Friday, June 22, 2012

Introducing HackRF

I'd like to take a moment to properly introduce the project that is consuming most of my time this year: HackRF, a software radio peripheral. Software radio or Software Defined Radio (SDR) is the application of Digital Signal Processing (DSP) to radio waveforms. It is analogous to the software-based digital audio techniques that became popular a couple of decades ago. Just like a sound card in a computer digitizes audio waveforms, a software radio peripheral digitizes radio waveforms. It's like a very fast sound card with the speaker and microphone replaced by an antenna. A single software radio platform can be used to implement virtually any wireless technology (Bluetooth, GSM, ZigBee, etc.).

Digital audio capabilities in general purpose computers enabled a revolution in the sound and music industries with advances such as hard disk recording and MP3 file sharing. Today's computers are fast enough to process radio waveforms in similar ways, and the radio communications industry is going through the same sorts of changes. One critical advance has yet to take place, and that is the availability of low cost tools enabling any computer user to take part in the revolution.

HackRF project goals:

  • transmit and receive
  • operating frequency: 100 MHz to 6 GHz
  • maximum sample rate: 20 Msps
  • resolution: 8 bits
  • interface: High Speed USB
  • power supply: USB bus power
  • portable
  • open source hardware and software
  • low cost

There have been some exciting developments in the world of low cost software radio hardware in recent months, but the HackRF project will go much further. A key advance will be the ability to transmit as well as receive radio signals, and HackRF will also enable operation at higher frequencies, including the popular 2.4 GHz band. Most importantly, HackRF is an open source project, so people will always be able to use and modify the hardware design and software in the future. We are being very careful to only use electronic components with published documentation (no NDAs!) and to avoid software libraries without open source licenses. This means more work for us, but we think that it will be worth it in the long run.

Speaking of us, I should mention that I have some help on this project. My primary partner in this effort is Jared Boone of ShareBrained Technology (who has already written a bit about some of our development challenges). We've had some additional help from a few other people who hang out in #hackrf on chat.freenode.net, notably Benjamin Vernoux.

Ultimately, the HackRF project aims to produce a single device that meets the goals above, but right now it consists of multiple development boards that connect together. The microcontroller, USB interface, and power supply are on the largest board called Jellybean. The Intermediate Frequency (IF) transceiver, Analog to Digital Converter (ADC), Digital to Analog Converter (DAC), and clock generator are on a board called Lemondrop. Most recently, a wideband front-end called Lollipop is being tested. HackRF is based on a dual conversion architecture with a high IF (between 2.3 and 2.7 GHz), allowing us to take advantage of the excellent capabilities (per size, cost, and power consumption) of a wireless transceiver IC.

I have used software radio techniques for wireless security research for years, and I teach a workshop each year at ToorCon San Diego to help more people in the information security community become familiar with the technology. Both for my own use and to promote wireless security research, I have long dreamed of building a low cost, portable platform. Now, with support from DARPA's CFT program, I am finally able to make this project a reality.

Personally, I want a single device that can fit in my laptop bag, that doesn't require a bulky power supply, and that I can use to hack on whatever wireless systems I encounter. I'm hoping it will be about the size of a portable USB hard drive, and it will probably end up with a retail price in the neighborhood of $300, higher than technology-specific solutions like Ubertooth One but much less than any software radio transceiver on the market today.

The project is going well, and we are likely to meet most or all of the goals. If there is one we miss, it will probably be the operating frequency range. 100 MHz to 6 GHz is quite ambitious! At the very least, we will produce a platform that allows operation over a wide range including both the 2.4 GHz and 900 MHz bands.

HackRF is being developed on github. Documentation is coming together slowly on the wiki.

42 comments:

Lachie said...

That is awesome - looking forward to seeing some results! Will this be laptop compatible?

Anonymous said...

Congratulations! I really hope you'll succeed in making this a reality, it will open a whole new area of research/hacking to a lot of people.

Anonymous said...

Sounds like an exciting project and I'd love to get behind it but after seeing how underdeveloped the Ubertooth One was, there isn't much hope that the same won't happen to this project :(

Michael Ossmann said...

Lachie,

Yes, it will work with a laptop. In fact, a laptop (or other general purpose computer with a fast CPU) will be required to do much of anything. We will work on providing an interface to GNU Radio.

