SDR Tutorial

White Paper

Presentation

 

Tutorials/Demonstrations

I. Audio Frequency Synthesizer

  1. Open GNURadio
  2. Double click “Options” Block
  3. Change QT GUI to WX GUI
  4. Click the Magnifying Glass to search
  5. Type “Signal Source”
  6. Double Click “Signal Source”
  7. You should now have a signal source block
  8. Search for and double click “WX Scope Sink”
  9. Search for and double click “Audio Sink”
  10. Connect the output of Signal Source to Scope Sink
  11. Connect the output of Signal Source to Audio Sink
  12. Ensure Variable samp_rate block, Signal Source Sample Rate, Scope Sink Sample Rate, and Audio Sink Sample Rate are all set to 32kHz
  13. Search and double click “WX GUI Slider”
  14. Set Slider ID to “freq”
  15. Set Slider default value to 500
  16. Set Slider Min value to 500
  17. Set Slider Max value to 1000
  18. Set Signal Source Sink to “freq”
  19. Compile and Run (press green play button)
  20. Save
  21. You should see the scope and the frequency should play out of your speakers. You can change frequency with the slider above the scope

Screenshot from 2017-04-07 17-42-00

II. FM Receiver with HackRF One

  1. Open GNURadio
  2. Double click “Options” Block
  3. Change QT GUI to WX GUI
  4. Double Click “Variable” samp_rate block
  5. Set Value to 2e6
  6. Click the Magnifying Glass to search
  7. Type “osmocom Source”
  8. Double Click “osmocom Source”
  9. You should now have an osmocom source block
  10. Set osmocom source frequency to freq. Make sure output is complex
  11. Search and double click “WX GUI Slider”
  12. Set ID to “freq”. Set default to 100e6. Set min to 90e6, set max to 105e6
  13. Search and double click “Rational Resampler”
  14. Set Interpolation to 1 and Decimation to 4. Make sure input and output are complex
  15. Wire output of osmocom Source to input of Rational Resampler
  16. Search and double click “Low Pass Filter”
  17. Set Decimation to 1, Gain to 1, Cutoff Frequency to 100k, and Transition Width to 1e6. Make sure input and output are complex
  18. Wire output of Rational Resampler to Low Pass Filter
  19. Search and double click “WBFM Receive”
  20. Set quadrature rate to 500k, Audio Decimation to 10. Make sure input is complex and output is float
  21. Wire Low Pass Filter to WBFM Receive
  22. Search and double click “Rational Resampler”
  23. Set Interpolation to 48 and Decimation to 50. Make sure input and output are float
  24. Wire WBFM Receive to Rational Resampler
  25. Search and double click “Multiply Const”
  26. Set constant to “vol” and make sure input and output are float
  27. Wire Rational Resampler to Multiply Constant
  28. Search and double click “Audio Sink”
  29. Set Audio Sink sample rate to 48kHz
  30. Wire Multiply Const to Audio Sink
  31. Search and double click “WX GUI Slider”
  32. Set default value to 0.5, set min to 0, set max to 1
  33. Search and Double click “WX GUI FFT Sink”
  34. Wire output of osmocom source to FFT Sink
  35. Compile and Run

You should see a spectrum analyzer plot and two sliders. One slider controls volume and the other controls frequency. Slide the volume to max and make sure your computer speakers are enabled. Slide the frequency to areas of the spectrum analyzer with peaks until you find a radio station that you can hear clearly.

Screenshot from 2017-04-07 16-57-48

III. Reverse Engineering an RC Car Controller

The first half of this tutorial (up to but not including transmission) will work for reverse engineering devices that us ASK, FSK, and PSK as their modulation scheme but the example used in this tutorial is for ASK (which is the most common modulation scheme for cheap remote control cars and other cheap wireless devices).

  1. Look for the FCC ID of the device that you want to reverse engineer. Often these are located in the battery cover.
  2.  Go to FCCID.io and type in the FCC ID. Here you will find important information including carrier frequency and modulation scheme. If you cannot find the FCC ID, you can still continue with this tutorial
  3. Open GNURadio
  4. Double click the “Options” Block and change QT GUI to WX GUI
  5. Double click the “Variable” Block samp_rate and change its value to 2e6
  6. Search and double click “osmocom Source”
  7. Set osmocom Source frequency to the frequncy found using th FCC ID (Note: If you could not find the FCC ID, use the osmocom source with a sliding frequency like in tutorials I and II and wire the osmocom source to an FFT block. You can slide around while enabling the wireless device you are trying to reverse engineer to look for peaks within the frequency range you believe it to be within)
  8. Wire the osmocom source to a scope and an FFT block (Don’t forget to make sure that the variable types agree)
  9. Compile and Run
  10. Transmit using the device you are trying to reverse engineer and ensure that you are observing the correct frequency
  11. Search and double click a “Complex to Float”
  12. Wire the output of the osmocom source to the type converter
  13. Search and double click “Wav File Sink”
  14. Select a file name and location in the Wav File Sink block and wire the real output of the type converter to the input of Wav File Sink
  15. Open and view your wav file (using a program like Audacity)
  16. Here, you must use some visual analysis. Review the concepts of ASK, FSK, and PSK and see if you can see any of those modulation schemes. If you do, you should be able to extract the bitstream. You should also be able to determine the bit period by observing the length of each bit. See example image at the end of the tutorial
  17. Create a new GNURadio file
  18. Set samp_rate to 2e6 and switch from QT GUI to WX GUI
  19. Search and double click “Vector Source”
  20. Change the vector in the Vector Source to the bitstream found in Step 16 (Example: 1101 –> (1,1,0,1))
  21. Search and double click “Repeat”
  22. Set Interpolation to (sample rate) times (bit period) (Note: you should be able to visually determine the bit period from step 16)
  23. Wire the Vector Source to the Repeat block
  24. Search and double click “Signal Source”
  25. Set frequency to the frequency found initially
  26. Search and double click “Multiply”
  27. Wire the Repeat block and the Signal Source to the inputs of the multiplication block (Ensure the inputs and outputs of the multiply block are set to complex)
  28. Search and double click “Throttle”
  29. Set Throttle to 2e6
  30. Wire Multiply to Throttle
  31. Search and double click “WX GUI Scope”
  32. Wire Throttle to scope
  33. Repeat steps 31 and 32 for WX GUI FFT Sink
  34. Search and double click “Complex to Float”
  35. Wire Throttle to type converter
  36. Search and double click “osmocom Sink”
  37. Set osmocom Sink frequency to the frequency found earlier
  38. Wire Throttle to osmocom Sink
  39. Compile and Run

Here is an example for an RC Car being controlled using ASK Modulation at 27.145MHz

Received wave opened in Audacity:

Screenshot from 2017-04-07 18-16-00

 

Signal being “on and off” indicates ASK and the repetitions indicate a single command being repeated several times

Zoomed In:

Screenshot from 2017-04-07 18-19-52

This indicates a bitstream of:

10101010101010101010100101101001100101011001011001011001

And a bit period of 0.4mS

Transmitter Flowgraph:

Screenshot from 2017-04-07 11-57-29