Dear all,
In the past weeks, I have been playing with the Osmocom GMR code. The code has been successfully compiled and installed.
My intention is to listen to the broadcast channel of Thuraya in the Netherlands. There are two spotbeams for NL namely 288 and 289. As I am located at the border of the two beams, I have tried both options. So far I couldn't see anything decoded in Wireshark.
I noted that the translation of ARFCN to frequency is slightly different in the formula by Driessen (Practical cryptanalysis of the real world systems) and in the ETSI standard (TS 101 376-5-5). There is a shift of half of the channel bandwidth (31.25 kHz).
For your information, I am using Ubuntu 16.04, USRP B210, a wideband antenna and LNA with about 20 dBi gain on L-band.
As mentioned by Sylvain in the mailing list, the gmr_multi_rx.py is obsolete. I am using the gmr1_rx_sdr.py for my tests.
I ran the following commands (one each time) and with Wireshark listening to lo interface while applying the gmr1.bcch filter. Is this the right approach as I don't see anything show up so far? Did I overlook something here?
Spotbeam 289 (ARFCN 1007) ./gmr1_rx_sdr.py -s 10000000 -B L -f 1556484375 -a 1007 -g 45 (Driessen) ./gmr1_rx_sdr.py -s 10000000 -B L -f 1556468750 -a 1007 -g 45 (ETSI)
Spotbeam 288 (ARFCN 267) ./gmr1_rx_sdr.py -s 10000000 -B L -f 1533359375 -a 267 -g 45 (Driessen) ./gmr1_rx_sdr.py -s 10000000 -B L -f 1533343750 -a 267 -g 45 (ETSI)
Comments or suggestions are much appreciated. Many thanks in advance.
Best regards, Johann
Hi Johann,
So, first wrt to different formula, the spec is definitely right ... (I mean it's the spec ...). However they are narrow channels and if your B210 is not GPS disciplined, its oscillator could be out quite a bit. It's default xtal is only rated to +- 20ppm and that's a 30 kHz error at 1.5 GHz ... so you can be off by a full channel just with that.
Second, the frequency you give to gmr1_rx_sdr.py is where to tune. In reality you want to tune not to the channel directly but a bit to the side so that the DC offset and 1/f noise at the center of the capture don't mess up the data. The script will automatically filter and recenter the proper frequency depending on the -a argument you passed to it.
Finally that python script only does the sample and channelization, and saves to a cfile in /tmp it doesn't do any of the decoding at all. For that you need to also run gmr1_rx binary ( or gmr1_rx_live , see the live branch ) on the recording. And it's that one that will take the raw samples do all the demod and decoding of the channels and send the data to wireshark.
Cheers,
Sylvain
Hi Sylvain,
Thank you for your quick reply. Much appreciated!
I will try your suggestions and come back to you when I have more results.
Best regards, Johann
On Thu, Apr 30, 2020 at 6:53 PM Sylvain Munaut 246tnt@gmail.com wrote:
Hi Johann,
So, first wrt to different formula, the spec is definitely right ... (I mean it's the spec ...). However they are narrow channels and if your B210 is not GPS disciplined, its oscillator could be out quite a bit. It's default xtal is only rated to +- 20ppm and that's a 30 kHz error at 1.5 GHz ... so you can be off by a full channel just with that.
Second, the frequency you give to gmr1_rx_sdr.py is where to tune. In reality you want to tune not to the channel directly but a bit to the side so that the DC offset and 1/f noise at the center of the capture don't mess up the data. The script will automatically filter and recenter the proper frequency depending on the -a argument you passed to it.
Finally that python script only does the sample and channelization, and saves to a cfile in /tmp it doesn't do any of the decoding at all. For that you need to also run gmr1_rx binary ( or gmr1_rx_live , see the live branch ) on the recording. And it's that one that will take the raw samples do all the demod and decoding of the channels and send the data to wireshark.
Cheers,
Sylvain
Hi Sylvain,
Thanks again for your suggestions.
I have performed some captures with some offsets w.r.t. to channel frequency. Then I ran the gmr1_rx binary on the recording. In your presentation video during CCCH, you mentioned that sps should be set to 4. The Wireshark output is shown below.
GSM TAP Header, ARFCN: 0 (Downlink), TS: 0, Channel: CCCH (0) Version: 2 Header Length: 16 bytes Payload Type: GMR-1 air interfeace (MES-MS<->GTS) (10) Time Slot: 0 ..00 0000 0000 0000 = ARFCN: 0 .0.. .... .... .... = Uplink: 0 Signal Level (dBm): 0 Signal/Noise Ratio (dB): 0 GSM Frame Number: 30 Channel Type: CCCH (2) Antenna Number: 0 Sub-Slot: 0
Perhaps the reception of the Thuraya signal is rather bad on my side. When I used the osmocom_fft to check the broadcast channel, I could not identify it. Switching to a homemade LHCP antenna didn't seem to help either.
I might try different locations next time. Currently I used a compass to roughly align my antenna direction towards the satellite (at 44deg E). What do you think? Thank you in advance.
Best regards, Johann
On Thu, Apr 30, 2020 at 6:53 PM Sylvain Munaut 246tnt@gmail.com wrote:
Hi Johann,
So, first wrt to different formula, the spec is definitely right ... (I mean it's the spec ...). However they are narrow channels and if your B210 is not GPS disciplined, its oscillator could be out quite a bit. It's default xtal is only rated to +- 20ppm and that's a 30 kHz error at 1.5 GHz ... so you can be off by a full channel just with that.
Second, the frequency you give to gmr1_rx_sdr.py is where to tune. In reality you want to tune not to the channel directly but a bit to the side so that the DC offset and 1/f noise at the center of the capture don't mess up the data. The script will automatically filter and recenter the proper frequency depending on the -a argument you passed to it.
Finally that python script only does the sample and channelization, and saves to a cfile in /tmp it doesn't do any of the decoding at all. For that you need to also run gmr1_rx binary ( or gmr1_rx_live , see the live branch ) on the recording. And it's that one that will take the raw samples do all the demod and decoding of the channels and send the data to wireshark.
Cheers,
Sylvain
-
Johann T. -
Sylvain Munaut