Category Archives: Hacking

My very first wardriving card!

I got all reminiscy while digging through a box of stuff that was 14 years old. Found the Orinoco Gold Wi-Fi card that was the heart of my first wardriving setup. Smokin’!

In 2002, a few of us at Motorola SPS RF/IF Products (or was it Radio Products?) were fortunate enough to acquire the Lucent Orinoco Gold cards. We experimented with ad-hoc, infrastructure, all at the amazing speeds of 11 Mbps in the 2.4 GHz band. Darren, Dave and I had the cards. Long before Moto even had employee Wi-Fi in its buildings.

Here at my main site, there’s some scattered monthly summaries of how Wi-Fi was slowly taking off in Phoenix. I mapped them each month in an effort to convince our management that Wi-Fi was growing extremely fast, and that we needed to address the Wi-Fi chipset space. Sadly, we never got our act together, not as Moto and not as Freescale.

Spectrum scanning (again)

Now that the filter setup appears stable, it’s time for another assay of the spectrum around the QTH with the discone.

001 – 100 MHz (old):

001 – 100 MHz (new):

Pretty big difference! And just to check the ICOM demodulator, here’s the same spectrum using the AM demodulator.

100 – 200 MHz (old):

100 – 200 MHz (new):

Low noise floor, more better! Still some strong interference, but livable.

200 – 300 MHz (old):

200 – 300 MHz (new):

So much better.

With most of the big interferers suppressed significantly, tomorrow I will put one of the LNAs in a case and get it up on the roof as part of the lineup.

FM broadcast band notch filter update

Wasn’t able to spend any time on this the past week or so, but today I finally tracked down the pesky problems that I was having with my temporary installation.

I’d damaged one of the original TNC pigtails used to connect to the filter, and that created a sometimes 30 dB additional loss. Also, I finally found a marginal to no-good TNC-f to TNC-f adapter that I was using temporarily to connect the TNC-m connector on the box to the UHF-m connector on the cable that runs from the roof to the shack. I don’t like UHF connectors of any type, but the discone has a UHF-f connection and this cable was originally connected directly to the antenna. Until I finish my next phase of project (getting LNA into a die-cast box as well) I will leave it this way.

Using the ICOM PCR1000 receiver, here’s a plot of 50 to 150 MHz. Pretty serious FM broadcast band suppression!


Still a few broadcast stations making it through, but much better than before. The plot below is the one from a few weeks back when I first got the filter assembled into the box.



The following is what it looks like today.


What’s changed? Certainly the filter/coax assembly is doing a better job of rejecting the FM broadcast stuff, but what’s curious is the new noise floor rise that wasn’t apparent before. That noise floor rise corresponds to the band notch characteristics of the filter, but I don’t know why I didn’t see it before.

Also, the installation needs to be rid of the coax adapters that I’m using while the project is midway. Once I get the LNA into a cast box, then both the LNA and the filter into a bigger cast box, I’ll install N-f connectors on the outside of the big box and will no longer need the adapters.

Finally getting somewhere…

Truck computer screen

Not sure I’ve posted a picture of this before, but my Tahoe has a nifty RAM-mount 8″ LCD touchpanel screen for my viewing pleasure. Of course, it only shows maps and navigational information while I’m driving.


It’s connected to a dual-core Atom running Windows 7 Pro, and a bunch of electronics monitoring the vehicle…  The touchpanel comes in handy but there’s times when a real input device (like a wireless mouse or wired keyboard) is absolutely mandatory.

Filter in a die-cast box

Sunday comes bright and early and I decide to put the FM broadcast band notch filter into a die-cast aluminum box.

First, I found in the garage the G112T box I had purchased a long time ago. Measuring somewhat carefully, but not enough, I estimate the spots on the two ends of the box that I’ll have to put 1/2″ holes to install these little TNC-f to coax pigtails.

The TNC-f chassis mount bodies are just about as big as the sidewalls of the box, so aiming carefully is important. However, I miscalculate low on the first hole, and have to oval it just a hair to fit the body of the connector. The second hole I overcompensate, and it’s a little high. But, within 30 minutes I have the case drilled and ready for the filter/coax assembly.

img_4462_sm img_4461_sm

The little TNC coax pigtails came from a buddy of mine – he had a billion of them from some former project.

Before I take the filter off the roof, I measure it one more time while it’s foil-wrapped. Didn’t have a photo of the install from last night, so here it is today.


Kinda ugly, no?

Using the Icom setup, it appears a little worse than yesterday night. Could be so for a number of reasons, including propagation, xmtr power output changes between night and day, or the foil moved a bit during the night. Not sure.


Taking the filter down off the roof, I cut off the SMA-f board mount connectors, clean off the excess solder, and prepare the TNC jumpers to solder directly to the board in place of the former connectors.



The reason I prepared the coax open end as shown in the above picture is apparent in the next photo when I solder the TNC jumpers to the filter board.




Now to install the filter and coax assembly into the enclosure and prepare the sealing gasket.






The box is almost ready to close up. Don’t want to lose the little screws that are intended to hold down a board inside the case so I install them now.


Next, put on the lid and tighten down the screws. Use a compression clamp to squeeze the case closed instead of making the screws do the work. Aluminum strips out very easily.



All done. Now, since the rooftop cable from the antenna is an N-m connector, and the feed down to the shack is currently a UHF-f adapter, I add those to the case.




