DARPA Funds a $300 Software-Defined Radio For Hackers

Sparrowvsrevolution writes with this story from Forbes: "Over the weekend at the ToorCon hacker conference in San Diego, Michael Ossmann of Great Scott Gadgets revealed a beta version of the HackRF Jawbreaker, the latest model of the wireless Swiss-army knife tools known as 'software-defined radios.' Like any software-defined radio, the HackRF can shift between different frequencies as easily as a computer switches between applications–It can both read and transmit signals from 100 megahertz to 6 gigahertz, intercepting or reproducing frequencies used by everything from FM radios to police communications to garage door openers to WiFi and GSM to next-generation air traffic control system messages. At Ossmann's target price of $300, the versatile, open-source devices would cost less than half as much as currently existing software-defined radios with the same capabilities. And to fund the beta testing phase of HackRF, the Department of Defense research arm known as the Defense Advanced Research Projects Agency (DARPA) pitched in $200,000 last February as part of its Cyber Fast Track program."

Antennas

[burning-toast]

Antenna design for this must be miserable...

Anyone know if there is a good way to have relatively optimized reception over that whole spectrum without having to swap your antennas when changing frequencies?

- Toast

First post?

Re:Antennas

[Muad'Dave]

Log periodic or discone.

Re:Antennas

[Chrisq]

Antenna design for this must be miserable...

Anyone know if there is a good way to have relatively optimized reception over that whole spectrum without having to swap your antennas when changing frequencies?

- Toast

First post?

This appears to be an area of hot research. Ideas include switch band antennas and Software defined antennas.

Re:Antennas

[burning-toast]

I appreciate that. I might be heavily vested into computers, but radio isn't something I have had the pleasure to tinker with too much.

Also, found the repo / blog for that board (article was lacking in details):

http://www.greatscottgadgets.com/hackrf/

https://github.com/mossmann/hackrf

- Toast

Re:Antennas

[burning-toast]

The picture in the article thankfully had the URL on the PCB, so it's not like I had to play super sleuth to find it...

Re:Antennas

[vlm]

You need an app that requires coverage from 100 MHz (why not down to 75 MHz for international FM broadcast band RX? Only need down to 87 or so in the USA..)

Usually wide band antenna design is not much of an issue in RF projects at the higher frequencies. Its pretty hard to make a dipole that covers the entire ham radio 3.5 to 4 mhz band than to cover a much smaller octave range at microwave bands.

Also "relatively optimized" is kinda non-specific. My antenna for 2M is optimized for clean pattern first and gain second and bandwidth a distant 3rd... I don't believe it can be used above 145 MHz or so. Which for my use is perfectly OK.

A "good" example of an antenna optimized for wide bandwidth would be an old fashioned VHF-lo thru UHF rooftop TV antenna. Miserable gain but crazy almost 10:1 frequency range.

Re:Antennas

[Muad'Dave]

You're welcome. Amateur radio folk have been on the forefront of DSP and SDR development for many years now. If you want to fool around with digital signal processing but don't want to invest in hardware, you can use the GNURadio package, along with the GNU Radio Companion to create DSP chains using an IDE and signals to/from your soundcard or arbitrary sound files.

For very little cash you can get a USB TV dongle that can be used as a signal source for GNU Radio. Search around a bit and you'll find sources - some are mentioned on the GNU Radio site.

If you're interested in doing DSP/SDR 'for real' over the air, consider getting a Technician-class Amateur radio license. You have all privileges above 30 MHz, and can do really nifty stuff. No Morse code required anymore - all theory and regs.

combine that with computing power....

[Razgorov+Prikazka]

I don't have a lot of knowledge in this, but it seems to me that one should be able to crack scrambled comm's much more easy right?
Eavesdrop on GSM's, listen out on dect-telephones for example? Or 'tinker' with that new 'smart-meter' the neighbours had installed.
Just some suggestions... not saying you should, but you could ;-)
Sounds absolutely interesting!

Re:combine that with computing power....

[ledow]

The point is that you've always been able to do that. Radio hams have been building radios and you've been able to buy scanners that will let you listen and transmit on any frequency you like for decades.

That's part of the article summary - people STILL using "security by obscurity" because they don't expect people to bother to record, modify and playback openly-available data is LUDICROUS. See the article just now about being able to scam public transport because of homebrew-encryption used over the airwaves.

