Tagged: Software-defined radio

bladeRF-wiphy: Open Source WiFi Access Point on a BladeRF

Back in August 2020 we posted about OpenWiFi , an open source implementation of the full IEEE802.11/Wi-Fi stack for FPGA and SDR combo board. Recently the team at Nuand have released their own WiFi implementation called "bladeRF-wiphy" for their bladeRF 2.0 software defined radio. The code is implemented in VHDL, which runs directly on the bladeRF's on board micro xA9 FPGA.

The bladeRF-wiphy project is an open-source IEEE 802.11 compatible software defined radio VHDL modem. The modem is able to modulate and demodulate 802.11 packets (the protocol WiFi is based on), and run directly on the bladeRF 2.0 micro xA9’s FPGA.

The bladeRF-wiphy coupled with Linux mac80211 allows the bladeRF 2.0 micro xA9 to become a software defined radio 802.11 access point! 802.11 packets (PDUs) are modulated and demodulated directly on the FPGA, so only 802.11 packets are transferred between the FPGA and libbladeRF.

Arecibo Radio Telescope Collapses: A look back at some SDR fun with Arecibo

The Arecibo Radio Telescope has collapsed. Once the largest single dish radio telescope in the world at 305m, Arecibo was mostly used for radio astronomy research. However, the dish was made famous in 1974 for deliberating beaming a message into space as part of a search for extraterrestrial intelligence (SETI) experiment. It also played a part in popular culture, being a part of several famous films such as Golden Eye and Contact.

As part of it's goodbye we thought we'd highlight a few old posts where Arecibo was used together with SDRs for some interesting applications.

Back in 2014 we saw engineers hook up USRP software defined radios to Arecibo in order to contact the lost ISEE-3 NASA spacecraft (Wikipedia Article). The idea was to contact the solar orbiting spacecraft which was last heard from in 2008, and get it to fire it's thrusters in order to reuse it for a new mission. The idea was initially abandoned by NASA, however a crowdfunding campaign raised US$125,000 which funded the project.

The project required finding and researching the original spacecraft documentation, and implementing the modulators and demodulators in GNU Radio. Whilst being successful in communicating with the satellite, ultimately the project failed due to the satellite's nitrogen tanks which had long leaked empty. But the fact that they were even able to find and communicate with the spacecraft using Arecibo was a major achievement. If you're interested in that project, Balint's 2015 talk on YouTube is an interesting watch. 

Later in 2017 we saw how Arecibo was used for an Ionospheric heating experiment which involved transmitting 600kW of net power into the Ionosphere. This resulted in SDR users around the world being able to receive the signal. Other posts involve u/moslers Reddit post where he toured Arecibo and showed how they used a familiar program, HDSDR, as part of their monitoring suite.

So goodbye to Arecibo. However, we can look forward to the 500 meter Chinese FAST (Five-hundred-meter Aperture Spherical Radio Telescope) giving us new opportunities for single dish radio observations in the future.

Arecibo Radio Observatory

Converting an Old Cable Modem into an SDR

Over on his github blog, user stdw has uploaded a comprehensive post explaining how he investigated and turned an old Motorola MB7220 cable modem that was sitting in his closet into a fully functional software defined radio.

To begin the investigation stdw first opened the case and looked for a serial UART port. After finding one he connected the UART up to a Raspberry Pi and was almost immediately able to connect to the device's terminal. From the information displayed during the boot process, stdw was able to determine that the modem was running the eCos operating system on a Broadcom BCM3383 SoC. Unfortunately after receiving that information the UART connection is dropped, preventing any further terminal investigation.

To get around this issue, stdw decided to dump the flash memory via an SPI memory chip he saw on the board. Again using the Raspberry Pi he was able to connect via SPI and use the flashrom tool to read the memory. Next using a tool called bcm2-utils, stdw was able to parse and actually modify the configuration information stored in the flash memory. With this he was able to modify the configuration so that the serial connection did not drop after boot. 

