Scribd
Upload
204 views68 pages

Blind Signal Analysis: Balint Seeber, Applications Engineer

The document summarizes blind signal analysis of a satellite transmission. It describes identifying key signal parameters like modulation type, symbol rate, and error correction without prior knowledge of the transmission. Examples are given of determining modulation is QPSK, symbol rate is 9600 symbols/sec, and FEC rate is 1/2. Further analysis recovers structured data packets by descrambling, differential decoding, and identifying frame headers.

Uploaded by

kidus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
204 views68 pages

Blind Signal Analysis: Balint Seeber, Applications Engineer

The document summarizes blind signal analysis of a satellite transmission. It describes identifying key signal parameters like modulation type, symbol rate, and error correction without prior knowledge of the transmission. Examples are given of determining modulation is QPSK, symbol rate is 9600 symbols/sec, and FEC rate is 1/2. Further analysis recovers structured data packets by descrambling, differential decoding, and identifying frame headers.

Uploaded by

kidus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 68

BlindSignalAnalysis

BalintSeeber,ApplicationsEngineer

[email protected]
@spenchdotnet

NotesandlinksinPDFcommentsoneachslide
Recap
Lotsofdifferenttypesofsatellites
Variables:
Purpose:comms,weather,MIL,amateur
Payload:transponders,cameras/sensors
Orbit:LowEarthOrbit,geostationary(geosync)
Frequencies:uplink,downlink,beacon,command
Twocategories:
Intelligent:communicationwithonboardsystems
Dumb:relayinformationwithlineartransponders
Widearearebroadcast
RFmegaphone(e.g.satelliteTV)
Singledishsendsbeamonuplinktosatellite
LineartranspondershiftsrawRFtodownlink
frequency,retransmittedviaspotbeams
Coveranyentirecountry

Lineartranspondersaredumb:rebroadcast
anythingontocoveragearea
TT&CandUPC
Telemetry,TrackingandCommand
Needtobeabletosendcommandstosatellite
Changepayloadconfiguration
Multiplexing
Switchbetweenredundantsystems
Orbit
Checkonhealthofsatellite/payload
Beacon+telemetry
Measureaffectofweather(combatrainfade)
UplinkPowerControl
Turnuptransmitterpower(keepatmin.=save$$$)
OptusD1
24Kubandtransponders
MultiplexedspotbeamsserviceAusandNZ
Uplink: 14.0 14.5GHz
Downlink: 12.25 12.75GHz
Bandwidth: 54MHz
MainlyTV(widebandDVBS)
ABC,SBS,Se7en,Nin9,SkyNZ
Someother(narrowband)things
FNABeamCoverage

EffectiveIsotropicRadiatedPower(EIRP)
D1ChannelFrequencies
Uplink

Downlink
OptusEarthStation
Belrose,Sydney
Spotthe
satellite
modem

RadyneComstream
SatelliteModem
DMD15
RedundantSystemController

DigitalTrackingReceiver

AntennaControlSystem
C1UPC
Whatyouneed
Dish+LNB+powerinjector+USRP+GNURadio
(settopboxwithLNBthru)
LowNoiseBlockdownconverter

Subtract11.3GHzfromdownlinkfrequency:950 1450MHz
D1TLM1:12243.25MHz
MirrorofRHS* Constantcarrierpower*

TLMsidebands
Constant
subcarrier

1PPS

BeaconwithPhaseModulation*(PM):1PPSandtwotelemetrystreams(sidebands)
Visualisation
PSKDebugOutput
DataStreams
Allsortsofcontinuousstreamsofvarying
bandwidth
Streamscreatedbymanipulatingrawdatato
optimisefortransmissionoverlongdistance
Receivermustbeabletolockonanddecode
Modulation:pickyourparameters
Supportmultipledatastreams, Encodechangesindata Createsignal
dropandinsert (receivercanbenoncoherent) suitableforuplink

Makedataappearrandom Turnbinaryintosymbols
(increaseentropyofstructureddata) forbasebandRF
(0/1 combinationsofwaves)

Protectintegrityofdata
(corruptionfromnoiseonchannel)
Demodulation:easywhenyouknow
Whatisthemodulation?
Symbolrate?Requirecoherence?
Aretheremultiplestreams? Isitdifferential,or Whatisthephasedifference?
Howaretheymultiplexed? whatdefinesa0/1? Needtoconjugatecomplexplane?

