0xStubs

System Administration, Reconfigurable Computing and HPC

Using the HackRF One as a wideband spectrum analyzer

The HackRF One is a popular software defined radio (SDR) device, supporting not only reception but also the transmission of radio signals in the range between 1 MHz and 6 GHz. A new feature in the HackRF firmware now allows using it as a spectrum analyzer over the full 6 GHz range.

The 20 MHz bandwidth of the HackRF One always allowed you to use it as a real-time spectrum analyzer if the spectrum of interest was narrower than 20 MHz (screenshot taken from gqrx):

Recently, with release 2017.02.01 of the HackRF firmware and tools, a sweep mode was added which allows you to use the device as a wideband spectrum analyzer over the full 6 GHz spectrum. A corresponding backend was added to QSpectrumAnalyzer (hackrf_sweep), making it possible to interactively setup the sweep functionality and to visualize the spectrum:

Using this feature, you can also look at specific frequency ranges, e.g. WiFi and cellular networks in your area, ISM bands or your local DVB-T stations as shown in the screenshot below.

Currently, there are still a few issues, mainly performance-wise:

  • hackrf_sweep sometimes drops frequency bins on high system load. In QSpectrumAnalyzer, this is dealt with by entirely dropping sweeps with wrong bin count. Depending on the system load, this can significantly reduce the effective sweep rate.
  • Depending on the frequency range and the bin size, the sweep rate of hackrf_sweep overloads QSpectrumAnalyzer, rendering the application unusable. As a workaround, rate limiting was added by allowing to set a minimum sweep interval. hackrf_sweep will still run with its native sweep rate but QSpectrumAnalyzer will drop sweeps to reduce the rate accordingly.

The mentioned workarounds are in place since QSpectrumAnalyzer 2.2.0.

8 Responses to Using the HackRF One as a wideband spectrum analyzer

  1. snowc says:

    Thanks for the write-up! Do you think the sweep function makes the HackRF One a quality tool for surveying WiFi? Does sweeping effectively overcome the 20MHz limitation? I can’t imagine the much higher priced (and limited) Wi-Spy dBx having more than 10-20Mhz of bandwidth, they must be using sweep of some sort as well

    • Michael says:

      I’m probably unqualified to answer this as I neither have any experience with alternative SDR devices nor with WiFi surveying. But I can at least name potential issues here:

      – You would need a suitable antenna for WiFi frequencies. The ANT500 and ANT700 sold by Great Scott Gadgets are only rated up to 1GHz or 1.1GHz respectively. The device has a standard SMA connector, so connecting suitable antennas shouldn’t be a problem.

      – The sweep functionality does overcome the 20MHz limitation but it does so at a price. If you want to detect very narrow bursts on a WiFi channel you will need a high sweep rate. Using the software stack I mentioned in this post, I am only able to achieve sweep rates around 0.2 or 0.3s (mainly limited by the capabilities of QSpectrumAnalyzer). I guess this is way too slow to detect brief bursts. In my view this isn’t a limitation of the hardware, though. The hackrf_sweep tool itself allows much higher sweep rates. Also, if host software or USB bandwidth is the limiting factor it should be able to implement some kind of averaging in the HackRF firmware.

      Maybe a naïve question: I remember having used kismet with standard WiFi hardware to detect hidden WiFi networks. What’s the benefit of using SDR devices in a sweep mode instead for this purpose?

  2. Locus says:

    Hello. First of all, I speak spanish, so, sorry for my english.
    I write to you, because of the proyect Qspectrumanalyzer. I have a Hackrf One, firmware 2017, recently I update to 2018 firmware. I connected the device to a odroid xu4, with Ubuntu 18.04.
    I follow your steps in https://github.com/xmikos/qspectrumanalyzer/ to compile de software. When I run qspectrumanalyzer, the program show up.
    Why the version in About menu, says 2.1?, I downloaded from

    git clone https://github.com/xmikos/qspectrumanalyzer.git

    In windows the release is 2.2

    I want to use the hackrf_sweep, for have 6 GHz of BW. In the program,
    when I go to settings, I select Backends hackrf_sweep, what I have to select in Executable?

    Its say that hackrf_sweep not found and the Device button disable.

    What else I need to do?

    Please, Im new in Ubuntu, all my life I work in windows.

    By the way, amazing software.

    • Michael says:

      First a disclaimer: I’m not the author of QSpectrumAnalyzer. I only contributed small fixes for the hackrf_sweep backend.

      Regarding the outdated version: Which pip command did you use to install the software? It seems like 2.2.0 never made it to PyPI, so with “pip3 install –user qspectrumanalyzer” you will still get version 2.1.0. Installing from a git checkout with “pip3 install –user .” should work though.

      Regarding the missing hackrf_sweep: hackrf_sweep should be included in Ubuntu’s hackrf package. So an “apt-get install hackrf” should provide it to you. It will be located under /usr/bin/hackrf_sweep.

  3. Locus says:

    Hello, and thanks for responding so fast.
    I managed to run the software. Right, I found hackrf_sweep in / usr / bin / hackrf_sweep.
    It works quite well, considering that I am using it with an odroid xu4.
    The pip command that I use to install the software was
    # Install QSpectrumAnalyzer locally for your current user
    pip3 install –user qspectrumanalyzer

    And install qspectrumanalyzer 2.1

    Then I will use this option, as it says on the page.

    If you want to install QSpectrumAnalyzer directly from Git master branch, you can use this procedure:

    git clone https://github.com/xmikos/qspectrumanalyzer.git
    cd qspectrumanalyzer
    pip3 install –user.

    A greeting.

    • Michael says:

      Exactly, the ‘ .’ at the end of the command is important so that it installs from the current directory and not from the PyPI repository.

  4. Brendon says:

    I am running windows 10. Qspectrum closes abruptly for some reason during scan. The following cmd dump shows 1 total sweeps completed, 9.45 sweeps/second
    2 total sweeps completed, 11.85 sweeps/second
    3 total sweeps completed, 12.95 sweeps/second
    5 total sweeps completed, 16.92 sweeps/second
    Traceback (most recent call last):
    File “C:\Users\secon\AppData\Local\Programs\Python\Python36\lib\site-packages\qspectrumanalyzer\backends\hackrf_sweep.py”, line 144, in run
    self.parse_output(buf)
    File “C:\Users\secon\AppData\Local\Programs\Python\Python356\l tiotb\sialte- spaweckepags ecos\qmpspectrleumanalyzer\tbeackd,ends \13h.85ack srfwe_swepees/p.sepyco”, ndli
    ne 115, in parse_output
    data = np.fromstring(buf[16:], dtype='<f4')
    ValueError: string size must be a multiple of element size
    5 total sweeps completed, 11.85 sweeps/second

    Couldn't transfer any data for one second.

    Exiting… hackrf_is_streaming() result: HACKRF_TRUE (1)
    Total sweeps: 5 in 0.43901 seconds (11.85 sweeps/second)

    Any help you could give me would be much appreciated!

    • Michael says:

      It looks like hackrf_sweep stops to provide any data and QSpectrumAnalyzer cannot really handle that situation. While one could try to catch this in QSpectrumAnalyzer to prevent a crash, this would not solve the underlying issue.

      The underlying issue looks similar to https://github.com/mossmann/hackrf/issues/634. Unfortunately I have no further insights into this.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.