RF Hardware Comparison Guide

Complete reference for SDR, RF analysis, and wireless security hardware

Full Support
Best Option
Partial/Limited
Not Supported
RX Receive Only
TX Transmit Only
TX/RX Both

Hardware Overview

RTL-SDR Blog V3
$30
RX Only USB 2.0 8-bit ADC
500 kHz - 1.766 GHz

The gold standard budget SDR. Best bang for buck. Excellent for ADS-B, FM, weather satellites, pagers, ISM band IoT devices.

What It Detects
ADS-B Aircraft FM Radio Weather Stations TPMS Sensors Pagers ISM 433/915 MHz NOAA Satellites Trunked Radio Smart Meters Key Fobs (RX)
RTL-SDR Blog V4
$40
RX Only USB 2.0 R828D Tuner
500 kHz - 1.766 GHz (improved)

Latest RTL-SDR with improved tuner, better filtering, lower noise floor. Better HF performance with direct sampling. Drop-in V3 replacement.

Improvements Over V3
Better HF Reception Lower Noise Floor Improved Filtering All V3 Capabilities Better Sensitivity
HackRF One
$300
TX/RX USB 2.0 8-bit ADC Half-Duplex
1 MHz - 6 GHz

The Swiss Army knife of SDR. Covers nearly everything with transmit capability. Essential for RF security research. Can replay, jam, and analyze.

What It Can Do
Everything RTL-SDR does 5.8 GHz Drones Cellular Bands (RX) GPS Spoofing Signal Replay Jamming (illegal) Custom Protocols WiFi Adjacent
YARD Stick One
$100
TX/RX USB CC1111 Chip
300-348 / 391-464 / 782-928 MHz

Purpose-built for sub-GHz attacks. Better TX power than HackRF at these frequencies. RFCat firmware. Perfect for key fobs, garage doors, Z-Wave.

Specializes In
Car Key Fobs Garage Doors Z-Wave Devices Smart Meters Rolling Codes Replay Attacks ISM Band
Ubertooth One
$120
TX/RX USB CC2400
2.4 GHz (2400-2483.5 MHz)

The definitive Bluetooth/BLE sniffer. Can capture raw Bluetooth packets that regular adapters can't see. Essential for BLE security research.

Bluetooth Capabilities
BLE Sniffing Classic BT Sniffing Promiscuous Mode Follow Connections Spectrum Analysis BTLE Injection
Flipper Zero
$170
TX/RX Portable Multi-Tool CC1101
Sub-GHz: 300-928 MHz | IR | NFC | 125kHz RFID

Portable multi-tool. Sub-GHz, RFID, NFC, IR, iButton, GPIO, Bad USB. Not the best at anything but good at everything. Pocket-sized.

Built-in Radios
Sub-GHz (CC1101) 125kHz RFID NFC 13.56MHz Infrared TX/RX iButton Bad USB GPIO Hacking
nRF52840 Dongle
$10-15
TX/RX USB BLE 5.0
2.4 GHz (BLE/802.15.4/ANT)

Budget BLE sniffer alternative to Ubertooth. Native BLE 5.0 support. Great for Zigbee/Thread with proper firmware. Wireshark compatible.

Protocols Supported
BLE 5.0 Zigbee Thread 802.15.4 ANT/ANT+ Proprietary 2.4GHz
CrazyRadio PA
$30
TX/RX USB nRF24LU1+
2.4 GHz (nRF24 protocol)

MouseJack attacks on vulnerable wireless keyboards and mice. Logitech Unifying, Dell, Microsoft, HP. Inject keystrokes from 100m away.

Attack Capabilities
MouseJack Keystroke Injection Logitech Unifying Microsoft Mice Dell KB/Mouse 100m Range
Proxmark3 RDV4
$300-400
TX/RX USB Standalone
125 kHz (LF) + 13.56 MHz (HF)

The king of RFID/NFC. Clones access cards, analyzes protocols, cracks keys. Hotel cards, building access, transit cards. Nothing else comes close.