With terminal access gained, stdw was now able to reverse engineer the firmware, and after a lot of searching eventually find a console command which would perform a bandpower measurement for a given frequency range. He found that IQ data for this scan was stored in a buffer which he could then stream out via a TCP connection. With the IQ data finally available on another PC he was then able to use Python libraries to compute an FFT and actually visualize the scanned spectrum. Some further investigation yielded actually demodulated FM audio, and the realization that the usable bandwidth is 7.5 MHz.

Unfortunately there were some limitations. There is only enough RAM to store less than a second of data at a time at max bandwidth and precision, which meant that a lot of data needed to be dropped in between captures. Further investigation yielded methods to reduce the sample rate down to 464 kHz which meant that only 12% of data was ever dropped - enough to stream a wideband FM radio signal.

If you wanted to try investigating the modem yourself, the Motorola MB7220 is available second hand on eBay for prices ranging between US$15 - US$40, and new on Amazon for $46.99. Although the usability of the modem for any real SDR applications may not be great, further investigation may yield better results. And if not, following along with the process stdw took looks to be a great reverse engineering learning experience. Other modems that use similar Broadcom chips may also be worth investigating.

The Motorola MB7220 connected to a Raspberry Pi for reverse engineering

Nils Reviews the RX-888: A Sub $200 16-Bit 32 MHz Bandwidth SDR

A lot of affordable Chinese clone SDRs have been coming onto the market recently, and the RX-888 is one of the most interesting. The RX-888 appears to be an improved clone of the RX-666 which in turn is a clone derived from Oscar Steila (IK1XPV)'s BBRF103 original open source design.

The RX-888 is based on the LTC2208 16-bit ADC chip which is capable of streaming the entire 1 kHz to 32 MHz frequency range to the PC over USB 3.0 with direct sampling. Frequencies from 32 MHz to 1.8 GHz can also be received via an R820T2 tuner which is on the board (the same tuner used in most RTL-SDRs). Due to the bandwidth restrictions of the R820T2 silicon, the bandwidth above 32 MHz is restricted to 8 - 10 MHz. The main change when compared to the RX-666 appears to be that there is an LNA which improves medium wave and small antenna performance which was a problem on the RX-666. The RX-888 also adds several heat sinks to the enclosure, as excessive heat generation of the LTC2208 ADC appears to also be an issue.

The RX-888 Software Defined Radio

Recently Nils Shiffhauer (DK80K) wrote up a great review of the RX-888. In the review he covers the specs, shows a few screenshots of some signals he's received and also provides multiple audio samples of signals received.

The RX-888 is currently available on marketplace sites like Aliexpress and eBay priced at around US$180. In the past SDRs that could receive the entire HF band at once were rare, with the only affordable SDR with this capability being the KiwiSDR. So it is good to see that we may now be entering a stage of new advancement in affordable SDRs.

One thing to note is that this design can be considered a clone. However the original design by Oscar is open source and from this post on his blog he seems happy and accepting of the clones.

We note that we have ordered a unit and will be uploading a review once we test it.

The RX-888 PCB

OpenWiFi: Open Source FPGA and SDR Based WiFi Implementation

OpenWiFi is a Linux mac80211 compatible full-stack IEEE802.11/Wi-Fi design based on an FPGA and SDR (Software Defined Radio). It aims to be the first full open source implementation of the entire WiFi stack. While the current design does not provide any feature benefits over commercial closed source chips, it is beneficial from an education standpoint, and also from a security view as any open source FPGA code can be verified to not have backdoors. The SDRs used in the project are typically not ones seen on this blog as they mostly exist on research dev boards optimized for the 2.4 GHz band.

Recently the FOSDEM 2020 conference talks from February 2020 have been released on YouTube and a talk titled Opensource "Wi-Fi chip design" and Linux drivers by Xianjun Jiao was uploaded. The talk explains OpenWiFi in detail, and why or why not you might want to use it. 

Individuals, SMEs, opensource communities and big companies have shown big interests on the openwifi project. They also asked many questions, such as MIMO support, CSI information support, roadmap and opensource license consideration. One new interesting message, which is not expected before, is that: People are willing to pay more for a WiFi chip not because the chip’s performance is better but just because they can check the chip silicon source code (Verilog/VHDL/C) on github if they have privacy/security concern. So far, not any commercial WiFi chip discloses their silicon source code. After the FOSDEM, the project has reached 545 stars on github.

