In the Q4 of 2024, a new SDR (Software Defined Radio) was released: the HackRF PortaPack H4M, shipping with the Mayhem firmware. Whether you’re a hobbyist, hacker, ham radio enthusiast, or security researcher, this compact device brings a full-featured radio lab to your pocket.
In this blog, we’ll walk you through the essentials of the new H4M, flashing Mayhem firmware, copy necessary files and apps, including its differences from other tools like its predecessors, specifically H2, its hardware updates, and how to get the most out of it with both standalone and PC-connected use. If you’re new to SDR, just like me, and looking to dive deep, I recommend following YouTube creators like sn0ren, Talking Sasquach, Jeremiah of All Trades, who consistently provide excellent RF content. Shutout to my friends at Sapsan, that sent me H4M for testing. If you are thinking about more light-weighted radio frequency gadget for a starter, that can be paired with a smartphone, check Evil Crow blog. If you are Flipper Zero user and you would like to improve the radio frequency experience, then you can start with external RF modules such as Feberis Pro.
In the video below are demonstrated some of the PortaPack use-cases.
Legal Disclaimer
Use of the HackRF PortaPack H4M with Mayhem firmware must comply with your local laws and radio regulations. Many features (such as signal transmission) can interfere with licensed frequencies and critical systems. Use responsibly, ethically, and only on frequencies and systems you are authorized to operate on.
What is Software Defined Radio?
Let’s start with the basics. Software Defined Radio (SDR) is an approach where signal processing functions (modulation, filtering, demodulation, etc.) are done in software, rather than using dedicated electronic components. This means you can tune into various frequencies and decode multiple signal types—all with a single device, just by changing software configurations.
What Is PortaPack H4M?
The PortaPack H4M is an extension board (or “case”) that mounts onto the HackRF One, a popular open-source SDR transceiver. It adds:
- A touchscreen
- Battery charging capabilities
- A rotary encoder
- Additional GPIO
- USB-C interface
- All enclosed in a shell
Once connected, the H4M transforms the HackRF One from a USB-tethered SDR into a completely portable standalone device that can receive and transmit signals in the 1–6000 MHz range.
It runs Mayhem firmware, a powerful open-source firmware that adds dozens of SDR tools and capabilities—ranging from real-time signal decoding to recording and replaying transmissions—all operated via the built-in touchscreen interface.
Who Is It For?
The PortaPack H4M is designed for:
- Cybersecurity professionals interested in signal interception, replay attacks, or wireless reconnaissance
- Radio enthusiasts and ham operators who want a compact RF lab in their pocket
- Researchers and educators using SDR to teach RF principles or demonstrate spectrum phenomena
- Hackers and makers exploring wireless protocols (like keyfobs, pagers, ADS-B, or weather satellites)
- Field engineers and technical testers needing a fast, portable tool for RF diagnostics
In short, if you work with, study, or tinker in the wireless spectrum, this device can save you time, simplify your workflow, and open new doors into RF experimentation.
Unlike entry-level RF gadgets that offer limited functionality, the PortaPack H4M offers true SDR capabilities, enabling both reception and transmission across 1 MHz to 6 GHz. Whether you’re decoding a signal, analyzing spectrum in the field, or replaying RF captures, the H4M turns your HackRF One into a powerful, modular wireless lab.
Interface Overview
The H4M features:
- 3.2″ Matte display – Your primary visual interface
- Rotary Encoder (with push button) – Navigate menus and adjust settings
- Touchscreen (capacitive) – Direct app interaction
- Power Button – Turn on/off
- USB-C Port – Charging, data transfer, and SDR streaming
- microSD Card Slot – Required for data logging and full app functionality
- SMA Antenna Port – RF input/output
- GPIO Header – For add-ons, extensions, and potential mods
- Jack 3.5 mm – headphones
- CLK IN
- CLK OUT
- Reset button
- DFU mode button
In the Box: Accessories and Antennas
The typical H4M kit includes:
- Wideband telescopic antenna (40–6000 MHz) – General-purpose use
- 5dBi 40-860 MHz antenna – For RF remotes, key fobs
- 12dBi 700-2700 MHz antenna
- 8dBi 2.4/5.8 GHz antenna – Wi-Fi, Bluetooth
- 35dBi 700 – 2700 MHz
Each antenna serves a specific role—pick based on the frequency of your target signal.
In the box is USB-C cable, SMA male-to-male cable, and power amplifier 50 MHz – 6 GHz 20db.
Updating Firmware
Thanks to modern web tools, updating the firmware is easier than ever:
- Go to https://hackrf.app
- Connect your device via USB
- Click on the PortaPack H4M and follow the onscreen steps
- Wait for the flash to complete and reboot
No need for CLI, GitHub cloning, or DFU mode—just plug, click, and go.