RFID/NFC Capabilities
HID iClass MIFARE Classic MIFARE DESFire EM4100 T55xx Hotel Cards Transit Cards Key Cracking
WiFi Pineapple
$100-300
TX/RX Standalone 802.11
2.4 GHz / 5 GHz WiFi

Purpose-built WiFi auditing platform. Evil twin, captive portal, deauth, MITM. Web interface. Can run headless. Great for pentests.

WiFi Attack Modules
Evil Twin Captive Portal Deauth PMKID Capture MITM Recon PineAP
Alfa AWUS036ACH
$50-60
TX/RX USB 3.0 RTL8812AU Monitor Mode
2.4 GHz + 5 GHz (WiFi 5 / 802.11ac)

The classic Kali WiFi adapter. Dual-band AC1200 with excellent Kali support. Monitor mode and packet injection out of the box. The standard for WiFi pentesting.

WiFi Capabilities
Monitor Mode Packet Injection Handshake Capture Deauth Attacks Long Range Dual Band 802.11ac
Alfa AWUS036AXML
$50
TX/RX USB 3.0 MT7921AU WiFi 6E BT 5.2
2.4 GHz + 5 GHz + 6 GHz (WiFi 6E) + Bluetooth 5.2

WiFi 6E + Bluetooth 5.2 combo adapter! Tri-band WiFi with 6 GHz support AND built-in BLE. Monitor mode on Linux 5.18+. Two radios in one - the ultimate combo for wardriving.

WiFi 6E + Bluetooth Capabilities
6 GHz Band Monitor Mode Packet Injection WiFi 6E Networks Tri-Band WiFi 802.11ax Bluetooth 5.2 BLE Scanning WPA3 Targets 160 MHz Channels
CC1101 USB Module
$15-25
TX/RX USB Sub-GHz
300-348 / 387-464 / 779-928 MHz

Same chip as Flipper Zero's sub-GHz. Budget YARD Stick alternative. Use with RFQuack or custom firmware. Good for learning.

Sub-GHz Basics
433 MHz 868 MHz 915 MHz Key Fobs Weather Stations Learning Tool
LimeSDR
$300
TX/RX USB 3.0 12-bit ADC Full Duplex
100 kHz - 3.8 GHz

Full duplex SDR with 61.44 MHz bandwidth. Popular for srsRAN/Open5GS private LTE/5G networks. Budget USRP alternative. Good community support.

Key Features
Full Duplex srsRAN Compatible Private LTE/5G GNU Radio 2x2 MIMO 61.44 MHz BW Cellular Research FPGA Onboard
BladeRF 2.0 micro
$400-650
TX/RX USB 3.0 12-bit ADC Full Duplex
47 MHz - 6 GHz

High quality full duplex SDR with excellent build quality. Wider frequency range than LimeSDR. Works with srsRAN for cellular research. Altera Cyclone V FPGA.

Key Features
Full Duplex srsRAN Compatible Private LTE/5G GNU Radio 2x2 MIMO 56 MHz BW 6 GHz Coverage Better Build Quality
Heltec LoRa 32 V3
$18-25
TX/RX ESP32-S3 SX1262 OLED
863-928 MHz (LoRa ISM bands)

ESP32 + LoRa combo board. Perfect for LoRa sniffing, injection, and rogue gateway attacks. Built-in WiFi/BLE for exfiltration. OLED display for field work.

LoRa Capabilities
LoRa Sniffing Packet Injection Rogue Gateway MITM Attacks Replay Attacks LoRaWAN Meshtastic Long Range (km)
LILYGO TTGO LoRa32
$15-22
TX/RX ESP32 SX1276/SX1278 OLED
433/868/915 MHz (region variants)

Budget LoRa dev board. Multiple frequency variants available. Good for learning LoRa security, building mesh networks, or IoT interception.

LoRa Capabilities
LoRa Sniffing Packet Injection Raw LoRa LoRaWAN Meshtastic Budget Option
RAK7243 LoRa Gateway
$150-200
TX/RX 8-Channel RPi Based GPS
863-870 / 902-928 MHz

Full 8-channel LoRaWAN gateway. Run ChirpStack for complete network control. See all traffic, hold all keys, MITM your entire LoRa network.

