rtl-sdr - Turning USD 20 Realtek DVB-T receiver into a SDR · Finally: rtl-sdr The Realtek RTL2832U and its primary application Some of the software supporting rtl-sdr Signal Plots

Software Defined RadioGnuradio Software Defined Radio

Finally: rtl-sdr

rtl-sdrTurning USD 20 Realtek DVB-T receiver into a SDR

Harald Welte

gnumonks.orghmw-consulting.desysmocom GmbH

June 12, FreedomHEC, Taipei

Harald Welte rtl-sdr


Finally: rtl-sdr

Outline

1 Software Defined Radio

2 Gnuradio Software Defined Radio

3 Finally: rtl-sdr



Finally: rtl-sdr

About the speaker

Using + toying with Linux since 1994Kernel / bootloader / driver / firmware development since1999IT security expert, focus on network protocol securityFormer core developer of Linux packet filternetfilter/iptablesBoard-level Electrical EngineeringAlways looking for interesting protocols (RFID, DECT,GSM)OpenEXZ, OpenPCD, Openmoko, OpenBSC,OsmocomBB, OsmoSGSN



Finally: rtl-sdr

Disclaimer

This talk is not about the Linux kernelThis talk is not about consumer mass marketIt’s about turning a single-purpose device into many morefeatures... and to illustrate the creativity unleashed when hardware/ chipset makers don’t lock their devices down



Finally: rtl-sdr

Traditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR

Traditional Radio

uses hardware-based receiver + demodulatoruses analog filtering with fixed filters for given applicationrecovers either analog signal or digitizes demodulated bitshas not changed much in close to 100 years of using radiowaves for communications



Finally: rtl-sdr


Software Defined Radio (SDR)

uses a more or less classic radio fronted / tuner todown-convert either to IF or to basebanduses a high-speed ADC to digitize that IF or basebandsignaluses digital signal processing for filtering, equalization,demodulation, decoding



Finally: rtl-sdr


SDR advantages vs. traditional radio

more flexibility in terms of communication systemas long as tuner input frequency, ADC sampling rate andcomputing power are sufficient, any receiver can beimplemented in pure software, without hardware changesthis is used mostly by military (JTRS, SCA) andcommercial infrastructure equipment (e.g UMTS NodeB /LTE eNodeB)



Finally: rtl-sdr


SDR technology in consumer electronics

lots of consumer devices already implement SDRtechnology

GSM/UMTS/LTE baseband processor in mobile phonesWiFi, Bluetooth, GPS

flexibility of such implementations is restricted tomanufacturer, as low-level access to DSP code and/or rawsamples is not intended / documented / activateduser is locked out from real benefits and flexibility of SDR



Finally: rtl-sdr


Existing SDR hardware marketed as SDR

regular consumer-electronics SDR don’t provide low-levelaccess or documentationmilitary / telco grade SDR device are way too expensive(five-digit USD per unit)Ettus developed the famous USRP family (four-digit USDper unit). Used a lot in education + researchEven lower-cost devices now like Fun Cube Dongle Pro(FCDP) or OsmoSDR (three-digit USD per unit)



Finally: rtl-sdr


Universal Software Radio Peripheral

A general-purpose open-source hardware SDRSchematics and component placement information public

Generally available to academia, professional users andindividualsModular concept

Mainboard contains Host PC interface and baseband codecDaughter boards contain radio frontend with rfup/downconverter

Big step forward in pricing, but still not affordable foreveryone

USD 700 for mainboardfrontends from USD 75 to USD 250



Finally: rtl-sdr


USRP Circuit Board Photograph



Finally: rtl-sdr


USRP Block Diagram



Finally: rtl-sdr


USRP technical specs

4× 12 bit ADCs @ 64 MS/s (digitize band of up to 32 MHz)4× 14 bit DACs @ 128 MS/s (useful output freq fromDC...44 MHz)64× Digital I/O ports, 16 to each daughter-boardThe USRP mainboard has 4 slots for daughter-boards (2Rx, 2 Tx)transceiver frontends occupy 2 slots (1 Rx, 1 Tx)



