Hackaday has brought to attention a document written by a Rory O’Hare which discusses the journey Rory took in trying a decode an unknown 433 MHz signal received from his SDR dongle.

If you are interested in manually decoding some unknown signals you may be interested in this write up as it discusses his entire journey including the failures he encountered along the way. Basically he records some packets using his SDR dongle, works out their bit patterns manually and then attempts to find correlations between the packets in an attempt to discover their structure. In the end his efforts are successful as he discovers that he is receiving a temperature sensor and is able to decode the temperature readings.

The post Blindly Reverse Engineering a Wireless Protocol appeared first on rtl-sdr.com.

Over on ttrftech’s blog in Japanese (use Google translate), ttrftech has uploaded a new RTL-SDR program for Chrome which allows 3D visualization of the frequency spectrum. The program can be installed by simply downloading the files from GitHub and loading them into Chrome. Ttrftech explains that the program should work on any OS, but he has so far only been able to test it on MacOS.

The post 3D Frequency Spectrum Visualization with Chrome and RTL-SDR appeared first on rtl-sdr.com.

Amateur radio astronomy hobbyist Jim Sky has written on his blog about his new program called RTL Bridge with allows the RTL-SDR to directly connect to his other radio astronomy programs Radio-SkyPipe and Radio-Sky Spectrograph. Jim describes his two existing program as follows.

Radio-Sky Spectrograph displays a waterfall spectrum. It is not so different from other programs that produce these displays except that it saves the spectra at a manageable data rate and provides channel widths that are consistent with many natural radio signal bandwidths. For terrestrial , solar flare, Jupiter decametric, or emission/absorption observations you might want to use RSS.

Radio-SkyPipe is a souped-up strip chart program which plots signal strength over time. When getting its data from RTL Bridge, RSP is plotting the total power in the spectrum covered by the RTL receiver centered around its set frequency. While the raw values are proportional to power, you will have to apply a function via the RSP Equations feature to apply a calibration if you want absolute values. For signals that do not have significant spectral structure of interest, this would be the preferred way to plot the data.

The post Radio Astronomy with RTL Bridge and Radio-Sky Spectrograph appeared first on rtl-sdr.com.

A new instructional page for the rtl_power tool is now available on main author keenerds webpage. Rtl_power is a command line tool for logging wide band frequency power scans to a CSV file. The CSV files can then be used for analysis or to create a large frequency plot image. An example of a 2 GHz+ bandwidth scan over 24 hours is shown below. Rtl_power is available as part of the official osmocom RTL-SDR drivers.

The post RTL_POWER Instructions appeared first on rtl-sdr.com.

A few months back we posted about how the the RTLSDR-Scanner software had been updated to include signal triangulation capabilities. Now blogger Tobby has written a post about his attempt at triangulating the source of an encrypted police signal with RTLSDR-Scanner.

To do this he set up a laptop in his car with RTLSDR-Scanner installed and connected his RTL-SDR with stock antenna and a GPS receiver. After driving around for only 15 minutes he was able to get a triangulation heat map of reasonable accuracy.

The post Triangulation of a VHF Signal with RTLSDR-Scanner appeared first on rtl-sdr.com.

Back in June we posted about DE8MSH’s rtl_power based heatmap viewer which was automatically generated every day from a Raspberry Pi. The browser based heatmap display provides a way to view the frequency and time of where the mouse pointer is allowing you to easily identify signals.

Back then the code was unavailable but now DE8MSH has released his code on GitHub. An example heatmap generated by the code can be found here.

The post RTL_POWER Heatmap Viewer appeared first on rtl-sdr.com.

A new HF upconverter designed for the RTL-SDR has gone up on ttrftech’s Japanese language blog (use Google Translate). The upconverter is called the ‘SC-HFCONV-100′ and comes with 100 MHz oscillator, SMA connectors, USB mini-B power.

Currently the upconverter is only available for sale on the Japanese Amazon store, but it is possible to still order it through the jzool-agent Japanese shopping service.

The post New Japanese HF Upconverter for the RTL-SDR appeared first on rtl-sdr.com.

If you didn’t already know Keenerd (aka Kyle Keen), author of rtl_fm, rtl_power, rtl_adsb and rtl_sdl is having a fundraiser to raise funds to pay for a month of RTL-SDR improvement programming. As of the time of this post we’re about halfway through the fundraiser’s 30 day time limit and it has already generated $2,260 USD out of the minimum desired $3000 USD. Keenerd has also written a report on the status of the fundraiser so far.

Remember that the more funds raised, the more time he will have to work on the software meaning a better RTL-SDR experience for everyone. (Note that the improvements are for Windows, Mac and Linux).

Having raised this much already Keenerd has begun work and has already made some improvements to the RTL-SDR drivers based on Teejeez’s work. A list is shown below.

• dithering[3] - Possibly the secret sauce to phase aligned multiple dongles. I don’t have the setup to operate this or the math to confirm. rtl_sdr -N or rtlsdr_set_dithering() to access it.
• IF freq and bandwidth filters[4] - Extend the HF range somewhat. Less out-of-band aliasing.
• register caching[5] - Don’t re-send values that have not changed. Slightly modified the noise floor in my tests, which it should not have.
• register batching[6] - Delay changing registers until a command finishes, then send them all.
• cache i2c repeater[7] - Normally the i2c port is enabled and disabled between every single byte. Leave it open while its in use.
• pll tweaks[8] - People smarter than me wrote these, and it didn’t seem to make anything worse. Might also extend the HF range.