Voila! All done. Now, to the roof!


Here’s a shot of the discone up on the roof. The thing attached to the chimney is a 2.4 GHz Ubiquti 2.4 GHz Bullet M2 set up as an access point, so I can get Wi-Fi pretty much anywhere around the neighborhood.




It does appear that the box is certainly no worse than the foil and at least for a few stations it’s actually improved on the rejection. That pesky 107.9 MHz station is down 10 dB with the box.

Since that wasn’t as hard as I thought it’d be, I need to order a few more of those nice little G112T boxes, or something similar!

Measuring the NooElec R820T2 dongle

Triggered by correspondence with a few local hams, I thought I’d try to learn a bit more about the RF characteristics of the NooElec R820T2 SDR dongle. I believe this is the second generation of their SDR dongle, the main difference being the use of the R820T2 instead of the R820 part.


I’d been monitoring the local AZ Department of Public Safety (DPS) channels for some time, but only slowly starting to play with gain settings. As well, I’m using the SDR# software and hadn’t spent much time with it, either, only getting to the point where I’d been able to integrate the auxvfo plugin and be able to listen to multiple radio channels simultaneously. Pretty cool especially when listening to the highway patrol, since they don’t talk much, so there’s not too much overlap when listening to 4 channels in parallel.

So I set the SDR gain to manual by turning off RTL and tuner AGC, and moved the slider to 49.6 dB gain. I then used a signal generator to step through the entire dynamic range of the receiver from the minimum level (actually the minimum level of the signal generator, -135.9 dBm) to beyond the -1 dB compression point. In all, this is a very impressive little radio for the $17.


The plot shows that the receiver is quite linear all the way from -136 dBm input to the -1 dB saturation point at about -65 dBm. The frequency accuracy of this particular dongle requires a +86 ppm oscillator shift, but once the dongle has warmed up, it stays very constant (within 1 ppm).

Something interesting for which I don’t have an explanation right now is the rise in noise floor at about -100 dBm. It’s not a big jump, but it holds constant at about -61 dBFS below -100, and then steps up gradually from there to the top of the range. I eyeballed the noise floor readings only to 1 dB precision, that’s why there’s the apparent step functions – that’s an artifact of the meter!

I was running SDR# at an FFT setting of 65k, Blackman Harris 4, and using a 12.5 kHz receiver bandwidth, order 500.

What was intriguing was that even at the minimum input signal, the SDR was still over 10 dB SNR. In fact, at -135.9 dBm, the leakage into the SDR from the cables was enough that I was seeing the NWS carrier about 290 Hz below the siggen. Not sure which is closer to correct, but in either case, that’s only 1.8 ppm difference.

Did notice that the NWS carrier appears to pull low with increasing audio modulation level – I think that this is a real thing and not something in the SDR. The pull is only 20 Hz or so.


ADS-B Receiver for mountain-top comms site

Monitoring aircraft via ADS-B is a terrific hobby and super easy to do. I get to have a display here that shows sometimes hundreds of aircraft (both commercial and general aviation) out to about 200 miles from the house.


The above screen capture was from my Raspberry Pi running PiAware and connected to a homebrew 1090 MHz antenna up on the roof of the house. Nothing special in the setup, but look at the range! A/C at altitude are hearable out over the Grand Canyon and into California. Occasionally I get a/c into or out of Mexico, and I can see traffic in the southwest corner of New Mexico.

I’m planning to put one of these receivers on a local hilltop, about 3000′ above my house and the Valley floor, and yesterday installed the antenna on a temporary mount on the tower at the site. I connected it to my most recent ADS-B receiver setup, seen below, and was awestruck at the coverage. Was seeing a/c over Los Angeles and Albuquerque!


It’s a bit tricky to put a cheap SDR dongle anywhere near radio transmitters, and the hilltop that I was on is loaded with them. In fact, the building in which I have some current monitoring equipment is only 50′ away from a huge comms tower with dozens of two-way radio antennas, and a lot of potential interference. The ADS-B receiver antenna is right in the center of the picture, on the end of a piece of unistrut attached to the tower legs. In the background, nearly a dozen towers bristling with antennas.


The secret to success is a very good filter in front of the SDR receiver. That black square near the middle of the picture is exactly that. It’s a custom-made cavity filter, only 50 MHz wide, centered at 1090 MHz. Extremely sharp rolloff and ultimate rejection about 100 dB. Really helps the RTL-SDR receiver.

However, I wasn’t able to leave the receiver up on the hill yesterday, I was troubleshooting other issues and didn’t have time to set up the network connection to my receiver. Next time I will hopefully get it installed and on the air!

Getting rid of unused COM ports in Windows

Ok, this isn’t new, but Windows has the memory of an elephant, and remembers serial dongles that no longer exist. I was up to COM21 and only had two external USB-serial dongles, so it was time for housecleaning.

Found this page that absolutely was spot-on and that I’d never have divined on my own. I think it was the combination of running Device Manager as Administrator, and that’s apparently not straightforward to do (even though I have admin privileges).

After deleting 6 GPS serial instances,  8 FTDI instances, and another 5 Prolific instances, I rebooted the box, waited for it to find the two USB-serial adapters, and now am happily back to COM3 and COM4.

Small victories are good.