QRadioLink developer Adrian Musceac has written up a project to build a working though self-admittedly “limited functionality” software-defined Digital Mobile Radio (DMR) Tier III trunked radio base station transceiver powered by a LimeNET Micro or LimeSDR Mini.
“It seems desirable to study the properties of a trunked radio system and perhaps try to apply them if needed in the Amateur Radio service, however free software implementations of such systems are difficult to find, with most information regarding the practical operation aspects of such a DMR Tier III system not being generally available to amateur radio operators,” Adrian explains.
“[This project is] an attempt at demonstrating that a (limited functionality) DMR Tier III trunked radio base transceiver station setup is possible utilizing entirely Open Source/Free Software components as well as open hardware, and employing Software Defined Radio techniques to achieve the result. Since the goal of the project is educational and amateur radio usage, there is no claim that all features of the ETSI DMR standards that are implemented or described here work as intended.”
Described by Adrian as a work-in-progress, the project is primarily built and tested using the all-in-one LimeNET Micro platform – though additional testing has been carried out on the LimeSDR Mini too, with Adrian explaining that all the project needs is an SDR capable of using GNU Radio’s FPGA-based timestamp functionality and full-duplex transmission. In both cases, the devices were connected to either a quad-core x86- or six-core Arm-based host system running MMDVM and MMDVMHost, QRadioLink, GNU Radio, DMRTC, and DMRGateway.
The full project write-up is available on the QRadioLink website, with demo videos available on YouTube.
Researchers from the University of Michigan, Zhejiang University, and Northeastern University have warned of vulnerabilities in embedded camera systems which allow captured video to be recreated by eavesdropping on their electromagnetic emissions though a technique dubbed “EM Eye.”
“Cameras’ imaging sensors transmit unprotected, plain video data in a completely deterministic manner to downstream processors such as GPUs and CPUs,” the team explains. “While data encoded as bits cause alternating, image-specific electromagnetic (EM) fields around the camera circuits, the data transmission cable connecting the imagers and processors act as an unintentional radio antenna that broadcast the EM waves to adversaries. Attackers can then receive the EM leakage using an eavesdropping antenna and reconstruct the camera outputs by analysing the EM signals, as demonstrated.
“The quality of the reconstructed images can be further improved using deep learning-based signal processing methods. EM Eye’s causality analysis focused on the example of the trending embedded camera data transmission interface: MIPI CSI-2 [Camera Serial Interface 2]. Other similar interfaces are also be susceptible. We have prepared a ready-to-use software tool that can produce real-time reconstructions of the eavesdropped videos with EM signal input from [an SDR] device.”
The team tested the EM Eye approach against 12 different camera modules, including cameras built into smartphones, in-car dashboard cameras, home security cameras, and development platforms including the Raspberry Pi with Camera Module, and found varying levels of vulnerability depending on the distance between sensor and processing hardware and any shielding present. “DIY home security cameras using Raspberry Pi may not be such a good idea,” the team suggests, while warning that the receiving device could be disguised as a modified power bank or carried out through a building’s walls or windows.
More information, and a copy of the paper, is available on the EM Eye website; the source code has been published to GitHub under the reciprocal GNU General Public Licence 3. A video presentation is available on YouTube.
Engineer Sebastian Westerhold has built a spark-gap transmitter – then gone a step beyond most by analysing its output in considerable detail.
“This article plunges you into the mesmerising world of early radio technology through the assembly and analysis of a DIY spark gap transmitter,” Sebastian writes of his latest project. “This project offers a practical insight into the fascinating dynamics of damped harmonic oscillators and explains characteristics such the logarithmic decrement, decay rate, damping factor, q factor, and beyond. Prepare to spark your curiosity in a technology that once revolutionized global communication.
“The spark gap is constructed using carriage bolts and acrylic. The breakdown voltage of air is around 3kV/mm. At least when assuming an idealized homogeneous field and an electrode spacing of 10mm. While this simplification ignores a bit of reality, delving into Paschen’s law is beyond the scope of this article. The spark gap is set for a breakdown voltage of roughly 18kV, equivalent to an electrode gap of approximately 6mm.”