Finally: rtl-sdr


The second generation USRP: USRP2

Main differences from USRP1Gigabit Ethernet replacing USB2 (full-duplex, 1 GBit/sec)25 MHz of instantaneous RF bandwidthXilinx Spartan 3-2000 FPGA2× 100 MHz 14 bit ADC2× 400 MHz 16 bit DAC1 MByte high-speed SRAMClock can be locked to external 10 MHz reference1 pulse-per-second input (GPS clock conditioning)FPGA configuration can be stored on SD cardStand-alone operation without host PCMultiple systems can be connected for MIMODaughterboards compatible with USRP(1)



Finally: rtl-sdr


Fun Cube Dongle Pro (2010)

64 MHz to 1700 Mhz USB SDR receiver (193 USD)limited to 96 kHz I/Q baseband samplinggreat for amateur radio and TETRA, but most othercommunications systems (like GSM introduced in 1992)use wider band-widthsgreat progress in terms of size and cost, but much morelimited than USRPHardware design and firmware sadly are proprietary



Finally: rtl-sdr


Fun Cube Dongle Pro (2010)



Finally: rtl-sdr


OsmoSDR (2012)

small, low-power / low-cost USB SDR hardware (225 USD)higher bandwidth than FunCubeDonglePro (1.2 MHz /14bit)much lower cost than USRP, but more expensive thanFCDPOpen Hardware (schematics), software (FPGA, firmware)



Finally: rtl-sdr

Gnuradio SDR ArchitectureGnuradio blocks and flow graphsGnuradio sinks and sources

Gnuradio architecture

Philosophy: Implement SDR not as hand-craftedspecial-case hand-optimized assembly code in someobscure DSP, but on a general purpose PC

with modern x86 systems at multi-GHz clock speeds andwith many cores this becomes feasibleof course way too expensive for a mass-produced product,but very suitable for research, teaching and rapidprototyping

Implement various signal processing elements in C++assembly optimized libraries for low-level operationsprovide python bindings for all blocks

Python script to define interaction, relation, signal routingbetween blocks



Finally: rtl-sdr


Gnuradio blocks and flow graphs

block represents one element of signal processingfilters, adders, transforms, decoders, hardwareinterfaces

flow graph defines routing of signals and interconnection ofblocks

Think of it as the plumbing between the blocks

Data passing between blocks can be of any C++ data type



Finally: rtl-sdr


GRC flow graph for Wideband FM



Finally: rtl-sdr


GRC flow graph for SSB



Finally: rtl-sdr


Gnuradio sinks and sources

sink special block that consumes datahardware sinks USRP, Sound card, COMEDIsoftware sinks Scope UI, UDP port, Video card

source special block that sources datahardware sources USRP, Sound card, COMEDIsoftware sources Noise source, File, UDP port

Every flow graph needs at least one sink and one source!



Finally: rtl-sdr

The Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots

Realtek RTL2832U based DVB-T receivers

Realtek RTL2832U based DVB-T receivers are cheaplyavailable on the market (USD 20)RTL2832U implements ADC, DVB-T demodulator andhigh-speed USB deviceNormal mode of operation includes full DVB-T receiverinside RTL2832U hardware and only sends MPEG2-TS viaUSBRealtek released GPL-licensed Linux kernel driver forwatching TV (not mainline style, but at least GPL)Realtek released limited manual to V4L developers



Finally: rtl-sdr


RTL2832U based devices: EzTV 668



Finally: rtl-sdr


RTL2832U based devices: Hama nano1



Finally: rtl-sdr


RTL2832U based devices

more than 20 different devices from various vendorsBrand names include ezcap, Hama, Terratec, Compro,GTek, Lifeview, Twintech, Dexatek, Genius, Gigabyte,Dikom, Peak, Sveonall based on the identical RTL2832U reference designonly major difference is mechanical shape/size and silicontuner used. Best tuner we know is Elonics E4000 (highfrequency range)