See the original Reddit thread discussing these improvements here and here for a link to the GitHub download page. Note that at the moment you will need to compile the drivers yourself.

The post Updates on Keenerds RTL-SDR Improvement Project appeared first on rtl-sdr.com.

In this Hak5 episode Darren discusses the HackRF PortaPack which is a portable LCD screen device that connects to a HackRF SDR and allows portable frequency spectrum visualization. The PortaPack is currently under development and in the future it will allow demodulation of multiple audio modes and possibly digital demodulation and recording capabilities as well.

Later in the episode Shannon presents a tutorial on HDSDR, an SDR GUI alternative to SDR#. She shows how to install and use the HDSDR program.

The post Hak5: Exploring With The PortaPack and HDSDR appeared first on rtl-sdr.com.

Wired.com has posted an article showing how security researcher Cesare was able to use his USRP software defined radio to unlock a car with wireless entry. Essentially his hack involves brute forcing the rolling security code used by the wireless unlocking security protocol. Even with just a brute force attack he was able to unlock his car in just a few minutes. While this hack probably won’t work with newer cars which disable unlocking for a few minutes after a number of failed code attempts, Cesare notes that the hack will probably work for many similar cars of the 10 years or older generation.

This article goes along with their previous one discussing how thieves could hack into a home alarm system using a software defined radio.

The USRP is an advanced software defined radio that sells for around a thousand dollars but we note that the same attack could be performed with the cheaper and almost available HackRF SDR.

The post Brute Force Unlocking a Car with a USRP Software Defined Radio appeared first on rtl-sdr.com.

In this episode of Hak5 amongst other things presenter Shannon explores yet another SDR GUI alternative at around the 14 minute mark. This time she shows SDR-RADIO which is an RTL-SDR compatible alternative to SDR# and HDSDR. She shows how to install SDR-RADIO and how to use it. If you are interested in SDR-RADIO we also have installation instructions available on our Quickstart Guide.

The post Hak5: ToorCamp Finale And More Fun With SDR appeared first on rtl-sdr.com.

A new funding campaign for an RTL2832U based software defined radio has gone up on Indiegogo. The new SDR is called the XiOne and is intended to be the first SDR that is easy to use with smartphones and open to the maker community.

With its 100 kHz to 1.7 GHz receiving range, the XiOne has a similar tuning range to the standard RTL-SDR dongles when an upconverter or the direct sampling mod is used. What makes the XiOne different is that it will have a built in MIPS processor, an internal rechargeable battery for portability and it will connect directly through WiFi to a smart device. They are also developing SDR GUI software for mobile devices including decoders for things like ADS-B, AIS and NOAA Satellites.

The IndieGoGo backer price for a XiOne is $179 USD, but if you act fast there are 100 units available at the promotional price of $139 USD. At the moment they have a working prototype with completed firmware, portable Java based SDR GUI, iPhone demodulation software, a MacOS ADS-B receiver, an iPad AIS receiver and an iPad spectrum analyzer. The fundraiser is to help them begin serial production.

There is a Reddit thread discussing the project here.

The post XiOne – A RTL2832U based Portable Software Defined Radio: Indigogo Funding Campaign appeared first on rtl-sdr.com.

Thomas Winningham, author of the rtl_fm_python web application for the RTL-SDR has given a talk at the PyOhio 2014 conference. In Thomas’ presentation he gives an overview of the RTL-SDR dongle and then goes on to discuss his RTL-SDR Python library and software.

If you are interested in developing your own software for the RTL-SDR this talk may be of interest to you as he discusses several aspects of the code used in his RTL-SDR library.

The post RTL-SDR Software Radio with CTypes appeared first on rtl-sdr.com.

Black Hat, a large conference about information security related topics has recently finished and videos of some of the talks given have now been uploaded to YouTube. This year we have found three talks related to Software Defined Radio.

Breaking the Security of Physical Devices by Silvio Cesare

We posted about Silvio’s successful attempt at breaking into a car wirelessly earlier this month and now here is his presentation.

In this talk, I look at a number of household or common devices and things, including a popular model car and physical security measures such as home alarm systems. I then proceed to break the security of those devices. The keyless entry of a 2004/2005 popular make and widely used car is shown to be breakable with predictable rolling codes.

The actual analysis involved not only mathematics and software defined radio, but the building of a button pushing robot to press the keyless entry to capture data sets that enable the mathematical analysis.

Software defined radio is not only used in the kelyess entry attack, but in simple eavesdropping attacks against 40mhz analog baby monitors. But that’s an easy attack. A more concering set of attacks are against home alarm systems. Practically all home alarm systems that had an RF remote to enable and disable the system were shown to used fixed codes. This meant that a replay attack could disable the alarm.

