Wideband RF Detector project

[cprobertson1]

Good Morning folks!

I've now finished my previous projects and have began work on a wideband (a few MHz up to a few GHz) RF detector, inspired by the CPM700 that Dave tore down a while back () - thinking it'd be useful for finding local sources of RFI (and ouf course, bug-finding too!) - I'm a HAM - having radio emitters in my house annoys me! My PC is especially bad for it (who'd have guessed!?)

Now, I have a confession to make. I don't usually work with analogue components let alone RF - so I thought this would be a decent project to brush up on several skills/component/circuit groups: the caveat is - NO microcontroller! I want to
-amplifiers of all flavours
-detectors/demodulators
-op-amps
-band-pass filters
-comparator circuits
-Impedance matching

Sounds fun!

My thoughts were to approximate the "look" of the CPM 700 - and very roughly copy the functionality (i.e optional speaker/headphones, volume control, a bar chart, settable alarm/buzzer) - but design the circuit more or less from the ground up (that way I can get the most out of it as a learning experience!)

I'm going to be jumping about as I prototype everything as a more-or-less separate module - and thought that I had better create a thread for the questions that will inevitably pop up during development!

The first of these questions relates to the overall principle of the best way to "hear" the incoming signal - while keeping things simple/low part count?

The current design has the antenna going through a preamp and then an optional high-gain amplifier before going towards the audio stages.

My first instinct is to use a diode (envelope) detector (diode+R+C - exciting stuff!) on that amplified signal, before it goes to the audio stage - will that be enough? If so, how would I figure out the values to use for R and C - as I seem to recall it being frequency dependant (or does it even matter in this case since I'm attempting to observe such a wide band, while not really being tuned to any particular part of it?)

NB: Note sure it matters but the audio stage is currently based around an LM386 (probably with adjustable gain (20-200) - to be decided xD)

[CJay]

Sounds interesting but the LM386 is horrible, was it chosen for a specific reason or just as an easily obtainable audio gain block?

Consider the TDA7052 perhaps...

[cprobertson1]

Just as an easily obtainable audio gain block

Now that you mention it, I think I might actually have an TDA7052 lying around in one of my parts drawers... the number is ringing a bell!

I've attached the design notes I've made so far - just a rough idea of the signal path and some notes on the stages/blocks, crudely separated into rows.

None of that's set in stone yet - just a rough idea - my back-of-the-envelope-brainfarts often involve block diagrams because I'm cool that way.



--EDIT--
Just noticed that Block "10" (alarm) should be a child of Block "9" (bar chart) to judge by the way I've described it in the notes - I'll worry about the exact details for that entire monitor stage later though

[Neomys Sapiens]

I know of three implementations of similar devices:
One from the german 'Funkamateur', called 'tbd' (interference detector or something akin)
One from (i think) Elektor, called 'the Tapir'
and the untuned receiver from Wenzel

Will try to find something on the first two, the third is here:
http://www.techlib.com/electronics/allband.htm

Then there was once a device from Optoelectronics (not the Interceptor, as that is digitally (µC) controlled; but they had somthing much earlier), which should do approximstely the same. Don't know the name anymore, so one has first to find out this before looking for a schematic.

[Neomys Sapiens]

There were even 2 implementations from Funkamateur:

- Der EMV-Spion - ein Ortungsgeraet fuer Stoerquellen
FA07/2012 (p.706)

- Stoerquellen-Suchempfaenger
FA08/2008 (with Errata in FA07/2011)

An ENGLISH article on the Elektor 'Tapir' is here:
https://www.elektormagazine.com/labs/tapir-ultraensitive-wideband-magneticelectromagnetic-field-detector

Also from the 'Encyclopedia of Electronic Circuits' series:
Graf Vol.3 p365: Bug detector, 2xMAR6, HF-diode, LM3915 (3dB steps); 9V

Graf Vol.4 p139: RF-field detector, biased diode, compensation NW , LM1458, moving-coil ind. 9V
          p166 tuned 6..60MHz, 741 + Germanium diode +2coils+drehco, m.c.meter, 9V   

Graf Vol.5 p150: Bug detector, BFR90 preamp, diode detector, VCO audible output

So, that was just to provide some ideas. Of course, I'm interested in any new implementsation of such a practical device. Useful both for EMC troubleshooting and COMSEC/TSCM

[chris_leyson]

I'm a HAM - having radio emitters in my house annoys me!

well put your antenna ouside then.

