Having a working GNURADIO system under Windows can really be hard, at least in my experience, so this is what you need to install BEFORE installing GNURADIO (this is my actual "configuration"):
1 - python-2.7.3.msi (Python interpreter - link)
2 - numpy-1.6.2-win32-superpack-python2.7.exe (link
3 - PyQt-Py2.7-x86-gpl-4.9.6-1.exe (link)
4 - setuptools-0.6c11.win32-py2.7.exe (used to install other Python dependencies - link)
5 - pygtk-all-in-one-2.24.2.win32-py2.7.msi (link)
6 - wxPython2.8-win32-unicode-184.108.40.206-py27.exe (link)
7 - PyQt4.Qwt5-5.2.1.win32-py27.exe
8 - lxml-3.0.2.win32-py2.7.exe (link)
9 - Python OpenGL (link)
10 - Visual C++ 2010 Runtime
(info taken here)
After that start GNURADIO Companion usually located here: C:\Program Files (x86)\gnuradio\bin\gnuradio-companion.py (it can take some couple of seconds before it starts)
If, for some strange reason, the software will not start anymore over time try to reinstall the fist 3 packets of the environment and it should start again... weired but it did the work in my case.
Now a tutorial on how to use gnuradio is really welcome !
INSTALLING THE COMPILING EVIRONMENT
Download and install the following packages:
- MinGW Setup (mine was already installed to compile Proxmark3)
- CMake (I am using v3.0.2-win32-x86 and I installed it in C:\CMake, this path is important in the commands we must send in the MinGW shell)
Download and extract the following packages respectively in the path C:\MinGW\msys\1.0\local\include\libusb-1.0.18\libusb and C:\libusbx-1.0.18-win:
- libusb-1.0 (I am using v1.0.18)
- libusb-win32 (I am using v1.0.18)
Download and extract the following package in the root of your C:\ drive and rename the folder to C:\hackrf:
- Latest HackRF package
Now launch C:\MinGW\msys\1.0\msys.bat to open MinGW shell and type the following:
cd /c cd hackrf cd host mkdir build cd build PATH=$PATH:/c/CMake/bin cmake ../ -G "MSYS Makefiles" -DLIBUSB_INCLUDE_DIR=/usr/local/include/libusb-1.0/ cmake ../ -G "MSYS Makefiles" -DLIBUSB_LIBRARIES=/c/libusbx-1.0.18-win/MinGW32/dll/libusb-1.0.dll make make install
You have now compiled HackRF !
Compiled .exe tools can be found here: C:\hackrf\host\build\hackrf-tools\src
libhackrf.dll here C:\hackrf\host\build\libhackrf\src
Firmware can be found here: C:\hackrf\firmware-bin (this is already present in the hackrf downlodable package)
To see if everything is working fine connect HackRF One to USB port and then launch hackrf_info.exe, it should show HackRF specifications just like this:
Those .dlls are needed:
Here it is (1st part).
Next part will be about compiling under Windows.
The last part will be Installing and configuring GNURADIO under Windows (this is the best I can reach until now): if someone is able to write a tutorial on how to use GNURADIO with HackRF One ot will be wonderful (this is what probably vivat is asking for) !!!! I am really really new to this software and SDR in general...
Dealing with a hardware+software platform born under linux can be a real pain for people not used to it so I will try to make things easier for them explaining what I did to make that great HackRF One hardware working under Windows. I am still not too good in those kind of subjects so I will try to explain things the same way I understood them; if you find incongruences please feel free to correct me and I will update this post giving credits to contributors.
WHAT IS HackRF One
It is a platform with open hardware and software created by by Michael Ossmann specific for radio frequencies analysis; this is at the moment the only hardware able to scan the widest range of RF signas starting from 30MHz to 6GHz !! (another hardware that is going to be released this year is Airspy but its range will be from 24MHz to 1.7GHz - there are other very cheap usb dvb dongles able to do that kind of analysis but they are not natively built for that kind of stuff and are really limited compared to HackRF One).
Using an hardware device called Ham-It-Up RF converter (picture below) the HackRF One can also explore the LF and MF frequencies range so the full range is extended from 300kHz to 6GHz !!!
This device is the succesor of the Jawbreaker hardware and its manufacturing was possible thanks to a specific kickstarter campaign.
Frequency Range: 10MHz - 6GHz (kickstarter campaign says "from 30MHz" while acutal official site says "from 10MHz") [from 300kHz to 6GHz if you add an Ham It Up RF Converter hardware] - the range practically starts from the upper part of LF (Low Frequency) band to the lower part of SHF (Super High Frequency) band.
