Gary Ayton's camping and photography wiki

User Tools

Site Tools

Trace: transceivers - software defined radio (SDR)
australia:sdr_transceivers

Table of Contents

transceivers - software defined radio (SDR)

see also:

  • I don't sell any of these nor do I receive any remuneration if you buy them, and I have not personally reviewed all of them, they are listed here to give you perspective

Introduction

  • SDR transceivers are similar to software defined radio (SDR) receivers except they can also transmit radio - a function which potentially makes them problematic in possessing and using them in Australia
  • if they are legal, they do make an awesome device for:
    • developing a deep understanding of how radio systems work
    • explore insecure systems such as testing your radio remote control devices (eg. car keys, garage doors) to see if they are easily hackable by the bad guys
    • etc
  • non-approved radio transmitters are illegal to even POSSESS in Australia
    • its impossible to work out from the legislation if the very low power SDR transceivers outlined here are legal to possess in Australia or not but seems the universities use them for teaching so I presume they are as long as you don't transmit illegally but I'm not confident at all about their legality for possession - see https://www.legislation.gov.au/F2021L00661/latest/text
    • examples of explicitly illegal devices without an approved license include:
      • CB radios above 5W or allow non-permitted transmissions - hence most of the Chinese online 2-way radios are NOT legal in Australia as often they are above 5W, allow transmissions on non-permitted wavelengths and are not certified for use in Australia!
      • mobile phone boosters (but approved cellular mobile repeaters are permitted)
      • WiFi jammers
      • drone jammers
      • mobile phone jammers
      • GPS jammers
  • in Australia, ordinary citizens without a radio license CAN use:
    • 2-way radios up to 5W on the approved CB radio bands for Australia
    • approved radio emitting devices such as:
      • smartphones, computers, tablets, WiFi routers, general WiFi-enabled devices, Bluetooth devices, FlipperZero, etc.
  • if you have a Ham radio license, you can also transmit on Ham radio frequencies in accordance to the rules, and at higher transmission power eg. 10W for foundation licensees
  • SDR transceiver devices generally allow a lot of transmitting mode functions which may be ILLEGAL - the fine in Australia is up to $420,000 and/or 2 years jail!
    • eg. HackRF Portapack does include various functions which are ILLEGAL in many countries including Australia but at the max transmit 32mW power of a HackRF there is not enough power to act as actual radio jammers
    • there are no Filters in the HackRF to limit spurious transmissions and this must be provided by external circuitry - hence these devices may NOT actually be compliant with Australian law even though they are primarily low output devices with max. 3-32mW transmitter power (max. at ~2.4GHz) for lab use1)
  • when using SDRs with transmit capability, to avoid legal issues from illegal transmissions (and minimise device damage):
    • Never transmit on any band on which you are not licensed to operate
      • eg. do NOT transmit ADS-B and POCSAG transmissions or broad transmissions such as jammer function (other than at very low power for lab purposes)
    • Always terminate TX ports with a 50 Ohm load (either an antenna or SMA terminator)
      • this will limit Tx output substantially and should avoid Tx issues
    • Never connect a TX port directly to an RX port without proper attenuation at least 30 dB

The problem with unlicensed transmissions or use of non-approved radio transmitters

  • they may cause a range of major issues whether unknown spurious transmissions, ignorant inappropriate use, or nefarious intent, these include:
    • interference with critical radio transmissions such as aircraft, emergency services, etc
    • interference with general broadcasts, other users
    • intentional or unintentional jamming of radio signals
    • life threatening impacts on medical devices such as pacemakers or implantable defibrillators
    • violating security systems eg. by spoofing, signal capture and replay
    • rarely, direct human impacts from high EMF - these would require high power transmissions which are not generally available without strict controls
  • hence the criminal penalty for misuses whether intentional or not can be very high in Australia - up to $420,000 or 2yrs jail or both

