Wednesday 24 September 2014

Hackrf One Project Part I

The Hack Rf One is a sophisticated  software design radio capable of transmission or reception of radio signals from 10 MHz to 6 GHz.. Most importantly  HackRF One is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation..



The designer Michael Ossmann initiated a very successful  Kickstarter project where I bought an emty pcb.
It took about a year until I collected the pcb, in a way Michael became a victim of his own success.
I don't want even to start to think about the pressure to deliver so many devices of this complexity.
There are pitfalls waiting around every corner. Fortunately Mr. Ossmann had the capabilities to manage such a huge and complex project.

Now after I received my pcb (unfortunately I did not buy more), I needed to get my hands on the parts.
Once there is high frequency involved, there are usually some hard to get hf parts, like transformers or matching elements and so on,.. Mr. Ossmann however did a great job, you can buy all parts from only two sources, Digikey an Mouser. At least if you are an American. Digikey does not ship the RFFC5072 mixer outside the US. Immediately my project was on hold again. I tried nearly everything, even contacted the manufacturer of these chips, no luck. The only workaround was to contact an American resident  and ask him to order and ship the part to me. I never im my life had to go this route as an European usually if one company does not want to make business with you you find a dozen others which will step in.

Anyhow, after I received the parts, I started to think about how to build this radio. The components used are super small, f.e. 0402 resistors and capacitors which are a real pain to populate.



The best way to rebuild a complex circuit is to break it into components and test them during the build process if possible.

I split the radio into following building blocks:

a) Power Regulator
b) Controll Logic
c) Analog Logic

a) Power Regulator

I decided to start populating the power regulator section first.
Then I applied power and tested the 3V3 rail which worked.
To test the 1V8 Rail I connected R54 to +5V (see pic) and powered the Regulator over C143.
To power the regulator I used a Kelvin Probe to avoid soldering again.





  Then I measured the output over the terminals P1 and P8 and Ground.


 b) Controll Logic

After successfully completing step a we are ready for the next step, populating the controll logic.
We are about to populate everything outside the fenced area of the board.

Step b is a huge step, which I braked down to about three reflow processes.
I populated the arm chip and its supporting passives and  then reflowed the parts,
afterwards I populated the ics U18 and U19 and the passives sourrounding them,
and the last step is to populate the Cpld and passives, the signal leds and the usb connector.


I decided to reflow the usb connector as late as possible, because it is easily destroyed during the reflow.
For the same reason I did not populate the switches.
After each reflow process it is wise to inspect the components for possible shorts or cold solder joints  and to measure the resistance of the main voltage rails against ground.

After completing the reflow processes and inspections of stage b, we can now connect the board to the pc.

Before we can do that it is important to install the necessary  software as described here.

Nothing should happen, except the 3V3 led should be active.
Then I shorted the dfu switch and the reset switch using two wires.
After releasing the reset wire the board should enumerate over usb.
Using dfu util I tried to program the arm controller.


I typed 
dfu-util --device 1fc9:000c --alt 0 --download hackrf_one_usb_ram.dfu 

I received the following output:

 Copyright 2005-2008 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2012 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY

Filter on vendor = 0x1fc9 product = 0x000c
Opening DFU capable USB device... ID 1fc9:000c
Run-time device DFU version 0100
Claiming USB DFU Runtime Interface...
Determining device status: state = dfuIDLE, status = 0
WARNING: Runtime device already in DFU state ?!?
Found Runtime: [1fc9:000c] devnum=0, cfg=1, intf=0, alt=0, name="DFU"
Claiming USB DFU Interface...
Setting Alternate Setting #0 ...
Determining device status: state = dfuIDLE, status = 0
dfuIDLE, continuing
DFU mode device DFU version 0100
Device returned transfer size 2048
DFU CRC does not match
Warning: File has no DFU suffix
bytes_per_hash=406
Copying data from PC to DFU device
Starting download: [##################################################] finished
!
unable to read DFU status



In fact I was stuck after this step and searching for reflow errors on my board for quite a while.
But I was not able to figure the problem out.

Luckily I own a lpc_link programmer, which I connected to the P26 connector. Then I fired up the lpc_expresso ide, and created an empty project for the LPC 4320 (as described in the LPCXPresso_Flash_Debug_Tutorial from the doc section of the files from Michael Ossmann) .Then I clicked the flash program button on the tool bar and entered the following settings in the upcoming dialog:



After clicking the ok button I finally was able to transfer the Arm firmware to the board.
After a reset the Hackrf finally enumerated correctly and I was able to program the Cpld code using Michael Ossmans flash cpld program.

To flash the cpld code i used following statement on my computer:
hackrf_cpldjtag -x firmware/cpld/sgpio_if/default.xsvf

Then I executed hackrf_info just to be sure the computer is able to identify the board and it worked.
The tool produced the following output for my board:

Found HackRF board.
Board ID Number: 2 (HackRF One)
Firmware Version: 2014.08.1
Part ID Number: 0xa000cb3c 0x005a4f48
Serial Number: 0x00000000 0x00000000 0x455063c8 0x22574a5f

This ends part I
Stay tuned, there is more to come.







3 comments:

  1. When I replaced a broken LPC4320 in my HackRF, when connected to Kali Linux it reported as:

    hackrf_info version: unknown
    libhackrf version: unknown (0.5)
    Found HackRF
    Index: 0
    Serial number: 0000000000000000256863c8312a6847
    Board ID Number: 2 (HackRF One)
    Firmware Version: local-57ed3eb (API:1.04)
    Part ID Number: 0xa000cb3c 0x00644f5c

    And it works :)

    Only after flashing on Linux, he showed the correct firmware version.

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
  2. On windows 10, immediately after soldering the IC, it reported immediately as HackRF One

    ReplyDelete