🧵 RF basics: mixers.
A thread for beginners on:
1. What an RF mixer does
2. Understand its datasheet
3. Test its specs

I've picked Mini Circuits ZMDB-24H-K+ for this thread to work on.

1/7 As the name suggests, mixers are used to “mix” signals. But what does “mix” mean in this context?
Mixers have 2 input ports , and an output port.
When you “mix” 2 signals, you end up with multiple signals at the output!
f_out = |f_RF ± f_LO|
So, you have the sum and also difference of the signals!
The output is usually called IF (intermediate frequency)
The main input is called RF (radio frequency)
And the other input that basically controls what happens to RF is called LO (local oscillator)
You can use LO to down-convert RF.
A very practical example is down-converting a multi-GHZ signal down to less than 6GHZ so you can “see” it with your typical 6GHZ spectrum analyzer or SDR.
So, when you hear the terms “down-converter” or “up-converter”, you know they’re simply mixers inside.
[note: in this thread I am treating the mixer as down-converter. Mixers can also work in the other direction (IF to RF) as shown in this screenshot, and work as upconverter. Mixers are bi-directional devices]

2/7

🧵 RF basics: Attenuators.
A thread for beginners on:
1. What an attenuator does
2. Different types of attenuators
3. Understand the datasheet terms
4. Test its specs

1/4 An attenuator is a passive component that “attenuates” a signal’s amplitude, ideally not impacting its other parameters like frequency. Let’s say you have a 0dBm signal and connect it to an attenuator , and let’s say your attenuator is 20dB. In this case, you’re going to get a -20dBm signal after attenuation. It may not be exactly 20dB of attenuation, because attenuators like any other component or circuit, have some tolerance (let’s say +-0.5dB)
Most attenuators are bi-drectional, so it doesn’t matter which side of it you use as input or output.
Generally we can say we have 2 categories of attenuators: fixed and variable. Fixed is fixed: 1dB, 5dB, 20dB, etc. On a variable attenuator, you can change the amount of attenuation either manually (like physically with a knob/selector, as you can see with HP in the picture on the previous post) or programmatically/digitally (as seen in this diagram from Mini Circuits)

2/4

🧵 RF basics: amplifiers.
A short thread for beginners, on understanding an RF amplifier's datasheet specifications.

I've picked Mini Circuits ZX60-123LPN+, an ultra wide-band, low phase noise amplifier operating from 50MHZ to 10GHZ

1/5 What an amplifier does is in the name: it amplifies the signal (increasing the amplitude). Let’s say you have a -20dBm signal, and you need to make it 0dBm. So you use an amplifier that can add 20dB of gain at that frequency.
Amplifiers are active devices. They need external power to work, unlike passive components like filters, mixers and splitters.
For the sake of simplicity, we can say that amplifiers are opposite of attenuators (one amplifies, the other attenuates)

(Pictured is the inside of the amplifier chosen for this thread)

2/5

🧵#temporary
I'm cleaning up my workshop.
Let me know if you want any of these (free. You only pay for shipping. Only EU. Or pick-up in Berlin)

1. Smart Car shield robot PCBs
2. PicoEMP PCB
3. Hackaday 2023 Berlin badge (a retro computer)
4. Lostik Lora device

1/4


2nd batch:

1. Adafruit Bluetooth LE sniffer (nRF51822)
2. Texas Instruments EZ430-CHRONOS hackable watch, with programmer and RF access board
3. AD9850 DDS signal generator module
4. Digilent Basys 2 FPGA board
5. TeensyConvolution SDR PCBs

2/4

🧵
Mega thread on RF, SDR, ham radio, and signal hacking:
I've been writing educational posts and threads on these topics.
To help finding them easier, I will put all the links here.
And I will link the new threads to the bottom of this meta thread every time I write one.

0/n 1. How to build an RF lab on a budget

1/n

https://twitter.com/mehdihacks/status/1865460523875418250

🧵 SDR for beginners:
Receiving FM radio is the "hello world" of SDRs. It shows that the hardware/software setup is working.
Here I show 5 ways to do it, using an RTL-SDR dongle, increasing the complexity with each method:
GUI apps, cmd line, streaming, GNU Radio, and code.