I built an Arduino and Raspberry Pi based device for less than $50 dollars that could be trained to capture and replay those codes to defeat the alarms. I also show that by physically tampering with a home alarm system by connecting a device programmer, the eeprom data off the alarm’s microcontroller can be read. This means that an attacker can read the secret passcode that disables or enables the alarm.

In summary, these attacks are simple but effective in physical devices that are common in today’s world. I will talk about ways of mitigating these attacks, which essentially comes down to avoiding the bad and buying the good. But how do you know what’s the difference? Come to this talk to find out.

Bringing Software Defined Radio to the Penetration Testing Community

Online slides.

“The large adoption of wireless devices goes further than WiFi (smartmeters, wearable devices, Internet of Things, etc.).

The developers of these new types of devices may not have a deep security background and it can lead to security and privacy issues when the solution is stressed.

However, to assess those types of devices, the only solution would be a dedicated hardware component with an appropriate radio interface for each one of them.

That is why we developed an easy-to-use wireless monitor/injector tool based on Software Defined Radio using GNU Radio and the well-known scapy framework.

In this talk, we will introduce this tool we developed for a wide range of wireless security assessments: the main goal of our tool is to provide effective penetration testing capabilities for security auditors with little to no knowledge of radio communications.”

The post Black Hat Software Defined Radio Talks appeared first on rtl-sdr.com.

Another security and hacking conference that recently finished is Defcon 2014. During this conference there was a “Wireless Village” were there were talks discussing all things related to radio frequency. During this conference there were many talks related to Software Defined Radio.

A list of all talks at the Defcon Wireless Village 2014 can be found on this page. The most interesting talks that we found related to SDR are shown below.

Hacking the Wireless World with Software Defined Radio

Presented by Balint Seeber, SDR Evangelist as Ettus Research. Balint presented a similar talk at Black Hat and the slides to go along with that can be found here.

Ever wanted to spoof a restaurant’s pager system? How about use an airport’s Primary Surveillance RADAR to build your own bistatic RADAR system and track moving objects? What sorts of RF transactions take place in RFID systems, such as toll booths, building security and vehicular keyless entry? Then there’s ‘printing’ steganographic images onto the radio spectrum…

Wireless systems, and their radio signals, are everywhere: consumer, corporate, government, amateur – widely deployed and often vulnerable. If you have ever wondered what sort of information is buzzing around you, this talk will introduce how you can dominate the RF spectrum by ‘blindly’ analysing any signal, and then begin reverse engineering it from the physical layer up. I will demonstrate how these techniques can be applied to dissect and hack RF communications systems, such as those above, using open source software and cheap radio hardware. In addition, I’ll show how long-term radio data gathering can be used to crack poorly-implemented encryption schemes, such as the Radio Data Service’s Traffic Message Channel. If you have any SDR equipment, bring it along!

So ya wanna get into SDR?

Not explained through erotic interpretive dance, though could be, this presentation will cover the essentials for getting into the software defined radio hobby. Hardware requirements, distributed nodes, architecture designs, tips/tricks, random projects and common mistakes will be explained. This will be a technical talk that will be open for harassment, jokes, interaction and presented in a way that everyone will be able to take something away from it; wait, this is Vegas… but we’re hackers…

SDR Tricks with HackRF

HackRF and some other Software Defined Radio platforms can be used in creative ways. I’ll show methods, including a dirty trick or two, for using HackRF outside the advertised frequency range. I’ll also show how the HackRF design lends itself to use as an oscilloscope or function generator suitable for many hardware hacking tasks.

PortaPack: Is that a HackRF in your Pocket?

The PortaPack H1 transforms the HackRF One software-defined radio into a hand-held radio exploration tool. Spectrum analysis, monitoring and logging, and demodulation and injection of simpler digital modes will be demonstrated by Jared Boone, a HackRF project contributor.

PHYs, MACs, and SDRs

The talk will touch on a variety of topics and projects that have been under development including YateBTS, PHYs, MACs, and GNURadio modules. The talk will deal with GSM/LTE/WiFi protocol stacks.

SDR Unicorns

A panel with SDR Gurus Michael Ossmann, Balint Seeber and Robert Ghilduta.

The post Videos from DEFCON 22 Wireless Village Talks appeared first on rtl-sdr.com.

Wireless wall outlets are electrical outlets that can be turned on or off by a wireless remote. Fabien is an experimenter who was looking for a way to control the power of his home devices from a remote location using HTTP. He thought of building his own from scratch, but quickly realized that the device would need to be certified for insurance purposes. Instead he bought a cheap commercially made certified wireless wall outlet and reverse engineered the protocol using an RTL-SDR.

To do that he used the existing OOK-Decoder software available on GitHub. From the analysis provided by OOK-Decoder, Fabien was able to successfully reimplement the transmission using an AVR microcontroller and 433 MHz transceiver circuit from Sparkfun.

After being successful with this, Fabien decided to take the project a step further and create the OOKLONE – a device that could automatically clone any 433.92 MHz OOK signal and replay it. The video below shows the OOKLONE in action.

The post Reverse Engineering Wireless Wall Outlets And Automatically Cloning OOK Signals appeared first on rtl-sdr.com.

