Embedded Files
You can build your own Spectrum Analyzer using a HackRF-One Software Defined Radio
You can build your own Spectrum Analyzer using a HackRF-One Software Defined Radio
You need a Spectrum Analyzer
You need a Spectrum Analyzer
Of course you already know this, but in case you need the review, a spectrum analyzer is a scientific instrument used to measure the magnitude of an input signal versus frequency within the full frequency range of the instrument. The primary use of a Spectrum Analyzer is to measure the power of the Radio Frequency spectrum of known and unknown signals, like your WiFi or your car’s Electronic Key Fob.
But should you care? Sure, especially if you are having troubles with Bluetooth, WiFi, Cellular and other Radio Communications in your deployment. An Analyzer can help you better choose the channels you use on your WiFi Router/Controller. It can help you understand why your network seems congested when you connect wirelessly, and help you build a picture of the "noise" around you.
What makes this project possible is a device called a Software Defined Radio. A Software Defined Radio system is a radio communication system that uses software to process various signals, modulation/demodulation and decoding, in place of hardware components that are generally created for that purpose. There are several SDR systems available, but you’ll find that the SDR unit from Great Scott Gadgets is both accessible in price and has a great range permitting you to scan on the spectrum from 100KHz to 6GHz+. You can find these units from about $130 US (off brand) to around $300 US (Great Scott brand).
Let’s build the Analyzer for MacOS and Linux. Doing this for Windows is left to the reader.
Contents of this Hack
Contents of this Hack
So let’s talk about the steps you’ll need to take to do this:
A Software Defined Radio
A good SMA connected Antenna - selecting one that covers the range that you’ll need
Getting the Python Environment right
Supporting Software
Proper SDR software (for this recipe, we’ll be using the HackRF builds found on Github)
Libusb - USB driver library for your OS
PyQt5 - Python connector framework that utilizes the QT Graphics tools & libraries
Testing your Build
The Analyzer
QSpectrumAnalyzer (a Python tool)
Other alternatives, I’ll focus on one or two, and tease the others
Appendix A: Notes for Windows Users
Appendix B: Tool Set
Software Defined Radio
Software Defined Radio
The HackRF One SDR
The HackRF One SDR
In its simplest form, the HackRF SDR consists of a set of well-known functions. Software Defined Radios rely on software for many functions that are normally provided in hardware.
As shown here, this model relies on Software running on your laptop. You can both receive and transmit with a HackRF One board, but we won't go into transmitting in this Note.
On the receive Path, we leverage the Analog-Digital Converter so that modeling the spectrum is possible on your laptop. To communicate to the board, you 'll need the libusb module as well as the HackRF software build library installed on your computer.
Antennae
Antennae
The antenna that is usually sold with the HackRF One unit is sufficient for detection and for establishing a baseline. However, it is very poor for detecting anything in your WiFi network. The two antennas that are usually sold with, or suggested for purchase, are:
Great Scott Gadgets ANT500 - 75 MHz to 1 GHz Telescope Antenna
Great Scott Gadgets ANT700 - 300 MHz to 1.100 GHz Telescope Antenna
Using these two antennas, I've found them to be deficient for common Spectrum Sweeps in the WiFi bands; however, you should have an ANT500 on hand in case you are doing low MHz sweeps or analysis in the lower bands where items such as Car Key-Fobs operate.
My preferred antenna for 2.4GHz to 6GHz+ spectrum analysis is a short omni antenna available for small two-way radios. This antenna covers a range of 1.7GHz to 6GHz+. It's only available in an N format adapter so you will have to adapt it to an SMA size connector.
I purchased an adapter, similar to the one pictured, from ShowMeCables.com for $11.79. The antenna was purchased from mouser.com for $36.60.
You can find its Data Sheet at this link. I think you'll like the fact that his little antenna covers such a wide range of frequencies.
Now, hook up your HackRF One with Antennae to your Computer's USB port.
Supporting Software
Supporting Software
We'll get to building the Analyzer in just a moment. You'll need to focus on a few items first. You need to install your latest/greatest version of Python 3. I'm working with 3.10 at the moment, so your results may vary.
Python Environment
Your Operating System
SDR software
Libusb
PyQt5
Testing the Build
Python Environment
The Python Environment that you create is up to you. I've been working with a Python VirtualEnv so that I can avoid issues with 2.7 vs. 3.X. Once you get this environment running, you'll be able to install multiple versions of Python3 on your machine, and keep these environments separate from other versions.
If interested, you should check out the tutorial found at: https://realpython.com/intro-to-pyenv/
I cannot say enough good things about it. That tutorial will help you install on multiple Operating Systems, as well.
Now, activate your Python environment so that subsequent commands are executed within its context and you get the correct libraries for your Python version.