I take it you are working HF with a wire antenna or E-field antenna. Most QRM is vertically polarised E-field so go for a balanced dipole or a sreened tuned magnetic antenna, a long wire will pick everything including the neigbourghs. What are you using for an antennna ?

[cprobertson1]

I've got the prototype audio stage built (as mentioned, just an LM386 for now - I'll upgrade to something better in the near future - @CJay suggested the TDA7052, which I shall keep in mind when it comes time to finalise the audio stage.

There are a few quirks (for instance, if you look at it funny, it oscillates loudly, but it'll do for now!

Next up is the front end...probe... is the probe considered part of the front end?

I am thinking of an, antenna feeding directly into the preamp with a pair of protection diodes to ground (will 1N4184 suffice?)

For the preamp I am thinking of a 2-stage design with some transistors with the input biased to half the supply voltage (and powered from DC bias)

Does that all sound reasonable to you folks? Any suggestions for improvement?

I'm a HAM - having radio emitters in my house annoys me!

well put your antenna ouside then.

I take it you are working HF with a wire antenna or E-field antenna. Most QRM is vertically polarised E-field so go for a balanced dipole or a sreened tuned magnetic antenna, a long wire will pick everything including the neigbourghs. What are you using for an antennna ?

Lol, that's a subject for another day   - I have two dipoles, a 1/2G5RV and a couple of colinears - but being a mid-terraced house, it's difficult to site them far away. They're not actually that bad - they've never been prohibitive (except when the status LED on my monitor failed and whenever it went on standby, it would swamp the bands with a cycle of 1 second of broadband noise, followed by 1 second of silence - corresponding with the blinking of the LED. Still not sure of the exact mechanism there though...replacing the LED fixed it at least (and I replaced all the electrolytics just to be on the safe side)

So, that was just to provide some ideas. Of course, I'm interested in any new implementsation of such a practical device. Useful both for EMC troubleshooting and COMSEC/TSCM

I'm not actually sure if I can bring anything new to the table per se, from what I've gathered there really isn't a whole lot in these sorts of units; and I'd be wary of making it superfluously complex (though I might add wifi/bluetooth support and make it IoT compatible, and then tie it into my smart home, just to annoy people with the deliberate irony )

[chris_leyson]

I must admit I've had the same problem using a long wire with matching network into a QS1R SDR. And there was me thinking that a dipole being balanced would reduce the the QRM, well obviously not for near field interference, I didn't really think that one through. These days the QS1R doesn't get a lot of use and I really need to get around to building a mag loop.

For a wideband detector I'm going to have a stab at building something using LT5534, got the idea from EDN https://www.edn.com/design/test-and-measurement/4316368/Low-cost-RF-sniffer-finds-2-4-GHz-sources. I will probably build two versions one with the 2.45GHz bandpass filter and one without.

Longer term I would like to try a wideband tuned detector probably single conversion down to baseband. I'm sure AD or LT will have a suitable mixer for the frontend. Maybe a 1GHz to 2GHz PLL and then fixed down convert for the LO. At the moment it's just a concept but it will make EMC work a lot easier and quicker.

[cprobertson1]

I always thought dipoles would help more due to their directionality rather than their balancedness? Either way, in my case it's the feedline that picks up a lot of the noise, even though it's only in the house for a short distance; because my station is upstairs it takes a vertical path to the ground before going across the garden.

Couple that (pun intended) with a poor RF grounding and there are plenty of noise sources - some areas are blocked off by nearby noise regardless of what I'm doing in the house - while other bands get periodic noise. My setup is more than enough to get by though! Whatever gets you on the air - everything else is just a bonus


So - bearing in mind that I'm using this to learn more about analogue electronics (at RF in this case) - I reckon using 2x transistors for the preamp would be better than just using an RF amplifier IC?

