0xStubs

Computer science, IT, Photography

Using the HackRF One as a wideband spectrum analyzer

The HackRF One is a popular software defined radio (SDR) device, supporting not only reception but also the transmission of radio signals in the range between 1 MHz and 6 GHz. A new feature in the HackRF firmware now allows using it as a spectrum analyzer over the full 6 GHz range.

The 20 MHz bandwidth of the HackRF One always allowed you to use it as a real-time spectrum analyzer if the spectrum of interest was narrower than 20 MHz (screenshot taken from gqrx):

Recently, with release 2017.02.01 of the HackRF firmware and tools, a sweep mode was added which allows you to use the device as a wideband spectrum analyzer over the full 6 GHz spectrum. A corresponding backend was added to QSpectrumAnalyzer (hackrf_sweep), making it possible to interactively setup the sweep functionality and to visualize the spectrum:

Using this feature, you can also look at specific frequency ranges, e.g. WiFi and cellular networks in your area, ISM bands or your local DVB-T stations as shown in the screenshot below.

Currently, there are still a few issues, mainly performance-wise:

  • hackrf_sweep sometimes drops frequency bins on high system load. In QSpectrumAnalyzer, this is dealt with by entirely dropping sweeps with wrong bin count. Depending on the system load, this can significantly reduce the effective sweep rate.
  • Depending on the frequency range and the bin size, the sweep rate of hackrf_sweep overloads QSpectrumAnalyzer, rendering the application unusable. As a workaround, rate limiting was added by allowing to set a minimum sweep interval. hackrf_sweep will still run with its native sweep rate but QSpectrumAnalyzer will drop sweeps to reduce the rate accordingly.

The mentioned workarounds are in place since QSpectrumAnalyzer 2.2.0.

2 Responses to Using the HackRF One as a wideband spectrum analyzer

  1. snowc says:

    Thanks for the write-up! Do you think the sweep function makes the HackRF One a quality tool for surveying WiFi? Does sweeping effectively overcome the 20MHz limitation? I can’t imagine the much higher priced (and limited) Wi-Spy dBx having more than 10-20Mhz of bandwidth, they must be using sweep of some sort as well

    • Michael says:

      I’m probably unqualified to answer this as I neither have any experience with alternative SDR devices nor with WiFi surveying. But I can at least name potential issues here:

      – You would need a suitable antenna for WiFi frequencies. The ANT500 and ANT700 sold by Great Scott Gadgets are only rated up to 1GHz or 1.1GHz respectively. The device has a standard SMA connector, so connecting suitable antennas shouldn’t be a problem.

      – The sweep functionality does overcome the 20MHz limitation but it does so at a price. If you want to detect very narrow bursts on a WiFi channel you will need a high sweep rate. Using the software stack I mentioned in this post, I am only able to achieve sweep rates around 0.2 or 0.3s (mainly limited by the capabilities of QSpectrumAnalyzer). I guess this is way too slow to detect brief bursts. In my view this isn’t a limitation of the hardware, though. The hackrf_sweep tool itself allows much higher sweep rates. Also, if host software or USB bandwidth is the limiting factor it should be able to implement some kind of averaging in the HackRF firmware.

      Maybe a naïve question: I remember having used kismet with standard WiFi hardware to detect hidden WiFi networks. What’s the benefit of using SDR devices in a sweep mode instead for this purpose?

Leave a Reply to Michael Cancel reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.