Gateway Capabilities
8-Ch Concurrent RX ChirpStack Full Packet Logging Key Management MITM Position GPS Timestamps Network Server

Master Comparison Table

Device Price Frequency Range TX/RX Bandwidth Best For Software
RTL-SDR V3 $30 500 kHz - 1.766 GHz RX 2.4 MHz ADS-B, FM, Pagers, ISM SDR#, GQRX, rtl_433
RTL-SDR V4 $40 500 kHz - 1.766 GHz RX 2.4 MHz Same as V3, better HF SDR#, GQRX, rtl_433
HackRF One $300 1 MHz - 6 GHz TX/RX 20 MHz Everything, TX attacks GNU Radio, SDR#, HackRF Tools
YARD Stick One $100 300-928 MHz (bands) TX/RX N/A Sub-GHz attacks, key fobs RFCat, rfcat
Ubertooth One $120 2.4 GHz only TX/RX 1 MHz Bluetooth/BLE sniffing Ubertooth tools, Wireshark
Flipper Zero $170 Sub-GHz + IR + NFC + RFID TX/RX N/A Portable multi-tool qFlipper, custom FW
nRF52840 $10 2.4 GHz only TX/RX N/A BLE, Zigbee, Thread Wireshark, nRF Sniffer
CrazyRadio PA $30 2.4 GHz only TX/RX N/A MouseJack attacks JackIt, MouseJack
Proxmark3 RDV4 $350 125 kHz + 13.56 MHz TX/RX N/A RFID/NFC cloning Proxmark3 client
Alfa AWUS036ACH $50-60 2.4 + 5 GHz WiFi TX/RX 80 MHz WiFi 5 pentesting (classic) Aircrack-ng, Kismet
Alfa AWUS036AXML $50 2.4 + 5 + 6 GHz + BT 5.2 TX/RX 160 MHz WiFi 6E + BLE combo Aircrack-ng, Kismet, bluetoothctl
LimeSDR $300 100 kHz - 3.8 GHz TX/RX 61.44 MHz Private LTE/5G, cellular research srsRAN, GNU Radio, LimeSuite
BladeRF 2.0 micro $400-650 47 MHz - 6 GHz TX/RX 56 MHz Private LTE/5G, wideband research srsRAN, GNU Radio, bladeRF-cli
Heltec LoRa 32 V3 $18-25 863-928 MHz TX/RX 500 kHz LoRa sniffing, MITM, injection Arduino, PlatformIO, Meshtastic
TTGO LoRa32 $15-22 433/868/915 MHz TX/RX 500 kHz Budget LoRa research Arduino, PlatformIO, RadioLib
RAK7243 Gateway $150-200 863-928 MHz TX/RX 8-channel LoRaWAN gateway, network control ChirpStack, TTN, packet forwarder

What Can Each Device Detect/Attack?

Target Frequency RTL-SDR HackRF YARD Stick Flipper Ubertooth Proxmark3 Alfa WiFi LimeSDR BladeRF LoRa Boards
ADS-B Aircraft 1090 MHz
Weather Stations 433 MHz
Car Key Fobs 315/433 MHz RX
Garage Doors 315/390 MHz RX
Z-Wave Smart Home 908/868 MHz RX
Smart Meters 900 MHz
TPMS Sensors 315/433 MHz
Pagers (POCSAG) 150-930 MHz
FM Radio 88-108 MHz
Bluetooth/BLE 2.4 GHz
Zigbee 2.4 GHz
WiFi Networks 2.4/5 GHz
Drones (5.8 GHz) 5.8 GHz
125 kHz RFID 125 kHz
NFC/MIFARE 13.56 MHz
IR Remotes Infrared
Wireless Mice/KB 2.4 GHz
LTE/Cellular (RX) 700-2600 MHz RX
LoRa/LoRaWAN 433/868/915 MHz RX
Meshtastic 868/915 MHz