I want the main (switchable) amplifier to have as wide a response range as possible - preferable from DC right up to a few GHz - that way I can design different probes for specific purposes without having to touch the front end itself.

Again, the question comes into play whether I should build all that out of discrete parts - or just use a amp IC (I'd be more inclined to use a single IC (or two) for the RF amp, as my design of having a base unit that can take various probes calls for a wide response range on the main amp - say, DC to a few GHz - and I'd rather not muff that side of things up.

That said, muffing that side of things up is a great way to learn!

[Neomys Sapiens]

If you put the preamp part onto a small 'carved' SMD island, like many RF experimental constructions use, you could experiment with various circuits and configurations and you would be able to drop in an MMIC preamp as well. I think most discrete circuits take some work before they achieve the same stability.

[fireworks]

   If this was not mentioned before in this thread: the easiest way to build a sensitive and wideband detector is to use a

   logarithmic amplifier.

  Analog Devices have a large range of such devices many of them quite cheap:

http://www.analog.com/en/parametricsearch/11409

[CopperCone]

What advantage does this have over a spectrum analyzer?

[janoc]

What advantage does this have over a spectrum analyzer?

That you don't need to sell your firstborn in order to do such testing?  It is also likely going to be smaller and more portable than an SA - kinda convenient when you are looking for a source of interference.

[Mechatrommer]

like this maybe...
https://www.ebay.com.my/itm/AD8317-1-10000MHz-RF-Power-Meter-Logarithmic-Detector-Controller-for-Amplifier/282073676594?hash=item41ace6bb32:g:XSMAAOSwepJXZ8d3
https://www.ebay.com.my/itm/AD8362-50HZ-3-8GHZ-RF-Radio-frequency-Detector-power-RMS-detector-amplifiers/232104741130?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2060353.m2749.l2649

[CopperCone]

If you wanna do counterintelligence though, you need to look for the various ways you can mask, unless that detector dave jones has does this all internally ( I don't see any switches) just having the audio output from what I assume is AM or FM is probably pretty bootleg in terms of finding bugs designed after 1920.

http://www.cryptomuseum.com/covert/bugs/masking/index.htm

There might be more, any now things might be communicated in encrypted digital.... but there is still the appeal of using those masking methods, maybe, because I suspect that they are lower power to generate, so a battery powered bug might last alot longer then one with a MCU or something. They might also be smaller, so you can have various bugs that communicate with a intermediate analog signal to a more powerful digital transmitter that acts as a repeater.

Sure, you can probably make dedicated encryption ASICs that use lower power, but then this starts to point fingers at who done it (deep pockets, access to fab, able to get something manufactured that's clearly kinda shady), wheras these kinda of solutions might be more homebrewable so you can always blame cubans or something like that. The manufacturing process of an IC may leave fingerprints as to whos fab it is, or at least which process it was, so you can start to trace down what companies might be responsible, or who bought specialized semiconductor equipment to manufacture something by themselves.. I assume this could lead to agent Fred having sleepless nights.

Kinda wonder if the CIA / FBI or probably NSA tries to keep cradle to the grave accountability on complicated semiconductor manufacturing equipment for these purposes.

I'm sure that in certain cases, like maybe working a cartel crime family, even the FBI does not want to use its latest clearly FBI high tech equipment in case it gets found.. especially if there is rivals trying to kill/spy on each others businesses, it's probably alot easier to build a case if some coked out gangsters think other coked out gangsters are causing problems, rather then the government which will make everyone panic.

[cprobertson1]

If you put the preamp part onto a small 'carved' SMD island, like many RF experimental constructions use, you could experiment with various circuits and configurations and you would be able to drop in an MMIC preamp as well. I think most discrete circuits take some work before they achieve the same stability.

Not a bad plan! Tbh, the preamp module is simple enough that the entire module can just be replaced if I change the design or want to experiment. My only complaint is that it's a hybrid module just now - mixture of SMT and through-hole which isn't ideal, but whatever, it's not a production PCB so it will do for now

What advantage does this have over a spectrum analyzer?