After building the simple transmitter, Sebastian set about testing and analysing its output – starting with a multi-band receiver set to amplitude modulation, then with an oscilloscope set to single capture. “A sinusoidal signal, characterized by a rapidly decaying amplitude, becomes immediately noticeable,” he writes of the scope observations. “With proper markers in place and zoomed in a bit, and still ignoring the first 1.5 cycles, the frequency can be confirmed to be around 3MHz, 2.976MHz to be precise. The amplitude of the first peak is 266V, the second peak is at 174V and the consequent three peaks are at 126V, 96V, 72V and 52V. This is all the information needed to calculate the so called logarithmic decrement.”
The full article is available on Sebastian’s website, Baltic Lab; a supporting video is available on YouTube.
Radio amateur Dave “AA7EE” Richards has been building a different type of vintage transmitter, this time taken from the pages of the G-QRP Club SPRAT journal in 1981: the OXO transmitter.
“[“GM3OXX’s] OXO transmitter was first featured in the Autumn 1981 issue of SPRAT, the journal of the G-QRP club. The original circuit didn’t include an LPF [Low-Pass Filter]; the builder was expected to provide their own,” Dave explains.
“I mocked it up on a breadboard and it worked well. I noticed that the VXO [Voltage-controlled Crystal Oscillator], although not oscillating on key-up, was emitting some very low level spurii. In retrospect, this could well have been due to stray capacitances in the breadboard, and the fact that the circuit wasn’t built over a ground plane. Nevertheless, I decided to have the keying transistor key both the oscillator and PA.
“George GM3OXX added a 0.1µF cap across the key contacts to help with shaping. It wasn’t on the original schematic as published in SPRAT, but I added it here. The RFC in the collector of the PA transistor can be a moulded choke. I wound 17 turns on an FT37-43 toroid to serve the same purpose. I also added a spotting switch, with the 1N5817 diode to prevent the PA from being switched on when only the oscillator signal is wanted, for ‘netting’ the transmitter frequency on a receiver.”
The full build is detailed on Dave’s blog, along with hand-drawn schematics both for the original OXO design with added LPF and the variant with spotting switch.
Electrical engineer Henrik Forstén has also been working on some homebrew hardware, though his creation is somewhat more modern: a do-it-yourself approach to making a 6GHz pulse-compression radar.
“Pulse radar is much more difficult to design than FMCW [Frequency-controlled Modulated Continuous Wave] radar,” Henrik explains. “To share one antenna, very fast switching between transmit and receive is needed. Radar pulses travel at the speed of light, and for example, if switching from transmit to receive takes 1 microsecond, all the reflections from targets in 150-metre distance would be missed during the switching time. Sharing one antenna causes the radar to have a minimum detection distance, which can be hundreds of meters which makes it unsuitable for short-range operation.
“There are many kinds of pulse radars, and the one I want to make is a pulse compression radar that supports arbitrary waveforms. Generating only linear frequency sweeps could be simpler and sufficient for many practical applications, but it wouldn’t be as interesting. The requirement for arbitrary waveform means that there needs to be a digital-to-analogue converter (DAC) with large enough sampling rate to generate the transmitted waveform. The receiver also needs an ADC [Analogue-to-Digital Converter] with large enough sample rate to sample the whole RF bandwidth.
“The architecture is very similar to software-defined radio (SDR),” Henrik notes of his creation, “and it could be used as a radio too. The radar has two time-multiplexed receiver antennas with transmitter being shared with one of them. I added the second receiver channel mainly because it was very cheap, it only requires additional switch, LNA [Low-Noise Amplifier] and SMA [Sub-Miniature A] connector. The second receiver channel makes it possible to use the radar also in FMCW mode. In a proper radar system some filtering would be useful at both transmitter and receiver, but I left it out here to save money.”
Full details on the project are available on Henrik’s blog, along with a schematic – though he has not yet released source code nor binaries for the software and firmware. The cost is estimated at a little under $600 for two boards; “there aren’t any similar commercial pulse compression radars in the same price range,” Henrik notes, “and even software defined radios with similar RF bandwidth are much more expensive.”