- Bandwidth: the maximum bandwidth of HackRF is 20 MHz (about 10 times the bandwidth of TV tuner dongles); that means that HackRF could be used for high speed digital radio applications such as LTE or 802.11g. Bandwidht is the maximum range of frequencies "explorable" at the same time: this means that you can "see" or better "listen" to a range of frequencies 20MHz-wide; here is a practical example: if you set HackRF One to 20 MHz bandwidth and you center the frequency to 97MHz your bandwidht will be approximatively from 87 to 107MHz (that is almost the full radio FM spectrum from 87.5 to 108.0 MHz (with some exceptions such as Japan FM broadcast range that is form 76 to 90MHz) !):
the peaks above represent radio broadcasting stations.
So everything in the range of the bandwidth you are listening to is recordable -> so it can save up to 20 million samples per second !
- Included Antenna Specs: it is called ANT500, it is telescopic, and it is designed for operations from 75 MHz to 1 GHz (this means that that if you want to reach the non-supported frequencies you need to buy/build your own antenna):
- half-duplex transceiver: it means that it can transmit or receive but can't do both at the same time. However, full-duplex operation is possible if you use two HackRF devices.
- SMA female antenna connector
- SMA female clock input and output for synchronization
- software-configurable RX and TX gain and baseband filter
- software-controlled antenna port power (50 mA at 3.3 V)
- convenient buttons for programming
- internal pin headers for expansion
- Hi-Speed USB 2.0: (Male Type A <---> Male Micro B cable-connectors)
- Same cable USB-powered: one cable-only to connect and to powering-up
- 8-bit quadrature samples (8-bit I and 8-bit Q): I don't know what it is, if someone can explain it I will be grateful !
WHAT IS SDR
(taken directly from the kickstarter campaing page):
SDR is the application of Digital Signal Processing to radio waveforms. It is similar to the software-based digital audio techniques that became popular a couple of decades ago. Just as a sound card in a computer digitizes audio waveforms, a software radio peripheral digitizes radio waveforms. It's like a very fast sound card with the speaker and microphone replaced by an antenna. A single software radio platform can be used to implement virtually any wireless technology (Bluetooth, ZigBee, cellular technologies, FM radio, etc.).
HOW TO USE HackRF One WITH SDR# SOFTWARE
- Download the following file: sdr-install.zip from SDR# page (it needs an internet connection to download necessay files)
- Once downloaded unzip it, launch "install.bat" and wait for the program to download the necessay files
- now connect HackRF One to an USB port and execute zadig.exe to install Windows Drivers; if the new USB devices is not shown go to "Options" and select "List All Devices" (see picture below);
- now choose "WinUSB (v6.x.xxxx.xxxxx)" and press "Install WCID Driver" button:
Usually under Windows HackRF will work with ONE USB PORT AND THIS ONE ONLY !!! So try all USB ports before saying "hardware not found by SDRSharp!"
- now you can execute SDRSharp.exe (it is in the same zadig.exe folder) and SDRSharp will open up:
Here are the basics:
- 1st of all click on the "gear" icon and set the device as "Jawbraker" (A)
- then set the sampling rate: the more it is the wider the band will be with zoom set to 0 (B)
- then set the LNA gain according to your receiving signal (see further) (C)
- now set the kind of radio you want to listen to (WFM is the "normal radio" band)
- now set the "step size": this represents the "accuracy" of the vertical red line while you move it through the frequencies; it is the same thing that happens when you press the "forward" button of yoru radio-car-system if the automatic station scan is disabled, it goes "a step further" and the width of this step is represented by this "step size" value: the smaller it is the more precise it will be (smaller values should be used when you are inspecting a narrow band range)
- now set the resolution: this is the resolution of the peaks you can see in the upper part of the Spectrum Analyzer: the higher it is the more the processor will work: setting it above 65535 can cause system performance slow down.
NOW YOU CAN PRESS THE "PLAY BUTTON" to make the software analyzing HackRF One sniffed traffic:
Double-click on any peak to tune to that frequency and listen to it !
The Spectrum Analyzer represents a graphic peak-view of the band of the frequencies you are exploring; higher peaks means that something is broadcasting over that frequency. [X = Frequency ; Y = Amplitude]
(peaks can be automatically marked setting the option "Mark Peaks" you can see in the lower-right corner of the previous picture)
The Waterfall represents a graphic "cascade" representation of the signals across the frequency range you are investigating, usually "coded" with a specific color which indicates signal amplitude or strength displayed over time (more recent are at the top of the waterfall, older ones are at the bottom).
If your waterfall doesn't seems to have any broadcast signal try to increment the LNA gain in the settings.
ZOOM: with this slider you can narrow or make wider the graphic band your are seeing
CONTRAST: it changes the color of the waterfall "silent" background and of the waterfall "hot lines" (I prefere the "silent" background to be blue and the "broadcasting frequencies" to be orange/red as you can see in the watefall picture above).
RANGE: it narrows or widen the "Y coordinate" (amplitude) in the "Spectrum Analyzer" graphic
OFFSET: it moves up and down the "Y coordinate" (amplitude) in the "Spectrum Analyzer" graphic
Here is a sum-up of the various available frequencies:
Please note that most of them have many sub-ranges !