Relative to a spectrum analyser:

Pros:

• Can be made very small (if you integrated the handset of my design with the base unit, you could easily make it about the size of a small phone - my unit will be about the size of a small book; as I want lots of battery space, and swappable modules for experimenting with )
• Cheap (My max budget is £100, but I'm aiming for a BOM cost of <£50)
• Low-power (I'm aiming for <10mW consumption for the front end; I could easily make that considerably less with a bit of tweaking (and more experience) - it can easily be powered from a battery pack!)
• Portable (Low power + small size = I can take it anywhere )
• Simple to use (for finding noise sources)(just listen and wave it round )
• Fun! (Who doesn't want to hear what their fridge sounds like when you feed some of it's RFI through a speaker )
• Simple to build (i.e., I can build this I reckon I'd struggle to build a (good) spectrum analyser - I might be able to put something together, but I'd question the cost-benefit ratio, especially as I'm pretty nascent in the EE world! )

Cons:

• No quantitative data (only relative strength is displayed; no indication of frequency)
• No frequency control (no tuned circuit: everything within range is picked up - unless you add a bandpass/bandblock filter)
• Low sensitivity (very weak signals will easily get swamped out by larger signals)
• Wideband (both a pro and a con)(I believe this may struggle to pick up very narrowband signals unless you're pretty close to them)
• Short sample window (transmissions with very short durations may not be picked up, or may be hidden in the noise)

So in other words, although there are overlaps - there are a lot of tradeoffs with an RF detector vs a spectrum analyser xD Also, bear in mind, I'm building this for fun and for learning - rather than a commercial application!

  If this was not mentioned before in this thread: the easiest way to build a sensitive and wideband detector is to use a
   logarithmic amplifier.
  Analog Devices have a large range of such devices many of them quite cheap:
http://www.analog.com/en/parametricsearch/11409

Nice - I'll need to take a gander at them! I've decided the preamp is going to be discrete (because I want the experience of correctly building a preamp ) - but for the switchable RF amp, a log amp may be the best choice - BUT - how good the response curve I'll get out of it depends on how good the response curve of my discrete preamp is... so I might be sabotaging my own efforts in that respect! We shall see - I can only sweep my preamp from DC-50MHz (I suppose I could go up to 100MHz with a frequency doubler circuit) - so I have no idea what it's response will be like across the entire VHF/UHF ranges - but then again, since everything is relative (i.e I'm not taking quantitative measurements) - does it actually matter? Hmmm... food for thought!

ANYWAY - so what is it about amplifying log of the input voltage rather (as opposed to a linear amp) that makes it a good choice for this detector?

Is it just relating to the logarithmic auditory response in the human ear, or is there something I've not considered yet?
--EDIT--
Wait, is it related to the bandwidth product?

If you wanna do counterintelligence though, you need to look for the various ways you can mask, unless that detector dave jones has does this all internally ( I don't see any switches) just having the audio output from what I assume is AM or FM is probably pretty bootleg in terms of finding bugs designed after 1920.

http://www.cryptomuseum.com/covert/bugs/masking/index.htm

There might be more, any now things might be communicated in encrypted digital.... but there is still the appeal of using those masking methods, maybe, because I suspect that they are lower power to generate, so a battery powered bug might last alot longer then one with a MCU or something. They might also be smaller, so you can have various bugs that communicate with a intermediate analog signal to a more powerful digital transmitter that acts as a repeater.

Sure, you can probably make dedicated encryption ASICs that use lower power, but then this starts to point fingers at who done it (deep pockets, access to fab, able to get something manufactured that's clearly kinda shady), wheras these kinda of solutions might be more homebrewable so you can always blame cubans or something like that. The manufacturing process of an IC may leave fingerprints as to whos fab it is, or at least which process it was, so you can start to trace down what companies might be responsible, or who bought specialized semiconductor equipment to manufacture something by themselves.. I assume this could lead to agent Fred having sleepless nights.