Possibletodetermineifitisscrambled WhichFEC(s)isused?
(calculatestats),butwhatisthescrambler? Isitaconcatenatedcode?
Isitadditiveormultiplicative? Whatisthecoderate?
Howisitsynchronised? Whatistheblocksize?
Howisitsynchronised?
Ifyoudontknow
Trythemostcommon/defaultoptions(RTFMM):
Modulation:PhaseShiftKeying(BPSK,QPSK)
Convolutionalcode:NASA,K=7(VoyagerProbe)
Scrambler:IESS803(IntelsatBusinessService)
Stillneedtotryeachcombinationof:
Differentialdecoding,synchronisationoffset,symbol
mapping
Bestoptionistotryeverypermutation
automatically
AssumingdecentSNR,lowBitErrorRateisan
indicatoryoureheadingtherightway!
Aside:PSK,Symbols&Bits
PSKuseschangesinphaseofasignal(carrier)to
conveydata
Demodulatordetectsphasechangesandoutputs
symbols
OrderofPSKdetermines#bitsin1symbol
Manybits/symbolthankstoimaginarynumbers(I/Q)
Rawbitrate=symbolratex(#bits/symbol)
BinaryPSK(BPSK): 1bit/symbol
QuaternaryPSK(QPSK): 2bits/symbol
8PSK: 3bits/symbol,etc
Determiningmodulation&rate
AssumingPSK,easytodetermine:
Modulationorder:multiplythesignalbyitself
Symbolrate:multiplythesignalbyalagged
versionofitself(cyclostationaryanalysis)
OnlyafewGRblocksrequireddothis
Letstryone

FeedentirebasebandspectrumintoGR
Performchannelselectiontoisolatestreamofinterest
(createnewbaseband
centredonstream)
DeterminePSKorder
Startat2andgoup
Stopwhenspikeappears

QPSK:2bits/symbol
DetermineSymbolRate
Findfirstpeak

9.6kHz=9600symbols/sec
Trysynchronisation&FEC

FECRate:
Not differential
Nophaseshift
(dependsonwhenyou
switchonreceiver)
FindPreciseSymbolRate
Creating Auto-FEC:
sample_rate: 800000
ber_threshold: 2048
ber_smoothing:
ber_duration:
ber_sample_decimation:
0.01
8192
1
AutoFEC
settling_period: 4096
pre_lock_duration: 8192

De-puncturer relative rate: 1.000000


==> Using throttle at sample rate: 800000
==> Using lock throttle rate: 50000
Auto-FEC thread started: Thread-1
Skipping initial samples while MPSK receiver locks: 4096

Reached excess BER limit: 11437.1352901 , locked: False , current puncture matrix: 0 , total samples
received: 12289
Applying lock value: 0
Beginning search...
Applying rotation: 1j

Reached excess BER limit: 11870.4144919 , locked: False , current puncture matrix: 0 , total samples
received: 24586
Applying rotation: 1
Applying conjugation: 0

Locking current XForm


=========================================================

FEC locked: 1/2


=========================================================
Applying lock value: 1
Demodulated&errorcorrected
Symbolrate =9600symbols/sec
PreFECrawbitrate =19200bits/sec
PostFECrawbitrate =9600bits/sec(rate)

Visualisedata:lookforadditionalclues
Differentialencoding
Scrambling
Structure
QPSKPhaseDebug
Visualisation
Rawdata(0:black,1:white)

Descramblingtime!
Descrambled
Better,butlongrunsof0sand1s(notideal)

Differentialdecodingtime!
Diff.decoded&descrambled
Structured,asynchronouspacketsofdata!