Your Operating System
Again, I'll describe building the solution for MacOS and Linux. Windows is left as an exercise for the master hacker (yes! I'm taunting you).
Building on MacOS
On the Mac, I started out with a Python 3.10. I believe that this will work for 3.5 and up.
I run from a Python Virtual Environment, described above, to ensure that I'm using 3.10 libraries and executables, only.
You'll have to install PyQt5 to get the graphics for the analyzer to display correctly:
pip install PyQt5
Then, you'll need to install a libusb driver. You'll need this for the HackRF unit to communicate to the laptop, via USB.
brew install libusb
I installed the hackrf tools with:
brew install hackrf
QSpectrumAnalyzer depends heavily on hackrf_sweep, the hackrf tool that sweeps the spectrum. I didn't get that to work for me simply by installing hackrf, so I downloaded the hackrf code from the Great Scott website (*which in turn points at a github repo) and compiled the tools.
Get started by downloading the zip file and unzip it in your home directory.
Or use:
wget https://github.com/greatscottgadgets/hackrf/releases/download/v2021.03.1/hackrf-2021.03.1.zip
Now, cd into the unzipped directory. In my case, it created a directory: hackrf_2021.03.1
Once there, cd into the host directory. Then create a build directory called build and cd into it.
FInally, you'll need the Fast Fourier Transform library. On macos, you'll install with:
brew install fftw
Once you have those packages installed, you can proceed to build the base tool set.
cd hackrf_2021.03.1/host
mkdir build
cd build
Now you are ready to build the tools
cmake ..
make
sudo make install
If you get build errors, and you probably don't have XCode installed on your Mac, take a few hours (*yes! I said hours!) and install the latest from the Apple-Store. XCode downloads the necessary C/C++ libraries and headers that you'll need.
Building on Linux
To get your build started on Linux, you'll need the build-essential package and the cmake tool installed on your machine. In this example, we are building on Ubuntu 18.04.
apt install build-essential cmake
You will need to add the git application to your machine. Install git using:
sudo apt install git
Setup your Python virtual environment, as specified above. Once you get your virtual environment running, you should be able to proceed. Now, we need to install a USB library so that the device talks to your laptop.
sudo apt install libusb
Now, for good measure, let's add the code for the Fast Fourier Transform engine, with:
sudo apt install libfftw3-dev
You'll need to both install the prebuilt hackrf libraries and tools, plus you'll need to build the source. (Yeah! That sounds like a HACK to me, cough, cough, nod, nod, blink, blink) We need the libs to complete the package, but we'll need to build to get the hackrf-sweep tool
sudo apt install hackrf
To build, get started by downloading the zip file and unzip it in your home directory.
Or use:
wget https://github.com/greatscottgadgets/hackrf/releases/download/v2021.03.1/hackrf-2021.03.1.zip
Unzip that archive and then move into the host directory, under the archive you unzipped:
cd hackrf_2021.03.1/host
In the host directory, create a build directory
mkdir build
cd build
Now you are ready to build the tools
cmake ..
make
sudo make install
sudo ldconfig
Testing the Build
This set of commands will build and install the hackrf tools suite. Once complete, you'll want to test run the sweep tool. To try it, connect your HackRF One board to your USB port and type:
hackrf_info
This should return a block of information, such as:
hackrf_info version: unknown
libhackrf version: unknown (0.6)
Found HackRF
Index: 0
Serial number: 0000000000000000325866e6297a8e23
Board ID Number: 2 (HackRF One)
Firmware Version: 2021.03.1 (API:1.04)
Part ID Number: 0xa000cb3c 0x00554368
This block lets us know that the HackRF One board is recognized by the software.
Note: Keep that command in the back of your mind. If you run into trouble on the field, first verify that your computer is recognizing the HackRFOne unit, by running this command. You may need to service your USB port, reset the HackRF unit, or even reboot your computer if it doesn't recognize the unit. (80-20 rule: 80% of my problems were resolved by working with this 20% command and its output)
The second command, and the most important one is the hackrf_sweep command. This is the actual spectrum sweep software that probes the RF Spectrum and returns a histogram of RF data. To exercise it, try these commands, one by one:
hackrf_sweep -f 1850:1950 -w 5000 -p 1 -1
hackrf_sweep -f 1850:1950 -w 10000 -p 1 -1
hackrf_sweep -f 1850:1950 -w 20000 -p 1 -1
hackrf_sweep -f 1850:1950 -w 30000 -p 1 -1
The output produced is a sweep of RF frequencies from 1850MHz to 1950MHz. The -w option sets the channel width, pertinent to a cellular spectrum.
The sweep output produced by this command is the basis for all of the available tools that work with the HackRF board.
