transceivers - software defined radio (SDR)

see also:

• software defined radio (SDR) receivers
• radio basics
• Ham amateur radio
• CB 2-way radio
• radio signal intelligence (SigInt)
• radio antennas
• see Youtube articles:
  • The Coolest Radio You've Probably Never Heard Of

• SDR transceivers are similar to software defined radio (SDR) receivers except they can also transmit radio - a function which potentially makes them problematic in possessing and using them in Australia
• if they are legal, they do make an awesome device for:
  • developing a deep understanding of how radio systems work
  • explore insecure systems such as testing your radio remote control devices (eg. car keys, garage doors) to see if they are easily hackable by the bad guys
  • etc

• they may cause a range of major issues whether unknown spurious transmissions, ignorant inappropriate use, or nefarious intent, these include:
  • interference with critical radio transmissions such as aircraft, emergency services, etc
  • interference with general broadcasts, other users
  • intentional or unintentional jamming of radio signals
  • life threatening impacts on medical devices such as pacemakers or implantable defibrillators
  • violating security systems eg. by spoofing, signal capture and replay
  • rarely, direct human impacts from high EMF - these would require high power transmissions which are not generally available without strict controls
• hence the criminal penalty for misuses whether intentional or not can be very high in Australia - up to $420,000 or 2yrs jail or both

• HackRF Portapack H4M R10+ transceiver
  • this is a fantastic educational device but may not be legal to own in Australia especially without a license?
  • the HackRF products were invented by https://greatscottgadgets.com/hackrf/
  • the HackRF Portapak was invented and developed by Jared Boone in 2014 as open source at https://www.sharebrained.com/portapack/. He is one of the original developers for the HackRF and created the PortaPack as an add-on that turns the HackRF into a portable software-defined radio device with an ARM Cortex M4 processor and a user interface resembling an iPod.
  • it turns the HackRF into a portable, all-in-one SDR device suitable for pentesting, signal analysis, and RF experimentation independently from a PC
  • makes capture and replay of wireless signals like those from ISM band remote controls extremely easy
  • can connect speakers to the Portapack's 3.5mm audio jack to listen in on standard NFM and WFM audio signals
  • using the 3.5mm audio jack the Portapack can also be used as a standard Push to Talk or voice activated walkie talkie radio - with a microphone plugged into the audio jack simply hold down the right button to push to talk
  • most now use it with advanced third-party firmware like Mayhem or Havoc, which offer many apps and features directly on the device.
    • https://www.rtl-sdr.com/a-review-of-the-hackrf-portapack-with-havok-firmware/
    • https://www.youtube.com/watch?v=C1ordAK0qrY
  • there are now a lot of Chinese clone versions of the HackRF Portapack
    • the latest version (H4M R10+) is produced by SDRlabs in China which also produces a forked version of the board know as the r10c white pcb that comes standard with the H4M. The best version of the module currently is another fork made by Clifford Heath, dubbed the clifford r10+, which adds more protection to the radio components.
    • adds USB-C port for charging
    • microSD card reader for installing apps etc ²⁾
    • uses a ipod style click wheel instead of knobs
    • choose HackRF mode to allow use of a computer's SDR software instead
    • adds a GPIO port so users can make their own add-ons for the H4M
    • adds true power switch to avoid phantom power drain and better battery Mx
    • adds built in microphone and switch toggle - And there is a toggle to switch between the Built-in and the Headphone Microphone
    • adds automatic switching of sound between the headphone and the speakers - Once you plug the headphone, the H4M will automatically switches from speaker mode to headset mode
    • has a “Fox-hunting” app which makes it easier to to radio direction finding to hunt down a small transmitter but current version does NOT have GPS capabilities - this could be added via an expansion board when one comes available ³⁾
    • https://opensourcesdrlab.com/products/h4m-receiver-and-spectrum-analyzer?VariantsId=10129
    • https://www.aliexpress.com/item/1005008783372475.html
• HackRF PortaRF AIFW transceiver
  • 2025 model;
  • improved larger higher resolution touch display
  • 3000mAh battery with short circuit and overcharge protection;
  • 2Mb not 1Mb;
  • improved case quality but the new red button protrudes too much
  • the dual boards of the previous models have been combined into a single board with substantial re-design although the radio part is slightly wider but otherwise identical to Hack RF One R10 (NOT the Clifford Heath version) board but may not have amp protection
  • internal expansion slot instead of extension expansion port which may allow final product to have an AI voice activated expansion board (hence AIFW AI Firmware naming) or an ESP32 WiFi board - but no GPS?
  • https://www.youtube.com/watch?v=LNKeIju5pRY
  • $US255-280
• Xiegu G90 HF SDR Transceiver
  • you need a license for this
  • 20W RF output; 0.5-0MHz;
  • ~$AU700

• these are similar to standard SDR USB receivers in that they need to be connected to a device such as a smartphone, tablet or computer which has SDR software installed (see software defined radio (SDR) receivers), but of course, in addition they can transmit radio

• HackRF
• HackRF One
  • Android only?
  • uses a Xilinx CPLD
  • https://www.amazon.com.au/NooElec-Software-Defined-Antenna-Adapter/dp/B01K1CCHR0/ $AU599
• HackRF Pro
  • upgrade to the HackRF One; open source hardware;
  • uses a NXP LPC43xx dual-core Arm Cortex M4/M0 microcontroller as its main chipset
  • power-efficient FPGA for logic functions instead of the Xilinx CPLD
  • 100 kHz to 6 GHz; tunable from 0 Hz to 7.1 GHz; half-duplex transceiver; USB-C;
  • https://greatscottgadgets.com/hackrf/pro/ $US400
  • https://ozhack.com/products/hackrf-pro $AU700
  • https://www.youtube.com/watch?v=C0W-pYcgHeA