The HackRF One is a new software defined radio that has recently been shipped out to Kickstarter funders. It is a transmit and receive capable SDR with 8-Bit ADC, 10 MHz to 6 GHz operating range and up to 20 MHz of bandwidth. It can now be preordered for $299 USD. We just received ours from backing the Kickstarter and here’s a brief review of the product. We didn’t do any quantitative testing and this is just a first impressions review. So far we’ve only tested receive on Windows SDR#.

Unboxing

Inside the box is the HackRF unit in a quality protective plastic casing, a telescopic antenna and a USB cable. We show an RTL-SDR next to the HackRF for size comparison.

HackRF Windows SDR# Installation Process

Installation of the HackRF on Windows is very simple and is the same process as installing an RTL-SDR dongle. Assuming you have SDR# downloaded, simply plug in your HackRF into a USB port, open zadig in the SDR# folder, select the HackRF and click install driver. The HackRF is now ready to use with SDR#.

Initial Receive Review

We first tested the HackRF at its maximum bandwidth of 20 MHz in SDR#. Unfortunately at this sample rate the PC we used (Intel i5 750) could not keep up. The waterfall and audio were very choppy, even when the waterfall and spectrum analyser were turned off. After switching to the next lowest bandwidth of 16 MHz everything was fine. With the waterfall resolution set to 65536 the CPU usage was at around 45-50%.

It is very nice to have such a wide bandwidth at your disposal. However, the drawback is that with such a wide bandwidth it is very difficult to find a narrowband signal on the waterfall if the frequency is unknown. This might make things difficult for people new to signal browsing. Also, since the bandwidth is so wide the waterfall resolution when zoomed in is very poor making it very difficult to see a clear signal structure, but this is more a problem with SDR# rather than the HackRF.

The included antenna is good and made of a high quality build. There is a spring in the base of the antenna which may be an inductor, or may just be there for mechanical reasons. As the antenna screws directly into the HackRF body there is no place for a ground plane which degrades the antennas performance somewhat.

The HackRF has no front end filtering (preselectors) so there are many images of strong signals that show up at multiples of the selected sample rate. Most wideband SDRs are like this but these images are also not helped by the low 8 bit ADC resolution. Image rejection and sensitivity could be improved by using your own preselector front end like many people have done with the RTL-SDR. Overall reception sensitivity seems to be very similar to the RTL-SDR.

There are three gain settings available for the HackRF in SDR#. One is for the LNA Gain, one for VGA gain and the third is a check box for ‘Amp’. The LNA gain is the main gain that should be used and usually only a small amount of VGA gain is needed as VGA gain seems to just increase the noise the same amount as the signal. We’re not sure what ‘Amp’ is, but it seems to do something similar to ‘RTL AGC’ on the RTL-SDR. The ‘Amp’ button enables a front end amplifier which may be useful for very weak signals, but it should normally be turned off as it also amplifies noise and could potentially damage the HackRF if a very strong signal is nearby (Thanks to ‘Truth’ from the comments for pointing this out).

We checked the PPM offset against a known signal and found that the offset was -12 ppm, which was pretty good. Only about 1 ppm of thermal drift was seen throughout the operation of the HackRF.

The HackRF was able to receive all the expected signals across the advertised frequency range easily and was even able to go below the advertised 10 MHz to receive broadcast AM. At 10 MHz there was significant imaging from the broadcast AM band however so for HF use you may want to consider a bandstop or other filter.

Overall the HackRF is a good product and is great for those who want the massive frequency range, wide bandwidth and transmit capability. But if you are interested in reception only and are looking for a wide bandwidth SDR upgrade to the RTL-SDR I would suggest waiting for the Airspy to be released. The advantage to the Airspy will be its 12-bit ADC and cheaper price. Airspy has entered production now and the first batch of 500 units should soon be available. (Note, this site is not affiliated with Airspy or HackRF in any way)

Here are some example wide band signals received with the HackRF.

Here is another review by a YouTube user who focuses on HF reception

Here is an older review comparing the specs of the HackRF against the BladeRF and USRP B200.

The post HackRF Initial Review appeared first on rtl-sdr.com.

Over on GitHub user kik has uploaded a tutorial and code showing how to decode NTSC analogue TV in GNU Radio and an RTL-SDR. The tutorial is in Japanese, but Google translate should be good enough to understand the text. Kik shows us what GNU radio blocks to use and provides the python code needed to display the images on a simulated scope.

If you just want to receive analogue TV signals, try TVSharp.

The post Receiving NTSC Analogue TV with GNU Radio and an RTL-SDR appeared first on rtl-sdr.com.

One of the many uses of the RTL-SDR is as a random number generator for generating entropy. Entropy is needed in computing for many application such as in encryption and security.

Noel Bourke has written an article on his blog about using the RTL-SDR as an entropy source on Linux. Noel uses RTL-Entropy and shows how to set up Linux to use the RTL-SDR as the entropy source for /dev/random.

The post Using an RTL-SDR as a Cheap Entropy Source appeared first on rtl-sdr.com.

New software defined radio (SDRs) products are popping up every few months these days so we thought we’d compile a list of some of the most popular ones as there are a few people looking to upgrade from an RTL-SDR.

