Get best of the week

A little about the device of modern radio on the example of HackRF One

Greetings, Habr!
Some time ago, in my field of vision very often came a lot of articles, videos about the topic of SDR transceivers. The topic is of interest today. HackRF One devices are very popular among radio amateurs and other “techies” of various kinds (to this day, despite the fact that this transceiver has appeared on the market for a long time, and now there are already many other SDR options of a similar plan, including more productive). Almost all articles on this topic discuss software tools (as a rule, work with GNU Radio, describe DSP algorithms, etc.), give practical examples of capturing radio signals, demonstrate GPS spoofing, receiving signals from weather satellites, etc. Hack-RF One is used as a kind of universal “box”,allowing you to do many interesting things. It is enough to have a little programming experience and a general understanding of what a digital signal is - in principle, the entry threshold for the simplest experiments with SDR has been overcome. In fact, this is of course great.
But among many articles I have not yet met a single one where the hardware of this transceiver would be carefully considered, where its circuit was more or less thoroughly analyzed (if you have met, please give a link in the comments).
Moreover, a certain neglect of this issue by the “users” of this and other similar transceiver modules is alarming. In many popular articles, it slips that the SDR receiver / transmitter is:


It is clear that the main principle of SDR technology is to implement the functions of a radio system (previously performed in analog form using electronic devices) - in digital form, by processing a digitized signal. And even not only in transferring processing to digital, but also in the ability to use more complex tools for processing signals. But all this does not mean at all that the physical embodiment of any typical modern SDR transceiver is an ADC / DAC + DSP module, and everything else is not necessary (and if it is, it is secondary). And, accordingly, knowledge related to understanding the analog circuitry of the radio module is not required. It seems like enough to get hold of an ADC, DAC with cool characteristics, connect them to the antenna from one end, to a PC from the other - and here SDR is ready for all cases and for all generations).Maybe this approach is enough to demonstrate the principles of SDR, but this is clearly not enough for real communication equipment.
In this case, flies from cutlets are separated very simply. The advent of new technologies does not negate physics, the nature of things, and analog circuitry.
As you know, using the ADC it makes sense to digitize a signal with an extreme signal frequency two or more times lower than the sampling frequency. Only in this case, information from the signal can be restored without loss. Very often situations arise when the extreme frequency of the signal exceeds half the sampling frequency of the existing ADCs in the world, or when the option of using such ADCs is unreasonably expensive for a particular project. In this case, there is no escape from the need to transfer the signal to the lower part of the spectrum in analog form. And it is commonly used. Not to mention the need to amplify and filter the analog signal to achieve the necessary characteristics of the radio system. The exact same thing applies to the DAC and the transmit path.
If we look at a more serious source (for example, the book “Software-Defined Radio for Engineers” from specialists from Analog Devices Inc.), we will see that a typical hardware architecture of the SDR platform looks like this:

As you can see, between the antennas and the ADC / DAC has the place to be the RF Front End block, which includes the implementation of the above functions. I want to talk more about this part of the HackRF One transceiver in this article.
But later. I’m visiting a little while.
I suppose that a simplified perception is probably related to what subject area a person is “accustomed to” - a sort of professional deformation. Suppose a developer who had little to do directly with radio electronics found out that there is such a miracle - SDR, it can be programmed, processed / synthesized signals by software, hunted by radio hacking, etc., i.e. using the program code, you can generate real physical radio signals, process the received ones (at least from the car’s signal of an evil neighbor, at least from space). Indeed, it's cool! And the subject is interesting to the person, he is completely immersed in it and ... and most often he does not begin to study the theory of radio communications, radio engineering, he does in this topic what he already knows and what he likes more - he masters software design tools, starts to remember / study DSP ,- in the end, he considers these areas to be the most important and important in the transceiver, everything else goes into the background and it seems that it is not so important and, in principle, not so necessary. Of course, I exaggerate, but I met a lot of similar opinions (absolutely sincere), including on the hub However, this approach works, as a rule, only within the amateur use of such devices. In reality, if it is necessary to independently design a communication system, an IoT device, some kind of radar, etc., in addition to digital operation algorithms, the radio frequency characteristics of the transceiver play an equally important role, which are necessarily calculated, modeled, optimized during development. These characteristics largely determine the acceptable range of applicability of a particular radio module.everything else goes into the background and it seems that it is not so important and, in principle, not so necessary. Of course, I exaggerate, but I met a lot of similar opinions (absolutely sincere), including on the hub However, this approach works, as a rule, only within the amateur use of such devices. In reality, if it is necessary to independently design a communication system, an IoT device, some kind of radar, etc., in addition to digital operation algorithms, the radio frequency characteristics of the transceiver play an equally important role, which are necessarily calculated, modeled, optimized during development. These characteristics largely determine the acceptable range of applicability of a particular radio module.everything else goes into the background and it seems that it is not so important and, in principle, not so necessary. Of course, I exaggerate, but I met a lot of similar opinions (absolutely sincere), including on the hub However, this approach works, as a rule, only within the amateur use of such devices. In reality, if it is necessary to independently design a communication system, an IoT device, some kind of radar, etc., in addition to digital operation algorithms, the radio frequency characteristics of the transceiver play an equally important role, which are necessarily calculated, modeled, optimized during development. These characteristics largely determine the acceptable range of applicability of a particular radio module.but I met a lot of similar opinions (absolutely sincere), including on the hub However, this approach works, as a rule, only within the amateur use of such devices. In reality, if it is necessary to independently design a communication system, an IoT device, some kind of radar, etc., in addition to digital operation algorithms, the radio frequency characteristics of the transceiver play an equally important role, which are necessarily calculated, modeled, optimized during development. These characteristics largely determine the acceptable range of applicability of a particular radio module.but I met a lot of similar opinions (absolutely sincere), including on the hub However, this approach works, as a rule, only within the amateur use of such devices. In reality, if it is necessary to independently design a communication system, an IoT device, some kind of radar, etc., in addition to digital operation algorithms, the radio frequency characteristics of the transceiver play an equally important role, which are necessarily calculated, modeled, optimized during development. These characteristics largely determine the acceptable range of applicability of a particular radio module.in addition to digital algorithms, the radio-frequency characteristics of the transceiver play an equally important role, which are necessarily calculated, modeled, optimized during development. These characteristics largely determine the acceptable range of applicability of a particular radio module.In addition to digital algorithms, the radio-frequency characteristics of the transceiver play an equally important role, which are necessarily calculated, modeled, optimized during development. These characteristics largely determine the acceptable range of applicability of a particular radio module.
Such universal “boxes” as HackRF One also have their own characteristics, which the developer deliberately laid down in the electric circuit, which in the same way limit the performance of the communication system, and these limitations can no longer be fixed by any software tools.
Since I have a professional deformation - on the contrary - towards hardware development, a brief overview of HackRF One will be presented from this very side. Consider the hardware architecture of HackRF One, which will assess the technical capabilities and limitations of this radio module. I hope this will be useful for those who use Hack-RF, but are not familiar with radio engineering, and for those who think that working with SDR transceivers does not require, in principle, knowledge and understanding of the radio-frequency characteristics of this device, and analog circuitry in general.
The only interesting source found that examined some of the hardware features of HackRF One is a video of the speech of the author of the HackRF project itself, Michael Ossmann, at the REcon 2014 conference. Link:
www.youtube.com/watch?v=4Lgdtr7ylNY&start_radio=1&list=RDQMQpFkO5DyFBk
There he considers the possibility of expanding the capabilities of HackRF One just by hardware modifications, he cites interesting facts. I recommend viewing interested and sympathetic.

