Baltic Lab | High Frequency Projects Blog

Hobbyists and the Cost of Software Options

Posted on August 5, 2014 by Sebastian 2 Comments

This article takes a closer look at the cost and value of software license keys as found in modern test equipment.

Today I came across an article on Hackaday [1]. The article was Hackaday’s response to a DMCA Takedown Notice they have received from Tektronix. The DMCA Takedown Notice was aimed by Tektronix at a previous article that explained in great detail how to enable software options in Tektronix oscilloscopes without actually paying the licensing fee. What really shocked me was Hackaday’s attitude towards those software keys.

First off, let’s talk about how software options are installed on some Tektronix oscilloscopes. Instead of using actual text keys that a user would have to type into the oscilloscope, Tek has come up with rather nifty little hardware dongles. I find them nifty because they do not tie the license to a given scope. Technically speaking, you are buying a “floating license.” Just insert it into the scope you’d like to use a certain feature on and voilà, the software option is enabled.

Tektronix License Module installed in my Tek MDO4104B

Apparently, these modules, or rather the whole key authentication, can be hacked quite easily. Hackaday responds to this fact as follows:

“The real story here is that Tektronix designed a woefully weak system for unlocking these modules. Learn from this. If you’re ever designing a hardware key, don’t do it like this!

An EEPROM, a connector, and a plain text string of characters which is already published publicly on their website is all that is necessary to unlock these “crippled” features. Let’s just say that again: apparently every hardware key is the same and just uses a plain-text string found on their website which is not encrypted or obfuscated. If you were selling these keys for $2.99, perhaps this would be adequate but Tek values these modules at $500 apiece.”

All I can say, in kind: Hackaday, you have demonstrated how disengaged you are with the matter.

Judging by the comments under the referenced article, I couldn’t help but notice that understanding software options and associated cost seems to be a common problem among hobbyists. Since most of my readers are hobbyists, I thought I’ll help out.

First off, let me state the obvious: When purchasing a license module, you are purchasing a license that allows you to use a certain feature on your oscilloscope. You do, however, not pay for an EEPROM, a connector and a plain-text string. The module is merely the delivery method of the license key (i.e. your right to use that software option). It’s the same with PC software keys that are nowadays offered on a plain plastic card in retail stores. Nobody would accuse Adobe of selling overpriced plastic cards. People know they are paying for the software, not the card. Therefore, I was quite surprised to see how tough it seems for some to understand the concept of license keys in modern test equipment.

The irony is really this: Hackaday and many commenters suggest that Tektronix should learn its lesson and improve proper encrypted serial number based keys. Guess what happens to the cost? That’s right, developing such a system will cause non-recurring engineering (NRE) cost that has to be recovered from the customers legally purchasing the options. Isn’t it funny how a group complaining about the cost of such software options suggests a narrow minded solution that will only increase such cost?

The next thing that seems very hard for many people to grasp is why they have to pay for something that is technically available (but not enabled) in the instrument they purchased already. This is actually a very common complaint I hear at trade shows in particular. The complaints usually go on about how much more certain options cost and how that’s just not right for something that’s already there.

Like with the previous statement, this is something that is usually viewed from the wrong perspective. It is not the case that users who use more advanced features have to pay a steep surcharge. It is more so the case that customers who don’t use these features get a hefty discount. And companies don’t do this because they’re super nice. Sure, this is also used to drop the “starting at” sticker price a bit, but the secondary reason is something that hobbyists probably have a hard time understanding. Hobbyists are used to being “alone” when trying to figure things out. If they run into issues with their equipment, they will consult other hobbyists on online forums. A commercial user who paid a 5-digit amount of money for their instrument will call an Applications Engineer at the company who he bought the instrument from and demand instant help. And he will receive it. Thanks to pathetic customer support of cheap Chinese companies like Rigol, this doesn’t even cross a hobbyist’s mind.

The amount of support (and the associated cost) is highly dependent upon the feature set that a customer uses. If you take a look at what kind of software options are available, you’ll find that only very few are generic. Most of them are designed for very specific and complex tasks. Helping someone with a support request originating from such a complex task costs a whole lot more money than telling someone how to push a button on the front panel.

I hope this helps to better understand how software options work and what is really involved. Just as a disclaimer, I’d like to add that I am not a fan of DMCA Takedown Notices and similar legal action without first approaching an alleged copyright offender in a less formal way. That’s why I am in no way commenting on that side of the matter. Tektronix is one of my blog’s sponsors. It’s important to know that this has zero influence on why I am writing this article. As a matter of fact, even though I am defending Tek, I am certain that Tek will in no way like me addressing this issue and thus drawing more attention to it. However, this article is very important to me on a personal level.

Links and Sources:

[1] Hackaday.com: http://hackaday.com/2014/08/05/hardware-security-and-a-dmca-takedown-notice/

Tour of New Lab

Posted on July 27, 2014 by Sebastian Leave a comment

LeCroy WS3162 and HDO4024 Bugs

Posted on June 16, 2014 by Sebastian Leave a comment

Exposing some bugs on LeCroy’s new WaveStation 3162 and the HDO4024 oscilloscope.

Bug 1 (WS3162): When modulation is applied to a channel, the amplitude drops below the set value.

Bug 2 (WS3162): Phase control dysfunctional on both channels when modulation is applied to either one channel.

Bug 3 (HDO4024): Spectrum calculation locks up and slows the spectrum update down significantly if “Average” or “Max Hold” mode has been selected previously to switching into “normal” mode. FW: Version: 7.3.0.5 & 7.4.0.5

UPDATE (06/16/2014): Just 15 minutes after I published the video, Dan Payne (Director of Distribution, Teledyne LeCroy) writes this: “Thanks Sebastian – I’ll have the applications team look at it immediately – The video makes it a lot easier to see the application.”

VOR NAV Receiver Testing

Posted on June 16, 2014 by Sebastian 3 Comments

This video shows how to generate a complex test signal to emulate a ground based radio navigation system for aircraft (VOR). The generated signal can then be used to verify the accuracy of navigational receivers intended to be used with a VOR. Used in this video: LeCroy WS3162, LeCroy HDO4024 and Yaesu FTA-720

Tiger / Rat Tail for Handheld Radios

Posted on June 2, 2014 by Sebastian 2 Comments

Handheld radios are getting more and more sophisticated and versatile. The bottleneck for modern handheld radios is often the stock antenna. There is an extremely simple yet very effective add-on called a “Tiger Tail” or “Rat Tail” to remedy this situation. This article is going to explain how to make your own.

For less than $1 in material, you can significantly increase the receive and transmit performance of pretty much any handheld radio. Not just amateur radio, but practically any radio out there, including WiFi routers. The following picture shows a Tiger Tail for a 2m band HT.

Tiger Tail installed on an Alinco DJ-G7

So if all you need is a bit of wire and a ring terminal, then why bother to write a lengthy article? Well, there are a few caveats and tricks with a Tiger Tail. For instance, some math needs to be done to get the exact wire length just right. Most articles about the Tiger Tail just mention fixed numbers and completely disregard that the amateur radio bands are not the same around the world. They also neglect commercial and low-power (Part 15) applications. And to my surprise, many articles do not even bother to mention that a Tiger Tail is a tuned element. A Tiger Tail that may work perfectly on VHF, may perform pretty bad on UHF. So let’s get started!

The following shows all the tools you will need in some form or another:

Tools needed to make a Tiger Tail for your HT

You’ll need a ring-terminal appropriate for your wire diameter, some wire (14 AWG / 1.6 mm), wire strippers, a crimping tool and quite possibly a calculator.

Like I said above, the Tiger Tail is a tuned element and needs to be calculated for the specific frequency range of interest. Since I favor metric over imperial units, let’s start with the formula to use if you like metric:

$Length = \frac{30 000}{4 * f} * 1.05&s=2$

Length = length of Tiger Tail in cm
f = frequency in MHz

What this formula does is calculate a quarter wavelength for the given frequency + 5%. The same formula rearranged for imperial looks like this:

If you would like to calculate the length in inches, simply divide the result by 2.54. Or use the following formula instead:

$Len(in) = \frac{30 000}{10.16 * f} * 1.05&s=2$

Lenn(in) = length of Tiger Tail in inches
f = frequency in MHz

Remember that this Tiger Tail works for a single band ONLY. But there’s a pretty easy trick: if you would like to cover more than one band, like 2m and 70cm at the same time, simply calculate a Tiger Tail for each band individually and connect them to the radio at the same time.

So after you calculate the correct length, simply crimp a ring-terminal on the wire and — just for good luck — isolate the other end with a piece of heatshrink tubing. That’s it, no black magic at all. And this is what the final result should look like:

Ring-terminal crimped onto the end of the wire

And in case you don’t like to read and you’d like to see some of the math being done for you, here’s a video I made on the same topic. The video also contains a cross-check of the math using a spectrum analyzer:

850 MHz Scanner Preamplifier / Filter Project

Posted on June 2, 2014 by Sebastian 6 Comments

This article shows how to use off-the-shelf parts to improve the performance of a radio scanner in the 800 – 900 MHz band. Furthermore, it shows how to expand radio coverage by using two different receive antennas at the same time.

For some reason, my new BCD996XT scanner wasn’t working as expected on the statewide digital (APCO 25) radio system. Since this radio system is the primary reason why I got this new scanner, I had to come up with a solution. In addition, I really wanted to expand my receive coverage geographically. This article shows how to improve receive signal strength, greatly increase geographical coverage and reduce out-of-band interference.

So where to start? The obvious. Taking a snapshot of the current situation. I am using a wideband discone antenna mounted on my roof. Since this is a very broadband antenna, I imagined that it was catching a whole lot of signals that I didn’t really care about. A look at the MDO4104B-6’s spectrum display confirmed this.

0 MHz – 1 GHz spectrum without preamplifier

The bandwidth is 0 – 1000 MHz (100 MHz / div). Even though the resolution bandwidth is 5 kHz, the MDO4104B-6 was actually pretty fast. But that’s just an aside. You can clearly see the strong broadcast VHF signals on the left. Then there are a lot of signals between 500 and 700 MHz, as well. I have absolutely no interest in signals in that range. And over to the right, you can see — among other things — the desired signals. The control channels for the APCO 25 systems in my area are mostly between 850 and 860 MHz.

Since I am primarily using the BCD996XT scanner for the APCO 25 system, I was willing to filter out anything that’s not in the 800 – 900 MHz range. I realize that I’ll lose the capability to monitor most of the VHF and UHF channels (Aircraft, Amateur Radio, Law Enforcement, Business, etc.) by doing this. But I do have plenty of other analog scanners and I also have 2 more wideband discone antennas laying around. So my decision was made; Optimize the antenna system for 800 – 900 MHz and set up a second scanner (BCT15X) for analog channels.

I also decided to combine the signals of the wideband discone antenna (for local sites) and a commercial 850 MHz Yagi antenna (remote sites).

The two scanner antennas in my yard

APCO 25 sites are smart in that they actually know what data it needs to relay and what not. If there is no radio logged into the site with a certain talk group, there is no need for this site to relay activity associated with that talk group. So while the discone picks up local sites very strongly, it may be of absolutely no help for communication of a neighboring county if there are no radios of those agencies being used locally. Looking at the map, I realized that there were about 6 remote sites northeast of my house. Perfect for a commercial 850 Mhz Yagi made by Larsen.

So besides filtering, I now had to combine two signals from the two antennas. And I thought while I was at it, I might as well include a preamplifier. For practical reasons, mostly cable loss compensation, it’s always smart to put the preamplifier close to the antenna. I did have a rugged outdoor case laying around. All I had to do is select the right things to put in it.

850 MHz Preamp Box

While looking for a combiner, I found one that actually had a bandpass characteristic for 800 – 920 Mhz. It’s the Mini Circuits ZN2PD-920+ [1]. From Mini Circuits are also the 800-1050 MHz SMA inline filter [2] and the amplifier (ZX60-2534M+) [3]. That’s pretty much everything needed except I did not want to run an extra power line for the amplifier. Therefore, I also ordered two Bias-Tees [4].

