I just released an LTE cell scanner based on the rtlsdr library. If you're interested, the code is available on github: https://github.com/Evrytania/LTE-Cell-Scanner
This code will search for all the LTE cells in your area and will also report the frequency error of your dongle.
BR, James
P.S. Many thanks for the rtlsdr library!
Hi James,
I just released an LTE cell scanner based on the rtlsdr library. If you're interested, the code is available on github: https://github.com/Evrytania/LTE-Cell-Scanner
This is exciting stuff, thank you for sharing! I had to change few lines (patch attached) for it to compile on my system, not sure it is the proper way, though.
This code will search for all the LTE cells in your area and will also report the frequency error of your dongle.
Works for me, found one carrier so far.
Best regards,
Dimitri
I have just uploaded to
http://jmfriedt.free.fr/gr-acars.tar.gz
the first version of the ACARS message decoder I have written for gnuradio operating with RTL-compatible dongles. I have included an example directory with a WAV file for testing the decoder, and the log of last night's reception. The decoder is far from perfect, but I think it behaves no worse than the sound-card based decoder I have used (e.g kracars and wacars). It is also, to the best of my knowledge, the only opensource ACARS decoder since acarsdec does not seem functional (at least not with the provided example file), so someone might find it useful, and maybe even inspiring for improvement.
I hope to learn by next week to add parameter passing from grc to the C++ program so that two parameters -- the log file which is currently hardcoded to be located in /tmp/log_file.txt, and a threshold value which is currently hardcoded but should be user-tunable (or ideally automagically adapted to received power levels, but so far such attempts have failed) -- can be provided through the gnuradio-companion interface. This will provide a minor update of the archive.
This is my very first attempt at grc block programming, so any feedback is welcome. I have updated the manuscript describing the development method -- still in French unfortunately, hoping to translate to English sometimes in the coming month -- and uploaded the PDF document at http://jmfriedt.free.fr/lm_sdr.pdf for any French speaking audience to comment on.
Jean-Michel
Hi James,
Very interesting code. I have to try to run it here - I know we have few LTE carriers around.
Have you seen this project which is going in a similar direction? http://sourceforge.net/p/openlte/home/Home/
On Wed, Aug 22, 2012 at 12:44 AM, James Peroulas james@peroulas.com wrote:
I just released an LTE cell scanner based on the rtlsdr library. If you're interested, the code is available on github: https://github.com/Evrytania/LTE-Cell-Scanner
This code will search for all the LTE cells in your area and will also report the frequency error of your dongle.
BR, James
P.S. Many thanks for the rtlsdr library!
-- Integrity is a binary state - either you have it or you don’t. - John Doerr
Thanks everyone for all the initial comments and feedback! I've updated the code to fix the two small problems that were reported to me.
Have you seen this project which is going in a similar direction? http://sourceforge.net/p/openlte/home/Home/
Actually, I've exchanged a few emails with Ben and his code helped me with several parts of my code. I've now added a link back to his project in the README.
BR, James
I was able to build it on Ubuntu 9.04 (Jaunty Jackalope) with a little upgrading of some dependencies.
CellSearch is now crashing in the static initializer for the ROM_TABLES object. *sigh*
Would anyone have an idea what may be is causing it?
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb773b910 (LWP 21087)] 0x00f743fe in itpp::Vec<std::complex<double> >::set_size () from /usr/local/lib/libitpp.so.7 Current language: auto; currently asm (gdb) where #0 0x00f743fe in itpp::Vec<std::complex<double> >::set_size () from /usr/local/lib/libitpp.so.7 #1 0x00f74ada in itpp::Vec<std::complex<double> >::operator= () from /usr/local/lib/libitpp.so.7 #2 0x0808b0cd in PSS_fd::PSS_fd () #3 0x08094444 in global constructors keyed to ROM_TABLES ()
Christian
Maybe this is a n00b question, but what am I doing wrong when I try to access the git repository?
git clone https://github.com/Evrytania/LTE-Cell-Scanner.git Initialized empty Git repository in /home/buchner/lte_scan/LTE-Cell-Scanner/.git/ fatal: https://github.com/Evrytania/LTE-Cell-Scanner.git/info/refs download error - The requested URL returned error: 403
Fortunately I can download the tarball as well, but it's more work to keep in sync with the repository.