Hackrf one


HackRF One - is an open source project, its sources are available.
The hardware characteristics in almost all sources are given in a rather meager list:
• 1 MHz to 6 GHz operating frequency
• half-duplex transceiver
• up to 20 million samples per second
• 8-bit quadrature samples (8-bit I and 8-bit Q)
• compatible with GNU Radio, SDR #, and more
• software-configurable RX and TX gain and baseband filter
• software-controlled antenna port power (50 mA at 3.3 V)
• SMA female antenna connector
• SMA female clock input and output for synchronization
• convenient buttons for programming
• internal pin headers for expansion
• Hi-Speed ​​USB 2.0
• USB-powered
• open source hardware
If you download a circuit diagram and understand a bit about it, you can restore the architecture of this transceiver and understand a little more about its operation. What was done: From the public description it is known that the HackRF One is a half-duplex transceiver, i.e. it can work both on transmission and reception, but only at different points in time. From the circuit, this is also understandable - there is one single output to the antenna, the signal to which can come from the output of the transmitting path or can be removed and fed to the input of the receive path.


The circuit contains many controllable switches, with the help of which the path of the received or transmitted signal is configured at each moment of time. We will return to possible options later, but for now we will consider the key elements of the hardware architecture.

Digital part, ADC, DAC


I will not dwell on the digital part.
The module is connected to a PC via a USB cable. Through this interface, HackRF One receives power from the host, through which all data is transmitted digitally. On the HackRF One side, we have an LPC4320FBD144 microcontroller with an ARM Cortex-M4 core, there is a CPLD XC2C64A-7VQG100C connected to a MAX5864 chip, which is two ADCs and two DACs (two - because one is for I, the second for Q signal components ) in a single package. Bit ADC = 8 bits, bit DAC = 10 bits. In general, the characteristics of these ADCs and DACs are quite modest. The maximum frequency of their clocking is 22 MHz (which is the limiting factor in the maximum achievable frequency band of the signal, Kotelnikov’s theorem should not be outsmarted).
By the way, Michael Ossmann in his speech just touched on this issue of increasing the broadband of the transceiver. He noted that even if you replace the ADC-DAC chip with another, faster one, drive the data directly by connecting to the CPLD, bypassing the microcontroller, the next narrow neck will be the maximum permissible width of the tunable filter (30 MHz) located in the MAX2837 transceiver chip. We will go on to consider this chip.

Transceiver IC MAX2837


The MAX2837 is an integrated half-duplex RF transceiver based on the direct conversion architecture with zero intermediate frequency (IF or IF - Intermediate Frequency). Here is a picture from the specification showing the internal architecture of the microcircuit:

In the transmission path, the I and Q components of the baseband signal that come to the input pass through tunable filters (marked with red 1 ) and go to the input of the boost mixers ( 2 ). As a result, the signal is transferred to a frequency from the range of 2.3 ... 2.7 GHz and then passes through an amplifier with a tunable gain ( 3 ).
As a result, we have:
• The tuning range of the cutoff frequency of the baseband filters: 1.75 ... 28 MHz
• adjustment range of the transmit path gain = 45 dB
• ~ 0 dBm of maximum output power
The signal received at the input of the receive path passes through a low-noise amplifier ( 1 ), a step-down quadrature mixer ( 2 ), filters with a tunable cut-off frequency ( 3 ) and baseband tunable amplifiers ( 4 ).
Some important characteristics of the MAX2837 receive path:
• Tuning range of the cutoff frequency of the baseband filters: 1.75 ... 28 MHz
• Noise figure: 2.3 dB
• Tuning range of the gain: 94 dB
MAX2837 contains a frequency synthesizer onboard that provides a local oscillator signal for the mixers.
Here is such an interesting radio chip, essentially a ready-made RF front-end, but with a significant limitation - it has a fairly narrow frequency range (2.3 ... 2.7 GHz). You can expand the working frequency range of the radio by adding another stage of frequency transfer. And this requires a radio frequency mixer and a local oscillator. And in the HackRF One circuit there is a chip that combines these two devices. Consider it a little more.

