The bladeRF 2.0 micro is Nuand’s newest next-generation USB 3.0, 2×2 MIMO Software Defined Radio (SDR) unit. It allows students, security professionals and RF fans to explore and experiment with wireless communications and provides 5G LTE and spectrum analysis, custom modem and waveform development, etc.
Software-defined radio (SDR) is a radio communication system where components that have been typically implemented in hardware (e.g. mixers, filters, amplifiers, modulators/demodulators, detectors, etc.) are instead implemented by means of software on a personal computer or embedded system. (Source: Wikipedia)
Operating at an astounding frequency, response range from
47 MHz – 6 GHz, it’s capable of troubleshooting and transceiving within this range with a
61.44 MHz sampling rate. So yes, we guarantee you will be having a lot of fun with this one.
Nuand have released two different versions of bladeRF SDR:
- the bladeRF 2.0 micro
xA4which we are covering in this article, and
- the bladeRF 2.0 micro
xA9which is more expensive, but more powerful in terms of logical gateways in the FPGA (301KLE). It’s also designed for hardware accelerators and HDL signal processing chains (not recommended for hobbyists).
BLADERF 2.0 micro xA4 [features, hardware specs, design]
The BLADERF 2.0 is slightly larger than the Raspberry Pi, it’s been packed into a tiny form factor measuring 2.5 by 4 inches and weighs only 56g. You can fit it in a wonderful case designed specifically for the board, sold separately. The unit comes with:
- onboard, programmable Altera Cyclone VFPGA (49KLE),
- digital signal processing unit,
- single-cycle access memory,
- hard 18×18 multipliers for dedicated DSP,
- wideband RF transceiver which manages all the radio communication,
- two sets of RF SMA ports (power over bias-tee circuitry),
- Cypress FX3 high speed microcontroller,
- powerful 200 MHz ARM926EJ-S processor and
- USB 3.0 SuperSpeed port.
- 56 MHz filtered bandwidth (IBW).
- Automatic gain control (AGC).
- Real-time custom gain control tables controlled via SPI and discrete external input pins.
- Automatic IQ and DC offset correction/calibration, making it far superior than other SDRs currently available.
- 128-tap digital FIR filtering.
- Fully bus-powered over USB 3.0.
- External power option via 5 V DC barrel jack with automatic switchover.
- Factory-calibrated SiTime MEMS VCTCXO.
- Taming supported via 12-bit DAC or ADF4002 PLL.
- Complete backwards compatibility with BLADERF, any software written for it will also work on the 2.0 micro.
- Expansion port with 32 I/O pins (LVDS available).
- JTAG connectors.
- Triggered multi-device sampling synchronization.
- Onboard bias tee optionally provides 5 V to active antennas and accessories.
- Duplex Tx Rx instead of simplex. 2 Coherent Rx and Tx channels.
- Wireless video transmission.
- GPS reception and simulation, cellular with GSM and LTE, ADS-b reception.
- Whitespace exploration.
- MEMS oscillators provide superior reliability, aging, power supply noise rejection, and vibe/shock performance compared to quartz oscillators.
The BLADERF 2.0 micro can be installed on various Linux distros (Debian, Ubuntu, Fedora, Pentoo Linux (ready for bladeRF 2.0 micro), etc.), OS X and Windows. It also supports:
GNU Radio via gr-osmosdr, Pothos via SoapySDR, SDRange, SDR console (version 3 has native support), SDR# via sdrsharp-bladeRF, YateBTS, OpenAirInterface, srsUE and srsLTE, MathWorks MATLAB® & Simulink® via libbladeRF bindings, Python bindings Applications.
The easiest way to get started with your bladeRF 2.0 micro on Linux is by using PyBOMBS. PyBOMBS is a package manager and build system for GNU Radio. It handles the fetching, building, and installation of GNU Radio and dependencies, and is largely system independent. For installation steps visit the bladeRF GitHub Wiki.
Hacking using bladeRF 2.0 micro xA4
GNU /Software Radio Devices, such as HackRF One, RTL-SDR, bladeRF, had become very available these days. Many hobbyists and professionals find sniffing radio communications very entertaining and useful and here are some examples what you can do with them.
- sniffing radio communications, transmitting and replaying the signals that you have captured (garage door opening, hacking alarm systems, sniffing GSM traffic, ringing doorbells, and other very funny things).
- performing replay attacks: all you need to do is attach bladeRF 2.0 micro to your machine and record transmissions code and later use it as receiver to unlock car door, for example.
- interpret GPS signals and signals from meteorological satellites, launch your own GSM base station, track ships via AIS transmissions, experiment with wireless communication, and so much more.
If you’ve trying to do something related to RF wireless communications the BLADERF 2.0 micro will get the job done efficiently. When we compared it to the HackRF One we found it to be better due to the 12-bit DAC.
It has incredibly sensitivity in plain and phase making it excellent to characterize radio frequencies, and while there are some cheaper alternatives, such as LimeSDR or SDRPlay, combining the BLADERF 2.0 micro with two rubber duck antennas, a Raspberry Pi 3 and a USB power bank will definitely be all the hardware you need to make your own off-the-shelf stingray kit. You know, for those “completely legal” and ethical penetration testing projects.