For each SDR we compare the cost, frequency range, ADC resolution, maximum instantaneous bandwidth, whether or not it can TX and if it has any pre selectors built in. Here is a quick guide to what some of these metrics mean.

Frequency Range: The range of frequencies the SDR can tune to.
ADC Resolution: Higher is better. More resolution means more dynamic range, less signal imaging, a lower noise floor, more sensitivity when strong signals are present and better ability to discern weak signals.
Instantaneous Bandwidth: The size of the real time RF chunk available.
RX/TX: Can the radio receive and/or transmit.
Preselectors: Analogue filters on the front end to help reduce out of band interference and imaging.

General Use Software Defined Radios

We define general use SDRs as ones with a wide frequency range and with no focus on any specific frequency band.

R820T RTL2832U a.k.a RTL-SDR

Cost: $10 – 22 USD
Frequency Range: approx. 24 MHz – 1766 MHz
ADC Resolution: 8 Bits
Max Bandwidth: 3.2 MHz / 2.4 or 2.8 MHz max stable.
TX/RX: RX Only
Preselectors: None

The RTL-SDR is still the best ‘bang for your buck’ software defined radio out there. While it was never designed to be used as a general purpose SDR in the first place, its performance is still surprisingly good. If you’re on a budget or are just starting out with SDR or radio this is the one to get. (Link)

FunCube Dongle Pro+

Cost: $~210 USD
Frequency Range: 150 kHz - 260 MHz and 410 MHz - 2.05 GHz
ADC Resolution: 16 Bits
Max Bandwidth: 192 kHz
TX/RX: RX Only
Preselectors: Yes 11 switched SAW filters

The FunCube is one of the original ‘dongle’ based SDRs made for hobbyists. It has certain major advantages over a cheap RTL-SDR like its 16 Bit ADC resolution and 11 discrete sharp SAW hardware filters. These sharp preselector filters really help to reduce noise and images which can in some cases plague the RTL-SDR and other SDRs without filtering. However, a major disadvantage to the FunCube is that its bandwidth is small at only 192 kHz. (Link)

Airspy

Cost: Unreleased (release imminent). Expected cost $100 – $200 USD.
Frequency Range: 24 MHz – 1.750 GHz
ADC Resolution: 12 Bits
Max Bandwidth: 10 MHz
TX/RX: RX Only
Preselectors: Yes, tracking RF filters

The Airspy is not for sale at the moment, but it’s release is imminent having now entered production. This SDR is designed by the programmer of SDR#. Many people are seeing it as their upgrade to the RTL-SDR, with its wide 10 MHz bandwidth, 12 Bit ADC and higher precision clock (meaning less frequency offset). The Airspy code is open source and it also has a built in microprocessor which may be useful for many projects.

Airspy will likely be priced similarly to the FunCube at around $200 USD, but pricing is not yet confirmed. (Link)

XiOne

Cost: Unreleased. Expected cost $199 USD.
Frequency Range: 100 kHz – 1.750 GHz
ADC Resolution: 8 Bits
Max Bandwidth: 3.2 MHz
TX/RX: RX Only
Preselectors: None

The XiOne is a SDR that is claimed as ‘The first software defined radio easy to use with smartphones and fully open to the maker community’. It is unreleased and currently looking for crowd funding for mass manufacturing through Indiegogo.

The main advantage of the XiOne is that it is battery powered and connects to smartphones via a WiFi connection. The developers are also creating a wide array of smartphone apps for the device. Like the Airspy it also has a built in general purpose microprocessor.

The main concerns with this SDR are that it uses the RTL2832U chip - the same one used in the RTL-SDR. This means that there is only 8-bits of ADC resolution and 3.2 MHz of bandwidth, though this is probably acceptable due to its mobile application priority as any larger sample rates or resolutions could have trouble with WiFi data rates. (Link)

SDR Play

Cost: $299 USD
Frequency Range: 100 kHz – 380 MHz and 430 MHz – 2 GHz
ADC Resolution: 10 Bits
Max Bandwidth: 8 MHz
TX/RX: RX Only
Preselectors: Yes 8 switched first order filters

SDRPlay is a fairly new SDR that uses the Mirics MSI3101 SDR chip and a MSI001 tuner. It has 8 built in switched preselectors that cover selected ranges over the entire bandwidth. As it has preselectors it can be thought of as a competitor to the Funcube Dongle Pro+ and Airspy. Though, the difference seems to be that SDRPlay uses simpler first order filters, whereas the Funcube uses sharper SAW filters. The first order filters will have less insertion loss, but will block unwanted signals more poorly. The SDRPlay also has a much larger bandwidth compared to the FunCube which is a major advantage. (Link)

HackRF One

Cost: $299 USD
Frequency Range: 10 MHz to 6 GHz
ADC Resolution: 8 Bits
Max Bandwidth: 20 MHz
TX/RX: TX and RX (Half Duplex)
Preselectors: None

The HackRF is one of the first ‘low cost’ software defined radios that is capable of receiving and transmitting, although only in half duplex mode (cannot TX and RX simultaneously). It has received the most media attention out of any SDR and it seems to be marketed towards hackers and security researchers, but it should be just as capable for general ham or hobbyist users.