Repeatingstructure
PatternSearch
Searchforrepeating
stringsofbits
Trytofindframeheader
Clue:suddenincreasein
#ofoccurrences

Preceding1sarejustpartofidle
streamwhennodataisbeingsent
Frameanalysis
Header
SYNSYNSYN(EBCDIC)
Characterorientedencoding:
SOH
STX
ETX
CRC(CCITT16)
Numbersoffixedlengthmessages
EachcontainsanID
Unpack&findpatterns
8bitsigned
16bitsigned
Messageheader BCD
#
0001 [20 049 200] (1/1) ff 18 80 70 01 24 e9 ae ed 26 1a 07 31 90 19 fa 00 00 03 02 00 72 e9 2e
0034 [20 051 161] (1/1) ff 18 80 70 01 24 e9 c7 ed 24 1a 07 31 90 19 fa 00 00 03 02 00 72 e9 2d
0067 [20 053 121] (1/1) ff 18 80 70 01 24 e9 d9 ed 2c 1a 07 31 90 19 fa 00 00 03 02 00 71 e9 2d
0101 [20 055 082] (1/1) ff 18 80 70 01 24 e9 ee ed 2f 1a 07 31 90 19 fa 00 00 03 02 00 71 e9 2d
0134 [20 057 043] (1/1) ff 18 80 70 01 24 e9 ff ed 36 1a 07 31 90 19 fa 00 00 03 03 00 72 e9 2e
0167 [20 059 004] (1/1) ff 18 80 70 01 24 ea 10 ed 40 1a 07 31 90 19 fa 00 00 03 02 00 72 e9 2d
0200 [20 060 221] (1/1) ff 18 80 70 01 24 ea 24 ed 43 1a 07 31 90 19 fa 00 00 03 02 00 73 e9 2d
0233 [20 062 182] (1/1) ff 18 80 70 01 24 ea 3b ed 44 1a 07 31 90 19 fa 00 00 03 02 00 72 e9 2d
0266 [20 064 142] (1/1) ff 18 80 70 01 24 ea 4d ed 4c 1a 07 31 90 19 fa 00 00 03 03 00 74 e9 2c
0299 [20 066 103] (1/1) ff 18 80 70 01 24 ea 62 ed 4f 1a 07 31 90 19 fa 00 00 03 03 00 71 e9 2c
0332 [20 068 064] (1/1) ff 18 80 70 01 24 ea 75 ed 54 1a 07 31 90 19 fa 00 00 03 04 00 70 e9 2c
0365 [20 070 025] (1/1) ff 18 80 70 01 24 ea 80 ed 62 1a 07 31 90 19 fa 00 00 03 03 00 6d e9 2d
0398 [20 071 242] (1/1) ff 18 80 70 01 24 ea 98 ed 64 1a 07 31 90 19 fa 00 00 03 02 00 6b e9 2d
0431 [20 073 203] (1/1) ff 18 80 70 01 24 ea a7 ed 6e 1a 08 31 90 19 fa 00 00 03 00 00 6c e9 2d
0464 [20 075 164] (1/1) ff 18 80 70 01 24 ea bc ed 71 1a 08 31 90 19 fa 00 00 03 00 00 6c e9 2d
0497 [20 077 125] (1/1) ff 18 80 70 01 24 ea cf ed 76 1a 08 31 90 19 fa 00 00 02 99 00 6d e9 2d
0530 [20 079 086] (1/1) ff 18 80 70 01 24 ea e8 ed 76 1a 08 31 90 19 fa 00 00 03 00 00 6b e9 2b
0563 [20 081 047] (1/1) ff 18 80 70 01 24 ea f7 ed 80 1a 08 31 90 19 fa 00 00 03 01 00 69 e9 2b
0596 [20 083 008] (1/1) ff 18 80 70 01 24 eb 06 ed 8a 1a 08 31 90 19 fa 00 00 03 01 00 66 e9 2b
0630 [20 084 225] (1/1) ff 18 80 70 01 24 eb 1b ed 8e 1a 08 31 90 19 fa 00 00 03 01 00 67 e9 2b
0663 [20 086 187] (1/1) ff 18 80 70 01 24 eb 30 ed 92 1a 08 31 90 19 fa 00 00 03 01 00 6a e9 2c
0696 [20 088 148] (1/1) ff 18 80 70 01 24 eb 45 ed 95 1a 08 31 90 19 fa 00 00 03 01 00 70 e9 2c
0729 [20 090 109] (1/1) ff 18 80 70 01 24 eb 59 ed 99 1a 08 31 90 19 fa 00 00 03 03 00 73 e9 2c
0762 [20 092 069] (1/1) ff 18 80 70 01 24 eb 6b ed a1 1a 08 31 90 19 fa 00 00 03 03 00 75 e9 2b
0795 [20 094 030] (1/1) ff 18 80 70 01 24 eb 7b ed a9 1a 08 31 90 19 fa 00 00 03 03 00 76 e9 2b
0828 [20 095 247] (1/1) ff 18 80 70 01 24 eb 8e ed af 1a 08 31 90 19 fa 00 00 03 03 00 75 e9 2b
0861 [20 097 208] (1/1) ff 18 80 70 01 24 eb a2 ed b3 1a 08 31 90 19 fa 00 00 03 02 00 74 e9 2b
0894 [20 099 169] (1/1) ff 18 80 70 01 24 eb b7 ed b6 1a 08 31 90 19 fa 00 00 03 03 00 72 e9 2b
0927 [20 101 130] (1/1) ff 18 80 70 01 24 eb ca ed bd 1a 08 31 90 19 fa 00 00 03 03 00 71 e9 2b
0960 [20 103 091] (1/1) ff 18 80 70 01 24 eb da ed c4 1a 08 31 90 19 fa 00 00 03 03 00 70 e9 2b
0993 [20 105 052] (1/1) ff 18 80 70 01 24 eb ef ed c9 1a 08 31 90 19 fa 00 00 03 03 00 70 e9 2b
1026 [20 107 013] (1/1) ff 18 80 70 01 24 ec 03 ed cd 1a 08 31 90 19 fa 00 00 03 03 00 71 e9 2b
GraphingtheData
1660 6