Finally: rtl-sdr


RTL2832U FM and DAB radio

Some people realized certain windows drivers forRTL2832U based products implement FM Radio, otherseven DABLinux driver had no FM radio or DAB supportRealtek-disclosed limited data sheet didn’t mention it eitherSniffing USB protocol on Windows revealed that rawsamples are passed from ADC over USB, FM or DABdemodulation happens in x86 software.Realtek didn’t provide documentation or source code forthis on request



Finally: rtl-sdr


RTL2832U towards rtl-sdr

Reverse engineering the USB protocol and replayingcertain commands from custom libusb based code wasable to trigger the raw sample transmissionremaining Realtek driver provided information on how touse the I2C controller to control the tuner frontendHarald already developed Elonics E4000 driver forosmo-sdr, which could be re-cycledTuning to arbitrary frequencies allows digitizing spectrumof any communications system within the tuner range



Finally: rtl-sdr


RTL2832U towards rtl-sdr

librtlsdr contains the major part of the driverrtl_sdr command line capture toolgr-osmosdr gnuradio source blockHomepage: http://sdr.osmocom.org/trac/wiki/rtl-sdrlibusb is portable, there even are pre-built windows binaries



Finally: rtl-sdr


rtl-sdr software support

gnuradio (of course), using gr-osmosdrgr-pocsag (POCSAG pagers)simple_fm_rcv (FM receiver)python-librtlsdr / pyrtlsdr (generic python bindings)QtRadioqgrxrtl_fmSDR#gr-air-modestetra_demod_fft (TETRA radio)airprobe (GSM receiver)



Finally: rtl-sdr


Free Software SDR Receivers

Full FOSS receivers/demodulators/decoders available forOld analog modes like AM/FM/WFM/SSBDAB (Digital Audio Broadcasting)GSM downlink + uplink (airprobe)TETRA downlink (OsmocomTETRA)ETSI GMR / Thuraya (OsmocomGMR)P25 (OsmocomOP25)AIS (Maritime transponders)Gen2 UHF RFIDDECT (Digital European Cordless Telephony)



Finally: rtl-sdr


Who needs all of this?

Students learning about digital signal processingRadio AmateursCommunications (security) resarchersAnyone interested in building their own software radioreceivers

This is of course not the 100k / million quantity consumer massmarket. But nonetheless, definitely thousands to tens ofthousands



Finally: rtl-sdr


rtl-sdr: Multi-Carrier TETRA



Finally: rtl-sdr


rtl-sdr: ETSI GMR (Thuraya Satphone)



Finally: rtl-sdr


rtl-sdr: GPS (after filter / LNA)



Finally: rtl-sdr


rtl-sdr: inmarsat (after LNA)



Finally: rtl-sdr


Thanks

I’d like to thank the many Osmocom developers andcontributors, especially

Steve MarkgrafDimitri StolnikovHoernchenSylvain Munaut

also, Realtek for providing at least some (DVB oriented)documentation and for releasing GPL licensed code for theirhardware in the first place.



Finally: rtl-sdr


Thanks

Thanks for your attention. I hope we have time for Q&A.


Software Defined RadioTraditional radio receivers vs. SDRHow the industry normally uses SDRHow the community wants to use SDR

Gnuradio Software Defined RadioGnuradio SDR ArchitectureGnuradio blocks and flow graphsGnuradio sinks and sources

Finally: rtl-sdrThe Realtek RTL2832U and its primary applicationSome of the software supporting rtl-sdrSignal Plots

Documents

rtl-sdr - Turning USD 20 Realtek DVB-T receiver into a SDR · Finally: rtl-sdr The Realtek RTL2832U and its primary application Some of the software supporting rtl-sdr Signal Plots