rtl-sdr - osmosdr - osmocom
TRANSCRIPT
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
rtl-sdrTurning USD 20 Realtek DVB-T receiver into a SDR
Harald Welte <[email protected]>
gnumonks.orghmw-consulting.desysmocom GmbH
June 12, FreedomHEC, Taipei
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Outline
1 Software Defined Radio
2 Gnuradio Software Defined Radio
3 Finally: rtl-sdr
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
About the speaker
Using + toying with Linux since 1994Kernel / bootloader / driver / firmware development since1999IT security expert, focus on network protocol securityFormer core developer of Linux packet filternetfilter/iptablesBoard-level Electrical EngineeringAlways looking for interesting protocols (RFID, DECT,GSM)OpenEXZ, OpenPCD, Openmoko, OpenBSC,OsmocomBB, OsmoSGSN
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Disclaimer
This talk is not about the Linux kernelThis talk is not about consumer mass marketIt’s about turning a single-purpose device into many morefeatures... and to illustrate the creativity unleashed when hardware/ chipset makers don’t lock their devices down
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
Traditional Radio
uses hardware-based receiver + demodulatoruses analog filtering with fixed filters for given applicationrecovers either analog signal or digitizes demodulated bitshas not changed much in close to 100 years of using radiowaves for communications
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
Software Defined Radio (SDR)
uses a more or less classic radio fronted / tuner todown-convert either to IF or to basebanduses a high-speed ADC to digitize that IF or basebandsignaluses digital signal processing for filtering, equalization,demodulation, decoding
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
SDR advantages vs. traditional radio
more flexibility in terms of communication systemas long as tuner input frequency, ADC sampling rate andcomputing power are sufficient, any receiver can beimplemented in pure software, without hardware changesthis is used mostly by military (JTRS, SCA) andcommercial infrastructure equipment (e.g UMTS NodeB /LTE eNodeB)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
SDR technology in consumer electronics
lots of consumer devices already implement SDRtechnology
GSM/UMTS/LTE baseband processor in mobile phonesWiFi, Bluetooth, GPS
flexibility of such implementations is restricted tomanufacturer, as low-level access to DSP code and/or rawsamples is not intended / documented / activateduser is locked out from real benefits and flexibility of SDR
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
Existing SDR hardware marketed as SDR
regular consumer-electronics SDR don’t provide low-levelaccess or documentationmilitary / telco grade SDR device are way too expensive(five-digit USD per unit)Ettus developed the famous USRP family (four-digit USDper unit). Used a lot in education + researchEven lower-cost devices now like Fun Cube Dongle Pro(FCDP) or OsmoSDR (three-digit USD per unit)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
Universal Software Radio Peripheral
A general-purpose open-source hardware SDRSchematics and component placement information public
Generally available to academia, professional users andindividualsModular concept
Mainboard contains Host PC interface and baseband codecDaughter boards contain radio frontend with rfup/downconverter
Big step forward in pricing, but still not affordable foreveryone
USD 700 for mainboardfrontends from USD 75 to USD 250
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
USRP Circuit Board Photograph
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
USRP Block Diagram
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
USRP technical specs
4× 12 bit ADCs @ 64 MS/s (digitize band of up to 32 MHz)4× 14 bit DACs @ 128 MS/s (useful output freq fromDC...44 MHz)64× Digital I/O ports, 16 to each daughter-boardThe USRP mainboard has 4 slots for daughter-boards (2Rx, 2 Tx)transceiver frontends occupy 2 slots (1 Rx, 1 Tx)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
The second generation USRP: USRP2
Main differences from USRP1Gigabit Ethernet replacing USB2 (full-duplex, 1 GBit/sec)25 MHz of instantaneous RF bandwidthXilinx Spartan 3-2000 FPGA2× 100 MHz 14 bit ADC2× 400 MHz 16 bit DAC1 MByte high-speed SRAMClock can be locked to external 10 MHz reference1 pulse-per-second input (GPS clock conditioning)FPGA configuration can be stored on SD cardStand-alone operation without host PCMultiple systems can be connected for MIMODaughterboards compatible with USRP(1)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
Fun Cube Dongle Pro (2010)
64 MHz to 1700 Mhz USB SDR receiver (193 USD)limited to 96 kHz I/Q baseband samplinggreat for amateur radio and TETRA, but most othercommunications systems (like GSM introduced in 1992)use wider band-widthsgreat progress in terms of size and cost, but much morelimited than USRPHardware design and firmware sadly are proprietary
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
Fun Cube Dongle Pro (2010)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR
OsmoSDR (2012)
small, low-power / low-cost USB SDR hardware (225 USD)higher bandwidth than FunCubeDonglePro (1.2 MHz /14bit)much lower cost than USRP, but more expensive thanFCDPOpen Hardware (schematics), software (FPGA, firmware)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Gnuradio SDR ArchitectureGnuradio blocks and flow graphsGnuradio sinks and sources
Gnuradio architecture
Philosophy: Implement SDR not as hand-craftedspecial-case hand-optimized assembly code in someobscure DSP, but on a general purpose PC
with modern x86 systems at multi-GHz clock speeds andwith many cores this becomes feasibleof course way too expensive for a mass-produced product,but very suitable for research, teaching and rapidprototyping
Implement various signal processing elements in C++assembly optimized libraries for low-level operationsprovide python bindings for all blocks
Python script to define interaction, relation, signal routingbetween blocks
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Gnuradio SDR ArchitectureGnuradio blocks and flow graphsGnuradio sinks and sources
Gnuradio blocks and flow graphs
block represents one element of signal processingfilters, adders, transforms, decoders, hardwareinterfaces
flow graph defines routing of signals and interconnection ofblocks
Think of it as the plumbing between the blocks
Data passing between blocks can be of any C++ data type
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Gnuradio SDR ArchitectureGnuradio blocks and flow graphsGnuradio sinks and sources
GRC flow graph for Wideband FM
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Gnuradio SDR ArchitectureGnuradio blocks and flow graphsGnuradio sinks and sources
GRC flow graph for SSB
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
Gnuradio SDR ArchitectureGnuradio blocks and flow graphsGnuradio sinks and sources
Gnuradio sinks and sources
sink special block that consumes datahardware sinks USRP, Sound card, COMEDIsoftware sinks Scope UI, UDP port, Video card
source special block that sources datahardware sources USRP, Sound card, COMEDIsoftware sources Noise source, File, UDP port
Every flow graph needs at least one sink and one source!