Frequency synthesizer and mixer chip RFFC5072


The RFFC5072 includes a voltage controlled oscillator (VCO or VCO - Voltage Control Oscillator), a phase locked loop (PLL or PLL - Phased Locked Loop) and an RF mixer:

The local oscillator frequency (LO - Local Oscillator) can be set from a range of 85 ... 4200 MHz, tuning step 1.5 Hz. Next, we consider the principle of working with RFFC5072 in the diagram.

Transmitter path


Looking at the above HackRF One block diagram, you will notice that there are several possible options for arranging the path for the transmitted signal to the antenna. It is possible to send a signal from the output of the MAX2837 directly to the output amplifier (or antenna). Or the signal can be sent first to the RFFC5072 chip, to the input of the mixer. We will deal with this.
The result of mixing the local oscillator frequency and the signal at the intermediate frequency, as is known, are two copies of the signal located to the left and right of the local oscillator frequency (at a distance equal to just the IF). If this is not obvious to you, you can easily verify it by applying knowledge from trigonometry — by multiplying two harmonic functions that correspond to the local oscillator signal and the IF signal.
But we do not need two copies of the same signal. Radio is not rubber, as they say, to fill it so carelessly. Usually one of the copies is selected, and the second (which is called the mirror channel) is disposed of by filtering or by building a special architecture of the frequency converter - without a mirror channel.
The mixer used in HackRF One is not one of these, it does not suppress any of the channels. At the same time, the developer of HackRF One provided for the use of filters in the transmitter path - a high-pass filter (HPF or HPF - High-Pass Filter) or a low-pass filter (LPF or LPF - Low-Pass Filter). Depending on the configuration of the respective switches, the signal from the mixer output goes through one of these filters. Why is this done? Obviously, just to be able to suppress either a copy of the signal located lower in frequency (LSB - Low Side Band), or one higher (USB - Upper Side Band).
And the need to have such an option is due to the fact that the developer wanted to provide the maximum possible frequency range of the radio module. When it is necessary to use a signal frequency from the range 2.3 ... 2.7 GHz for transmission, it is sufficient to directly connect the MAX2837 output signal to the antenna output (or else amplifying the signal with an output power amplifier), bypassing the mixer and filters. When you need to have a frequency lower than 2.3 GHz at the output, then MAX2837 can’t do it directly, so the signal from it is sent to the mixer. As we remember - at the mixer output there are two copies of the useful signal - we connect the mixer output to a low-pass filter, suppress USB. And vice versa, when a frequency above 2.7 GHz is needed, the same thing happens, only now the high-pass filter is used and the LSB is filtered out. Tried to portray this:

Here, the signal spectrum is schematically shown at each stage of the transmission path, as well as the frequency response of the filters used.
Thus, we have a combined version of the architecture of the radio transmitter:
• at high frequencies, the superheterodyne circuit operates with two frequency transfers upward
• at 2.3-2.7 GHz, the system can operate in the format of a transmitter with direct conversion (homodyne circuit)
• at a lower frequency, the signal from the intermediate frequency already carried down.

Receiver path


The receiving path is arranged in a similar way, only now the circuit works so that any input signal is transferred to the frequency region 2.3 ... 2.7 GHz, where it is processed by the MAX2837 receiving path - converts low-frequency components to I, Q for transmission to the ADC.
I would also like to note that as the low-noise amplifier at the input, the exact same model of amplifier is used that is used at the output of the transmitter - MGA-81563. The decision, of course, is controversial. But on the other hand, if the author of the project did not have the goal of optimizing the radio module for a specific narrow task with power requirements for the transmitter and noise requirements for the receiver (obviously, this was not the case), but the goal was to at least somehow increase the output power and not realize quite a flawed noise figure of the receiving part, in other words, it was enough to do something "mediocre" in this regard and, probably, this option has a right to exist. Moreover, at the same time, it was possible to save in the cost of the device by refusing to inflate the range of components.

