What the Heck Is This Radio Stuff Anyway?

Ready?

Okay, everyone. We're going to get started. I'm going to introduce uh Nick, who's going to be presenting. So, what the heck is that radio thing anyway? [Applause] Hello. Um, so yes, what the heck is that radio thing anyway? Um, I put this talk together uh because a lot of people are getting into softwaredefined radio. Um, you're getting these nifty little SDR dongles or getting the Hack RF uh other similar uh SDR peripherals um plugging it in your computer and then starting to play with some nifty software to decode all the cool things out on the air. But what happens inside that device and on the other side of the antenna port? I would like to go over that and just kind of uh

give you some of the basics of uh radio frequency stuff. Um as far as who I am, uh my name is Nick. Hi, I've been a ham radio operator for about 17 years. Uh computer geek, have cats and a dog, general, you know, nerdy person. So, let's go over just kind of a brief history of radio and what we've used to get to the point we are today. Started out long ago with spark gap transmitters, which were literally just a spark jumping a gap between a couple of conductors. It was a tiny little lightning bolt essentially that was just uh modulated to produce a certain frequency output. So, this was great for Morse code. It just made a burst of

noise that was louder than the background noise. Unfortunately, that burst of noise was very wide. So, it took up a whole lot of the band that it was in. You couldn't have a whole lot of signals coexisting. Wasn't very efficient. Uh we decided to go try voice and other uh communications methods. Morse code is still in use. Um they just kind of uh made it more spectrally efficient. One of the ways people could receive these signals was with a crystal radio, which is just a tuned circuit of a capacitor and inductor that's made to resonate at a particular frequency that you're receiving. Then it passes that signal into the crystal portion uh which acts as just a diode. Passes that into a

speaker and you can listen to your signal. These are cool because they are powered by the radio signal that they're receiving. Unfortunately, there's not a lot of power in this radio signal that they're receiving. So you have this tiny little speaker that's producing a tiny little bit of noise. Not very good for general listening. The development of vacuum tubes uh in the early 1900s let us do amplification of these s uh signals as well as replace the uh crystal portion with other tubes. Then moving on we got the transistors. Those are cool because they are very small, low power and they don't produce all the heat that you got out of vacuum tubes. So, we had little battery port uh

powered portable radios at that point. Everyone was happy. Yay. Raise your hand if you remember the Walkman. Thank god. Um these radios though tend to be a little limited in what they can do because once they're built, they only do what they're built for. Uh the military in the mid80s decided to start researching how to make things more flexible. The idea is you take as much of the radio as you can and stick it into a computer. Uh that way if you come up with a new modulation scheme or something, you just write software for it, update the computer, there you go. You're good. So what does a software defined radio look like? Uh I'm just going to go over a quick

design of how we build a basic SDR. So at its core, you have an antenna that pulls in a signal from the air that feeds it into an analog to digital converter which does exactly what it is called. uh it converts analog signals uh like sine waves and such that are uh coming in over the air to something in the digital domain that is then passed over to a computer or digital signal processor of some kind where it's processed in software. Unfortunately, with just this basic arrangement, you get a lot of noise and unwanted signals into your system that mess everything up. So, let's add a filter. This rejects uh anything we don't want. Uh prevents aliasing, which

is something I'll get to in a minute. Um but still, this isn't quite optimal. When you're receiving radio signals, the signal level at your antenna is measured in millolts, which really is hard to detect. So, let's throw an amplifier in there that lets us boost the strength of the signal as it's fed into the uh analog to digital converter. gives us something we can actually measure. This is great. This gives us the ability to record a particular frequency into our uh software defined radio. What if we want to tune it? There's always a broad range of signals that we can get to and we'd like to be able to get to them. So there's a cool property of radio

signals where if you mix two signals together, you get the first signal, the second signal, the sum of the signals and the difference of the signals. So if you have a 100 MHz uh signal that you're mixing with a 110 MHz signal, you get those two original signals. You also get 210 MHz out and 10 MHz out. So, we put together a little system like this where we have the LO down there is a local oscillator. That is just a reference signal that we're generating to mix with our input signal through the mixer. And then we add another filter after it. So in the case of those uh two signals I mentioned before 100 MHz and 110

we get rid of the original signals entirely as well as the sum and then we pass only the 10 MHz uh signal through to the analog to digital converter. There's another way of doing this, too. Um, where you set up your local oscillator and have two mixers and the oscillator feeds a uh sine wave and then a 90° out ofphase wave or a cosine wave into the other mixer and you end up with what's known as the inphase and quadriure signals. The disadvantage of this is obviously there's a lot more stuff you have to put in. It's more complex. The advantage is uh when you're sampling a signal with just a single analog to digital converter and

you just have that one signal uh that's coming through the mixer, you have to sample at twice the rate of whatever your signal is. I will show you why in just a minute. But the INQ uh system, you don't have to do that. So it increases your parts count in an SDR, but it means you don't have to go find as fast of analog digital converters. So trade-off here and there. As for why you have to sample at twice the frequency. Oh, that is hard to see. Um, well, we've got uh a blue high frequency signal. My mouse over there. There's my mouse. So, we've got our blue high frequency signal oscillating here. We are sampling it at these uh yellow

dots here at each of these points at a much lower rate than the original signal. Then, when you go to put all of these sample points together, you end up with this yellow wave, which looks nothing like the original wave. Well, it's a sine wave obviously, but it is a completely different frequency. It's something that's not actually there. That is called aliasing. And that is why we need to sample at at least twice the rate of what we want to get. In addition to the sample rate, the sample depth is important or bit depth. Um, this is needed for a couple of things. So, if we have mouse again. Where are you? Ah, here we go.

So, we've got the signal over on the left. It's a sine wave. And if this is an amplitude modulated signal, meaning that the actual strength of the signal is what encodes the information for you, trying to see any kind of difference in the amplitude where this is your sample size or the the basically the bin in which you can store this sample. You're not getting any information out of this. You're saying, "Okay, yes, there is a signal here. It's doing something. I don't know what. Over here, we've got a whole bunch more samples or I'm sorry, a whole bunch more data available in each sample. And that lets us see, okay, how strong is the signal

at each of these points. Something else it's important for is what's known as dynamic range, which is the difference uh that you can resolve. I'm saying that backwards. it is the uh difference between two signal strengths that you can resolve. So if you have a really strong signal and a really weak signal, if you don't have enough sample or enough uh data stored for each sample, then you're not going to be able to see that smaller signal when that large signal is uh maxing out your um bit bucket. Basically, uh it's the same kind of uh concept as when you take a picture of a bright scene outside and you've got a shaded tree. You can either have the shaded

tree in view and the bright sky be totally blown out or the bright sky be in view and the shaded tree be completely in shadow that you can't see. Same thing. Your camera doesn't have enough dynamic range to resolve that full range of light. What is it we are actually receiving? This is a chart of the United States frequency allocation spectrum. It has a ton of stuff on it. This uh usually comes in the 24 by36 poster and you got to get really close to actually see what is going on. Um this covers from 3 kHz to 300 gigahertz. And uh a hertz is just a measurement of the cyclic rate of a signal. Um, so a 1000

Hz signal, you're wiggling electrons up an antenna 1,00 times per second. Uh, you might hear some old school radio people talk about kilo cycles. Um, same thing, but nobody says that anymore. So, uh, let's take a look down at the bottom. There's this little orange section. This shows us the radio spectrum itself and then other kinds of electromagnetic radiation. Um, so radio, infrared, visible light, x-rays, it's actually all the same. It's just as you go further over, it's significantly higher frequencies. Um, and then just a little zooming in part of that spectrum. You can see there's still a ton packed in there. So the uh lesson there is the radio waves are very busy. And as far as what an electromagnetic

wave actually is, you have a wave that is both electric and magnetic. Uh you have the electric field component would be in say in this case a vertical plane. It's wiggling along and corresponding to it in the horizontal plane is the magnetic wave also wiggling along. You pull those out of the air with an antenna. Uh, an antenna just can be a piece of wire. Um, can be those funny things you see hanging up on your t uh house to pull in TV signals. Uh, but all it does is it resonates at a particular frequency and when a signal comes in at that frequency, it induces a voltage in your antenna which can then be detected

by your receiver. antennas themselves are pretty cool. Um they are like I said tuned to radiate or receive as well at a particular frequency. Uh they also have a certain amount of bandwidth specified. Bandwidth in RF is not the same as bandwidth in internet. Uh it is literally just the width of the band. So, if you have an antenna that's tuned for 200 MHz and it has a bandwidth of 10 MHz, it would cover from 195 to 205 pretty well. Uh, antennas have a property listed known as gain. Uh, this is some people see this as, oh, this is how much power my antenna increases. Actually, all it is is how much power your antenna focuses. You don't get

something for nothing. So, wherever you're increasing your amount of signal, you are decreasing the amount of signal in another area. Uh, this is a polar radiation chart. This indicates a highly directional antenna. Um, you can see that it's got uh these large loes of signal pattern off to the right in both the vertical and horizontal planes, but over on the sides and back, there's basically nothing at all. Um ah yes and uh decibb are a logarithmic scale. So every uh 10 dB increase is a factor of 10. So 10 dB is 10 times more 20dB 100 times more. Uh handy rule of thumb to remember 3dB is double. So when you see a 6dB antenna versus a 3db

antenna it's twice as much focused radiation in wherever it's going. uh 90 dB would be four times as much etc. I think I mapped that right. Um and the uh I in this is uh isotropic. So antenna gain is referenced to an isotropic antenna which is a perfect radiator in all directions which doesn't exist. So why do we use this? I don't know but there it is. Uh, another measurement you might see in transmit power is dBm, which is decibb related to millows. So, zero dBm is 1 millatt. Um, and then goes up or down from there. You can actually have negative uh dbm numbers. Um, that's just very very low power, you know, 0.1 mills, hundredth of a mill,

etc. And there are a whole lot of different antenna types. These come in many shapes and forms and do all kinds of different things and have all kinds of different properties of directionality or non-directionality, different frequencies they cover, etc. As far as how we actually use all this stuff to communicate data, we end up modulating the signal somehow. That is, we take our stream of meaningful data and then do something to it to encode it into the radio signal as it goes out. Uh on the uh chart here we have amplitude modulation and frequency modulation which are just analog signals you get on your radio in your car. Amplitude modulation encodes the audio signal in uh how much it wiggles the

transmit power. So if you are encoding a 1000 htz audio tone just like a uh about that um that is how fast you are wiggling the transmit power of your AM signal up and down. Uh FM also uses wiggling of your signal related to the audio frequency. What it does though is instead of changing the transmit power, it wiggles the transmit frequency around some center frequency. Um there's some set amount that it can do that. Uh that's known as deviation. Um regular walkie-talkies are either 2 and a half or 5 kHz deviation. FM broadcast radio, I think, is 200 kHz. So they can encode more data and get better audio fidelity. That's all analog though. That's not

interesting. The digital stuff is cool. This is binary frequency shift keying, which actually looks a lot like FM. Um, all you're doing is changing the frequency at which you're transmitting based on whether you're sending a one or a zero. So, you send it, you know, slightly higher frequency for a one or slightly lower frequency for a zero. Then we get into the really weird stuff. This is quadriure amplitude modulation. Um so what this does is it takes the inphase and quadriure signals uh which are when you take your uh signal and deconstruct it into what's the original signal and then what's 90° out of phase. You can plot that on a graph, figure out how strong the signal

is at each point and then it draws this nifty constellation and then each of these points encodes a different set of bits. Um, and something also to remember with these is you have your symbol rate and your bit rate which are different because each of these symbols in this case encodes four bits. This is QAM16. Um, US cable TV is QM 256. So you can basically encode an entire bite in each symbol. And then how much can we send? There is an entire field under information theory studying channel capacity which is how much can we cram into this data channel given different conditions. There are a lot of equations a lot of different formulas a lot of different

theorems. The Shannon Hartley theorem is one of the more basic uh easy ones to reference. um this deals with a data channel that has a particular type of noise distribution in it. So if we take this formula, plug in some numbers and say we have a signal that's 20 MHz bandwidth. Our signal strength as received is 70 dB. Our noise floor so what the actual uh level of noise is below our signal is 90 dB. According to this, we could cram a maximum of 86 megabits per second through. So if we take that same condition and then we say, okay, we're gonna bump up our signal and improve our noise floor. Let's give ourselves 50 dB of range of

uh headroom rather rather than 20 dB. It goes up to only 112 megabits per second. It's not too much more because um again when you're looking at the uh uh relative signal strengths they're measured in decibb which is logarithmic. So when you make changes like that the bit rate is going to be uh a logarithmic relationship as well. Now if we take those same conditions and just double our bandwidth then we actually fully double our data rate as well. Those are a linear progression. So signal you can play with a little but unless you make huge gains it's not going to make a significant difference but if you can give yourself a lot more RF bandwidth to play with that helps a

lot. Also there are the uh myo systems like with 80211 AC where you have the 2x2 or 3x3 streams that also helps quite a bit. Um it's not linear. I don't actually know what the uh correlation is. I don't believe it's logarithmic though with the number of streams. And that's all I have to talk about with uh radio today. Um I've got a bunch of resources and oh god those links don't show up. Uh but I'm going to put my slides online. Um there are references here for uh some ARRL resources which is the Amateur Radio Relay League. It's the organization that handles uh ham radio stuff in the US. Um there's also uh some

training videos from Michael Osman who made the hack RF. Um some cool stuff there. And then there's the uh wireless CTF training. Um they just had a talk actually. Good stuff. So

yes those world Okay, so question is what is the hello world of of SDR? Um, and yes, one of those little $20 RTL dongles you can find on eBay or uh New is a good company. They got some good stuff. N O. Yes. N O E. Um, grab one of those devices. It's a TV tuner dongle that has a hack driver that turns it into a general purpose receiver. It's very cool. Um, and then, uh, the first video in Michael Osman's series will show you how to use the GNU radio companion software to build yourself an FM broadcast receiver in software. And that's pretty cool. So you can you can set it up and put together all these

filter elements and then hey you can listen to broadcast radio.

Not with that. No, you'd have to they they do they encrypt their their stuff so you can there are things you can do to receive the bitstream. Yeah. Yep. There you go. Um, and then, uh, like I said, I'm gonna be putting this, uh, slide deck on GitHub, which you can't see because I picked bad colors. So, uh, github.com/exloding lemur. Um, you can find me on Twitter, exploding lemur, and then my very rarely updated blog that has essentially nothing on it right now, blog.exlodinglemur.org. Um, so yes. Does anyone have any questions? Nope. All right. Thank you all.