Hello,
I am planning a project using the bladeRF 2.0 micro xA9 and would like to confirm whether the hardware is suitable for my intended application.
ㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡ
Project goal:
Receive a 20 MHz bandwidth 802.11 (Wi-Fi) signal.
Extract BSSID information from the captured packets.
Use two RX channels simultaneously to implement TDOA (Time Difference of Arrival) or PDOA (Phase Difference of Arrival) for direction finding.
ㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡ
Key questions:
Can the bladeRF 2.0 micro xA9 reliably capture 20 MHz Wi-Fi signals with both RX channels active, maintaining phase and time alignment?
Are there existing examples or recommended toolchains for demodulating Wi-Fi (e.g., to obtain BSSID) using bladeRF hardware?
For TDOA/PDOA, is it possible to achieve the required synchronization between the two RX channels solely with the xA9 hardware, or is external clock/PPS input recommended?
Are there any known limitations or considerations (FPGA resources, USB throughput, host processing) that I should be aware of for this type of application?
ㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡ
Any feedback, references, or practical advice from those who have tried similar setups would be greatly appreciated.
Thank you in advance for your help.
Feasibility of Using bladeRF 2.0 micro xA9 for 20 MHz Wi-Fi Reception and TDOA/PDOA Direction Finding
-
6K5EUQ
- Posts: 1
- Joined: Wed Aug 13, 2025 12:07 am
-
kidinstructor
- Posts: 1
- Joined: Thu Apr 23, 2026 12:21 am
Re: Feasibility of Using bladeRF 2.0 micro xA9 for 20 MHz Wi-Fi Reception and TDOA/PDOA Direction Finding
Your plan is feasible with the bladeRF 2.0 micro xA9, but there are some practical caveats.6K5EUQ wrote: ↑Wed Aug 13, 2025 12:14 am Hello,
I am planning a project using the bladeRF 2.0 micro xA9 and would like to confirm whether the hardware is suitable for my intended application.
ㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡ
Project goal:
Receive a 20 MHz bandwidth 802.11 (Wi-Fi) signal.
Extract BSSID information from the captured packets.
Use two RX channels simultaneously to implement TDOA (Time Difference of Arrival) or PDOA (Phase Difference of Arrival) for direction finding.
ㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡ
Key questions:
Can the bladeRF 2.0 micro xA9 reliably capture 20 MHz Wi-Fi signals with both RX channels active, maintaining phase and time alignment?
Are there existing examples or recommended toolchains for demodulating Wi-Fi (e.g., to obtain BSSID) using bladeRF hardware?
For TDOA/PDOA, is it possible to achieve the required synchronization between the two RX channels solely with the xA9 hardware, or is external clock/PPS input recommended?
Are there any known limitations or considerations (FPGA resources, USB throughput, host processing) that I should be aware of for this type of application?
ㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡ
Any feedback, references, or practical advice from those who have tried similar setups would be greatly appreciated.
Thank you in advance for your help.
* 20 MHz Wi-Fi capture (2× RX): Yes, it can handle this. The two RX channels share the same clock, so phase and timing alignment are generally good for direction-finding work.
* Wi-Fi demodulation / BSSID extraction: This is the tricky part. There’s no simple built-in solution, so most people use GNU Radio with custom 802.11 modules. Expect some setup effort.
* TDOA / PDOA:
- For PDOA (phase-based), the internal synchronization is usually sufficient.
- For TDOA (time-based), an external reference like a 10 MHz clock or PPS is recommended for better accuracy.
* Limitations:
- USB throughput can be a bottleneck with dual 20 MHz streams.
- FPGA resources on the xA9 are limited, so most processing happens on the host.
- Wi-Fi decoding is CPU-intensive.
If direction finding is your main goal, working with raw IQ data instead of full Wi-Fi decoding can simplify things a lot.
-
donnalee
- Posts: 1
- Joined: Thu Apr 23, 2026 1:30 am
Re: Feasibility of Using bladeRF 2.0 micro xA9 for 20 MHz Wi-Fi Reception and TDOA/PDOA Direction Finding
Hello,6K5EUQ wrote: ↑Wed Aug 13, 2025 12:14 am Hello,
I am planning a project using the bladeRF 2.0 micro xA9 and would like to confirm whether the hardware is suitable for my intended application.
ㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡ
Ragdoll Drop Project goal:
Receive a 20 MHz bandwidth 802.11 (Wi-Fi) signal.
Extract BSSID information from the captured packets.
Use two RX channels simultaneously to implement TDOA (Time Difference of Arrival) or PDOA (Phase Difference of Arrival) for direction finding.
ㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡ
Key questions:
Can the bladeRF 2.0 micro xA9 reliably capture 20 MHz Wi-Fi signals with both RX channels active, maintaining phase and time alignment?
Are there existing examples or recommended toolchains for demodulating Wi-Fi (e.g., to obtain BSSID) using bladeRF hardware?
For TDOA/PDOA, is it possible to achieve the required synchronization between the two RX channels solely with the xA9 hardware, or is external clock/PPS input recommended?
Are there any known limitations or considerations (FPGA resources, USB throughput, host processing) that I should be aware of for this type of application?
ㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡ
Any feedback, references, or practical advice from those who have tried similar setups would be greatly appreciated.
Thank you in advance for your help.
The bladeRF 2.0 micro xA9 is a very capable candidate for this project, but there are some critical implementation details you should consider:
20 MHz Wi-Fi Capture & Phase Coherency
The xA9 uses the AD9361 transceiver, which natively supports 2x2 MIMO. Because both RX channels share the cùng một bộ dao động nội bộ (LO), they are inherently phase-coherent. This makes it much more suitable for PDOA/TDOA than using two separate SDR units. Capturing a 20 MHz bandwidth is well within the 61.44 MHz maximum sampling rate of the device.
Synchronization (Internal vs. External)
Internal: For a single board, the two RX channels are synchronized in time and phase out of the box.
External: You only need an external clock/PPS if you plan to scale beyond two channels by daisy-chaining multiple bladeRFs. For a basic TDOA/PDOA setup with one board, the internal VCTCXO is sufficient.
Toolchains for Wi-Fi Demodulation
The most robust way to extract BSSID information is using GNU Radio with the gr-ieee802-11 OOT module (developed by Bastian Bloessl). It is highly optimized for 802.11a/g/p and works well with bladeRF via the
Code: Select all
gr-osmosdrCode: Select all
gr-bladeRF