- π Home
- π€ About
- βοΈ Physics
- π οΈ Projects
- π Book recommendations
- π‘ Electronics
- π οΈ DIY
- π» Programming/Software development
- π§ System administration
- π» IT for endusers
- π Teaching
- π Various
- π§ Psychology
- π° Publications
- π§ Tools
- π Misc Links
- π·οΈ Pages by tags
Cheap spectrum analyzer protocol
06 Sep 2020 - tsp
Last update 06 Sep 2020
5 mins
Introduction
Since I bought a cheap spectrum analyzer (note: Amazon affiliate link)
some time ago I decided that I wanted to develop an own service to work with that device since
I required to have some automation available - as well as automatic data analysis.
These cheap devices usually are designed to work with a software called WinNWT / LinNWT
that has been developed for a specific spectrum analyzer by an amateur radio operator
with the call-sign dl4jal. Usually these devices are sold without his consent - i.e.
theyβre used with this software without any license. This was also a reason that
I wanted to develop some own software for this series of cheap spectrum analyzers.
I donβt think itβs right (not talking about legal) to use some software without
consent of the original author, especially not if a huge number of spectrum analyzers
are developed to target his software - and even having him flooded with support
requests.
Also I wanted to have an network attached device instead of a locally operated one that supports remote control as well as a web interface. To support that mode of operation I attached the cheap spectrum analyzer board to an Raspberry Pi (note: Amazon affiliate link) and put everything including an 5V power supply (note: Amazon affiliate link) into a 19 inch case (note: Amazon affiliate link) that has been mounted into my local experimental rack.
Since documentation was hard to find - except for the reference to an software that was not licensed to be used with this hardware - I started to write this page as some kind of reference for myself (information is also included in my own measurement daemon of course - which is also developed to be modular to support own devices using a totally different and more robust protocol). There is no guarantee this information is complete or correct though, itβs just a collection of what Iβve been capable of gathering from various sources.
Commands
Every command starts with the byte 0x8F and is then followed by a
single byte that identifies the command:
wstarts a linear scanxruns a logarithmic scanfsets the voltage controlled oscillator frequencymreads the current measurement valueecalibrates the reference frequencyvqueries the version supported by the firmwarerenables or disables the attenuator
Some firmware versions also support a new set of commands:
ais a version 2 logarithmic scanbis a version 2 linear scan
Numbers are passed in ASCII decimal in commands (!). ADC counts on the other hand are passed in binary in little endian format.
Linear scan
The linear scan simply runs the tracking generator starting at a specified start address with a specified step width. The analyzer samples a specified number of bytes and transmits an ADC count for each of two channels (usually only one is supported on cheap devices).
- 1 Byte
0x8F - 1 Byte
0x77 - 8 Byte start frequency in HZ, highest decimal number first (
001000000for 1 MHz) - 8 Byte of step width in HZ
- 4 Byte number of samples to take
The response is simply consisting of 2 bytes per channel for 2 channels (i.e. 4 bytes) per step.
Logarithmic scan
Works exactly the same way but does a logarithmic scan.
- 1 Byte
0x8F - 1 Byte
0x78 - 8 Byte start frequency in HZ, highest decimal number first (
001000000for 1 MHz) - 8 Byte of step width in HZ
- 4 Byte number of samples to take
The response is simply consisting of 2 bytes per channel for 2 channels (i.e. 4 bytes) per step.
VFO settings
Sets the VFO frequency without any response.
- 1 Byte
0x8F - 1 Byte
0x66 - 9 Byte frequency in Hz
Recall current measurement value
Recalls the current measurement value. This can be used to manually step the analyzer without any of the automatic scan commands.
- 1 Byte
0x8F - 1 Byte
0x6D
The response consists of 4 byte.
Calibrate / set reference frequency
Calibrates the reference frequency.
- 1 Byte
0x8F - 1 Byte
0x65 - 12 Byte hexadecimal characters (uppercase) that specifies the reference frequency
Version query
Query version from the device.
- 1 Byte
0x8F - 1 Byte
0x76
Response is a single byte containing the firmware version.
Set attenuator
Switches the attenuator (if present). This is usually not supported on many of the
Chinese clones - and is usually only a simple binary output somewhere on the device.
For PIC based devices the specified byte is directly written into PORTB without
any further firmware interaction.
- 1 Byte
0x8F - 1 Byte
0x72 - 1 Byte binary output status
Logarithmic scan, version 2
Also does a logarithmic scan as the classical logarithmic scan but allows to specify a delay to be waited in microseconds between each measurement to allow reaching a steady state.
- 1 Byte
0x8F - 1 Byte
0x61 - 8 Byte start frequency in HZ, highest decimal number first (
001000000for 1 MHz) - 8 Byte of step width in HZ
- 4 Byte number of samples to take
- 3 Byte delay in microseconds between each scan
The response is the same as for the version 1 scan command.
Linear scan, version 2
Also does a linear scan as the classical linear scan command but allows to specify a delay in microseconds between each measurement to allow reaching a steady state.
- 1 Byte
0x8F - 1 Byte
0x62 - 8 Byte start frequency in HZ, highest decimal number first (
001000000for 1 MHz) - 8 Byte of step width in HZ
- 4 Byte number of samples to take
- 3 Byte delay in microseconds between each scan
The response is the same as for the version 1 scan command.
This article is tagged:
