Raspberry Pi based solution that monitors HF signals like WSPR, as well as characterizing HF noise, detecting lightning and ionospheric disturbances.

HamSCI 2020 Overview of the Personal Space Weather Station and Project Update

Another talk discusses the TangerineSDR, which is an open source SDR currently in development by TAPR. The goal of the TangerineSDR is to be a sub $500 SDR with a focus on space science, academic research as well as general amateur use. 

HamSCI 2020 TangerineSDR Data Engine and Overall Architecture

The rest of the talks can be found on the Ham Radio 2.0 YouTube playlist.

Radenso Theia: An SDR Based Police Radar Detector

Radenso is a company that sells radar detectors. These are used to help motorists avoid speeding fines from Police using radar speed detectors in their cruisers. Their latest upcoming product is called the "Radenso Theia" and is a software defined radio based solution.

In one of their latest YouTube videos they explain how SDR is used in the Theia, noting that the SDR ADC chip they are using is an AD9248. The use of an SDR allows them to more easily apply advanced digital signal processing algorithms to the radar detection task. In particular they note that they can now apply deep learning artificial intelligence filtering which helps to classify different radar gun FFT signatures and avoid false positives from other radar sources such as automatic doors.

While the Theia is designed to be a radar detector, they note that the device could also be used by hardware hackers as a standalone software defined radio. They have thought about this use case and have added a separate uFL connector that can be enabled by soldering a zero ohm connector, and this allows users to connect any antenna to it.

What is a software defined radio and why does it matter for Radenso Theia?

DARPA Spectrum Collaboration Challenge $2 Million Dollar Championship Video

DARPA (Defense Advanced Research Projects Agency) has recently released video from their Spectrum Collaboration Challenge Championship Event where team GatorWings took home a two million dollar prize. In the original DARPA grand challenge teams competed to produce an autonomous car that can get through an obstacle course. In this spectrum challenge DARPA poses the questions, what if there was no FCC to control the band plan, and how do we make more efficient use of a scarce spectrum?

Given those questions the goal is for software defined radios driven by artificial intelligence's created by each team to autonomously find ways to manage and share the spectrum all by themselves. The AI's are required to find ways to listen and learn the patterns of other AI SDRs using differing wireless standards all of which are competing for the same slice of spectrum at the same time. The competition asks the AI's to provide simulated wireless services (phone calls, data link, videos, images) during a simulation run with all the AI's running at once. Whichever AI is able to provide the most stable services and at the same time share the spectrum fairly with the other AI's wins.

On October 23, 2019, ten teams of finalists gathered to compete one last time in the Championship Event of DARPA's Spectrum Collaboration Challenge (SC2), a three-year competition designed to unlock the true potential of the radio frequency (RF) spectrum with artificial intelligence. DARPA held the Championship Event at Mobile World Congress 2019 Los Angeles in front of a live audience.

Team GatorWings from University of Florida took home the $2 million first prize, followed by MarmotE from Vanderbilt University in second with $1 million, and Zylinium, a start-up, in third with $750,000.

Throughout the competition, SC2 demonstrated how AI can help to meet spiking demand for spectrum. As program manager Paul Tilghman noted in his closing remarks from the SC2 stage: "Our competitors packed 3.5 times more wireless signals into the spectrum than we're capable of today. Our teams outperformed static allocations and demonstrated greater performance than current wireless standards like LTE. The paradigm of collaborative AI and wireless is here to stay and will propel us from spectrum scarcity to spectrum abundance."

The highlights video is shown below, and the full two hour competition stream can be viewed here

Highlights from the Spectrum Collaboration Challenge Championship Event

The competition was run on the DARPA Colosseum, the worlds largest test bed for performing repeatable radio experiments. Capable of running up to 128 two channel software defined radios with 3 peta-ops of computing power it allows experimenters to accurately simulate real world RF environments. It works by connecting special "channel emulator" RF computing hardware to each physical SDR, which can emulate any RF environment.

The SC2 Colosseum

SDR Makerspace Conference to be Held in Switzerland in November

SDR Makerspace is a community based in Greece that is run by the European Space Agency and Libre Space Foundation (who are responsible for the SatNOGS project). It provides funding and resources for Software Defined Radio based space communication projects.

On November 28-29 2019 they are holding the SDR Makerspace Conference in Payerne, Switzerland. The conference is free to register although spaces are limited.

The technical talks during the first day will be:

  • Open-Source SDR Software for Satellite Communications - Alexandru Csete
  • LimeSDR as an enabler for Satellite TV Transmissions - Dave Crump
  • How wide band data converters enable SDR in Satcoms - e2v
  • Teaching SDR: EPFL experience - Bixio Rimoldi
  • Xilinx’s adaptive solutions for SDR application - Georg Hanak
  • SDR Makerspace: Evaluation of SDR Boards and Toolchains - Sheila Christiansen
  • SDR and Amateur radio in space - Michel Burnand
  • SDR Makerspace lightning talks - Multiple Authors

The second day will consist of workshops on using SDRs for satellite communications, and on using the LimeNET Micro and LimeRFE for SDR satcom development.

Exhibitors who will be at the conference.
Exhibitors who will be at the conference.