The HackRF and the USRP B210 can tune to a huge amount of the radio spectrum. The HackRF can tune about 20 MHz lower than the B210/B200, but both devices can tune as high as 6 GHz. The B210/B200 transceiver is largely based on the AD9361
IC, which can tune from 70 MHz to 6 GHz, based on available information from the manufacturer. So it looks like the the B210/B200 will be using the chip slightly out of spec to get down to 50 MHz. The HackRF on the other hand uses many different components rather than a single IC for tuning. If you look at the schematics
, you will find a hodgepodge of chips each designed to operate in a certain portion of the spectrum, which are then connected by at least six radio frequency switches, if I count correctly. Hopefully all of these added components will not add too much noise to the system.
Additionally, the HackRF is bundling the Ham It Up
, up converter, to one of their Kickstarter packages for a $35 upcharge. This device will allow the HackRF to tune as low as 300 KHz, and is available for purchase
by itself as well, for about $43. Because the lower frequency limits of the HackRF, B210/B200, and WBX daughterboard (in the B100 starter kit) are similar, I imagine that Ham It Up will work with these devices as well.
For the older USRP B100, different daughterboards are used to access different portions of the spectrum. The WBX daughterboard is included with the starter kit, and is able to tune from 50 MHz to 2.2 GHz. However new duaghterboards can be swapped in, such as the CBX which can tune up to 6 GHz. The downside to this approach is that the BX series duaghterboards, when purchased separately, cost more than the HackRF or the lower end bladeRF.
After testing the USRP B210, it had issues with the ASMedia controller in my computer and the device would only really work on a USB 2 port. The developers at Ettus actually warned me that ASMedia USB 3 doesn't conform to standards before I even received the device. This may prove to be an issue for some people. I got around the issue by buying a PCIe USB 3 card with a VL805 controller, which cost about $20 and worked just fine. Since the bladeRF uses the same FX3 chip, it too may not like ASMedia controllers, unless its kernel module takes care of this issue somehow.
The sample size of the ADC and DAC plays an important role in how precise your sample will be. Adding a single bit is effectively doubling the precision. So when the HackRF uses an 8 bit DAC and the USRP B100 uses a 14 bit DAC, it is effectively 64 times the precision. How much does this actually matter? Well, a cheap RTL-SDR can receive NOAA satellite images and it receives 8 bit samples, so a lot can be done with the small samples, but larger samples will definitely help. Better antennas and gain settings will help a lot with this as well.
Another issue with the the ADCs and DACs is how fast they can take samples. The larger the number of samples, the more bandwidth they can process. Many older technologies can get away with using very slow ADCs and DACs. For example AM radio, FM radio, and GSM channels can all be demodulated just fine with a 1 Msps ADC. However high bandwidth digital signals such as WiFi a/b/g need at minimum a 20 Msps ADC/DAC. In fact the only board that would be capable of receiving the 40 MHz 802.11n channel is the USRP B210/B200. However processing such large chunks of data in real time will be quite a challenge. In fact even storing the data fast enough could be troubling.
Software Defined Radios produce more data than they know what to do with. Transporting all of the data to a PC is one of the main bottlenecks of an SDR. This is clearly an issue with the USRP B100 and the HackRF and this is reflected in the amount of bandwidth that can be analyzed. With USB 3.0 this bottleneck is definitely widened, and more samples can be transmitted across the lines for the bladeRF and the B210/B200. Even though the bladeRF and the B210/B200 use the same USB 3 controller, the bladeRF will not be able to capture the same amount of bandwidth due to the bandpass filtering limitations of the LMS6002D. There is talk on their forums of being able to disabling this filter all together so that an external hardware filter can be used. This would likely increase the devices bandwidth to the ADC/DAC sampling rate. The filter sizes of the B210/B200 will effectively allow 56 MHz on any given channel.
So how is all of this data going to be made useful to us? It needs to be transmitted to a PC for processing, or the devices themselves need to take care of the processing. In terms of computation power, it seems like the bladeRF and the USRP B210/B200 are the front runners. Both these devices have large FPGAs as well as an FX3 microcontroller. The B210 has a Spartan 6 LX150 FPGA with 150k logic elements and based on the file size of the B200's bitstream, it has a LX75 FPGA with 75k logic elements. The bladeRF has a Cyclone 4 FPGA with the x40 having 40k logic elements and the x115 having 115k logic elements. The USRP B100 has a relatively small FPGA, with 25k logic elements. The HackRF has a CPLD, but no FPGA, relying primarily on the onboard microcontroller.
The number of logic elements correlates directly with how powerful the FPGA is, so obviously the more the merrier. The advantage of an FPGA is that processing can be done in parallel, rather than serial. The downside is that FPGAs often clock slower than microcontrollers, and the designs are created by the user and may not be as efficient if the creator is not well versed in HDL.