Anonymous,

If you are disappointed by how far I've been able to develop Ubertooth software over the past year, believe me: you are not half as disappointed as I am. This is about to change in a big way. I'll be making an exciting announcment about Ubertooth development within the next couple weeks.

zenographie said...

Hi

This hack looks nice ... hope I will be able to have one in my shack someday :-D

By the way, I have two very stupid questions : what kind of mixer do you intend to use on your up/down converter (lollipop as far as I remember). (couldn't find a high level mixer able to cover 100MHz.2.7 Gigs cleanly) and how do you intend to generate a clean 10 dBm L.O. signal (pll/dds ? or VCXO ? )

Sorry to be so insanely curious, but your project is really exiting

Cheers

Marc

zenographie said...

Hi

This hack looks nice ... hope I will be able to have one in my shack someday :-D

By the way, I have two very stupid questions : what kind of mixer do you intend to use on your up/down converter (lollipop as far as I remember). (couldn't find a high level mixer able to cover 100MHz.2.7 Gigs cleanly) and how do you intend to generate a clean 10 dBm L.O. signal (pll/dds ? or VCXO ? )

Sorry to be so insanely curious, but your project is really exiting

Cheers

Marc

Michael Ossmann said...

Marc,

I'm using the RFFC5071 on Lollipop. I am also entertaining an alternative design called Bubblegum that uses PE4140 mixers plus a VCO/PLL such as the TRF3765 or ADF4530.

Alexander Chemeris said...

Hi Michael,

We're also working on an open-source SDR board, but with a different aim of creating a high-quality industrial transceiver: http://code.google.com/p/umtrx/

For this board we found a very nice single-chip transceiver from Lime Microsystems LMS6002D: http://www.limemicro.com/lms6002d.php
I think it might be interesting for your project as well, as it's wideband and compact one. Originally documentation for this chip was under NDA, but we're working with them to release their documentation to foster more open-source software/hardware development and Lime is extremely supportive with this:
https://github.com/chemeris/lms6002-documentation

I personally hope that this chip will help more open-source SDR to emerge. :)

Michael Ossmann said...

Thanks, Alexander! Lime was not helpful when I contacted them several months ago. I'm glad you had better luck!

Anonymous said...

Keep up the good work! Many are following behind. Maybe someday we will altogether build our own mobile network complete with base stations and access network. Who knows!

0845 numbers said...

When your receiver is on and your transmitter is off, no signal is being transmitted, therefore your receiver is open to pick up any transmitted signal.

Cory Walker said...

Really looking forward to this, and I'll definitely have to pick one up. Keep up the awesome work!

Anonymous said...

where's the big announcement on ubertooth one development? We still do not have a basic element to make the platform useful: frequency hopping. Without that the Ubertooth is an expensive piece of junk which I and others wasted money on. So no new projects until we see some value in our previous investment.

Anonymous said...

Does 20MSPS give you sufficient bandwidth for wifi without subsampling?

Kanishk Verma said...

Looking forward to completion of the Project :)

Cheers from India,
Kanishk

beedee said...

sir,where and when i can get this hardware?
thanks

Anonymous said...

Got a license for that? This could also create nasty interference for licensed services...
But very neat!

ahamrxtx said...

With a slightly beefier ADC, you could do the entire HF spectrum. Far more useful for people with the license to transmit.

Anonymous said...

No offence, but not exactly impressive taking into account the maximum sample rate. If you want to do something unique, work on a wideband direct conversion sdr. I was going to do it, but i couldn't afford the direct conversion dacs.

hpux735 said...

"No offence, but not exactly impressive taking into account the maximum sample rate. If you want to do something unique, work on a wideband direct conversion sdr. I was going to do it, but i couldn't afford the direct conversion dacs."

That's a stupid idea.

Anyway, please take my money! This is awesome. I've been toying with making one of these for a while. I couldn't justify the time commitment, though. My hats off to you!

Steve Meuse said...

In your final spec, please keep the low end frequency around 100MHz. This will be perfect for a 144MHz IF for microwave transverters!

Shaddack said...

This is an excellent core for many different devices! With a transceiver like this you can potentially build things like a network analyzer, radar, NMR spectrometer, nonlinear junction detector, dielectric spectroscope, and many many other toys.

Please consider some way to include the frequencies below 100 MHz, even if it would require some additional effort by the end-user, for the purposes above.

Anonymous said...