So, now we have more or less found out the composition of the hardware architecture and the purpose of the elements present in it. Nothing now prevents us from looking more closely at the specifications of each key circuit element and getting a complete list of quantitative RF characteristics of the entire HackRF One. First of all, it is important to know the linear properties of the transmitter, the noise figure of the receiver, the final phase noise of the frequency synthesizers, etc. These characteristics, in turn, will allow you to calculate the applicability of the module for a particular task. I decided to limit this article only to a functional description of the circuit and not to give any quantitative calculations and conclusions. If the topic is interesting to the community, I will try to write a sequel.

What is the result


As in any other business, there should always be common sense everywhere. What is the point in architecture with an ADC + antenna? Simplicity? Yes, but this is only the simplicity of understanding the work for the "layman", in many cases it turns out that this is not optimal and unreasonable. As you can see, the developer of one of the most popular SDR transceivers - HackRF One, understood this, otherwise he would have stupidly connected a powerful ADC / DAC to the antenna and suggested using the most powerful computing power for synthesis / processing of a broadband signal. It would be worth ... a lot (to put it mildly). Instead, he made a rather beautiful engineering solution, in which he was able to use budget components, build an architecture with pretty good performance characteristics of the device. Low total cost (for such functionality),a wide frequency range of work - this is what made the project popular and accessible for people, and the “simplicity” of the architecture of the radio part not invented by anyone. It’s only worthwhile to meaningfully try to build a transceiver with the same characteristics that at least this HackRF One has on the principle of ADC / DAC + PC = SDR, try to choose ADCs, DACs that will directly synthesize and digitize signals at 6 GHz and understand how real it is and what it will cost. What can we say about higher-frequency systems (operating at tens of GHz), which are now gaining more and more popularity. For them, the way of digitizing “directly” is a completely unreasonable utopia. At least - at the current stage of technology development.It’s only worthwhile to meaningfully try to build a transceiver with the same characteristics that at least this HackRF One has on the principle of ADC / DAC + PC = SDR, try to choose ADCs, DACs that will directly synthesize and digitize signals at 6 GHz and understand how real it is and what it will cost. What can we say about higher-frequency systems (operating at tens of GHz), which are now gaining more and more popularity. For them, the way of digitizing “directly” is a completely unreasonable utopia. At least - at the current stage of technology development.It’s only worthwhile to meaningfully try to build a transceiver with the same characteristics that at least this HackRF One has on the principle of ADC / DAC + PC = SDR, try to choose ADCs, DACs that will directly synthesize and digitize signals at 6 GHz and understand how real it is and what it will cost. What can we say about higher-frequency systems (operating at tens of GHz), which are now gaining more and more popularity. For them, the way of digitizing “directly” is a completely unreasonable utopia. At least - at the current stage of technology development.What can we say about higher-frequency systems (operating at tens of GHz), which are now gaining more and more popularity. For them, the way of digitizing “directly” is a completely unreasonable utopia. At least - at the current stage of technology development.What can we say about higher-frequency systems (operating at tens of GHz), which are now gaining more and more popularity. For them, the way of digitizing “directly” is a completely unreasonable utopia. At least - at the current stage of technology development.
It is clear that the described HackRF One architecture and control of each element of the circuit is hidden from the programmer somewhere in the circuits and control software (kindly by someone once written). Naturally, it makes no sense to everyone and everyone to delve deeply into radio engineering. A person involved in DSP is not required to understand in detail the features of the RF tract. However, in any case, one should pay more attention and accuracy to unknown areas of knowledge, not to neglect them and not to ignore those cases when it is impossible to do without them. Among other things, I want to note that the HackRF One project can be not only a curious toy in the hands of an enthusiastic programmer, but can also serve as an interesting training tool for a radio amateur / radio engineer.

More articles:


All Articles