Kinda wonder if the CIA / FBI or probably NSA tries to keep cradle to the grave accountability on complicated semiconductor manufacturing equipment for these purposes.

I'm sure that in certain cases, like maybe working a cartel crime family, even the FBI does not want to use its latest clearly FBI high tech equipment in case it gets found.. especially if there is rivals trying to kill/spy on each others businesses, it's probably alot easier to build a case if some coked out gangsters think other coked out gangsters are causing problems, rather then the government which will make everyone panic.

According to some of the docs from the Snowden leak, most bugs are pretty simple - mostly FM analogue devices, optionally with frequency inversion/scrambling, but GSM bugging/tracking are not uncommon. In fact, in one of the documents, the CIA recommended bugs were mostly available from amazon... which would make tracing it back to a particular government body a nightmare!

Law enforcement tend to use AM/FM/WFM/FM-sub/QAM/Spread spectrum/frequency hopping, again, optionally with scrambling/inversion or encryption (typically 56-bit DES) according to that document. They also seem pretty fond of powerline devices for larger offices and large-scale buildings - in fact the model listed here can support a large (>200 nodes) network of cameras and microphones on the same circuit: and indicates that the NATO Headquarters in New York has had such a system operating for several years...  Well that's interesting!

Obviously, for bugging an embassy or another government office, you're going to be using much fancier equipment than that (as they are going to be on the lookout for surveillance) - but regular offices/households just don't usually listen out for them, you can probably get away with a simple analogue bug - as evidenced by law enforcement.

I'm not in the TSCM  business though - I only know the most superficial of information on the subject (and some dodgy practices by some dodgy authorities, oftentimes in worryingly high places...) - so please forgive me if I a) misremembered something or b) didn't fact-check enough

[cprobertson1]

Current design notes/thoughts on signal gain:

• Preamp Gain = 20dB
• 2x 10dB cascaded NPN
• IC TBC
• Perhaps a BFR360F? More thought needed
• Gain TBC
• Emitter follower configuration?
• Cascode configuration?
• RF Amp Gain = 0 or 20dB
• Switchable (simple bypass)
• Layout TBC
• IC TBC
• Gain TBC
• May split into 2x selectable stages to allow a "medium" gain setting
• Audio Amp gain =
• Gain TBC
• Gain adjustable
• simple V-div. or pot on feedback loop?
• Prototyped with LM386
• IC TBC: TDA7052suggested

[CopperCone]

I intend to build one of these anyway. Building for compactness is interesting.

Building a tiny preselector and preamp and portable power source for a sdr might be a useful survilenece tool too.

You could use the power sensor to sweep for general signals then use a sooped up sdr to try to demodulate it.

Im kinda imagining a kinda corny tactical setup, where there is a power splitter between your meter and the sdr, whichcould be connected to something like google glasses via an unused wireless channel, so you can do a quick sweep while monitoring power but simultanously be able to view the relevant rf spectrum. You could even split the signal up after a buffer to quickly identify which band the noise is in. This method might get better sensitivity for dollar spentthen a sdr, which usually has kinda a high noise floor.

I am imagining some guy walking around pretending to be blind doing a sweep with an antenna hidden inside of a cane.

I kinda imagined a fast power meter, which then goes into a preselector with band inducators then a sdr control on your palm to linked glasses so you can quickly scan the band your interested in and you dont need to sniff around the entire spectrum.

Something like this would be useful ifbyou need to do a covert bug sweep without the permission of the property owner, like in your workplace, where discression and speed are of essence.

Would also be interesting to make some kinda doodad that can ddetect if an office phone is silently transmitting. I had office phones suddenly turn on with someones voice, with the intercom mode being turned on withoutany kind of notification. Its like giving your boss the ability to teleport lol

[CJay]

I'm wondering about the utility of this sort of gear, it'd be great for pinpointing noise around the house but for detecting bugs, perhaps not.

I wonder how 'easy' it'd be to bury a signal in the noise floor, raising it perhaps by a percentage of a dB across some relatively huge bandwidth, and then retrieve it, maybe this is the reason why some real time spectrum analysers are subject to export embargoes unless limi...

