Tuesday, 28 June 2016

HackRF One Review vs RTL-SDR vs SDRPlay

Many consider the HackRF One as an upgrade path from RTL-SDR dongles.
Summary: Buy a HackRF for hacking or reverse engineering wireless devices, performance is equal or sub-par to an RTL dongle - but much less hassle and more joy to use.
Manufactured by Great Scott Gadgets, it's on the market for two years after a successful 2000-unit Kickstarter campaign. A milestone in the SDR revolution, it paved the way for affordable SDRs with DC to daylight reception and all-in-one form factor. Even now, the next step up costs double or more.
This loan sample was provided by Nooelec (link). Currently on sale for $289, which is the cheapest on the net at the moment - Noolec also has great customer service and you get a free and useful book too. The only request was not to destroy or harm the equipment, so no torture testing, nor opening the case this time.
Other vendors sell it for between 300 and 350 dollars including shipping depending on your location: significantly more expensive than competitors such as the SDRPlay or the Airspy range (~150 or thereabouts).
It's in a class of its own due price, extended range up to 6 GHz and 20 MHz frequency range.


It's not a receiver



The HackRF was designed and is marketed as a laboratory / engineering / prototyping instrument.
Like RTL-SDR dongles, be merry with the coincidence that it performs as a receiver, just do not think for a second it's supposed to be equal or better than purpose-built reception gear.


In the bag and first impressions



Proper black cardboard box, gray foam protecting and hiding the actual unit. Antenna ports protected by red caps, power  / data cord also included.
Tactile feel is fantastic, silky plastic and non-skid dots on the bottom. Two blue buttons and LEDs right next to antenna port. 
Micro-USB cable (without ferrites) provides power and data connection to computer, which is also the same connector used by nearly all smartphones (sans iPhone), Blackberries, Kindles etc.
No user manual, installation CD, nor any information how to use the thing, the target market is supposed to know what to do with it.
And no antenna. Companion telescopic (ANT500) can be ordered from Nooelec for $30.
It would make a great present to a loved one, as the unpacking and handling experience is second to none, it's expensive enough for Christmas and the little box looks and feels good.


The coolness factor


Side-by-side to an SDRPlay, the HackRF looks like the richer sister who could afford plastic surgery - different colored lights come on, a useful addition, and the unit looks really nice on a table.
It's good to know that if you need a feature it's there: you got software-selectable LNA and bias-T.
And the transmit capabilities - but, oh, wait.


Transceiver?



Theoretically yes, manufacturer states a maximum of 15 dBm (link), which is 32mW for ordinary folks, but this power figure also changes with frequency.
32 mW is enough as a signal generator, good for a few meters or really low power amateur radio transmissions, but calling it a transceiver is a bit thick. The maker stated that the HackRF is intended for across the room distances.
Transceiver? No. To me, a transceiver is a device which can establish two-way communication locally or internationally. The HackRF can't, at least not in the sense as a proper transceiver can, such as pressing a button and talking to a buddy a few miles away.
The hackRF can also drive a power amplifier, so with enough cash you can land yourself in all sorts of trouble without the appropriate licenses - like the retard who mentioned broadcasting on 1090 MHz on Reddit (link). This guy (link) went even further and did imitate a plane.
Think of it as a low-power transmit-capable device. If you need to reach someone on a regular basis, get a $40 Baofeng with 5W maximum power for VHF / UHF use, or buy a mobile transceiver.


WiFi


Theoretically yes, won't work as a WiFi modem, adapter or range extender without extensive
programming. And I really mean you gotta be a Linux greybeard.
For penetration testing: use more power and proper gear, like a 500 mW Alfa AWUS036NHA. It's half the size, 270 dollars cheaper and works with most tools in Kali Linux, "or so I heard, Officer".


Bias-T



A.k.a sending power down the antenna cable. Officially, capable of delivering 50mV at 3.3V.
Our beloved staple, the LNA4ALL can be ordered from Adam with the HackRF mod (link). I did not try this - I don't have a suitably modded LNA4ALL.
Note that the 25-dollar dongle from rtl-sdr.com can be easily and permanently modded for bias-T as well.


Official Support


Video guides (link) for setting it up with GNURadio (you're in for a learning mountain) -  and a few posts extolling its virtues for endeavors such as hacking wireless stuff like doorbells, remote controls and the like.
Reddit group (link) is much less active than RTL-SDR's.


Front-end software




Being a relatively old product, it is supported
by SDR#, SDRConsole, and various others with the proper extIO plugin - which you'll have to hunt down yourself (or here's a link) as there's no strong manufacturer support a la SDRPlay.
Zadig installs drivers for the USB port you're using; needs reinstallation for other ports. In comparison, the SDRPlay works with any USB port once installed.
SDRSharp: works with the HackRF, but the lowest frequency span is 8 MHz, which only got me very choppy commercial FM. Plus it failed to start again if you hit the stop button, requiring a complete systen reboot.
SDRConsole: an altogether better software package, 20 MHz span works with occasional stuttering, still enjoyable audio for commercial FM.
HDSDR: works with the extIO plugin, but as the user interface is archaic with small buttons and it's 2016 now, I'm using SDRConsole.


The 20 MSPS hype



Unless you got an expensive personal computer, you won't get 20 MHz span, an audible signal and fast retuning or multitasking at the same time.
On dual Intel i3 processors at 2.26 GHz, 8GB Ram and SSD hard drive, commercial FM audio with 20 MHz span was choppy but listenable, CPU near 100% utilisation.
20 or 10 MHz span is useless anyway without a large and / or multiple screens; but on dual or triple monitors, like two screens plus laptops', visual scanning for signals is possible, as waterfall instantly reveals transmissions.