The main advantages of the HackRF are its transmit capabilities, its wide bandwidth and its massive frequency range. There are concerns about its small 8 bit resolution, so noise performance is likely to be similar to the RTL-SDR. It also has an on board Arm Cortex M4 microcontroller and a CPLD.

The HackRF has good community support, an example already being the HackRF Portapack, a portable spectrum analyser designed to fit onto the HackRF. (Link)

MyriadRF

Cost: $299
Frequency Range: 300 MHz – 3.8 GHz
ADC Resolution: 12 Bits
Max Bandwidth: 28 MHz
TX/RX: TX and RX (Full Duplex)
Preselectors: None

Myriad RF is an open source SDR that uses the same transceiver chip as the BladeRF shown below. A modified version is also compatible with the Novena open source laptop. Aimed towards embedded developers as the Myriad RF by itself does not have hardware to connect to a PC. (Link)

BladeRF

Cost: $420 USD (x40), $650 USD (x115)
Frequency Range: 300 MHz – 3.8 GHz
ADC Resolution: 12 Bits
Max Bandwidth: 28 MHz
TX/RX: TX and RX (Full Duplex)
Preselectors: None

Another TX and RX capable SDR is the BladeRF. The BladeRF has a smaller frequency range compared to the HackRF, but has a greater ADC resolution, larger maximum bandwidth and is capable of full duplex transmissions. It also uses USB 3.0 which is required to support the data rates needed for its wide bandwidth and 12 bit ADC. From the specs the BladeRF is a better receiver compared to the HackRF due to its larger ADC resolution, but it misses out on the frequencies below 300 MHz. Frequencies below 300 MHz can be received with a $200 transverter add on board however.

The BladeRF also comes with an on-board ARM9 general purpose processor and an FPGA for some serious digital signal processing work.

The main difference between the x40 and more expensive x115 versions are simply that the x115 version has a larger FPGA (more logic elements). (Link)

USRP B200/B210

Cost: $675 USD (B200), $1100 USD (B210)
Frequency Range: 70 MHz – 6 GHz
ADC Resolution: 12 Bits
Max Bandwidth: 56 MHz
TX/RX: TX and RX (Full Duplex) (B200), 2 x TX and 2 x RX (Full Duplex) (B210)
Preselectors: None

The USRP B200/B210 are advanced software defined radios that seem to be aimed more towards the professional and research market, but are still very usable for hobbyists. The USRP team recently used some of these devices to help contact the lost ISEE-3 spacecraft using the large Arecibo radio dish.

The difference between the B200 and B210 is simply that the B210 can transmit and receive in full duplex with two signals at a time, making the B210 a MIMO system. (Link)

ASRP3/ASRP1

Cost: $300 USD, $600 USD
Frequency Range: 400 MHz – 4.4 GHz
ADC Resolution: 12 Bits
Max Bandwidth: 8 MHz
TX/RX: RX Only (ASRP3), 2 x RX and 2 x TX (Full Duplex) (ASRP1)
Preselectors: None

We don’t know much about these SDRs but the ASRP3 seems to occupy a similar space as the Airspy and the ASRP1 seems to be similar to the HackRF/BladeRF/USRP B210. (Link)

WinRadio WR-G305e/i

Cost: $749.95 USD
Frequency Range: 9 kHz - 1.8 GHz
ADC Resolution: NA (sound card based)
Max Bandwidth: NA (Sound card based)
TX/RX: RX Only
Preselectors: Yes, tracking

A general purpose receiver by WinRadio. Has tracking filters on the front end. Comes in an external box with USB connection, or in a PCI 2.2 card. (Link)

Pervices Noctar/Crimson

Cost: $2499 USD / $4999 USD
Frequency Range: 100 kHz – 4.4 GHz / 100 kHz – 6 GHz
ADC Resolution: 12 Bits / 16 Bits
Max Bandwidth: 250 MHz / 800 MHz
TX/RX: RX and TX (Full Duplex) / 4 x RX and 4 x TX (Full Duplex)
Preselectors: None

A high performance SDR that fits in the PCIe slot in a PC. Because of its PCIe interface it can provide up to a massive 250 MHz worth of bandwidth. Pervices also sell the more expensive Crimson SDR, with a frequency range up to 6 GHz and a huge 800 MHz worth of bandwidth. The huge bandwidths available can be processed on the onboard Altera Cyclone IV/V FPGA. Marketed more for industrial and research purposes. (Link)

AOR AR-2300

Cost: $3599.95
Frequency Range: 40 kHz – 3.15 GHz
ADC Resolution: 14 Bits
Max Bandwidth: 15 MHz
TX/RX: RX Only
Preselectors: Unknown. Assumed yes.