Here are some GREAT SDR with HackRF tutorials by Michael Ossmann, the author of HackRF !
Next part will be installing the HackRF environment and compiling it under Windows !
is this the unit : h*t*t*p://www.aliexpress.com/item/Handheld-125Khz-250-375-500-625-750-875-1mhz-13-56MHZ-RFID-Duplicator-Copier-Writer-10X/2024094600.html
seem like too good to be true, but when the unit arrive, i tested with HID Prox II card, see if it can be done or not
They must be kidding...
I recently had some time to use the HackRF device and I think it is a great product:
I was able to use it under Win7 (64 bit) but I found some difficulties in setting it up with the SDRSharp (SDR#) software and compiling the sources; after some days I was finally able to correctly use it (together with the sources) so I would like to know if someone is interested in opening a specific form thread maybe in the "Various Tools and Utilities" or in "Hardware Remarks and Questions" section.
If you agree I can make some step-by-step guides on how to use it under Windows to make linux-unfriendly-people-approach easier.
Have a look here: http://www.proxmark.org/forum/viewtopic.php?id=2119
You are right n3rd, I need to update the .PDF with the new renamed file names; you can flas FPGA and after flashing it flash OS image using the appropriate .bat file and always keeping the button pressed. Otherwise you can flash fullimage only. OS image is the one that is updated more frequently so usually you don't need to flash fpga but if someone is updating from a very old version (like you) it is suggested to flash fullimage OR fpga+OS. Once your firmware is correctly updated (bootrom+fpga+os form the same build) your pm3 will be recognized without holding the button.
Flash FPGA first and then OS image (this is not mandatory, it should work in reverse also).
Bus pirate is the "last chance", you probably missed that sentence:
Do the same procedure you used to flash the bootloader (holding the pm3 button) and flash fullimage or FPGA and OS images and you should be fine
so try to use the othe .bat files to flash fpga and os before buying a bus pirate.
Thanks! I will try that now. However, why does the pm3-bin-0.0.5 come with the older driver if it doesn't work with the GUI? Is it required to flash the firmware in stages (old one first, then the new one)?
Because the windows package comes with everything you can need to see if your just-received pm3 is working and if its firmware is libusb or cdc-serial; the GUI is an accessory-only to make things easier; to use the old libusb driver/firmware you need to use an old proxmark3.exe but old libusb executables are no more supported so I will not add them to avoid further confusions such as the ones you had with the drivers.
It is not needed to flash the pm3 in stages; already-bulit pm3 comes with an older firmware that usually is NOT the latest version available; it is advised to flash the latest firmware to avoid nasty bugs.
The flasher.exe (or more accurately, the PDF that comes with the gui) says the FLASH files need to go in the /win32 folder. This box is a 64 bit Win 7 machine, there is no /win32 folder. Does this imply that I need a different flasher? Or should I just create c:/win32/ ?
The package comes with all files/folders you need if you mantain the provided folder structure; you are correct about the \win32 folder name, it is misleading and I will change it to \Windows Binaries in future releases, thanks for pointing that out.
...I renamed that file from "FLASH - NEW Bootrom (uses old flasher exe with -b option).bat" to 'doit.bat' because it's very tedious to type otherwise
Well you just need to double click on the .bat file to execute it without needing to type inside a Dos shell; renaming the file in "doit.bat" will cause more problems than the ones you had because people will not know what that file is used for.
OK I found that DLL elsewhere and stuck it in /win32 and the flasher runs.
The needed .dlls are inside the windows folder, they are not hiding "elsewhere":
When plugged into USB, the PM3 now lights up the red and yellow LED, and every 30 seconds, the relay clicks and the green LED lights up.
As midnitesnake correctly pointed out, you now need to flash the fullimage or FPGA+OS image because you only flashed the bootloader right now.
Do the same procedure you used to flash the bootloader (holding the pm3 button) and flash fullimage or FPGA and OS images and you should be fine. If the pm3 will not flash you will need to buy a a bus pirate and follow this procedure.
You asked, I answered but I was not clear and I am sorry for that.
Raw commands can be sent but NOT ALL raw commands (this topic it is already covered in this thread, at page4's bottom):
Mifare tags (and other tags) are not full ISO14443A comaptible, sometimes they use proprietary 7bits commands that ARE IMPOSSIBLE to send using mobile phone firmware nfc chips (they are full ISO14443A/B compliants but they do not support single specific special commands even if they are mifare compatible); the only way will be to modify internal nfc chip firmware that is not possible at this time.
Added new compiled windows release (named 0.0.3) in the 1st post with piwi's latest patches.
Unfortunately the main trunk seems not to be updated with the relatively new iclass stuff.
If you are updating from ver. 0.0.2 remember to update both bootloader and fullimage !! Otherwise your pm3 will not be recognized by windows !!!