1/6 1. Obviously the easiest way is to use a graphical SDR app. There are many:
Windows: HDSDR, SDR# and SDR-Console
Linux/macOS: gqrx, CubicSDR, and SigDigger
There are also vendor-specific apps (e.g. SDRConnect for SDRPlay)
Some apps can also be compiled from source.
This can't get easier: connect the SDR via USB port, connect a simple telescopic antenna to it, and tune to a known FM station frequency on your app and listen! (make sure you select the WFM demodulation)
Here's a screenshot from gqrx on macOS:

2/6

🧵 A short list of best material (IMO) to learn Software Defined Radios in a pragmatic manner (no theory textbooks)
I've been asked many times how to learn RF and SDRs, so I compiled a short list of the best material I've watched/read so far.

1/5 1. PySDR: an online textbook with 22 chapters (so far), teaching the SDR and DSP concepts using Python. Very educational, with lots of code samples and diagrams and also using real world SDRs like PlutoSDR.


2/5pysdr.org/index.html

🧵 How to maintain and protect your expensive RF equipment ?
If you have ever bought RF equipment, even the relatively low-tier ones, you know how expensive they could be, so it's essential to use and maintain them properly to ensure they last long.
Here's 5 tips: 1. Use a torque wrench for your SMA connectors. It protects the connector from over-tightening and ensures consistent force, reducing wear.
Here's mine (from Mini Circuits)
There are also wrenches for other connector types like N.

🧵 How to hack wireless signals?
A short intro to replay attacks for beginners.

In this thread I will show you 2 ways to replay a simple wireless signal (a 433MHZ garage opener key)

Please note that I have intentionally chosen a basic device for educational purposes. Hacking real world devices with more complex protocols and security features like encryption and rotating keys is not as easy. Here my focus is showing the underlying concept with the easiest attack (replay attack), for absolute beginners.

Disclaimer: this is purely educational content, done on a simple device, in a lab. Always consult your local laws before doing such wireless experiments especially on targets that don't belong to you.

1/6 Let's first talk about some basic concepts and keywords
Modulation: the process of changing a signal's properties (like amplitude or frequency) to carry information. Probably you have heard the name of some basic modulations like AM and FM.
ISM band: a set of frequencies reserved for industrial, scientific and medical purposes where many public non-licensed devices like parking remotes or even your WiFi modem, operate in. Example: 2.4GHZ, 433MHZ (Europe, Africa and Middle East), 915MHZ (Americas)

2/6

🧵 What is amateur radio (also called ham radio) and why it might be worthwhile for a hacker to get into it?

I am a licensed ham radio operator. I have 2 call signs: an American one (NM9A) and a German (DF2HF)
Many people don't know what ham radio is, and what we (ham radio operators or licensees) do.
In short, ham radio is DIY wireless experimentation: it lets you perform a series of operations and experiments on specified radio frequencies.
Let me be more specific, with more examples. Here's what you can do with a ham radio license:
- Send messages over air (via antennas) to other licensed operators. Message can be morse code, digital data, or you could talk to each other over radio spectrum!
- Perform experimentation: build antennas, receivers, transmitters, etc, and test them.
- Participate in contests against other licensed operators

1/7 There are 2 things to consider:
1. ham radio does not use Internet and usually it doesn't use satellites (although it could use some amateur satellites as well). You send signals over air. It's like, if there were no electricity or telecom/Internet infrastructure, all you need to communicate to other operators is a battery, a transceiver, and an antenna!
2. It's a hobby. It's non-commercial. For example you can't run a music broadcast service on radio, with an amateur license.

Sometimes people ask me why you don't use Skype/WhatsApp/etc to contact others?
I have 2 answers:
1. Contacting others over air is just a small example of many things you could do in ham radio.
2. Contacting a person thousands of kilometers aways using a piece of wire (e.g. a simple antenna) using 100W of power, without Internet, is like a magic! You have to try it for yourself.

Every country has a government organization to regulate the use of radio spectrum (e.g. FCC in the US, and BNetzA in Germany), both for amateurs and also commercial usage.
There are also big national organizations for ham radio that offer membership (ARRL in the US, DARC in Germany)

2/7

🧵 How to build an RF lab on a budget?
A hacker's guide to the most important tools for signal hacking/analysis.