Some of the usage statistics for older USRPs are reported on their FAQ page . Based on these numbers and the fact that the B100 is relatively small, I would imagine that it will have very little room for user designs. The B210/B100 FPGAs however are probably mostly empty and likely will have room for a lot of user designs. The makers of the bladeRF have reported that the x40 FPGA is currently only about 15% utilized, so there will be a lot of room for user designs as well. The FPGAs act first as an intermediary between the ADC/DAC and the FX3 controller but also provides DSP and logic resources that can apply digital filters, basebands, etc. Out of the box, Ettus also has up/down converters, deciminators and interpolators in their UHD implementation. I have not looked into bladeRF, but it is likely they have the same.
One notable difference between the FPGAs is that Ettus uses Xilinx chips while nuand uses Altera chips, so they have different features. Xilinx DSP blocks in the FPGA have more features than Altera, including a preadder , multiplier and accumulator, while Altera FPGAs only have a multiplier in their DSP modules. This means the adders will likely need to be implemented in the logic fabric, and the same design in an Altera FPGA could take more logic elements than it would in a Xilinx FPGA. Also Altera has less RAM available per logic element than Xilinx does. The Altera chips may run into memory concerns later, but given the size of the FPGA, the onchip memory might be enough. It should also be noted that the LX150 in the B210 is not supported in the free Xilinx ISE, while the LX75 in the B200 and the Altera FPGAs all have free development tools.
I wanted to note the prices of the FPGAs. The x40 Cyclone IV costs about $100, and the x115 Cyclone IV costs about $315. These priced are based on the available prices on Digi-Key and are probably not what the manufacturer pays. This shows that the nuand really isn't making a premium of their higher end model, it's just what it costs.
All of the boards mentioned here have powerful microcontrollers, with the exception of the USRP B100. On the B100, the FX2 is used for the USB2 link to the host and only has 16 kilobytes of RAM for the code/data. The bladeRF and the B210/B200 actually share the same microcontroller, the FX3, for dealing with the USB3 link. The HackRF has a dual core LPC43XX for handling its USB2 link and controlling the radio hardware.
The HackRF microcontroller runs at 204 MHz and it made by NXP. It has an ARM M4 core and a M0 coprocesser. It contains a 64 kilobyte boot ROM and 264 kilobytes of SRAM. This chip has a lot of responsibility. It is responsible for sending and receiving data over the USB link as well as controlling all of the radio components on the board. There are plans to add decimation and interpolation code to the microcontroller as well. The choice to do this on the microcontroller rather than the FPGA will allow people to make quick changes using C, rather than working with HDL. With the PortaPack as a display aid, the microcontroller on the HackRF is capable of headlessly (no computer necessary) becoming a spectrum analyzer, and more headless applications are expected as well.
The FX3 used in the bladeRF and the B210/B200 contains a 200 MHz microcontroller with a ARM926EJ-S core. This chip has a GPIF that, once set up, will allow the ARM core to be mostly idle. It contains a 512 kilobyte SRAM and no ROM. The chip can be bootstrapped in a number of ways, including from USB. In fact this is the way firmware is often loaded. The bladeRF also has a 4 megabyte SPI Flash, which will contain the code for the microcontroller and the FPGA, while it is running headless. The B210 prototype that I have, has only a 32 kilobyte EEPROM which is used for storing settings and has no flash device. Without flash, running headless will be pretty difficult for the B210/B200. The developers at nuand hope to be able to run OpenBTS and OpenLTE headless on the bladeRF. The folks at Ettus have already implemented LTE on the B210 with the aid of a computer with a Core i7, but doubt that it will be able to run on the FX3.
Software Defined Radio is a massive idea that has been in the works for over a decade. The community that uses the device is as important as the device itself. These are the people that provide support for new designs. These are the people that bring and share innovations to the field. Theses are the people that keep you from reinventing the wheel. So it is important that companies which produce Software Defined Radios embrace the community and provide support to the community. One of the easiest ways to do this is to open the source and open the hardware. The following sections highlight how these companies have allowed hackers to hack!
The software is a very important aspect when choosing an SDR. Luckily all of the boards mentioned support GNU Radio, which contains a vast amount of source code which is free and open source. It also contains a nice GUI for quick development and testing. The drivers for HackRF and bladeRF are a part of the driver package gr-osmosdr , the same package used to communicate with the RTL-SDR dongles. The bladeRF portion was just added within the last few weeks, so be sure to update your code for bladeRF support. HackRF has been part of the package for a while. The gr-uhd package itself is part of GNU Radio, but relies on the UHD driver libraries which are provided separately by Ettus.
All of the code, HDL files and schematics are freely available for all of the SDR platforms, with exception of the unreleased B210/B200, however HackRF goes above and beyond in this aspect and provides all of the KiCad files used to produce the board, including the schematics in their original form (not PDF) and the PCB layout. The USRP B100 and bladeRF schematics are provided in PDF form and I expect the same level of openness will apply to the B210/B200 as well. This extra bit provided by the HackRF will come in handy for allowing others to help refine the HackRF design and will also be a great learning aid to the community. I imagine it would be easy reuse parts of the design unique radio products, learning from the previous revisions of the HackRF.