• AD9361 chipset; 70Mhz-6GHz; 61.44MHz bandwidth; 12bit; 61.44MSPS sample rate; 2 transmit/2 receive channels; full duplex; USB 3.0; 10dBm transmit power;
• https://www.youtube.com/watch?v=3l_0z_MBgQ8

• ADALM PlutoSDR Active Learning Module
  • USB 2.0 portable self-contained RF learning module
  • Xilinx® Zynq Z-7010 FPGA
  • 325 MHz to 3.8 GHz
  • 20 MHz of instantaneous bandwidth; 12bit ADC DAC;
  • one transmitter and one receiver, half or full duplex;
  • OS X, Windows, and Linux
  • it is an ESD (electrostatic discharge) sensitive device so important to remove static charge on external equipment, cables, or antennas before connecting to the device
  • https://wiki.analog.com/university/tools/pluto
  • https://www.analog.com/en/resources/evaluation-hardware-and-software/evaluation-boards-kits/adalm-pluto.html#eb-overview
• HAMGEEK Original PLUTO+ transceiver
  • 70MHz-6GHz; ethernet; USB 2.0;
• HamGeek ADI Pluto+ 70Mhz-6Ghz SDR transceiver
  • XC7z020-2CLG400I FPGA with 2-core Cortex A9
  • USB-C; ethernet;
• MicroPhase ANTSDR E310 transceiver
  • FPGA xilinx zyng-7000 XC72020,ad9361/ad9363 compatible
  • ethernet; USB-C;
• LibreSDR / ZynqSDR transceiver
  • AD9363 70MHz-6GHz - an AdamPlutoSDR clone
  • ethernet, USB; 1Gb RAM; mSD card for firmware; debug port; ext clock port;
  • seems to work well with SDR++ (USB only) or SDR Console (USB or ethernet)
  • https://www.youtube.com/watch?v=HDEegX9IoUg

• BladeRF
  • USB 3.0; full-duplex 28MHz channels; independent RX/TX 12-bit 40MSPS quadrature sampling;
  • 300MHz - 3.8GHz; 16-bit DAC factory calibrated 38.4MHz +/-1ppm VCTCXO; 2×2 MIMO;
  • Linux, Win/MacOS; works with SDR Console but ? not with SDR ++
• BladeRF 2.0 micro:
  • next-generation 2×2 MIMO, 47MHz to 6GHz; 56 MHz filtered bandwidth (IBW);
  • AD9361 tranceiver; 2 Tx and 2 Rx SMA ports;
  • https://www.nuand.com/product/bladerf-xa4/ $US540-860 depending on board plus add $US175 for aluminium case
  • use at Melb Uni for teaching: https://gitlab.eng.unimelb.edu.au/elen90089/2023/documentation/-/wikis/bladerf/diff?version_id=7f2681104ba2a41621158f0269dc1125dd715ba9

• Digilent Ettus USRP B200 Mini
  • Xilinx Spartan-6 XC6SLX75 FPGA
  • 70 MHz to 6 GHz; 56MHz bandwidth; USB 3.0;
  • https://www.digikey.com.au/en/product-highlight/d/digilent/ettus-usrp-b200mini-radio cost over $AU2100

• these devices can receive radio (and often IR) signals and save them to be later replayed and transmitted
• intended for White Hat good guy “hackers” but could be used by criminals to hack old cars, etc
• thus they could clone a RFID badge, a car key remote (cars prior to 2014?) , a roller door remote, NFC cards
  • this not only allows you to assess security issues but allows you to create a “backup” of your older radio devices
• IR enabled ones could clone your TV remote, etc
• many of the above SDR transceivers can do these things but this section is more for devices specifically designed just to do this and not primarily to function as a SDR radio
• obviously, unauthorized access or manipulation of security systems using the Flipper Zero or similar devices is illegal
• eg. Flipper Zero
  • a multi-tool for nerds
  • radio and IR cloning including 125kHz RFID, 13.56 MHz NFC (can create NFC tags such as to open a web page),
  • built-in library of IR signals for common TVs, ACs, projectors, and stereo systems brands as well as a learning mode
  • bad USB stick mode so it automatically loads a script onto a computer if plugged in
  • can work as a bootable USB or USB mass storage device
  • can store, create and display barcodes
  • BTLE 5.4 for smartphone apps to update firmware etc
  • 256Gb microSD card slot to store data - get a 32Gb FAT32 good mSD card
  • 13pin GPIO port for troubleshooting hardware, acting as a USB adapter for UART, SPI, I2C, etc. ,3rd party boards such as Light Messenger.
  • Can flash ESP boards;
  • 50m range sub-1GHz antenna with -20 dBm max CC1101 transceiver; 2100mAh battery, USB2.0 USB-C charging and firmware flashing;
  • this device was initially banned in Canada on grounds of car thefts but no longer is and as of 2024 it was legal in Australia
    • https://cdn.flipperzero.one/FLIPPER_ZERO_RCM_AU_Suppliers_declaration_of_conformity_upd140622.pdf
  • https://www.youtube.com/watch?v=c8q2YVRiOAE
  • https://www.youtube.com/watch?v=FAlrheoM-AU
  • https://www.youtube.com/watch?v=FAlrheoM-AU Youtube: 2025 starters guide for the FlipperZero
  • https://flipperzero.one/ $US199
  • https://www.joom.com/geek/en/products/62f661838ed09b01ebd4e0e2 Aust re-seller $AU352