Would this fit into the second drive bay of a mac mini? I could see that connected to a Yaesu FT857.

Sasha Zivanovic said...

I love this. I would buy 4 of them. Do you plan on selling them built?

Mike Glez said...

glopty Excellent! hoping the project will be duly completed to acquire one. xe2ngt

Michael Ossmann said...

Anonymous: 20 Msps is barely enough for some of the Wi-Fi modulations. We're not sure yet if we'll hit that goal, but we should be able to get to 15 Msps at least.

Steve Meuse, Shaddack: Actually it looks like our official low end frequency for Jawbreaker will be 30 MHz, and unofficially I've had some success down to 10 MHz.

Anonymous: I don't think we'll be fitting things inside a Mac Mini. Jawbreaker is about 17 square inches.

For all of you interested in availability, see: Announcing the HackRF Beta

Thanks for all your kind words of support!

Anonymous said...

does "Yes, it will work with a laptop." mean it will be mini-PCI form factor with standard wifi antenna connectors for an internal laptop install ?
or will we be the guys at the coffee shop with all the weird wires running to all the weird boxes that everyone is starting at ?

Michael Ossmann said...

Anonymous: It will not be mini-PCI. Expect stares.

Anonymous said...

Michael,

The HackRF board and its goals seem quite interesting for sure. However, I am wondering why an 8-bit resolution was selected as a goal vice trying to shoot for say 16-bit or greater resolution?

Whilst it seems obvious that the HackRF board will have many potential capabilities, will it be able to function as an Ubertooth One as well or will this functionality not really be possible with a finalized variant of the HackRF board?

Michael Ossmann said...

We're using 8 bit samples primarily to save cost. If you have any doubts as the usefulness of 8 bit samples, take a look at the amazing things people have done with rtl-sdr.

HackRF will not function as an Ubertooth exactly, but it could be used for similar applications. The reason we kept libbtbb as a separate library is so that we can revive gr-bluetooth for Bluetooth baseband applications using SDR platforms like HackRF in addition to using simpler platforms like Ubertooth One. I expect that Project Ubertooth will continue to be the easiest to use, lowest cost platform for identification of non-discoverable Bluetooth devices.

Anonymous said...

gr-bluetooth is for what? Can you please redirect me to documentation for it?

Anonymous said...

Mr mossman,
put this project on KICKSTARTER!!!!!

They will support you with thousands of

$$$ to get production going.

j.p.

Anonymous said...

Looks like a nice device. I could have fun listening to various radio frequencies with it. My only concern about it is if it can really transmit over the range of frequencies it can listen to. I'm sure there are legal issues putting a transmitter in the hands of people not licensed to operate transmitters in some of the frequency ranges of this device. If it's output power is low enough, then maybe it won't be an issue.

Anonymous said...

Its a good idea but people are missing the point with SDRs. Legasy modulation is predominantly used on HF and there are many off the shelf HDKs and commercial hardware can be modded for BT, WIFI ect. What needs to be done for this spectrum coverage is D-Star, QAM, GSM, TETRA, DECT and various others. Most modulations in this spectrum coverage are digital. But there seams to be little support for them. Back in the 90`s i used to entertain myself with ETACS but have not been able to do so with GSM that would be good.

Anonymous said...

And do digital modes as i say BUT no TX the CAA for example will throw the book at you you will never be able to import anything that can TX in the air band. Ofcom in the the UK will be realy funny about that you`d never get it to market.

in·e·luc·ta·ble said...

Yes I second the Kickstarter idea! Though I foresee some potential legal issues with it being RF :/

Anonymous said...

Congratulations on making a nightmare for the FCC and a hand tool for terrorists everywhere.

Anonymous said...

An ExpressCard (serial PCMCIA) form-factor would be the best, IMO. Great works, guys, keep it up!

Anonymous said...

Have you any news about the project or the first PROTOTYPE that we can buy ?

St

Anonymous said...

I think there's a 'one chip' solution available...

http://www.analog.com/en/rfif-components/rfif-transceivers/ad9361/products/product.html

$300 and small, check :)

Michael Ossmann said...

For the latest information on availability, see http://greatscottgadgets.com/hackrf/

Ramssel Lendínez said...

I am final year student of telecommunication engineering, I want to develop a first prototype of this project on an FPGA, Do you know if there's already something similar? is it possible?

Thanks