Hang on, there's two blokes wearing sunglasses at my door and a helicopter circling...

[Gyro]

I know you're looking at making your own but it looks like a niche consumer product these days, four pages of them on Amazon UK...
https://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Ddiy&field-keywords=emf+detector

Though it's difficult to tell where the electromagnetic spectrum ends and the supernatural begins!  Maybe a few of them have genuine value though.

[CopperCone]

Making the modulation wideband may make it easier to see in some ways due to averaging. Might see a band rather then something that is disguised as adc noise

But yes spread spectrum low power or power negotiating coms are pretty freaky. Atmospheric noise tracking?

You can have a external device that signals the transmitter totrack the noise floor but you need to know the capabilities of your adversary to do it. But i wonder what the limkts are with some kinda cryogenic lockin amplifier dealio.

Signal being recieved beneth your best spectrum analyzers noise floor with zero span and most sensitive settings.

It seems like you would need to be cutting edge in like four disciplines to be able to size these kinda things up and set realistic bounds for size, power use, etc. Then divide them by 4 because your paranoid

I have no idea what to do about such things...

Im imagining a funny situation with some kremlin officials finding some giant ridiculous spy contraption burried under the sub basement put together by the janitor over a 30 year period. Like that scene in john carpenters the thing when they find the hidden space ship lol!

[Neomys Sapiens]

>Copper Cone:
While you are totally right on the more recent techniques, with various modulation types, spread spectrum or digital, do not underestimate the number of those '1 button cell, microphone + 2/3 transistor thingies hidden in a candle/ashtray/saltshaker/whatever. I encounter them actually more often in the last 5 years than before. Together with WiFi and cellular-based. The real ones are waayyy too scarce.

>General: the mentioned Optoelectronics Interceptor, which is µC-controlled and sort of scanning or bandswitching is the R10 and it is intended to work on FM signals, whereas the R20 was the instantenous
acting (wideband) AM one. The R10 is still available, the R20 not. So both were called Interceptor. That what was I meant with 'earlier' device from OE.

> to OP: I would suggest getting that AF stage quiet before proceeding. Also some ideas:
whatever you use for a visual indicator (bar graph/moving coil/..) give it at least a fast/slow characteristic
AND have a non-selfresetting maximum pointer OR a bistable indicator corresponding to adjustable limit of
the range.

[Marco]

According to some of the docs from the Snowden leak, most bugs are pretty simple - mostly FM analogue devices, optionally with frequency inversion/scrambling, but GSM bugging/tracking are not uncommon. In fact, in one of the documents, the CIA recommended bugs were mostly available from amazon... which would make tracing it back to a particular government body a nightmare!

Don't want to expose your abilities, but I'm sure they have tiny environmental energy harvesting microburst transmitting bugs for when it really counts.

[cprobertson1]

According to some of the docs from the Snowden leak, most bugs are pretty simple - mostly FM analogue devices, optionally with frequency inversion/scrambling, but GSM bugging/tracking are not uncommon. In fact, in one of the documents, the CIA recommended bugs were mostly available from amazon... which would make tracing it back to a particular government body a nightmare!

Don't want to expose your abilities, but I'm sure they have tiny environmental energy harvesting microburst transmitting bugs for when it really counts.

As I mentioned, it appears to depends on what is being bugged - commercially available/disposable bugs were advised on two documents (I can only assume they were for low priority targets that aren't going to be actively searching for bugs ): while the NSA catalogue (2009) contained a lot of retroreflector bugs/beacons ("When the unit is illuminated with a CW signal from a nearby radar unit, the illuminating signal is amplitude-modulated with the PPM square wave. This signal is re-radiated, where it is picked up by the radar, then processed to recover the room audio.") they had a lot of fancier items in that and other documents (I quite like the look of that one that's built into a USB cable with intent on bridging air-gaps: it's tiny!