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
Realtek RTL2832U based DVB-T receivers
Realtek RTL2832U based DVB-T receivers are cheaplyavailable on the market (USD 20)RTL2832U implements ADC, DVB-T demodulator andhigh-speed USB deviceNormal mode of operation includes full DVB-T receiverinside RTL2832U hardware and only sends MPEG2-TS viaUSBRealtek released GPL-licensed Linux kernel driver forwatching TV (not mainline style, but at least GPL)Realtek released limited manual to V4L developers
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
RTL2832U based devices: EzTV 668
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
RTL2832U based devices: Hama nano1
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
RTL2832U based devices
more than 20 different devices from various vendorsBrand names include ezcap, Hama, Terratec, Compro,GTek, Lifeview, Twintech, Dexatek, Genius, Gigabyte,Dikom, Peak, Sveonall based on the identical RTL2832U reference designonly major difference is mechanical shape/size and silicontuner used. Best tuner we know is Elonics E4000 (highfrequency range)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
RTL2832U FM and DAB radio
Some people realized certain windows drivers forRTL2832U based products implement FM Radio, otherseven DABLinux driver had no FM radio or DAB supportRealtek-disclosed limited data sheet didn’t mention it eitherSniffing USB protocol on Windows revealed that rawsamples are passed from ADC over USB, FM or DABdemodulation happens in x86 software.Realtek didn’t provide documentation or source code forthis on request
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
RTL2832U towards rtl-sdr
Reverse engineering the USB protocol and replayingcertain commands from custom libusb based code wasable to trigger the raw sample transmissionremaining Realtek driver provided information on how touse the I2C controller to control the tuner frontendHarald already developed Elonics E4000 driver forosmo-sdr, which could be re-cycledTuning to arbitrary frequencies allows digitizing spectrumof any communications system within the tuner range
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
RTL2832U towards rtl-sdr
librtlsdr contains the major part of the driverrtl_sdr command line capture toolgr-osmosdr gnuradio source blockHomepage: http://sdr.osmocom.org/trac/wiki/rtl-sdrlibusb is portable, there even are pre-built windows binaries
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
rtl-sdr software support
gnuradio (of course), using gr-osmosdrgr-pocsag (POCSAG pagers)simple_fm_rcv (FM receiver)python-librtlsdr / pyrtlsdr (generic python bindings)QtRadioqgrxrtl_fmSDR#gr-air-modestetra_demod_fft (TETRA radio)airprobe (GSM receiver)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
Free Software SDR Receivers
Full FOSS receivers/demodulators/decoders available forOld analog modes like AM/FM/WFM/SSBDAB (Digital Audio Broadcasting)GSM downlink + uplink (airprobe)TETRA downlink (OsmocomTETRA)ETSI GMR / Thuraya (OsmocomGMR)P25 (OsmocomOP25)AIS (Maritime transponders)Gen2 UHF RFIDDECT (Digital European Cordless Telephony)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
Who needs all of this?
Students learning about digital signal processingRadio AmateursCommunications (security) resarchersAnyone interested in building their own software radioreceivers
This is of course not the 100k / million quantity consumer massmarket. But nonetheless, definitely thousands to tens ofthousands
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
rtl-sdr: Multi-Carrier TETRA
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
rtl-sdr: ETSI GMR (Thuraya Satphone)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
rtl-sdr: GPS (after filter / LNA)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
rtl-sdr: inmarsat (after LNA)
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
Thanks
I’d like to thank the many Osmocom developers andcontributors, especially
Steve MarkgrafDimitri StolnikovHoernchenSylvain Munaut
also, Realtek for providing at least some (DVB oriented)documentation and for releasing GPL licensed code for theirhardware in the first place.
Harald Welte <[email protected]> rtl-sdr
Software Defined RadioGnuradio Software Defined Radio
Finally: rtl-sdr
The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots
Thanks
Thanks for your attention. I hope we have time for Q&A.
Harald Welte <[email protected]> rtl-sdr