A very high performance wideband SDR receiver that has good performance over the entire frequency range. Can purchase add on boards such as a P25 decoder. Seems to be targeted at Government users. (Link) (Purchasing Link)

Matchstiq

Cost: $4500 USD
Frequency Range: 300 MHz – 3.8 GHz
ADC Resolution: 12 Bits
Max Bandwidth: 28 MHz
TX/RX: RX and TX
Preselectors: Yes

A very advanced SDR and high priced SDR. Seems to be mainly intended for industrial applications. Has a built in Linux microcomputer and also has a dedicated GPS receiver. (Link)

Windy City SDR

Not much is known about this SDR other than the creator has advertised it on some blog comments a few times. Doesn’t appear to be available yet. (Link)

Red Pitya

Cost: $470
Frequency Range: 0 – 60 MHz
ADC Resolution: 14 Bit
Max Bandwidth: 50 MHz (Probably not instantaneous)
TX/RX: RX and TX
Preselectors: None

The Red Pitya is a little different to the above SDRs in that it is marketed and designed as a type of digital Oscilloscope. It connects to your mobile phone or PC and can be used as an oscilloscope, spectrum analyser or signal generator. Of course with the right apps it could also be used as a radio. (Link)

Modified RTL-SDRs

There are several individuals who are selling modified RTL-SDR dongles that utilize the direct sampling mod or a built in upconverter to receive HF frequencies.

Marty KN0CK Upconverting Receiver

Cost: $75 USD
Frequency Range: 500 kHz – 54 MHz
Preselectors: Low pass filter

This modded RTL-SDR receiver uses a miniature upconverter that is small enough to fit inside the dongle casing. Also has a MAR-8 preamp and 5-pole low pass filter. (Link)

Marty KN0CK Direct Sampling Receiver

Cost: $60 USD
Frequency Range: 500 kHz – 54 MHz
Preselectors: Low pass filter

This second version from Marty KN0CK uses the direct sampling mod for HF reception instead. Also has the built in MAR-8 preamp and 5-pole low pass filter. (Link)

Chinese Direct Sampling Receiver

Cost: $60 USD
Frequency Range: 100 kHz – 1.7 GHz
Preselectors: Low pass filter

A prebuilt direct sampling receiver by someone from China. Appears to be decent, but you probably won’t get any support for it if something is wrong. Can be found on Ebay.

DX Patrol Receiver

Cost: $105 USD
Frequency Range: 100 kHz – 2 GHz
Preselectors: Yes

This modified dongle is designed by CT1FFU, designer and manufacturer of some HF upconverters popular with the RTL-SDR. (Link)

Janielectronics Receiver

Cost: $129.99 USD
Frequency Range: 100 kHz - 1.5 GHz
Preselectors: Unknown. Assumed to have a low pass filter.

This is an RTL-SDR R820T built on a custom made PCB that fits into an original dongle casing. This is different to the other modified dongles that simply retrofit an existing RTL-SDR dongle. (Link)

Soft66RTL2

Cost: $50 USD
Frequency Range: 1 MHz – 30 MHz and 50 MHz – 1 GHz
Preselectors: Unknown.

Japanese modified RTL-SDR that uses an upconverter and comes in an aluminium box. Includes an RF amp as well. (Link)

Brazilian HF – UHF Receiver

Cost: $100 USD
Frequency Range: 0 kHz – 14.4 MHz and 24 MHz to 1.7 Ghz
Preselectors: ???

One of the first modified RTL-SDRs that went on sale. Is probably outdated now. (Link)

Japanese TCXO Modded Receiver

Cost: $90 USD
Frequency Range: approx. 24 MHz – 1766 MHz
Preselectors: None

This is not a mod to achieve HF reception but rather one to increase the frequency stability of the RTL-SDR. The manufacturer of this dongle has removed the stock oscillator on the RTL-SDR and replaced it with a precision temperature controlled oscillator (TCXO) to reduce frequency offset and thermal drift. (Link)

Ham Radio Targeted Software Defined Radios

Radio amateurs have had high performance SDRs for some time now. These receivers will usually significantly outperform the receivers shown above in terms of sensitivity, but they usually concentrate on the HF bands, which is what ham radio mostly uses. They are usually much more costly.

Softrock Ensemble SDR

Cost: $69 (RX Only Kit), $89 USD (TX/RX Kit), $92 USD (RX Built), $124 USD (TX/RX Built)
Frequency Range: Choice of either 160m, 80m/40m, 40m/30m/20m, 30m/20m/17m, 15m/12m/10m
ADC Resolution: N/A (sound card based)
Max Bandwidth: N/A (sound card based)
TX/RX: TX and RX (if option chosen)
Preselectors: Yes for the chosen band

The Softrock SDR is one of the original sound card based SDRs, meaning that the ADC conversion is done by a computer sound card. The bandwidth will be dependant on the maximum sampling rate of your sound card. The Softrock is a HF only SDR and you must choose which band you are interested in listening to when buying the kit or preassembled board.