Christian
Now I am really close, the latest fix for ROM_TABLES did the trick! I am having an issue with tuning the frequency, following the PLL not locked messages.
Is this also happening to anyone else? The rtl_test tool also shows the same messages, but I also see other people's forum postings who run the rtl-sdr software successfully, even with this kind of error message appearing.
# CellSearch --freq-start 791e6 --freq-end 821e6 LTE CellSearch v0.1.0 (release) beginning Search frequency range: 791-821 MHz PPM: 100 correction: 1 Found Elonics E4000 tuner [E4K] PLL not locked for 791000000 Hz! Error: unable to set center frequency
# rtl_test -t Found 1 device(s): 0: Terratec T Stick PLUS
Using device 0: Terratec T Stick PLUS Found Elonics E4000 tuner Supported gain values (14): -1.0 1.5 4.0 6.5 9.0 11.5 14.0 16.5 19.0 21.5 24.0 29.0 34.0 42.0 Benchmarking E4000 PLL... [E4K] PLL not locked for 51000000 Hz! [E4K] PLL not locked for 2175000000 Hz! [E4K] PLL not locked for 1088000000 Hz! [E4K] PLL not locked for 1232000000 Hz! E4K range: 52 to 2174 MHz E4K L-band gap: 1088 to 1232 MHz
For some reason, your CellSearch software worked the second time I ran it. Here's the result for a scan in Munich. The two frequencies found correspond to the operators O2 and Vodafone. Deutsche Telekom is either not using the 800 MHz band here, or I happen to be out of the reception range for this dongle.
Detected the following cells: C: CP type ; P: PHICH duration ; PR: PHICH resource type CID fc foff RXPWR C nRB P PR CrystalCorrectionFactor 449 796M -13.2k -47.7 N 50 N one 0.99998344473785039099 372 806M -13.2k -43.7 N 50 N one 0.99998362964129883235
This software project is way cool! I am surprised how precise my crystal is.
Now who's willing to extend the code to combine several dongles to scan the full 10 MHz band and to analyze the allocated resources signalled on the PDCCH so we can generate statistics on cell load and number of UEs served?
Christian
A couple of suggestions for improvement of this tool:
- detect and report number of Tx antennas used by each cell (1,2 or 4). This should be detectable from the CRC part of the MIB. - report whether the LTE system uses TDD or FDD.
I am surprised that today I find 4 cells on 796 MHz and 5 cells on 806 MHz. I did not expect this dongle to be so sensitive.
Detected the following cells: C: CP type ; P: PHICH duration ; PR: PHICH resource type CID fc foff RXPWR C nRB P PR CrystalCorrectionFactor 388 796M 369h -44 N 50 N one 0.99998386356929225283 449 796M 349h -48 N 50 N one 0.9999838380560712725 389 796M 358h -48.3 N 50 N one 0.99998384936395678935 52 796M 359h -49.2 N 50 N one 0.99998385073518580857
Detected the following cells: C: CP type ; P: PHICH duration ; PR: PHICH resource type CID fc foff RXPWR C nRB P PR CrystalCorrectionFactor 108 806M 359h -42.3 N 50 N one 0.999983844979292269 372 806M 255h -42.9 N 50 N one 0.99998371629218352208 109 806M 215h -44.1 N 50 N one 0.99998366727140031163 235 806M 244h -44.6 N 50 N one 0.9999837021424591299 365 806M 849h -48 N 50 N one 0.99998445366580002158
I would now like to log the received power for each cell ID in a log file, and later plot it. I am interested how this power changes over time, especially under varying weather conditions.
Christian
-
Alexander Chemeris -
Christian Buchner -
Dimitri Stolnikov -
friedtj -
James Peroulas