Openwifi talk at FOSDEM 2020

SDRA2020 Online Conference Videos

The Software Defined Radio Academy is an organization that holds a conference within the yearly HAMRADIO fair in Friedrichshafen, Germany. This year due to the pandemic the conference was held online, and recently videos from the various talks have begun to slowly get uploaded to their YouTube channel.

The talks are typically very technical in nature, but if you're interested in cutting edge SDR research and applications then these are good talks to get caught up on. Currently there are seven videos that have been uploaded, but we are expecting that there are more to come since there are more talks listed in their programme. They appear to be uploading one video per day at the moment so get subscribed to their YouTube channel for the upcoming videos.

The currently uploaded talks include:

  • A Keynote interview with N1UL Dr. Ulrich Rohde
  • Laurence Barker G8NJJ: Using Xilinx Vivado for SDR Development
  • Edwin Richter DC9OE, Crt Valentincic S56GYK: Usage of higher order Nyquist Zones with Direct Sampling Devices
  • Prof. Dr. Michael Hartje DK5HH: Signalprocessing in the man made noise measurement system ENAMS
  • Bart Somers PE1RIK: Long term spectrum monitoring using GNUradio and Python

We are looking forward to the upcoming talks like the one by Dr. Bastian Bloessl DF1BBL that discusses the GNU Radio on Android implementation.

SDRA2020 - 02 - N1UL: Interview with Dr. U. Rohde

Talks from the 2020 HamSCI Convention (Held Online)

HamSCI is an organization dedicated citizen radio science and specifically the "publicity and promotion of projects that advance scientific research and understanding through amateur radio activities". Recently they held their HamSCI 2020 workshop online, and the videos are now available on the Ham Radio 2.0 YouTube channel. Several of the projects mentioned in the talks involve the use of software defined radios.

Come join HamSCI at its third annual workshop! Due to restrictions caused by the COVID-19 Coronavirus, this year's workshop will he held as a virtual, eletronic workshop. The meeting will take place March 20-21, 2020 using Zoom Webinar Services hosted by The University of Scranton in Scranton, PA . The primary objective of the HamSCI workshop is to bring together the amateur radio community and professional scientists. The theme of the 2020 HamSCI Workshop is "The Auroral Connection: How does the aurora affect amateur radio, and what can we learn about the aurora from radio techniques?" Invited speakers include Dr. Elizabeth MacDonald, NASA Scientist and founder of Aurorasaurus, Dr. James LaBelle, Dartmouth Space Scientist and expert on radio aurora, and Dave Hallidy K2DH, an expert in ham radio auroral communication.

One talk discusses the HamSCI personal weather station project, which is an SDR and Raspberry Pi based solution that monitors HF signals like WSPR, as well as characterizing HF noise, detecting lightning and ionospheric disturbances.

HamSCI 2020 Overview of the Personal Space Weather Station and Project Update

Another talk discusses the TangerineSDR, which is an open source SDR currently in development by TAPR. The goal of the TangerineSDR is to be a sub $500 SDR with a focus on space science, academic research as well as general amateur use. 

HamSCI 2020 TangerineSDR Data Engine and Overall Architecture

The rest of the talks can be found on the Ham Radio 2.0 YouTube playlist.

Radenso Theia: An SDR Based Police Radar Detector

Radenso is a company that sells radar detectors. These are used to help motorists avoid speeding fines from Police using radar speed detectors in their cruisers. Their latest upcoming product is called the "Radenso Theia" and is a software defined radio based solution.

In one of their latest YouTube videos they explain how SDR is used in the Theia, noting that the SDR ADC chip they are using is an AD9248. The use of an SDR allows them to more easily apply advanced digital signal processing algorithms to the radar detection task. In particular they note that they can now apply deep learning artificial intelligence filtering which helps to classify different radar gun FFT signatures and avoid false positives from other radar sources such as automatic doors.

While the Theia is designed to be a radar detector, they note that the device could also be used by hardware hackers as a standalone software defined radio. They have thought about this use case and have added a separate uFL connector that can be enabled by soldering a zero ohm connector, and this allows users to connect any antenna to it.

What is a software defined radio and why does it matter for Radenso Theia?