Using the microSD Card
The firmware itself is flashed to the device’s internal memory, but to unleash full features (like data logging, map, signal replay, and app extensions), you’ll need a microSD card.
Flash Mayhem SD Contents:
- Format card as FAT32 or exFAT
- Download SD content from: Mayhem GitHub (e.g.
mayhem_vX.X.X_COPY_TO_SDCARD.zip) - Extract contents to root of microSD
- Insert into device and reboot
Your PortaPack will now support full Mayhem features, including offline signal playback and data analysis.
Mayhem Apps & Use Cases
Mayhem firmware packs a full suite of tools right into your hand. Some top apps:
- RF Capture & Replay – Record and mimic garage remotes or doorbell systems
- Looking glass – is a real-time RF sniffer in the Mayhem firmware that passively scans and decodes signals from common sub-GHz devices like key fobs, wireless sensors, and smart home systems. It identifies frequency, modulation, and payload data across supported protocols.
- Pagers / POCSAG RX/TX – Receive and transfer decode unencrypted pager messages transmitted over the POCSAG protocol, commonly used in hospital, emergency, and industrial systems. It listens on standard POCSAG frequencies (e.g. 137–930 MHz), extracts text messages, and displays them in real time.
- ADS-B – Track airplanes in real-time
- Jammer – Disrupt specific bands with noise (illegal in many countries)
- Bluetooth/Wi-Fi Sniffers – Monitor and log nearby wireless devices
- Hopper – that automatically hops (floods) a defined frequency range to disrupt a connection.
- TPMS – scans for Tire Pressure Monitoring System (TPMS) signals from nearby vehicles. It captures and displays data like sensor IDs, pressure, and temperature transmitted by tire sensors, making it useful for understanding how modern cars wirelessly monitor tire health. In the same context, you can also read about 0-click RCE on Tesla Model 3 through TPMS Sensors presented at Hexacon 2024.
- Weather stations – passively listens for and decodes signals from sub-GHz wireless weather stations. It captures data like temperature, humidity, and sensor ID from nearby devices, helping you explore how consumer weather sensors communicate over RF.
- BLESpam – sends custom Bluetooth Low Energy (BLE) advertising packets to nearby devices. It can be used to broadcast spoofed names or messages, making it a fun tool for testing BLE visibility, proximity behavior, or for harmless pranks within Bluetooth range.
- Flipper TX – app that allows you to transmit raw sub-GHz signals using .sub files from the Flipper Zero. It bridges the gap between Flipper and PortaPack communities by enabling users to replay Flipper-compatible signals directly from the HackRF.
And many more apps. Most of the apps are documented on the Mayhem Wiki, and new ones can be added via SD card.
Flipper Zero Crossover: Transmit Files from Flipper
One exciting feature that bridges the gap between the Flipper Zero community and SDR enthusiasts is the FlipperTX app included in the Mayhem firmware. This app allows the PortaPack H4M to transmit .sub files—the same raw RF recordings used by Flipper Zero to replay signals like garage remotes, RF switches, and other sub-GHz devices. These files can be easily transferred to the H4M’s microSD card, where they can be selected and transmitted. This makes the PortaPack a Flipper-compatible transmission platform friendly. You can download and copy all Sub-GHz files from UberGuidoZ. On top of that, you can also copy and use HackRF Treasure Chest collected by RocketGod.
DragonOS
If you want to go full desktop SDR mode, try DragonOS. It is a powerful Linux-based operating system tailored specifically for Software Defined Radio (SDR) and signal analysis. It comes pre-loaded with dozens of RF tools, libraries, drivers, and GUI environments—so you don’t have to manually install and configure anything.
The primary goal of DragonOS is to offer a plug-and-play SDR research and hacking environment. Rather than spending hours compiling SDR tools or resolving dependencies, you can simply boot DragonOS and start exploring.
It’s built with spectrum analysis, signal decoding, protocol reverse engineering, and RF security research in mind.
You can download DragonOS from here.
Where to Buy
Grab your PortaPack H4M (Mayhem pre-installed) from Sapsan. They offer full kits with antennas and accessories.
Final Thoughts
The PortaPack H4M is a serious upgrade for anyone working with SDR. It turns the HackRF One into a standalone, touch-operated, full-frequency transceiver—complete with a software suite (Mayhem) that covers everything from analysis to signal manipulation. Transmit and receive 1 MHz–6 GHz.
Compared to earlier PortaPacks, H4M is faster, sleeker, and more convenient to use. It’s ideal for RF pentesters, ham radio experimenters, and those who want to explore the invisible world of radio.
Whether you’re hunting signals, analyzing protocols, or just experimenting with SDR, the PortaPack H4M is the ultimate companion.