/ sdr

hackrf_sweep 1mhz-6ghz frequency scan

the HackRF just got a new firmware update that allows incredibly fast scanning of the entire radio frequency spectrum that is available to it by using a tool called hackrf_sweep. i've played around with my hackrf quite a bit on weekends and have slowly been making some headway into understanding the old world of rf / ham radio (and the pre-historic website's that love them) but much moreso it's younger brother: Software Defined Radios (SDR).. but honestly it's been very slow going and many things are still entirely out of reach to me so please know i am by no means an expert on any of this stuff and someone much smarter than me will be here shortly to let me know how wrong i am about all of this.

my first goal is to understand what my immediate surroundings look like from the perspective of my hackrf. a radio frequency soundscape if you will. to that end i've left my hackrf listening and recorded the output of a program called QSpectrumAnalyzer that interfaces with hackrf_sweep and does some pretty graphing / waterfall visualization. i then used ffmpeg to record the screen and created a time-lapse video of what my hackrf saw for about the last 12 hours.

note: play at 2x speed and skip to the end to see what the max. hold (in red) reveals

ok, yeah, that's cool and all but what does it all mean? we can see by the top red line what the maximum power we've observed of any signal on any given frequency and the yellow line is the signal strength at the moment (and by the blue line below, the lowest observed). we can also see when the signals started and stopped in time with the waterfall display on the bottom half. this helps us see patterns in time and get a better understanding of what a signal to or from might look like.

ok, so we have all this radio stuff bouncing around.. but what exactly is it? i still dont know what any of this crap is!! well, you can think about it this way, the hackrf is like the radio in your car. the FM radio dial goes from 87.5 mhz to 108 mhz. with the hackrf our expanded radio dial goes from 1mhz and 6ghz (or 6000 mhz). so every little blip and line you see in the video from before is actually like some device somewhere talking or attempting to talk to another device, and it's signal is like what song is playing on your radio.. the problem is not every signal is standardized for your listening pleasure, nor music to your ears like listening to your favorite local radio station is.

so the problem is that we have no idea what these signals are, where they came from, what language they speak or who they are intended to reach. luckily the radio spectrum is intensely regulated in the United States and around the world so often you can find out much about a signal by looking it up on the public and ever helpful FCC Frequency Allocation Table. That's a bit of a heavy read so here's a more generalized info-graphic that can be used to determine what a chunk of radio frequencies are set aside for, whether it's commercial, government or amateur and a few other things.

united states frequency allocations of the radio spectrum - 2003

there are also many other resources to help with signal identification, it's even a bit of sport for some people. keeping this in mind, my next step is to create a list of all the signal's i've identified along with times and then begin to chart their frequency / duration / strength. in addition i'll have to record the actual signal itself and try to match it with one of the many known transmission standards.

with what we've seen over the last 12 hour period that i've captured in the video we can identify more than a few strong unknown (for the moment) and also some well known frequencies i already recognize. for example, 900 mhz is the frequency of most cellphones in my area, 2.4ghz & 5ghz are 802.11 wifi signals. the sub 1ghz range looks really rather busy and can't be made much sense out of by scanning such a broad swatch of frequencies in this lower resolution so i'll have to create more and more refined sweeps over time to identify the relatively weaker and probably more interesting signals.

in any event.. using the above video and also real time data i'm collecting as i write this i've created a spreadsheet of what the hackrf has heard whizzing around in the ether well outside what our ears can hear.

this concludes my article on the hackrf and it's new hackrf_sweep functionality. i hope this was slightly more enjoyable than a technical manual but still just as informative. i wrote this primarily as reference material for myself but also for people not extensively familiar with the HackRF or SDRs in general so that they might get a feel for how some of this stuff works. if you've gotten this far, i salute you!

nick giotis

nick giotis

linux sysadmin/devops w/occasional moonlighting into netsec & full stack development ๐Ÿ’ฏโœ๏ธ๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ‡ฌ๐Ÿ‡ท๐Ÿ‡ฎ๐Ÿ‡ช๐Ÿด

Read More