The problem is not the airwaves, or the devices available to read them. They've existed since Marconi, if you had the brains. It's that people still deploy systems where the wireless part is treated like some mystical, magical medium that stops people doing things to it.

You can already listen to GSM. Radio hams found and cracked the encryption on it before it was even standardised. 3G technologies have similar problems. DECT, also. Smart-meters, some of them too. The problem is relying on untested encryption or no encryption/authentication at all in order to make things work and then being shocked when someone clones your phone.

This is nothing new. It just makes it slightly cheaper and more convenient.

Re:combine that with computing power....

[b5bartender]

We've already seen at least one successful brute force method to retrieve P25 encryption keys via GNU Radio..

Re:Why?

[Muad'Dave]

Who says they're not transmitting a serial number with each unit.

That would be very hard to hide from anyone with a even just a little test equipment. SDRs typically operate by taking user-generated in-phase and quadrature (I/Q) signals from the data source. These have the desired data waveform already encoded in them. Additional modulation (to sneak in a serial number) would appear as undesired spurs or noise.

This should be popular in the ham radio community

[eyegor]

Software radios are becoming more popular in the amateur radio community. There are several manufacturers of very fine radios and quite a few build-it-yourself radios available too. I'll be watching this with great interest since one of the biggest problems with the lower-cost software radios is band coverage.

As Toast said a moment ago, antenna selection would be hard. Most radio amateurs would use an antenna tuner and/or a multiband antenna for the HF frequencies and an antenna switch for other bands of interest. I do just that. I have a 40 meter full wave horizontal loop antenna and use an antenna tuner and a 4:1 balun and can transmit on all bands from 40m through 10m and have very good results. It's also usable on 6m, but have never had a lot of luck with any kind of distant contacts.

Re:Why?

[fuzzyfuzzyfungus]

I don't know why DARPA would necessarily feel the need to contribute to work in an area that is already receiving attention(The guys at Ettus will sell you a competent little package for under $2k, sometimes rather far under, depending on the frequency ranges you want, which is hardly free; but isn't exactly "If you have to ask, you may be in the wrong store." money); but I'd imagine that whatever sub-unit of DARPA made the decision is the sub-unit where people who realize that 'obscurity' ain't gonna cut it as a security strategy in the future hang out.

While, yes, the US Intelligence Community certainly wet-dreams about a world of full spectrum dominance and Total Information Awareness, anyone who hasn't fully removed themselves from empiricism has to admit that that isn't really on the table. Especially for assorted hacker shenanigans, there are just too many parties who can drum up enough nerds to at least go after soft targets.

In such an environment, the US(as a country deeply dependent on complex electronic infrastructure) is probably better off if friendly security researchers have cheap toys to work with, at the risk that enemy ones will as well, rather than a situation where friendly security researchers find that the tools they need are expensive or illicit; but anybody doing work for even fairly cruddy little nation-states has what they need to pump out the zero-days.

Most hackers use $30 TV tuners

[petes_PoV]

Rather than spend $300 I think most people use RTL2832U/E4000 based TV tuners. Typically these have a tuning range from 60-ish MHz up to 1 - 2 GHz depending on the specifics of the design.

Sadly, the chips used are getting scarce these days so the price of the products (available from your favourite chinese website) is going up. But it still beats $300 by a long, long way.

Re:Most hackers use $30 TV tuners

They can't transmit though.

Re:Most hackers use $30 TV tuners

[petes_PoV]

They can't transmit though.

That's correct. Although since it's illegal to own a transmitter for frequencies you don't hold a licence to transmit on (and nobody holds a licence to transmit on "from 100 megaherz [sic] to 6 gigaherz") these proposed SDRs would have a big problem getting any sort of electrical conformance/approval certificate for sale in most countries.

Re:Different HW Needed?

[Muad'Dave]

If you have SDR equipment that can operate on 2.4GHz and has enough bandwidth, you could operate WiFi, ZigBee, and other protocols at the same time. You could have WiFi on channel 1, ZigBee on 11, etc. As long as the chipping codes don't collide, you can go nuts. As an example of relatively simple SDRs, check out these Web SDRs. These are single radios that digitize large swaths of spectrum. Each web user gets their own software virtual receiver that is tunable across the sampled spectrum. These radios can support hundreds of users at the same time, each listening to different freqs in different modes.

