Monday, September 01, 2014

Learning SDR

I recently launched Software Defined Radio with HackRF, an instructional video series that I hope will make it easier than ever for people to learn the basics of Software Defined Radio (SDR).

When I first learned to use SDR for my wireless security research, it was hard. At first I thought, "I can build radios out of software! I don't know anything about building radios, but I know software. Now with SDR I can build radios!" Unfortunately that wasn't quite true. I quickly learned that, even though I knew a thing or two about software, I knew nothing about Digital Signal Processing (DSP). I also learned that DSP is a lot more complicated than it seemed at first.

Fortunately I happened to be in the best possible place to learn SDR (electronics too) at the time. I was surrounded by RF engineers, and several of them were DSP experts. (I told this story in more detail during a panel discussion at the DEF CON 22 Wireless Village.) Even so, it took me a year or two before I was competent enough to build flexible SDR implementations that were useful for my research. As I finally achieved this goal, I started trying to help other people in the information security community learn to use the technology because I could see that there is no better tool for wireless security research, and especially for reverse engineering of radio signals, than SDR.

The first place I tried to do this was at Black Hat USA 2008. In my talk, Software Radio and the Future of Wireless Security I hoped to teach people the basics of SDR in less than an hour. I thought I could do something like "DSP in five minutes", but, as I developed the presentation, it turned out that I couldn't distill the essentials into such a small amount of time. The following year, Dominic Spill and I volunteered to give a two day SDR workshop at the first ToorCamp. We prepared some material, borrowed a little gear, and set out to teach people the practical skills of working with SDR. This effort was much better, but we had some problems. We only had enough equipment for three to six people, and about thirty showed up. We were in a hot desert full of volcanic ash that invaded all our gear. We had frequent power outages. Despite these challenges, we had a good time, and several people were able to learn some essential skills.

A few weeks later at DEF CON, Sergey Bratus convinced me to make a second attempt at the class in a more favorable setting. We happened to have the conversation while standing next to H1kari who offered a room at ToorCon San Diego, and I've been teaching there every year since then. I think we had five or six people that first year. It went quite well, but it was a challenge getting enough hardware together to allow everyone to fully participate. As the years went by, it became clear that the greatest barrier to entry was the hardware. My classes grew slowly, but they were attended primarily by people who already had SDR equipment. I was accomplishing my goal of teaching security folks about SDR, but I wasn't reaching very many people.

I had been kicking around the idea of trying to build a low cost SDR hardware platform for a long time. In fact, Project Ubertooth was originally intended to be an SDR platform. One of the primary reasons I was interested in building an SDR platform was to be able to provide something that my students could afford, something that could even be rolled into the cost of the class. It took a long time, but I eventually started the HackRF project and later completed HackRF One, an open source hardware platform for SDR. HackRF One is the most affordable general-purpose SDR transceiver in the world, and it allows more people than ever before to learn SDR.

These days I still teach at ToorCon, and I also often teach at other information security events including TROOPERS and Black Hat. The availability of HackRF (and rtl-sdr and more) has made SDR accessible to everyone in the security community and beyond. It is finally possible to bring SDR to a much wider audience, so I have started turning my course content into an online video series.

Software Defined Radio with HackRF is published under an open content license. As I continue to add more videos, I hope that it will become an even more thorough introduction to SDR than I am able to squeeze into a two day class. I hope that with this series and my in-person training, I have finally achieved my dream of making SDR easy to learn. Instead of taking a year, now people can spend a few days of fun experimentation and get started with this exciting technology.


Clayton Smith (argilo) said...

Thanks for everything! Your 2008 Black Hat presentation is what sparked my interest in SDR. A couple yours later I convinced my employer to get a USRP and I've been hooked ever since.

The availability of low-cost SDR hardware really seems to be bringing in a lot more people, and your videos should go a long way to getting them up to speed with GNU Radio. Keep up the great work!

Michael Ossmann said...

Thanks for your support, Clayton! I've been enjoying seeing your HackRF projects over the last few weeks.

Anonymous said...

Any news on the second shipment? Eagerly awaiting wimo to ship me my hackrf :-) also does the hackrf have any sort of protection on its input for static etc on antenna cable?

Anonymous said...


today I watched your first GNU Radio tutorial. I build up the FM radio as shown in GRC. Because I'm waiting for my HackRF from the German sales point I use a RTL SDR.
I' m running Gnu radio on a Kali Linux USB stick OS.
In Gnu radio everything is working, but I dont get any audio and I have the feeling, gnu radio just shows me the center frequency, FFT shows no other signal peaks.

I sat the sample rate to 1M, because at higher levels I had a lot of overflow.

What I'm doing wrong?

It would be great to get feedback from you.
Many thanks

Best regards

Ray said...