The Analyzer
The Analyzer
The hard part is behind us, now you'll need to make sure you've installed PyQt5 into your work environment, with:
pip install PyQt5
And finally, you are ready to install the spectrum analyzer. I installed QSpectrumAnalyzer with:
pip install QSpectrumAnalyzer
You can now execute the QspectrumAnalyzer with:
qspectrumanalyzer &
You will need to click on the Settings menu and be sure that your unit is executing with the hackrf library.
On MacOS, you can click on the Python menu and select Preferences, as seen here:
Select "hackrf_sweep"as your Backend and Executable. Also, if no HackRF board is identified in the Device: field, then re-execute command and grab that information.
hackrf_info
Copy the Serial Number from the output into this field, then hit the OK button
Now your unit is registered and ready for use. Run some sweeps in your RF Space. In Area404, in MPK, I ran a sweep on the Verizon bands between 743MHz and 763MHz. At that time, I was using a cellular antenna which had a massive Gain of 40dBi. See the graphic below.
When I turned on Smoothing and Averaging, in the settings, I was rewarded with a beautiful spectral image that properly characterized activity on those bands. That sweep occurred in a busy place for the Verizon bands.
In the majority of these tools, you will see a Spectrum Graph and a Histogram. The Histogram shows you the RF interference sources over time, while the Graph shows instantaneous values. In the figure above, I started a sweep using a 100MHz wide band, between 1850Mhz and 1950MHz. This is right around the 1900MHz band of my T-Mobile cellular phone. When running, the graph was quiet until I placed a phone call. At that point, the graph jumped off the charts as shown in the figure above.
After adjusting settings such as sampling rates, and adding smoothing and averaging, the lines started to really show nicely. This tool proved to be a surprise.
Going back to the scan on the Verizon Cell bands...
I set the interval low and the gain to 40dB. When we turned on the Main Curve setting, we saw the peaks, reported like this:
This actually gives us a clear picture of the ranges that the peaks form in the signal.
When you move your mouse over the chart, as it is sweeping, you can see the alignment with the vertical and horizontal indices:
It's a bit hard to read, here, but the horizontal line shows -92 dBi on power, and the vertical line aligns with the 756 MHz setting. This is just to show you that you can pick out a point in the graph and find the exact values.
I pulled in this image, above, running on MacOS. The scan is on the WiFi 6e bands, and to my surprise, the unit was able to capture movement. Although I don't see a lot of activity on that band, I have a 6e mesh at home and saw control packets bouncing on the band.
Next Steps
Refer to wikipedia to get an exact listing of the channel and the Frequencies that it covers. In my case, I looked up the channels that matched the lowest usage (least amount of traffic). I did a sweep and then tuned my WiFi router to use those channels. My WiFi at home is now matched to the least used channels and I've seen a noticeable improvement.
Appendix A: Notes for Windows Users
Appendix A: Notes for Windows Users
Building on Windows 10
Building on Windows 10
Before installing any of the popular solutions for RTL-SDR, you will need the appropriate USB driver that works with your unit.
To get it, you'll need to install the Zadig USB driver installation tool in the following steps:
Connect the HackRF to the USB port and windows automatically detects it and installs some drivers.
Download the Zadig USB driver installer from here: http://zadig.akeo.ie/
No installation necessary. It can be run immediately.Run the Zadig executable.
From the options menu, select "List All Devices".
Then from the drop-down list, select "HackRF One".Since I have already installed the WINUSB driver for RTL-SDR, I don't have to do anything here. It shows that the driver is the latest already.
In case you don't have that option, go ahead and click "Install Driver" to install the WinUSB driver.
On the Native Windows 10 System, I ran into trouble with the Soapy Libraries. The Pothosware distribution has a version of Soapy Libs bundled with it; however, it doesn't seem to be compatible with QSpectrumAnalyzer.
In an attempt to remedy this situation, I downloaded the Pothosware source and built it. However, after installing the libraries, I was still unable to get QSpectrumAnalyzer to recognize the code and use it. I have given up on trying to build QSpectrumAnalyzer, and have taken to installing a working analyzer such as gqrx. To accomplish this, I downloaded the PothosSDR binary found at: https://downloads.myriadrf.org/builds/PothosSDR/
This installer contains a version of gqrx and installs the necessary drivers to make it work with the HackRF board. Once starting gqrx, you immediately have to identify the board that is connected to your system in order to run with it.
Appendix B: Tool Set
Appendix B: Tool Set
An eval on some other tools out there…
I installed this tool on the Linux platform and it was the most "real-time" tool that I had evaluated. It's notably faster than the other software used. It's a Java Application that runs conveniently on all many of the platforms that support the hackrf utility.
In this set of figures, I wanted to see what frequency my Car Opener key fob was transmitting at. From the net, I had learned that it would be between 300 MHz and 400 MHz. I started by adjusting the input and output to 300 to 400, see figure below.
Page updated
Google Sites
Report abuse