Standalone SDR devices with software and GUI

  • HackRF Portapack H4M R10+ transceiver
    • this is a fantastic educational device but may not be legal to own in Australia especially without a license?
    • the HackRF products were invented by https://greatscottgadgets.com/hackrf/
    • the HackRF Portapak was invented and developed by Jared Boone in 2014 as open source at https://www.sharebrained.com/portapack/. He is one of the original developers for the HackRF and created the PortaPack as an add-on that turns the HackRF into a portable software-defined radio device with an ARM Cortex M4 processor and a user interface resembling an iPod.
    • it turns the HackRF into a portable, all-in-one SDR device suitable for pentesting, signal analysis, and RF experimentation independently from a PC
    • makes capture and replay of wireless signals like those from ISM band remote controls extremely easy
    • can connect speakers to the Portapack's 3.5mm audio jack to listen in on standard NFM and WFM audio signals
    • using the 3.5mm audio jack the Portapack can also be used as a standard Push to Talk or voice activated walkie talkie radio - with a microphone plugged into the audio jack simply hold down the right button to push to talk
    • most now use it with advanced third-party firmware like Mayhem or Havoc, which offer many apps and features directly on the device.
    • there are now a lot of Chinese clone versions of the HackRF Portapack
      • the latest version (H4M R10+) is produced by SDRlabs in China which also produces a forked version of the board know as the r10c white pcb that comes standard with the H4M. The best version of the module currently is another fork made by Clifford Heath, dubbed the clifford r10+, which adds more protection to the radio components.
      • adds USB-C port for charging
      • microSD card reader for installing apps etc 2)
      • uses a ipod style click wheel instead of knobs
      • choose HackRF mode to allow use of a computer's SDR software instead
      • adds a GPIO port so users can make their own add-ons for the H4M
      • adds true power switch to avoid phantom power drain and better battery Mx
      • adds built in microphone and switch toggle - And there is a toggle to switch between the Built-in and the Headphone Microphone
      • adds automatic switching of sound between the headphone and the speakers - Once you plug the headphone, the H4M will automatically switches from speaker mode to headset mode
      • has a “Fox-hunting” app which makes it easier to to radio direction finding to hunt down a small transmitter but current version does NOT have GPS capabilities - this could be added via an expansion board when one comes available 3)
      • https://opensourcesdrlab.com/products/h4m-receiver-and-spectrum-analyzer?VariantsId=10129
      • https://www.aliexpress.com/item/1005008783372475.html
  • HackRF PortaRF AIFW transceiver
    • 2025 model;
    • improved larger higher resolution touch display
    • 3000mAh battery with short circuit and overcharge protection;
    • 2Mb not 1Mb;
    • improved case quality but the new red button protrudes too much
    • the dual boards of the previous models have been combined into a single board with substantial re-design although the radio part is slightly wider but otherwise identical to Hack RF One R10 (NOT the Clifford Heath version) board but may not have amp protection
    • internal expansion slot instead of extension expansion port which may allow final product to have an AI voice activated expansion board (hence AIFW AI Firmware naming) or an ESP32 WiFi board - but no GPS?
    • https://www.youtube.com/watch?v=LNKeIju5pRY
    • $US255-280
  • Xiegu G90 HF SDR Transceiver
    • you need a license for this
    • 20W RF output; 0.5-0MHz;
    • ~$AU700

Transceivers requiring a GUI device

  • these are similar to standard SDR USB receivers in that they need to be connected to a device such as a smartphone, tablet or computer which has SDR software installed (see software defined radio (SDR) receivers), but of course, in addition they can transmit radio
HackRF-based transceivers
OpenSource SDRLab B210 clone
Analog Devices AD9363 wideband transceiver SDRs
  • ADALM PlutoSDR Active Learning Module
  • HAMGEEK Original PLUTO+ transceiver
    • 70MHz-6GHz; ethernet; USB 2.0;
  • HamGeek ADI Pluto+ 70Mhz-6Ghz SDR transceiver
    • XC7z020-2CLG400I FPGA with 2-core Cortex A9
    • USB-C; ethernet;
  • MicroPhase ANTSDR E310 transceiver
    • FPGA xilinx zyng-7000 XC72020,ad9361/ad9363 compatible
    • ethernet; USB-C;
  • LibreSDR / ZynqSDR transceiver
    • AD9363 70MHz-6GHz - an AdamPlutoSDR clone
    • ethernet, USB; 1Gb RAM; mSD card for firmware; debug port; ext clock port;
    • seems to work well with SDR++ (USB only) or SDR Console (USB or ethernet)
    • https://www.youtube.com/watch?v=HDEegX9IoUg
Analog Devices AD9361 wideband transceiver SDRs
Analog Devices AD9364 wideband transceiver SDRs

Radio signal cloning devices

  • these devices can receive radio (and often IR) signals and save them to be later replayed and transmitted
  • intended for White Hat good guy “hackers” but could be used by criminals to hack old cars, etc
  • thus they could clone a RFID badge, a car key remote (cars prior to 2014?) , a roller door remote, NFC cards
    • this not only allows you to assess security issues but allows you to create a “backup” of your older radio devices
  • IR enabled ones could clone your TV remote, etc
  • many of the above SDR transceivers can do these things but this section is more for devices specifically designed just to do this and not primarily to function as a SDR radio
  • obviously, unauthorized access or manipulation of security systems using the Flipper Zero or similar devices is illegal
  • eg. Flipper Zero
  • most modern cars and garage roller door systems in the last 20yrs have rolling code technology to prevent simple replay attacks as rolling codes change every time the key fob button is pressed, invalidating any previously captured signal, or they use encrypted systems and thus are immune to these transceiver devices
    • the Flipper Zero community and developers deliberately avoid implementing support for cracking rolling code systems in the device’s official software due to the legal and ethical risks but nefarious actors could potentially create a system
    • HOWEVER, all you need to do to defeat rolling code tech is to use an illegal WiFi jammer (eg. HackRF) at around that frequency so the car does not detect the key fob's signal, then record the key fob signal and then when you turn off the jammer, you get to replay the signal once only to open the car - see https://www.youtube.com/watch?v=pfxo7PhOR_w
1)
https://github.com/portapack-mayhem/mayhem-firmware/wiki/Transmitters
2)
https://www.youtube.com/watch?v=Ew2qDgm2hf0
3)
https://www.youtube.com/watch?v=HLp5dCiy-Oo
australia/sdr_transceivers.txt · Last modified: 2026/01/12 00:15 by gary1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki