I finally got my HackRF and I have a Mac… Now what?


If you are reading this I can probably imagine what’s going on: You’ve been waiting for a year to get your HackRF and, now that you finally have it, you don’t know what to do with it. The problem is that you have  Mac and – surprise surprise – the only “easy to use” programs (SDR# anyone?) are unfortunately not available for your operating system.

Is there anything you can do? There surely is… Let’s get started.

First of all you need to install MacPorts. If you are already using Homebrew or Fink I’m sorry, you still need MacPorts. If, instead, you don’t even know what MacPorts is just ignore that for now. You will have all the time in this world to find out but, just for now, you don’t really need to know much about it.

After the install is complete, open up a Terminal and run the following commands in it:

sudo port install gr-osmosdr +full
sudo port install gr-fosphor

The install will take hours to complete, so you can open a beer. Maybe two. Hopefully the whole process should complete without incident (I tried on different Macs and so did a few friends and we never had a problem). Once finished, run hackrf_info:

Found HackRF board.
Board ID Number: 2 (HackRF One)
Firmware Version: git-44df9d1
Part ID Number: 0x00594f49 0x00594f49
Serial Number: 0x00000000 0x00000000 0x4xx 0x2xx

If the output of the above command looks like mine (I censored my own serial number) that means your Hackrf is ready to be used. Let’s try:

osmocom_fft -F

After the application loads up, you have a nice looking Spectrum Analyzer that goes from 30 to 7GHz. Play with it. The very first test I have done with it was visualizing the invisible fight that goes on between you Microwave Oven and your Wi-Fi when you prepare Pop-Corn as you surf the net:

In reality, the minimum frequency that you can select (30 MHz) is erroneous. In facts, the HackRF has been reported to be working quite well all the way down to 1 MHz. In order to achieve that, you might patch line 333 of osmocom_fft





The second thing I’d like you to experiment is some sort of a “copy and paste” of the radio spectrum. Let’s say you want to save whatever is going on between 431and 433 MHz, all at once. The hackrf_transfer utility can do that:

hackrf_transfer -r test.bin -f 432000000 -s 2000000

Subsequently you could retransmit the same content  on the same band (or on any other!):

hackrf_transfer -t test.bin -f 432000000 -s 2000000

Here is a demostration:

Another handy tool that is available on the Mac is obviously Gqrx. First you need to install it:

sudo port install Gqrx

Then you can launch it:


Unfortunately Gqrx it still is way less smooth and polished than SDR# or HDSDR but, at least for the time being, if you use a Mac that’s as close as we can get:


Finally, last but not least, GNU Radio.

GNU Radio is the most prominet Open Source SDR framework, an extremely powerful tool that allows you to create any sort of modulators, demodulators and (with the help of your handy HackRF One) also to transmit and receive basically anywhere you want. The possibilities are endless. Is GNU Radio difficult? Very. Is it a good opportunity to lean more? Extremely. As an example, I adapted a generic USB transmitter written by Alex OZ9OEC for the UHD (another SDR device) to work with the HackRF. Here is a screenshot of gnuradio-companion once my modified grc file has been loaded:


here is a screenshot of the actual transmitter while it is running:


And here is another demonstration:

This is as far as I could get in just two days. More to follow!

Hacks HF Portable

K1FM Mini Magnetic Loop


Disclaimer: if not all precautions are taken, Magnetic Loops can be dangerous.
Tensions in excess of a few KV’s can and will develop even when operating at relatively low powers. Fires can also develop .Never ever touch the loop radiator during transmissions!
Moreover, the magnetic fields generated by these antennas are potentially harmful to a number of individuals, or even to yourself.
This page is for illustrational purposes only: I take no responsibilities from the harm or damage that might result from your attempts to replicate this work.

Imagine you live in a place like New York City and you want to do some radio. Chances are you might run into some of the same problems I had to face. They are:

#1: No antennas are allowed on the roof. You can’t even access the roof!
#2: Like most of the other New Yorkers, I live without a car therefore no mobile operations are possible.
#3: Over here we live face to face, shoulder to shoulder. Portable operations are possible but – for the most part of the city – forget about dipoles, random wires, end fed antennas, counterpoises and such… Forget about wires in general. This is New York City, there simply is no room to hang stuff around.

So, whats the solution to this mess? Here it is:


Welcome to the magic world of magnetic loops! If you tried a loop already, then I don’t need to explain how efficient, quiet and incredibly small these antennas can be. In my specific case, this table top loop allows operations from busy Manhattan parks, Tennis courts, once I even used it in a Starbucks!

In the past I made slightly bigger ones (say 3 feet in diameter) that were better performing especially in the lower bands but they required to be supported by PVC tubing. Who wants to carry PVC around on a bicycle?!?  I said to myself: it has to be even smaller… so I made this one. It’s so small it doesn’t seem to be real… but it is! Check this video out (thanks K2COW):

Check out the /PM logbook from the past few weeks. Consider I run between 1 and 3 watt and I  only operate around 1-2 hours at a time:

2014-05-31 KK4EQB GA 10m SSB 59 52
2014-05-31 W1AW/0 MO 15m CW 59 59
2014-06-07 WW2SUB OK 20m CW 559 549
2014-06-07 WA3KEY/2 NY 15m SSB 59 52
2014-06-07 W4CU FL 15m SSB 59 52
2014-06-14 CT1EEB 15m SSB 59 59
2014-06-14 F5GPE 20m JT65 599 599


The kit travels in a custom cut hardcase and other than the antenna itself  it includes an FT-817ND with a modified internal LiPo battery, another external LiPo, a homemade USB audio interface (for PSK31 and JT65), a V/UHF vertical, the mic, a CW key and my FCC license. (Why do I carry the license? It happened twice that people called the cops on me, so I better have it ready for next time it will happen)


You might have noticed that contrary to general construction principles the loop is not inductively coupled. In facts, I wanted to try a capacitively coupled one (aka army loop) because the latter does not require a coupler loop. Also, this loop is a bit smaller than I wish it was. The main idea behind this design is trading some of the performance in exchange for maximum portability.

If you kept reading down to this point you really must be interested in this so lets take a look inside! Here is the schematic diagram:


And this is how I actually built it:


Both capacitors I used are polyvaricons. I got the single gang on Ebay for about $8 and the other one (dual gang) from  Scott’s Electronic. I believe they could resist without arching up to 10Watts (I did not try that) but they work just fine with the FT817 at 5Watts. The white enclosure is an Hammond 1594BSGY while the coax loop is composed of 6ft of LMR400 cable (NOT the Ultra-Flex version).

In this configuration the loop can operate from 30 to 10 meters. Using a two spires radiator of the same diameter it also covers 40 meters. I haven’t had a chance to check this antenna with a proper analyzer. All I know is that – depending on the band and the surroundings – SWR tends to be between zero and three bars on the FT-817 SWR meter. I also know that I had a few transoceanic contacts on 10, 15 and 20 meters in CW, FM, USB and JT65 modes. All of them using tiny LiPo batteries and Powers in the range of 2-3 Watts!

This is QRPp done using a microscopic antenna and, it goes without saying, it takes a lot of patience constance and curiosity. Sometimes I come home with nothing it the log. The day propagation goes up and I do DX.
Results are unpredictable, and that’s the beauty of it!

Update: Check out my latest portable loop!


Mystery signal from a (Police) helicopter

Elicottero polizia

Reading the May 2014 issue of QST, on page 65, I found a mention of an interesting story about Oona Raisanen OH2EIQ.
Oona was watching the helicopter news video of a police chase when she realized that the audio track contained a data feed.  As the very talented hacker that she actually is, Oona managed to filter and successfully decode the data using Perl and SoX.
As a result, she was able to plot the helicopter light path on a map. What a nice catch! I thought…

A few days later I was reading a piece about a serious incident that happened in Italy: the city of Rome was theater of violent clashes between supporters of opposing soccer teams. Near the stadium the situation degenerated to the point that a person was shot and critically wounded while hordes of violent supporters put the surrounding area under siege. Dramatic footage from an aviation unit of the Italian State Police completed the article.

When I saw this report for the first time, I obviously still had Oona’s story still fresh in my mind so I wondered if the video released by the Police eventually contained any audio tracks at all. The answer was surprising: not only the data feed was present, but it didn’t even need to be filtered! A clear invitation to attempt decoding it! I put myself to work immediately…

The audio clearly sounded like an unmodulated carrier that took turns with bursts of 1200 Baud AFSK. Visual inspection of the modulated waveform confirmed no signs of phase changes so it definitely had to some form of FSK. Assuming it really was 1200 baud, then each bit was supposed to be around 0.8 ms long.

With that in mind, I tried manually decoding the beginning of each burst, and I noticed that each one always begun with the same sequence. It took a few attempts and some patience to identify what that sequence actually meant… Here it is:


Ignoring the start and the stop bits and reversing the payload (that is LSB) the resulting byte would be “00100011” which in the ASCII table corresponds to the pound sign (#). Great start! Now I just had to decode all the rest of stream!

Unfortunately Oona did not explain in details how she demodulated her stream so I had to come up with something else of my own. My first attempt was using Python and numpy: after splitting the samples in chunks that I calculated being around 0.83 ms long, I applied the FFT on each of them in order to find their predominant frequency components. It was kind of working but I could not find an easy way to keep my chunks in sync with the actual bitstream so, after a few hours of hacking, I asked myself a question: am I really the first (actually… the second!) person who’s trying to decode 1200 bd AFSK? Obviously I was not. There must have been something readily available that was capable of doing exactly what I needed. Instead of reinventing the wheel, all I had to do was finding it.

I  Googled a bit… I didn’t take long to realized that minimodem by Kamal Mostafa was probably the right tool for the job. Indeed, after a bit of wrestling to compile it on my Mac, it worked at the very first try:


Boom… There was my bit stream! Data bursts were indeed beginning with a pound sign, were consistent in length and, most interestingly, they appeared to have repeating patterns that enclosed some variating information.
The first thing that caught my attention were those N’s and those E’s. Did they mean North and East? If so, those were probably coordinates. I tried various possibilities and found that yes, they were indeed DMS latitude and longitudes values. This is how they are encoded:


Observing the other values and applying the same logic I was able to identify the flight level (probably expressed in feet) and the compass heading of the helicopter. Other values that are present in the stream and that certainly represent useful information are still unknown and I still cannot guess what they are…


In order to parse my data I wrote a few rows of Python and, after plotting them with Google Maps, I saw that the helicopter was exactly where I expected it to be: circling the aerea where reportedly the soccer thugs clashed with the police, and where they shot each other. This is the result:

Around 1 minute into the video a Police is being surrounded by an angry mob. For no apparent reason the mob also attacks nearby cars and buses. A scene of total anarchy… Below is a screenshot of the Police coverage compared with a view from Google Earth.


All in all, so far I was able to decode the coordinates, height and heading. That is better than I anticipated, and I’m sure there must be even more!