Getting ready with HackRF One

tested on ubuntu/artful/bionic and debian/stretch

Gain Settings (from the FAQ)

RX

RF "amp", 0 or 14 dB
IF "lna", 0 to 40 dB in 8 dB steps
BB "vga", 0 to 62 dB in 2 dB steps

start with 0/16/18, good results here with 0/32/18. enable amp only if you need to

TX

RF 0 or 14 dB
IF 0 to 47 dB in 1 dB steps

Installation from Source

apt install build-essential cmake libfftw3-dev libusb-1.0-0-dev pkg-config

git clone https://github.com/mossmann/hackrf.git
cd hackrf/
mkdir host/build/
cd host/build/
cmake ..
make -j8
make install
ldconfig
cat /etc/udev/rules.d/53-hackrf.rules
grep ^plugdev /etc/group
usermod -aG plugdev USERNAME

Identification

Watch the kernel logs,

tail -F /var/log/kern.log /var/log/syslog

and just in case the front-panel is not pushing enough power into the device, PLUG THE SHIT INTO A MOTHERBOARD USB PLUG.

Then look at currently installed FW version,

which hackrf_info
hackrf_info

It is preferable to have all version at the same level: FW, CPLD and binaries.

Firmware and CPLD

apt install gcc-arm-none-eabi
#apt install libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib gcc-arm-none-eabi binutils-arm-none-eabi

cd hackrf/
git submodule init
git submodule update
cd firmware/libopencm3
pip install pyyaml
make -j8

cd ../hackrf_usb/
mkdir build/
cd build/
cmake ..
make -j8
hackrf_spiflash -w hackrf_usb.bin

Restart the device by clicking on the first button on the edge.

cd hackrf/firmware/cpld/
hackrf_cpldjtag -x sgpio_if/default.xsvf

Check for write success, un-plug power from the device, wait a second and replug. Then check again,

hackrf_info

Acceptance Testing

Eventually validate RX and TX.

Calibrate HackRF plan A (failing)

apt install libtool autoconf automake m4

Get the fork from rxseger

#git clone https://github.com/scateu/kalibrate-hackrf.git
git clone https://github.com/rxseger/kalibrate-hackrf.git
cd kalibrate-hackrf/
./bootstrap
./configure 
make -j8
cd ../

We need no heavy gains and want to get only the strongest channels. Eventually start with 16/16 and then 24/20 or even 32/20. No need to enable the pre-amplifier there unless you’re in a desert with no BTS at all near-by.

kalibrate-hackrf/src/kal -h
kalibrate-hackrf/src/kal -s GSM900 -l 32 -g 20 -p 10 | tee GSM900.kal-hackrf
#kalibrate-hackrf/src/kal -s DCS -l 32 -g 20 -p 10 | tee DCS.kal-hackrf
#-a
sort -rh -k7,7 GSM900.kal-hackrf
#sort -rh -k7,7 DCS.kal-hackrf

LOOK AT THE OFFSETS - THIS DOES NOT MAKES SENSE - THOSE ARE TOO HIGH - THEREFORE THIS CANNOT WORK

#arfcn=
#kalibrate-hackrf/src/kal -c $arfcn -l 32 -g 20

Calibrate HackRF plan B

PPM seems to mean something else here - or at least it is used differently that in GQRX and kalibrate. It cannot be negative and refers to the frequency uncertainty. Default PPM is 120. Use --correction instead and eventually reduce PPM uncertainty down to max. 10.

Find an LTE signal up there, which can be differenciated from 3G/UMTS and write down its center frequency.

Fetch & build LTE-Cell-Scanner. LNA is hardcoded at 40 and you can only lower VGA, here down to 20.

cd LTE-Cell-Scanner/build/src/
./CellSearch -h
./CellSearch --freq-start 1842.5e6 --freq-end 1842.5e6 --gain 20
./CellSearch --freq-start 1842.5e6 --freq-end 1842.5e6 --gain 20 --correction 1.000010337027486429
#1.0000089694805360807

python

>>> 1e6 * (1 - 1.0000101601567139564)
-10.160156713956425

>>> 1e6 * (1 - 1.0000089694805360807)
-8.96948053608071

However - don’t ask me why - it works best without any correction nor PPM

./LTE-Tracker -h
#./LTE-Tracker --gain 20 --freq 1842.5e6 --correction 1.0000089694805360807 --ppm 20
./LTE-Tracker --gain 20 --freq 1842.5e6

Qspectrum

#git clone https://github.com/xmikos/qspectrumanalyzer.git
#less README.rst #--> Ubuntu
#apt install python3-pyqt5 python3-pyqtgraph

apt install python3-pip
pip3 install qspectrumanalyzer

which hackrf_sweep
qspectrumanalyzer 

File > Settings
settings/Backend: hackrf_sweep
settings/Sample rate: 20 Mhz

Frequency: 10 or 450 - 7250 Mhz
Bin size:  1000 kHz

-MAIN CURVE
MAX HOLD
AVERAGE
SMOOTHING

Inspectrum

as user

git clone https://github.com/miek/inspectrum.git
cd inspectrum/
mkdir build/
cd build/
cmake ..
make -j8
sudo make install

hackrf_transfer -h
hackrf_transfer -r air.cs8 -f `arfcncalc -a $arfcn -d` -l 32 -g 20 -s 2e6
hackrf_transfer -r air.cs8 -f 1842.5e6 -l 32 -g 20 -s 11e6
#-C "$hppm"

inspectrum -h
inspectrum --rate 2e6 air.cs8
inspectrum --rate 11e6 air.cs8

Troubles

Couldn't transfer any bytes for one second.