2
1640
0
0 5 10 15 20 25 30 35
2
1620
4

1600 8
120

100

1580
80

60

1560 40

20

1540 0
980 970 960 950 940 930 920 0 5 10 15 20 25 30 35
GraphingtheData
4320 14.5

14
4315
13.5

4310 13

12.5
4305
12

4300 11.5
0 5 10 15 20 25 30 35

4295 156
154
152
4290
150
148
4285
146
144
4280 142
140
4275 138
1700 1650 1600 1550 1500 1450 1400 1350 0 5 10 15 20 25 30 35
Noapparentsignal

1ms

[email protected]
CDMADetectionwithGRC

Visualiseintensity
2.1GHz3G offrequency
components
overtime
850MHzNextG
Visualise
instantaneous
frequencyspectrum
L1GPS

Findrepeating
patternsburied
withinasignal
3GWCDMA
SignatureofUMTS:repeatingdatainCPICHat10msintervals
TETRA

Repeatingidlepattern

Frequencycorrectionburst
TETRA

/4DQPSK
STANAG4285
STANAG4285

2400baud
80(preamble)+
4x32(data)+
3x16(channelprobe)
@2400bps
=106.66ms
Digital
Radio
Mondiale
CyclicAutocorrelationFunction
Han,Sohn&Moung,"ABlindOFDMDetectionandIdentificationMethod
BasedonCyclostationarityforCognitiveRadioApplication"

Totalsymbol Unguarded
periodicity symboltime
UnguardedSymbolTime

21.33ms
TotalSymbolDuration

~37.48Hz=26.6ms
TopdownDRMSymmetry
DRMClassB

Modulationproperty Value
Unguardedsymboltime 21.33ms
Subcarrierspacing 467/8Hz 1/(21.33ms)
Guardinterval 5.33ms
Totalsymbolduration 26.66ms
Guardintervalratio 1/4
Symbolsperframe 15
21.33ms

(1Msps/50)x21.33ms=426.6
26.66ms
http://wiki.spench.net/wiki/RF

[email protected] @spenchdotnet

You might also like