Researchers from the University of Missouri-Kansas City, Rice University, and Brown University have come up with a way to improve the coverage of future terahertz-frequency wireless networks – by curving the radio beams around blockages.
“Most people probably use a Wi-Fi base station that fills the room with wireless signals,” says Brown professor and senior author Daniel Mittleman of the team’s work. “No matter where they move, they maintain the link. At the higher frequencies that we’re talking about here, you won’t be able to do that any more. Instead, it’s going to be a directional beam. If you move around, that beam is going to have to follow you in order to maintain the link, and if you move outside of the beam or something blocks that link, then you’re not getting any signal.”
The solution to blockages, then, is either additional transmitters or – as in the team’s approach – figuring out a way to avoid blockages, by curving the radio beam around anything in its path. “This is the world’s first curved data link,” co-author Edward Knightly, Rice professor, explains, “a critical milestone in realising the 6G vision of high data rate and high reliability.”
The team’s work centres around “self-accelerating beams,” which naturally bend to one side as they move – something which has been studied before in optical frequencies, but which the researchers applied to radio frequencies in the terahertz spectrum. Using patterned transmitters, the team was to manipulate the magnetic waves in order to steer them around an object — providing at least part of the pattern is still visible to the receiver.
The team’s work has been published in the journal Communications Engineering under open-access terms. “One of the key questions that everybody asks us is how much can you curve and how far away,” Daniel admits. “We’ve done rough estimations of these things, but we haven’t really quantified it yet, so we hope to map it out.”
Developer Phillip Tennen has dug deep into the inner workings of the Global Navigation Satellite System (GNSS) — by designing a fully-functional Python package to turn a software-defined radio into a GPS receiver.
“A few months ago I learned that there were only around 30 GPS satellites serving the entire planet. This piqued my interest,” Phillip explains, “because it reminded me of the 13 root DNS servers from which all resolution flows. Perhaps GPS has a similar design in which the ‘source of truth’ is diluted by several layers of signal repeaters?
“I decided to try my hand at decoding these GPS signals, guided by the vague end-goal of plucking out my position from peanuts. I learned that the GPS signals that facilitate our mapping apps are ever-present, around us at any altitude, in any weather conditions, at all times. This sounds cool in the abstract, but the tangible reality is staggering. These signals are all around me as I write this. They’re all around you as you read it. The world is soaked in these whispers, repeating themselves endlessly for anyone willing to listen.”
The result of Phillip’s epiphany is Gypsum, a software-defined GPS receiver written in Python and capable of capturing the “whispers” of GPS satellites using a software-defined radio with a suitable antenna and decoding them into a precise location fix – and of displaying considerable detail of each satellite’s signal in the process, thanks to a browser-based dashboard.
Phillip’s project is written up in detail as a four-part series on his blog; Gypsum’s source code is available on GitHub under the permissive MIT licence.
Finally, researchers from the Shibaura Institute of Technology (SIT) and Nagoya University have demonstrated how game theory can be applied to Wi-Fi networks in order to improve congestion issues – delivering up to a six per cent throughput boost.
“For wireless communication environments where multiple users exist and must be considered, game theory is one of the most suitable theories to use for analysis,” says Sumiko Miyata, associate professor at SIT and co-author of a paper detailing the team’s work. “In the approach proposed in our paper, the user position that maximizes system throughput is determined using what’s known as a ‘potential game,’ which is a type of model in game theory.
“Our method could be a potential option for Wi-Fi services in classrooms and libraries due to their location-free characteristics and low human traffic. The Wi-Fi system would calculate the optimal user positions based on their locations to enhance overall throughput and encourage them to take cooperative action, motivated by a desire to increase their own throughput as well. AP system[s] should be efficient regarding the use of their network resources. The proposed technique is an important technology for realizing smart cities, where everything is connected to the internet.”
Targeting IEEE 802.11-family networks, the team’s approach aims to condense incentives for all users down to a single function and determine the impact of new users joining the network based on their position – with users closer to the access point enjoying a stronger signal but a greater chance of interference compared to those further away. In testing, the result is a small but measurable improvement in overall throughput compared to the state-of-the-art – up to six per cent, the team found.
The researchers’ work has been published in the IEEE Open Journal of the Communications Society under open-access terms.