Inside the 850 MHz combiner / preamp / filter box

The wiring is pretty straight forward. The two signals from the antennas are being combined by the combiner, then being amplified by the amplifier and filtered by the bandpass filter. In that order. I was debating to put the bandpass filter in front of the amplifier. After all, amplifiers behave according to the “garbage in, garbage out” principle. Since the combiner had a bandpass characteristic, I did not want to introduce anymore loss.

Close-up of the 850 MHz combiner / preamp / filter set-up

I cut a small piece of rigid RF cable in half and soldered two capacitors (100 µF & 100 nF) as well as two wires for the amplifier’s voltage supply on the end. An old power supply for a USB hub supplies the 5 V for the amplifier on the other side of the coax.

The BCD996Xt scanner is very happy with the signal levels

Immediately after hooking up the scanner, I could tell a great improvement in performance. Not just remote, but also local signals were much clearer and the lock time for the scanner was significantly faster. Beforehand, I often missed the beginning of a transmission. Now I can eavesdrop right from the start. A quick look at the spectrum analyzer confirms that the signal situation increased significantly.

0 MHz – 1 GHz spectrum with preamplifier

In case you’re interested in building a similar setup, here are the links to the datasheets of the Mini Circuits products used.

[1] Mini Circuits: ZN2PD-920+, Power Splitter/Combiner, 800 to 920 MHz: http://www.minicircuits.com/pdfs/ZN2PD-920+.pdf
[2] Mini Circuits: VBFZ-925, BPF, 800-1050 MHz: http://www.minicircuits.com/pdfs/VBFZ-925+.pdf
[3] Mini Circuits: ZX60-2534M, Low-noise amplifier: http://www.minicircuits.com/pdfs/ZX60-2534M.pdf
[4] Mini Circuits: ZFBT-4R2G+, Bias-Tee: http://www.minicircuits.com/pdfs/ZFBT-4R2G+.pdf

MDO4104B-6 Intro, Probe Calibration & License Transfer

Posted on May 27, 2014 by Sebastian 1 Comment

HT RX/TX Performance Upgrade (Tiger Tail)

Posted on May 26, 2014 by Sebastian Leave a comment

Yaesu FT-8800 Extended TX (MARS/CAPS) Mod

Posted on May 22, 2014 by Sebastian 14 Comments

The Yaesu FT-8800 and FT-7900 are very popular radios. For some activities, it may be desired to be able to transmit outside of the amateur radio bands. This article will show how to do this modification with minimum effort at home.

Driving a transverter, participating in the Military Auxiliary Radio System (MARS) or Civil Air Patrol (CAP) are just three examples for which an out-of-band extended transmit modification can be handy. Since “out-of-band extended transmit modification” is awfully long, it’s colloquially referred to as “MARS/CAP Mod”.

The modification procedure is the same for the FT-8800, FT-8800R, FT-7900 and FT-7900R. I will use an FT-8800R to illustrate this article. After this modification is complete, the radios will transmit between 137 MHz – 174 MHz and 420 MHz – 470 MHz.

The mod itself is very easy. It simply consists out of removing a surface mount resistor and power-cycling the radio. The first step is to remove the top cover of the FT-8800. The speaker can be disconnected for more room, but in my case, I didn’t think this was necessary.

FT-8800 with opened cover

The second step is to identify the correct resistor. Be sure to double and triple check that you are removing the correct part. The following picture shows the exact position of the SMD resistor. Click on it to see the super large version.

Jumper location for the FT-8800 extended TX modification.

Once you have identified the resistor, remove it. This can be a bit tricky if you don’t have the right soldering tools. A desoldering tool is certainly helpful, but different people have different ways of performing such tasks. One way is to add a small blob of solder to one side of the part and rely on heat transfer within the tiny part to get both sides loose. Some people just cut the resistor with pliers or a scalpel. The latter option can however damage the PCB and the traces.

After this step is completed, reassemble the radio and apply power. The radio will automatically perform a reset and will be able to transmit.

Startup screen of the FT-8800 indicating that the radio is resetting

I also postet a video showing this modification on my YouTube channel:

Microwave Frequency Meters

Posted on April 20, 2014 by Sebastian Leave a comment