Imaging, temperature



Imaging: Just like SDRPlay, the HackRF suffers from commercial FM imaging, but not to the same
extent: traces of strong broadcast stations are present here and there, but frequencies are not blanked out as with an SDRPlay.
Temperature: warms up to mildly handwarm temperature in 15-20 minutes. I'd add a metal case, oil cooling with fins for maximum performance, which never crosses my mind with the SDRPlay, as it always stay cool.


Shortwave Performance



Horrible on a discone.
Whereas an SDRPlay yielded good audio, and RTL-SDR.com or Nooelec dongles with Ham-It-Up were listenable, barely a few whisper on the HackRF.
Using two 20-foot wires and a balun One-Nine, reception improved somewhat, but still unacceptable.
$100 gets you an RTL dongle and an upconverter, with change for pigtails - best value for money for shortwave.
An SDRPlay will consistently outperform either a dongle or the HackRF.


VHF and UHF



On par or worse than RTL-SDR dongles; like a generic chinese R820T2 with the supplied
telescopic on a metal pan; but noisier.
Versus an SDRPlay? No comparison. That's a purpose-built receiver; the difference is hearing the pilot, or feeling sorry from intonation that the blonde said "No" for dinner.
Hissing noise is everywhere, especially on discones; changing over to band-specific ground planes brought relief to my ears.
Visual scanning for signals: unparalelled. RTL-SDR dongles do 2 MHZ, SDRPlay 10-ish, set a good contrast and waterfall speed with the HackRF and get 20 MHz of frequencies. If your LCD TV was hard enough to manoevre up the stairs, you got the right display.
It's the perfect box next to an SDRPlay: tune 117-137, 155-175 or 440-460, see a faint trace, use the SDRPlay to get that signal.


The Gigahertz range



Frankly, I either have an easier-to-use solution, or grossly uninterested.
ADS-B: Spending time chasing dump1090 forks is not what I call a great time. Not when a Pi 3 and a bias-T enabled rtl-sdr.com dongle mated to Adam's LNA4ALL and folded dipole (link) gives me an excellent plug-and-play solution for about $100.
Inmarsat: As a professional mariner, updated oil rig data is the last thing I want to see off-duty.
Gps: Second-hand $15 smartphone pinpoints my location plus/minus 10 meters. Read that the HackRF can trick GPS by transmitting, causing trouble is not my cup of cake.
Wifi: use proper gear, see Alfa NHA recommendation above.
Above 2.4 GHz: There's much more action lower down the spectrum.


Living with the HackRF



One box for everything is better: Nooelec's R820T2 and Ham-It-Up in a metal case would be my choice if I went into a warzone, but needs one more cable and one more USB port.
I have a HackRF and SDRPlay for over two months now, and whilst I use the latter for listening and as a go-to box, the HackRF is better for showing to radio-intrigued people. Without any clue on price or capabilities, folks will go for the HackRF after picking up both.
"Transmit" is a conversion starter. Complete novices, even without rudimentary radio knowledge, want to send info on the airwaves. Blank stares uttering "Linux" or "GNURadio", coming back with flowgraphs and order confirmations a few days later.
Large lettering on top saying "HackRF", professional look: that's trouble from the sleep-deprived morning shift at airport check-in.
Lots of radio gear in the laptop bag: 4 dongles, Ham-It-Up, SDRPlay, couple antennas, adapters etc. It's a given I got an individual bag check.
Only the HackRF got fingered, with questions such as "You're a hacker? Can you listen to our encrypted channels?" - "No, sir". Then I produced licenses and correspondence stating that gear wasn't mine, and told to pack up.
Lessons learned: 1. Check-in staff did a good job, well done. 2. Carry licenses and paperwork. 3. No clue they were on analog channels, but I thought twice pointing this out.


Conclusion



Seeing its dismal performance I initially hated the HackRF for lack of receive sensitivity. It can't really do shortwave on space-limited antennas, VHF and UHF is equal to RTL-SDRs, anything above needs purpose- and frequency-specific antennas.
After a month, I started to reach for the HackRF more and more. One small serious-looking box, able to receive everything, and whilst the SDRPlay is better in terms of ultimate performance, the HackRF is just easier to live with. LEDs let me know what's happening, gain settings are easy and work.
20 MHz span is too much on a laptop screen, just like a Ford Mustang is unnecessary for highway cruising. But the knowledge that you got enough ponies, and the heritage factor, just like the Granddaddy status of the HackRF, makes the Mustang the best-selling sports car in the USA.
Would I buy it for myself? Yes.
Would I buy it for my Dad? Absolutely. Case feels smooth and inviting, LNA on board, built-in bias-T which would work with an LNA4ALL should the need for an antenna-mounted amp arise.
Transmit and GNURadio? There's an unexplored world out there.
Cash-strapped? An RTL-SDR plus a Ham-It-Up is a better choice for 200 dollars less.
Affordable and better performance? Buy an SDRPlay.
Fun and hassle-free pleasure on a daily basis? Buy a HackRF.



If you enjoyed this post, please order my RTL-SDR
Guide Book on Amazon Kindle.
Close to 200 pages of knowledge, information and diagrams for all levels of expertise.

Kindle is available for computers (Windows and Mac), and for smartphones and tablets (Android and Iphone, iPad and iPod touch).

If you're interested in the Raspberry Pi, my book details the ins and outs of setting up, using and enjoying the Pi 3 microcomputer.




























1 comment:

  1. Hi! For ADS-B and satellite signal receive, what you are offering?

    ReplyDelete