The USRP has a distinct advantage in terms of available code. It has been available since around 2006 and has had many years to develop and be adopted. In fact many academic papers have been published based on the use of the USRP and GNU Radio. This created a lot of novel uses and novel code. The UHD, used by all of the USRPs, has had a lot of time to be refined and added to. Since all USRPs use the UHD, it means that if one product gets a new feature, they all do, as long as the hardware can support it. Much of the code uses GNU Radio and should be portable, however if it has only been tested on a USRP, it might not quite function as planned on other devices. That being said, the support for the USRP in GNU Radio is second to none. Ettus actually released a free Linux image with GNU Radio and a bunch of other tools installed, which makes setting up a SDR environment a snap. It is designed with the UHD in mind, but adding support for gr-osmosdr should be easy since all of the required libraries are already installed.
HackRF has been around for considerably less time than the USRP and is only beginning to develop a code base, but is showing great progress. It should work well with GNU Radio, but testing is ongoing. HackRF also has an advantage, it has followers! At least 500 HackRF beta units have already been distributed for free to hackers everywhere and at the time of writing, 1100 units have been ordered from the Kickstarter campaign. It is very likely that these people will have the skills and be able to add to the code base of the HackRF. There is a difference between hackers and academics, although there is overlap, I see the hackers being able to contribute a large amount of great code to the cause.
The nuand team just recently released the GNU Radio driver for the bladeRF. I estimate that close to 400 people received a bladeRF from their Kickstarter campaign. There are probably also a lot of people that have ordered from their website as well since the bladeRF is now shipping. This group of people will definitely be able to add to the code base and some will probably own both a HackRF and a bladeRF. Still, the developers seem to be making progress on the code and also seem open to suggestions from owners of bladeRF units. Since the bladeRF and the USRP B210 are similarly designed with a FX3, a large FPGA and a single chip RF transceiver, I imagine there can be a lot of code sharing between the platforms. The Xilinx/Altera divide might make things difficult, but I imagine that with enough hackers, the bladeRF could also run the UHD and benefit from Ettus's years in the field.
One of the great things about the HackRF is the openness of everything involved, including the hardware. This definitely contributes to its hackability. One possible issue with the B210/B200 is the AD9361. Little information is available on this IC and the Analog Devices website only provides a 1 page data breif on the device. This makes it much more difficult for people other than Ettus employees to interface with the device without signing an NDA. However the developers at Ettus told me that their drivers will be open source. Other than this chip, it looks like documentation is available for the rest of the ICs on the B210/B200. The LMS6002D used on bladeRF provides a 15 page datasheet and a 45 page programming and calibration guide, which will come in handy for developers.
The HackRF is a great platform for accessing a huge portion of the radio spectrum at a great price. It is open source everything. This means KiCad files too! The downsides to this board is that is does not have an FPGA and it connects over USB2. It also has a relatively small sample size in terms of the ADC/DAC. That being said, Michael Ossmann has a history of delivering. This product will be very hacker friendly and very wallet friendly as well.
The bladeRF is all about the speed with it's huge FPGA and USB3 connection. It has access to a large portion of the spectrum, but cannot tune quite as high as the other solutions. The resolution of the ADC/DAC is great and so is the available bandwidth. I would recommend this board to people who want to run headless applications and don't need access to higher frequencies.
The USRP B100 is an older product from Ettus and will have trouble if large bandwidth applications are required. It is expandable through daughterboards that can be swapped out, and will likely be compatible with future Ettus daughterboards, which may expand to frequencies over 6 GHz. This board interfaces with the UHD and will have great support. This B100 starter kit is the same price as the B200, and covers a smaller portion of the spectrum and has a USB 2 connection. I would only recommend this if you have specific applications that require the B100, or if you have custom daughterboards or plan to make some.
The USRP B210/B200 can tune to a huge portion of the spectrum and can provide a tremendous amount of bandwidth to the host. It has a huge FPGA and a a fast USB3 connection. However its AD9361 is not hacker friendly due to the lack of information. The B210/B200 are the most expensive options being reviewed. However, many of the features of this board are competitive with the high end N210 offered by Ettus. The B210 is the first board that fully supports 2x2 MIMO. Overall, I believe the B210/B200 will be the most powerful Software Defined Radio on the market and will be well supported by Ettus. I would recommend these devices to anybody who needs huge chunks of bandwidth in a huge portion of the spectrum, but does not need a headless device.
Overall, it looks like we will have three great new Software Defined Radios this and next year. I look forward to seeing what great innovations people will produce when they get started on their devices. I have put weeks into researching and reviewing these devices and there is a lot I was not able to fit into this article, so if you have any questions, ask them in the comments! Thanks for reading and stop back for my testing results of the B210!