Mike, this series is terrific. As an now software/firmware engineer/manager who studied DSP in college, this helps to dust off some of the rust and makes very clear some of the fundamental concepts. You are a talented educator (and hardware designer) and it would have been so much easier to understand and visualize this field if anything like this series and hardware was available back in those days (mid 80's). Back then we had our college Prime computer and timeshare account with form feed bins. Am looking forward to the whole series. Do you have any outline yet to share as to what you are planning to cover? P.S. burst out laughing when you alluded to a need for 'the talk' when showing the sample type choices, concerning "complex" choice. Just ordered a HACK RF device, which is naturally on backorder already.

Mark Grennan said...

I can't thank you enough for you Learning SDR videos. Everone is a gold mind. Please continue to give exercises and suggested reading. I finished "Pratical Signal Processng" by Mark Owen this week.
The HackRF One is great. As soon as I get through the learning curve of GnuRadio I'm going to buy another. - W5TSU

Dennis Mantz said...

I can't wait to see all the following videos! I check for updates every day ;) This series is awesome, keep going!

Just received my HackRF last week and I can't stop playing around with it since^^


Jaap De Goede said...

Hello Michael,

Your effort to produce these videos made my final decision to purchase the HackRF One.

Thanks a lot!

Cheers, Jaap

PS anything on xPSK planned? (Most or all samples on the web don't load in the latest 3.7.x versions of GNURadio companion.)

Mark Grennan said...

Lesion 7 is wonderful transition between complex numbers and DSP. I was having trouble connecting the two. Your jump right into demodulation was just what was needed.

Anonymous said...

The educational quality of the lectures in this series is really really excellent. Many sites on Internet talk about SDR, but, none give clear understand of things from basic concepts to practical things.

Michael is an awesome teacher. The lessons are extremely clear and helpful. After I started watching these lessons, I couldn't stop going on, and can't wait for more. Please, please, keep it coming.

Jorge De Castro said...

Hi Michael,

I had a big problem with the firmware update on the hackRF. I followed all the steps exactly like you did in your Lesson 5 video, but apparently something went wrong and the HackRF is now bricked...

I am desperate. I tried to restore it following the DFU mode procedure but after introducing this command:

dfu-util --device 1fc9:000c --alt 0 --download hackrf_one_usb_ram.dfu,

I get the following error:

dfuIDLE, continuing
DFU mode device DFU version 0100
Device returned transfer size 2048
DFU CRC does not match
Unsupported DFU file revision 0000

Can you help me? I dont know what to do and I am in panic. My HackRF cant be dead right?

Louisse said...

thank you for sharing it with us.. it is so helpful :)

Seattle Bankruptcy Lawyers

Piero Tognolatti said...
This comment has been removed by the author.
Piero Tognolatti said...

Does someone know if there is a way to have time-stamping on HackRF? Moreover I need to have hackRF time-stamping referred to an external 10 MHz and to an external 1PPS.

Best regards

Piero, I0KPT

beh said...

What's the difference between the HackRF and the other SDR dongles.. AIRSPY , PortableSDR(PSDR), RTL2832U dongles (R820T/E4000), etc?

Do they all support the same software or should you pick the hardware based on the software / application you intend to use it for?

I'd like to capture my rf remote light switch and mimic the signal using a modified beagle bone!

Anonymous said...

Hello Mike: This is flora from Seeedstudio. I have emailed you on 16th. Dec which is about developing a business relationship with you.

Our company has great interest in your HackRF and would like to feature your product on our platform If you got any interests in team up with us .please contact me:

Anonymous said...

Hello Mike: This is flora from Seeedstudio. I have emailed you on 16th. Dec which is about developing a business relationship with you.

Our company has great interest in your HackRF and would like to feature your product on our platform If you got any interests in team up with us .please contact me:

Packetguy said...

I'm amazed at what you've accomplished with HakRF One. Many have aspired to build a low-cost programmable platform, some have shipped alphas and betas, but no others have followed through with a plan to obtain funding and enter mass production. You're a brilliant example of the modern agile entrepreneur!

I'd like to buy a HackRF but they're out of stock everywhere. What can you tell us about the production process and lead times?

Anonymous said...

Update your webserver certificate, it expired today!

richy'sSDR said...

Hello, i really love what you do on SDR,i really need your, i am going to work on a project to generate GPS signals using software radio HackRF, sorry to be long, my questions:
-how generating a GPS signal with BPSK modulation and data?
-How to Then put attenuators to reduce the power ( around -130dBm ) and connect to a GPS receiver
-The idea is to see the receiver to acquire the GPS signal, and see the signal to noise ratio measured by the receiver
-Thereafter , introduce 3 or 4 other GPS signals and the receiver view the position of the receiver calculated

Agen Bola Terpercaya said...

thank you for this article Agen bola terpercaya

Agen Bola said...

have a nice day all dear Agen Bola

Kyile rey said...

I admire the valuable information you offer in your articles. I will bookmark your blog and have my children check up here often. I am quite sure they will learn lots of new stuff here than anybody else!

Access Control Solutions