==> reset the device once and you’re good

Spectrum Analyzer GUI for hackrf_sweep

Fetch hackrf-spectrum-analyzer

sudo apt install build-essential ant git libusb-1.0 libfftw3 libfftw3-dev openjdk-8-jdk

git clone --depth=1 --recurse-submodules https://github.com/pavsa/hackrf-spectrum-analyzer.git
cd hackrf-spectrum-analyzer/src/hackrf-sweep/
make -j8
build/hackrf_sweep_spectrum_analyzer.sh

Resources

HackRF One https://github.com/mossmann/hackrf/wiki/HackRF-One

FAQ https://github.com/mossmann/hackrf/wiki/FAQ

How to build the host software on Linux https://github.com/mossmann/hackrf/tree/master/host

Operating System Tips https://github.com/mossmann/hackrf/wiki/Operating-System-Tips

How we can Decide for set BB gain, IF gain, RF gain??? https://www.edaboard.com/showthread.php?364402-How-we-can-Decide-for-set-BB-gain-IF-gain-RF-gain

Gains

How we can Decide for set BB gain, IF gain, RF gain??? https://www.edaboard.com/showthread.php?364402-How-we-can-Decide-for-set-BB-gain-IF-gain-RF-gain

HackRF TX amplifier test, RF, IF, BB Gain to very high values https://www.reddit.com/r/hackrf/comments/8g0uh6/hackrf_tx_amplifier_test_rf_if_bb_gain_to_very/

FAQ https://github.com/mossmann/hackrf/wiki/FAQ

Firmware

mossmann/hackrf https://github.com/mossmann/hackrf/tree/master/firmware

Updating Firmware https://github.com/mossmann/hackrf/wiki/Updating-Firmware

How to fix fatal GCC-ARM error: stdint.h: No such file or directory https://www.youtube.com/watch?v=G8UoYFKD4no

no stdint.h file on Debian https://stackoverflow.com/questions/23973971/no-stdint-h-file-on-debian

stdint.h: No such file or directory https://devzone.nordicsemi.com/f/nordic-q-a/16584/stdint-h-no-such-file-or-directory

Hardware

Tips and Tricks https://github.com/mossmann/hackrf/wiki/Tips-and-Tricks

USB(?) interference via antenna from the lowest frequencies to above 190 MHz #544 https://github.com/mossmann/hackrf/issues/544

HackRF Sensitivity https://forums.radioreference.com/threads/hackrf-sensitivity.316834/

I put my hackrf into a Hammond cast alum. box wrapped usb cord with choke/ferrit and have seen a big improvement. And with a discone ant. Just need to play with more when I’m not busy…

Calibration Troubles

kalibrate-hackrf not picking up GSM https://www.reddit.com/r/hackrf/comments/9ht7ef/kalibratehackrf_not_picking_up_gsm/

Is it right (wildly inconsistent results on different channels, e.g. -33.570 ppm vs 38.369 ppm) #6 https://github.com/scateu/kalibrate-hackrf/issues/6

Wrong ARFCN and frequencies – is -E needed? #24 https://github.com/scateu/kalibrate-hackrf/issues/24

what’s accuracy of SDR oscillator in HackRF one? for example, the USRP1 to 20 parts per million (ppm) #379 https://github.com/mossmann/hackrf/issues/379

SDR calibration via GSM FCCH using Kalibrate and LTE-Cell-Scanner on RTL-SDR and HackRF https://medium.com/@rxseger/sdr-calibration-via-gsm-fcch-using-kalibrate-and-lte-cell-scanner-on-rtl-sdr-and-hackrf-193a7fb8a3eb

LTE Calibration

SDR calibration via GSM FCCH using Kalibrate and LTE-Cell-Scanner on RTL-SDR and HackRF https://medium.com/@rxseger/sdr-calibration-via-gsm-fcch-using-kalibrate-and-lte-cell-scanner-on-rtl-sdr-and-hackrf-193a7fb8a3eb

Range of results from Kalibrate https://www.reddit.com/r/RTLSDR/comments/3sj650/range_of_results_from_kalibrate/

rxseger/LTE-Cell-Scanner forked from JiaoXianjun/LTE-Cell-Scanner https://github.com/rxseger/LTE-Cell-Scanner

JiaoXianjun/LTE-Cell-Scanner forked from Evrytania/LTE-Cell-Scanner https://github.com/JiaoXianjun/LTE-Cell-Scanner

Evrytania/LTE-Cell-Scanner https://github.com/Evrytania/LTE-Cell-Scanner


Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml