Hands on with HackRFFollow article
First hands-on experiences with the low cost SDR platform.
HackRF is a compact software-defined radio peripheral that can transmit and receive half-duplex on any frequency from 30MHz right up to 6GHz, and with a maximum bandwidth of 20MHz. It's affordable, USB powered, supported by GNU Radio, and incredibly useful even if you don't have an interest in SDR (think spectrum analyser, and (vector) signal and arbitrary waveform generator!)
The “wireless Swiss army knife” is the brainchild of Michael Ossman, someone who is well known in information security circles and who also happens to be the person behind one of my favourite hacks of recent years, which turns a cheap kids toy into a handy spectrum analyser.
HackRF was introduced in June of last year via a blog post in which Michael explained how the project had secured support from DARPA's now defunct Cyber Fast Track programme. Providing funding to the tune of $200,000, this meant that development could proceed at a much faster pace and would enable hundreds of beta HackRF boards to be given away to early adopters.
I was one of the lucky people who received a beta board, a.k.a. “Jawbreaker”, and while this could have been put to use immediately there were a few small things I wanted to do beforehand.
Firstly, I couldn't help but populate the empty pin header positions on the board — you never know when you might need to hook up a JTAG adapter or connect something to the GPIO! There were also two footprints where SMA sockets could be added for clock inputs and outputs, and while the onboard oscillator is perfectly adequate for most uses, this is a great facility to have.
The HackRF also includes an built-in antenna for use around 900MHz, but it's recommended to cut the trace to this in order to enable use with a better performing external antenna. Which I did, and then attached a stubby antenna designed for amateur radio use on 144, 430 and 1200 MHz bands.
Finally, a friend was kind enough to laser cut two pieces of acrylic, which together with a handful of hexagonal spacers and machine screws form a smart enclosure for the HackRF.
I did lose a bit of time on trying to compile the HackRF library and tools under Debian 6.0, due to what appears to be a Debian bug, which I never got to the bottom of. Upon switching to an Ubuntu 13.04 machine I immediately started to make headway.
Basic support for HackRF is provided by libhackrf and a collection of tools which enable the firmware to be updated etc. GNU Radio integration is then made possible via gr-osmosdr, which hooks into libhackrf and provides the source and sink blocks for use in SDR applications.
GNU Radio, the HackRF software and gr-osmosdr were all installed via GNU Radio's excellent new install system, PyBOMBS. This make use of recipes for GNU Radio and related software, which take into account build dependencies and satisfy them by installing binary packages where possible, and automatically downloading and compiling from source where otherwise required.
With the software set up, the HackRF firmware could be updated to the current version using the hackrf_spiflash command, which completed first time and without any issues.
It should be possible to get the majority of half-duplex and transmit/receive-only GNU Radio-based application to work with HackRF, where necessary modifying them to use the osmosocom (gr-osmosdr) source/sink.
The gr-osmosdr software provides an FFT spectrum analyser application which allows you to quickly sweep from 30MHz up to 6GHz. This can be seen in the above screenshot, with a GSM carrier clearly visible at 1810.8MHz (a nearby femto-BTS).
The screenshot below shows the osmocom_siggen application which can be used to generate a signal with various modulation options.
When the HackRF is in TX mode this is indicated by a red LED on the board — lest you forget!
HackRF launched as Kickstarter project last week and with backers who pledge $275 or more scheduled to receive hardware in January of next year.
The Kickstarter campaign was an immediate success and the $80,000 goal was met within hours, and at the time of writing over $250,000 has been pledged and with 27 days still to go.
This post has not scratched the surface when it comes to hardware capabilities, and bear in mind that HackRF is an open source platform with firmware sources for the ARM MCU and CPLD available, plus a generous selection of pin headers to aid hacking and for expansion.
In terms of potential applications, HackRF is a wideband solution that could be used with many diverse wireless systems. However, it's important to note that it is only half-duplex, which is fine for many applications — perhaps in particular wireless security research — but will mean that it's not suited to use as a GSM or LTE etc. mobile or base station, for example.
I'm looking forward to further and more useful experimentation with HackRF and I'm sure this won't be my last post on the topic!