Frequency Coverage Visualization

1 MHz 100 MHz 500 MHz 1 GHz 2 GHz 3 GHz 4 GHz 5 GHz 6 GHz
RTL-SDR V3/V4
500 kHz - 1.766 GHz
HackRF One
1 MHz - 6 GHz
YARD Stick One
300-928 MHz (bands)
Flipper Zero
300-928 MHz (Sub-GHz)
Ubertooth One
2.4 GHz only
Alfa WiFi
2.4 + 5 GHz
LimeSDR
100 kHz - 3.8 GHz
BladeRF 2.0
47 MHz - 6 GHz

Use Case Recommendations

Aircraft Tracking (ADS-B)
RTL-SDR V3/V4 HackRF One
Car Key Fob Attacks
YARD Stick One HackRF One Flipper Zero
Bluetooth/BLE Sniffing
Ubertooth One nRF52840
WiFi Pentesting
Alfa AWUS036AXML Alfa AWUS036ACH WiFi Pineapple
RFID/NFC Cloning
Proxmark3 RDV4 Flipper Zero
Smart Home (Z-Wave)
YARD Stick One HackRF One Flipper Zero
IoT Weather/TPMS
RTL-SDR V3/V4 HackRF One
Drone Detection (5.8 GHz)
HackRF One
MouseJack Attacks
CrazyRadio PA
Portable Multi-Tool
Flipper Zero
Budget BLE/Zigbee
nRF52840 ($10)
Full Spectrum Coverage
HackRF One BladeRF 2.0
Private LTE/5G Networks
LimeSDR BladeRF 2.0 USRP ($$)
Cellular Research (srsRAN)
LimeSDR BladeRF 2.0
LoRa Sniffing/MITM
Heltec LoRa 32 TTGO LoRa32 HackRF + gr-lora
LoRaWAN Gateway Control
RAK7243 DIY RPi + RAK2245
Meshtastic Networks
Heltec LoRa 32 V3 TTGO LoRa32

Budget Build Recommendations

Starter Kit (~$80)

  • RTL-SDR V3 - $30
  • nRF52840 Dongle - $10
  • Alfa AWUS036ACH - $50

Covers: ADS-B, FM, IoT 433MHz, BLE, WiFi pentesting

Intermediate Kit (~$350)

  • RTL-SDR V4 - $40
  • Flipper Zero - $170
  • Ubertooth One - $120
  • CrazyRadio PA - $30

Adds: Sub-GHz TX, RFID/NFC, proper BLE, MouseJack

Full Arsenal (~$1000+)

  • HackRF One - $300
  • YARD Stick One - $100
  • Proxmark3 RDV4 - $350
  • Ubertooth One - $120
  • Alfa AWUS036AXML - $50 (WiFi 6E + BT 5.2)
  • Flipper Zero - $170

Complete coverage: 1MHz-6GHz, all RFID, WiFi 6, portable ops

Software Quick Reference

Device Primary Software Install Command (Kali)
RTL-SDR rtl_433, GQRX, dump1090 sudo apt install rtl-433 gqrx-sdr dump1090-mutability
HackRF hackrf_tools, GNU Radio sudo apt install hackrf gnuradio
YARD Stick RFCat pip install rfcat
Ubertooth ubertooth-tools sudo apt install ubertooth
Proxmark3 proxmark3 client sudo apt install proxmark3
Flipper Zero qFlipper Download from flipperzero.one
nRF52840 nRF Sniffer for Wireshark Nordic nRF Connect SDK
CrazyRadio PA JackIt, MouseJack pip install jackit
Alfa WiFi aircrack-ng, Kismet sudo apt install aircrack-ng kismet
LimeSDR LimeSuite, srsRAN, GNU Radio sudo apt install limesuite srsran gnuradio
BladeRF bladeRF-cli, srsRAN, GNU Radio sudo apt install bladerf srsran gnuradio
Heltec/TTGO LoRa Arduino IDE, PlatformIO, RadioLib PlatformIO: pio lib install "RadioLib"
RAK Gateway ChirpStack, packet_forwarder chirpstack.io (Docker install)
LoRa (SDR) gr-lora, lora-sdr git clone github.com/rpp0/gr-lora

RF Hardware Comparison Guide | For educational and authorized security research only

Last Updated: December 2024