The Softrock has good HF performance due to its preselector circuits. The kit is a great project for someone wanting to learn the components of an SDR. (Link)

Soft66LC4

Cost: $98 USD
Frequency Range: 500 kHz – 70 MHz
ADC Resolution: N/A (sound card based)
Max Bandwidth: N/A (sound card based)
TX/RX: RX Only
Preselectors: Yes band pass filter

Low cost sound card based receiver. Similar to the SoftRock but no TX option. (Link)

FiFi SDR

Cost: $169 USD (Kit with preselector)
Frequency Range: 200 kHz – 30 MHz
ADC Resolution: 24 Bits
Max Bandwidth: 192 kHz
TX/RX: RX Only
Preselectors: Yes low pass

Originally intended as a construction project for a youth camp, this SDR is now for sale as a low cost software defined radio. (Link) (Purchasing Link)

AFEDRI SDR-Net

Cost: $259 USD
Frequency Range: 10 kHz – 36 MHz
ADC Resolution: 12 Bits
Max Bandwidth: 1.85 MHz (Using network connection), 230 kHz (Using USB connection)
TX/RX: RX Only
Preselectors: Low pass filter

An SDR targeted at the budget ham market is this AFEDRI SDR-Net receiver. Has a LAN interface so it can be accessed remotely through a network – a feature rarely seen on cheaper ham radio SDRs. (Link)

Cross Country Wireless SDR Receiver 

Cost: $295 USD
Frequency Range: 850 kHz – 70.5 MHz
ADC Resolution: Sound card based
Max Bandwidth: 48 kHz (internal sound card), 192 kHz (external sound card)
TX/RX: RX Only
Preselectors: Yes band pass filters

Another low cost SDR but this one is sound card based. (Link)

Elad FDM-S1/S2

Cost: $379 USD / $580 USD
Frequency Range: 80 kHz – 30 MHz, 30MHz – 200 MHz (Under sampled) / 9 kHz – 52 MHz, 74 MHz – 108 MHz, 135 MHz – 160 MHz
ADC Resolution: 14 Bits / 16 Bits
Max Bandwidth: 6 MHz
TX/RX: RX Only
Preselectors: 30 MHz Low Pass Filter

A fairly high performance SDR. The FDM-S2 is a newer version of the S1 with improved ADC resolution. (Link S1) (Link S2)

Satrian MK1.5 Andrus

Cost: $480
Frequency Range: 5 kHz – 30 MHz
ADC Resolution: ???
Max Bandwidth: 400 kHz
TX/RX: RX Only
Preselectors: ???

An openly designed SDR with full schematics and software code available.Can buy an add on downconverter daughtercard for operation up to 2.2 GHz. (Link)

SDR-IQ

Cost: $525 USD
Frequency Range: 100 Hz to 30 MHz
ADC Resolution: 14 Bits
Max Bandwidth: 190 kHz
TX/RX: RX Only
Preselectors: Yes

An SDR made in the USA by RFSpace. Appears to be high quality with good performance. The same company also sells the SDR-IP and NetSDR which are networked SDR products. (Link)

FlexRadio FLEX-1500 SDR

Cost: $699
Frequency Range: 490 kHz – 54 MHz 
ADC Resolution: 16 Bits
Max Bandwidth: 20 kHz
TX/RX: RX and TX
Preselectors: Yes

The Flex series are capable of RX and TX. FlexRadio also have higher end SDRs with 24 bit ADCs and ones with up to 14 MHz of bandwidth available on their website. (Link)

HPSDR Hermes Transceiver Card

Cost: $895
Frequency Range: 10 kHz – 55 MHz
ADC Resolution: 12 bits
Max Bandwidth: 192 kHz
TX/RX: RX and TX
Preselectors: Yes low pass

An open source SDR project. (Link)

SRL QuickSilver QS1R

Cost: $899.99 USD
Frequency Range: 10 kHz – 300 MHz
ADC Resolution: 16 Bits
Max Bandwidth: 4 MHz
TX/RX: RX Only
Preselectors: Yes

Another high performance SDR competing in the same price range as the Perseus. (Link)

WinRadio WR-G31DDC Excalibur

Cost: $949.95
Frequency Range: 9 kHz – 49.995 MHz
ADC Resolution: 16 Bits
Max Bandwidth: 2 MHz
TX/RX: RX Only
Preselectors: MW Filter

Another high performance SDR. WinRadio also sell more SDRs with higher performance and ones that can plug directly into a PCI-e card slot. (Link)

Perseus SDR

Cost: $1,100 USD
Frequency Range: 10 kHz – 40 MHz
ADC Resolution: 14 Bits
Max Bandwidth: 1.6 MHz
TX/RX: RX Only
Preselectors: Yes 10 switched

Many owners of this SDR claim that it is one of the lowest noise SDRs available and that it is great for DXing. (Link)

NETSDR

Cost: $1449 USD (Basic Package)
Frequency Range: 100 Hz to 32 MHz
ADC Resolution: 16 Bits
Max Bandwidth: 1.6 MHz
TX/RX: RX Only
Preselectors: Yes 10

Another SDR by RFSpace, this one connects to the computer via a network connection, making it easy to be placed in remote locations. RFSpace also sell the SDR-IP which is a similar SDR but with TCP/IP networking. (Link)

Apache Labs ANAN-10

Cost: $1679 USD
Frequency Range: 10kHz – 55 MHz
ADC Resolution: 16 Bits
Max Bandwidth:  ??? MHz
TX/RX: RX and TX (Full Duplex)
Preselectors: Yes

Apache Labs sell high performance TX capable SDRs. They also sell more expensive versions of the ANAN series with more transmit power and also ones with built in FPGAs. (Link)

Did we miss any popular SDR receivers or are there any mistakes? Let us know in the comments.

The post Roundup of Software Defined Radios appeared first on rtl-sdr.com.