Let's first introduce a few concepts and tools before actually jumping into the specific brands and models.
Depending on what you want to do, there are a few tools you need in your lab for frequency analysis, antenna testing, and RF measurements:
1. spectrum analyzer: one of the most important tools in an RF lab. A device that lets you "see" signals. Mostly come in 2 shapes: either standalone (benchtop or portable, but with its display, and works independent of a computer), or USB-based that needs a computer.
It's like a receiver, receiving signals from its input port (e.g. from an antenna) and showing them to you.
2. signal generator: as the name says, a device to generate signals. Like a transmitter. Important for many use cases (testing antennas, receivers, and many other RF accessories)

1/7 3. Network/antenna analyzer: used for testing some RF components and accessories like attenuators, filters, antennas etc.
4. RF power meter: to measure the output power of a transmitter or signal generator. Would be very useful for troubleshooting.
5. SDR (Software defined radio): it's like a receiver (or also transmitter, for some models) which does the analog RF part in the hardware, and then signal processing (e.g modulation/demodulation) is done on software. You have probably heard of RTL-SDR or HackRF before.
6. Accessories: depending on your project/goal, you need: cables, antennas, connectors, adapters, amplifiers, DC blocks, filters, attenuators, antenna switches, power splitter/combiner, etc.
7. Optionally some books to get started with.

2/7

🧵 9 Lesser-known features of Flipper Zero:

Flipper Zero is normally known for RFID/NFC hacking, sub-GHZ signal hacking, and things like infrared. But it can do much more thanks to its open source nature, third party firmwares, and extensibility (using add-on modules)
Here's 9 things you can do with it:

1/11 2FA: Short for 2-factor authentication. It can act as a hardware 2FA. Similar to YubiKey.

Disclaimer: I'm not saying you should use it as 2FA (I use YubiKey personally and also at work) however it can act as hardware 2FA (U2F over USB)

2/11

🧵 How does an off-the-shelf car GPS jammer work?
A short thread.

There are many ways to perform radio signal jamming (and also detect or protect against it), however the most basic concept is this: a jammer saturates the input of the target's receiver system by noise, in a way that it can't receive/detect/decode the desired radio signal anymore. It reduces the signal to noise ratio.
It's like if you want to listen to someone, but I shout at you in close proximity, so you can't hear that person. (I hope experts don't shout at me for this simplistic example)
There are many legal and illegal use cases for a jammer: military, law enforcement, car theft, protection against tracking etc.

1/4 The GPS jammer in this thread, is sold on Amazon and AliExpress under different titles, but it's mainly to be used in cars (there are also more powerful handheld models covering multiple frequencies with higher power, to jam mobile signals)
Please note that running a jammer is illegal in many countries. This thread serves only an educational purpose.
For this thread, I was lucky to get some pictures and measurements done by @RFAmirhosein in his lab.
Here's how it looks inside.
It has 4 main components we're interested in. I have marked them:
1. 7805: a voltage regulator IC to convert car's lighter voltage (12V) to 5V.
2. 555: timer IC generating the modulation signal (this is probably the most famous IC of all time)
3. Murata MQK301-1528: a VCO (oscillator) for the frequencies 1466-1590MHZ (GPS L1 frequency is 1575MHZ)
4. The RF amplifier IC, amplifying the generated signal, before sending it to the antenna.

2/4

🧵 What are the most compact tools I carry when traveling or when going absolutely light to do electronics test or hardware/physical pen test?

Disclaimer: it's only 9 tools out of many. It's not a full list. I just love these small gadgets for their sheer size/weight.

1/10 1. Pokit Pro: portable oscilloscope/multimeter/logger. Needs a phone to work (doesn't have display). Uses Bluetooth to connect.
Very light, software is updated frequently, accurate enough for most use cases.
Here I show it measuring a 5V calibrated DC voltage.

2/10

🧵 How to organize your electronics desk and save space? 9 tips.

Disclaimer: my profession is first and foremost software. Hardware is my hobby, so take these with a grain of salt.

This is my workshop. It's a separate desk from where I do my 9-5 job (with a laptop and 2 monitors)
These are the lessons I have learnt in the past few years while upgrading and optimizing my desk space:

1. It's a never ending process. You will always come up with ideas to improve the desk space usage, tool placement, etc. So don't try to make it perfect. Good enough for now is better than perfect in an imaginary future.

1/9 2. There is no correct way to do things. Sort your tools and place them on the desk (or not) based on your work's requirements. Someone working on FPGA or embedded systems has much different requirements than someone repairing RF equipment, than someone building robots.
2/9

I always optimize space on my electronics and hardware security workbench by using small and portable tools.

Here are some that I use that didn’t exist a few years ago, and are much smaller and/or cheaper than their traditional alternatives;

#hamradio
#electronics
#hwhacking
🧵 FlipperZero is an open source portable multi-tool: NFC/RFID reader/emulator, IR transceiver, sub-GHZ transceiver (CC1101 based) , SPI/UART tool, and much more.
It can even function as a U2F token!
More info here: flipperzero.one
@flipper_zero
#flipperzero