The radio hardware remains the same. The parts that can change are external to the actual 'radio' part - preselector filters, preamps, antennas, etc. Once you get the signal of interest to the radio, the processing is identical. Look around for descriptions of I/Q modulation - by supplying in-phase and quadrature signals, you can generate any modulation you want.

Re:This should be popular in the ham radio communi

[vlm]

quite a few build-it-yourself radios available too

The device announced is basically equivalent in specs to the couple years old UHFSDR (not a terribly creative name) as seen at

http://wb6dhw.com/For_Sale.html#UHFSDR

Main difference is this board has a 8-bit 20 Msps A/D onboard and the UHFSDR has it offboard (assuming you'll use a "16" bit 44+ Ksps soundcard)

You can see quite a difference in implied project design here.... Is it even possible to pass FCC regs for IMD trying to transmit a 8-bit SSB signal, and obviously a audio soundcard doesn't sample wide enough to do wifi or whatever fast digital stuff you'd like. So its broadband digital strong signal type of toy as opposed to something like a UHFSDR which is the opposite.

Can you really shove 20 Msps thru a USB reliably? I used to think no, but...

I'll be watching this with great interest since one of the biggest problems with the lower-cost software radios is band coverage.

I didn't see any switchable bandpass filters, or anything like that. I haven't found a schematic but you can just look at the board and figure out whats going on. It looks like its buildable for on board PCB antenna or external, like solder in the SMA jack OR the 0-ohm jumper at the arrow to connect the pcb antenna. Looks like 2 stages of RF amp MMICs before it hits a mixer. You can see the "I" and "Q" PCB traces in the upper left for both the TX and RX mixer. Apparently the design goals are all half duplex but the actual board design appears to use separate TX and RX stages at the hard/expensive end. Where's the VCOs or more likely DDS synths? I'm guessing on the other side of the board? I bet if I spent more than 5 minutes looking at it, perhaps with the wiki page open and looking at some of the device data sheets while looking at the PCB, I could tell you a lot more about the design.

From looking at the board layout I don't think it's going to work at 6 GHz or at least not work to maximum specs. You can tell the designer came from the "digital camp" into SDR work rather than up from the "analog camp" into SDR work. Little things like how signals are run, some layout choices, some design choices.

For a good time, look at the board picture, which has a URL silkscreened on it, click thru to

https://github.com/mossmann/hackrf/wiki

The "design goals" "hardware components" and "clocking", combined with the PCB, could tell you pretty much everything you need to know about this design.

Re:Why?

[vlm]

where people who realize that 'obscurity' ain't gonna cut it as a security strategy

They made certain RF / DSP / digital design decisions that provide a rather hard constraint. If they can flood the market using govt money, no one out there will have gear with IMD performance better than 8 bit, sample rates higher than 20 Msps, the RF chain probably means miserable performance both at very weak signals and very strong, and board PCB routing probably means some interesting (intentional?) RF birdies both in RX and more importantly in TX.

So... once you've put non .mil research into a carefully specified box, you can quite easily do your real .mil work outside the carefully specified box. Use a modulation that has to sample 100 MHz of spectrum to demodulate. Who knows.

Its an effort to stop market convergence, to drive them apart / separate more so than to open up an already thriving open environment.

Another TOY SDR

Uses only 8 bit sampling which will severely limit the dynamic range. You might as well use one of the $30 RTL2832U/E4000 based TV tuners. DARPA throwing them $200,000 for the effort is a WASTE of taxpayer's money for these guys to build a 'TOY' SDR!

What? no HF/Shortwave

[FudRucker]

I would not want it if they were giving it away free, it is junk without HF/Shortwave & SSB

Re:Different HW Needed?

[Muad'Dave]

That was your use case - for many other uses, YIGs are unneeded - a simple NCO/PLL will work just fine. There are plenty of A/D's that can sample more than 10 MHz at 16+ bits. For the 2.4 GHz use case you would not have to sample the RF signal directly - that would be silly. You would first downconvert the desired signal to a more reasonable IF (intermediate frequency) and then sample that. If you don't have image rejection requirements you could shift it to DC and sample that. Read up on superheterodyne receivers to start with, then digital up- and down-converters.

This company makes the Flex-6000 series Amateur transceivers - they are all digital and directly sample the HF and VHF bands from 30 kHz to 77 MHz continuously. This radio has every bell and whistle, and has incredible performance stats. It's expensive, but it is indicative of the amount of spectrum you can simultaneously sample.