A lot of how they're using firmware on commercial hardware (notably hard drives) to rewrite the BIOS (How? Haven't a clue!) to interface with "implanted" RF hardware (often RF retroreflector which comes off as an AM according to the NSA ANT catalogue ) makes for some fascinating reading!

Sources: All available on Wikileaks - specifically "German BND-NSA Inquiry Exhibits", "The Spy Files"(misc. curation) and "Vault 7"(misc. curation) - most of which are just collated leaks from lots of sources

Either way, this isn't my field - I'm relying on wikileaks for sources on what the big players are doing I'm not going to dance with that leviathan - if they ever decide to bug me, I'm not going to know about it regardless of what I build! But then again, that was never really my intention - rudimentary bug-finding was more a serendipitous use for my project rather than an actual goal!

...and on that note, I should probably stop directly talking about CIA/NSA leaks now, even if the tech side of things is fascinating!


ANYWAY - Back to the topic

......

> to OP: I would suggest getting that AF stage quiet before proceeding. Also some ideas:
whatever you use for a visual indicator (bar graph/moving coil/..) give it at least a fast/slow characteristic
AND have a non-selfresetting maximum pointer OR a bistable indicator corresponding to adjustable limit of
the range.

Hmmm - not a bad suggestion! As I said, I had hacked together an AF stage from an LM386 for testing - with intent on making a "better" audio stage once I had the RF stage(s) prototyped - it's a bit of a catch-22! The AF/RF/Monitor triangle of interrelated modules!

My current plan is to use the hacky-LM386 audio stage to prototype a low quality RF stage so that I can use that to redevelop the audio stage to a higher quality (which I can then use to redevelop the RF stage!)

While I'm doing that I'll be giving some consideration to what's going into the "monitor" stage (though I should really refer to it as a "display" stage... but then again it also monitors... hmmm... I'll figure out the correct nomenclature some other time!).

At the moment, the display side of things is just going to be 2x LM3914 driving a bar chart (may replace with LM3915, but a logarithmic response may mess with the monitor functionality - will need to experiment!)

I was planning on having some sort of peak hold on that, but I also want it to just be 1 led for the peak - I've not really looked at how I'm going to do that yet, but I'm sure I can figure out something once I get round to that stage. Your suggestion of a bistable/manually re settable indicator would be a logical extension of that - I was originally intending on just having an adjustable hold time.

I was planning on using all-analogue parts for this project (as I always seem to be working with digital these days!), but I could probably upgrade it to a fancy OLED display with a micro-controller to do some processing - but at the moment, the aim is to make it more or less all-analogue (for increased learning potential of course!)

As for fast/slow response characteristic, I reckon a simple RC circuit with a SPDT to change the value of R might be enough? Except that will be frequency dependent - hmmm...

Lots of room for learning/experimentation =D

I'm wondering about the utility of this sort of gear, it'd be great for pinpointing noise around the house but for detecting bugs, perhaps not.

I wonder how 'easy' it'd be to bury a signal in the noise floor, raising it perhaps by a percentage of a dB across some relatively huge bandwidth, and then retrieve it, maybe this is the reason why some real time spectrum analysers are subject to export embargoes unless limi...

Hang on, there's two blokes wearing sunglasses at my door and a helicopter circling...

From what I gather, more complex bugs ("real" surveillance) have hundreds of ways to hide - I reckon it'd be pretty easy to hide something in the noise (speaking from a ham radio perspective that is, I've seen things man... those digital modes can work at incredibly low signal strengths even when there's plenty of noise!) - amateur bugging will be relatively easy to detect though xD

Either way, the rudimentary bugfinding functionality is rather serendipitous to (woah, deja vu!) the actual goal of my project which was to find... um... "stuff" xD

Oh, and to get some analogue experience - everything I do these days seems to be digital!

[Marco]

commercially available/disposable bugs were advised on two documents (I can only assume they were for low priority targets that aren't going to be actively searching for bugs )

I think it depends on a multi-objective optimization, importance of intelligence, chance of discovery and cost of exposure of technology. I'm sure they have a lot of stuff which they assume has never been identified by enemy actors and want to keep it that way and only use in the direst of circumstances.