1
00:00:00,110 --> 00:00:17,690
35C3 preroll music
2
00:00:17,690 --> 00:00:20,040
Friederike: I will give you
a short introduction to
3
00:00:20,040 --> 00:00:25,279
software defined radio. So some basics
about this technology and some modulation
4
00:00:25,279 --> 00:00:34,289
technology which your also always need if
you want to transmit something. First of
5
00:00:34,289 --> 00:00:39,590
all before we come to the software defined
radio let's first have a look about what
6
00:00:39,590 --> 00:00:44,890
generally happens in a radio transmission,
so the parts you always need to get
7
00:00:44,890 --> 00:00:51,039
something over the air. Normally you have
some input signal you want to transmit, an
8
00:00:51,039 --> 00:00:59,629
audio signal, a radio for example, a video
signal or just any data. Then you do some
9
00:00:59,629 --> 00:01:06,570
compression. Mostly you do this if you
have some digital stuff in analog. You
10
00:01:06,570 --> 00:01:11,579
don't do this so much, some error
correction, modulation and then the
11
00:01:11,579 --> 00:01:17,140
frequency assignment to the frequency you
want to use for the transmission.
12
00:01:17,140 --> 00:01:24,940
Then you have a radio channel. Sometimes
you have mobility if you move. You have a
13
00:01:24,940 --> 00:01:30,810
multi-path propagation. You always have
some noise added and often there are also
14
00:01:30,810 --> 00:01:36,420
like other signals in the air which also
share the channel. And then at the other
15
00:01:36,420 --> 00:01:42,080
side it goes the other way round. You get
the demodulation, error correction if
16
00:01:42,080 --> 00:01:49,540
there are errors and the decompression and
hopefully outcomes here original audio or
17
00:01:49,540 --> 00:01:57,810
video signal or the data you had
transmitted. A bit to the frequency
18
00:01:57,810 --> 00:02:05,049
assignment: there are frequency plans.
Here you can see a frequency plan of the
19
00:02:05,049 --> 00:02:11,400
US. They had a nice chart like this here
for example you can see the frequency band
20
00:02:11,400 --> 00:02:20,040
from 88 to 108 megahertz then some
aeronautical services and other stuff at
21
00:02:20,040 --> 00:02:26,250
the other frequencies for Europe. They
have a really huge table. You can find it
22
00:02:26,250 --> 00:02:34,720
on the website of the ECO - the European
Communications Office. Yeah it's quite
23
00:02:34,720 --> 00:02:40,349
large. But if you want to look what's
probably on this frequency in the air you
24
00:02:40,349 --> 00:02:51,439
can have a look there. So now let's start
with a not software defined radio to get a
25
00:02:51,439 --> 00:02:58,069
bit more used to the principles. What does
happen there. Here's for example an old AM
26
00:02:58,069 --> 00:03:02,240
receiver in this on this side. So we get
the signal in the air, the AM
27
00:03:02,240 --> 00:03:06,969
transmission. There are still some but
they are actually switched off at the
28
00:03:06,969 --> 00:03:16,419
moment. Here now we have a superheterodyne
receiver, it's called like this. So what
29
00:03:16,419 --> 00:03:22,099
we have, we have where is my mouse, here
is my mouse. So we have here at the
30
00:03:22,099 --> 00:03:28,450
antenna, here is the antenna, we have our
signal S1. That's the signal we want to
31
00:03:28,450 --> 00:03:35,010
receive. Then we have some filtering to
get rid of all the other signals which are
32
00:03:35,010 --> 00:03:44,190
farther away.
Then we have our mixer here. So the LO
33
00:03:44,190 --> 00:03:50,640
frequency of this mixer, like the local
oscillator frequency here, is always
34
00:03:50,640 --> 00:03:57,310
chosen in the way that the wanted signal
always falls in the same intermediate
35
00:03:57,310 --> 00:04:05,170
frequency. With this you can have a very
sharp filter here. The IF filter. So at
36
00:04:05,170 --> 00:04:11,620
your IF fillter output you only get the
wanted signal which then, after the
37
00:04:11,620 --> 00:04:18,130
filtering, again some amplification, goes
to the demodulator and in the case of AM
38
00:04:18,130 --> 00:04:26,720
now all your information is actually in
the amplitude of the signal. So for
39
00:04:26,720 --> 00:04:32,530
decoding and listening the easiest way
would be just an envelope detector which
40
00:04:32,530 --> 00:04:38,190
could look like this. You have a diode
which actually puts the negative part of
41
00:04:38,190 --> 00:04:44,530
the signal to the positive side. And then
here we just use a low pass to get rid of
42
00:04:44,530 --> 00:04:50,830
the intermediate frequency which you can
still see here. And afterwards you can
43
00:04:50,830 --> 00:04:57,440
just listen to your audio signal. So in
the case of software defined radio we stay
44
00:04:57,440 --> 00:05:05,570
to the to the RX front end in these
examples. The TX path would be nearly
45
00:05:05,570 --> 00:05:13,280
similar the other way around. So again, we
have the antenna. Antennas are also really
46
00:05:13,280 --> 00:05:21,010
important. Always take a good well adapted
antenna to the frequency you want to
47
00:05:21,010 --> 00:05:26,330
receive or the frequency you want to
transmit, because otherwise you won't get
48
00:05:26,330 --> 00:05:34,450
any signal out of the air or only a very
low part of the signal. I gave a talk on
49
00:05:34,450 --> 00:05:42,110
antennas at 31C3. So if you're interested
in antennas you can have a look on
50
00:05:42,110 --> 00:05:52,780
media.ccc.de. Then again we again have
some filteirng, an amplifier, and now we
51
00:05:52,780 --> 00:05:59,680
have an IQ mixer.
Here you can see it actually consists of
52
00:05:59,680 --> 00:06:05,800
two mixers and this local oscillator
signal is shifted by 90 degrees to the
53
00:06:05,800 --> 00:06:14,350
lower part here of our signal. Then again
some filtering, amplification and then we
54
00:06:14,350 --> 00:06:24,480
get the analog to digital converters here
to get our IQ signal then to the computer
55
00:06:24,480 --> 00:06:32,240
for decoding and software.
We still have actually a big analog part
56
00:06:32,240 --> 00:06:38,620
here. So most of the front end is still an
analog and the digital part actually is
57
00:06:38,620 --> 00:06:44,440
only this after the analog to digital
converter. In this case of a classical
58
00:06:44,440 --> 00:06:54,070
software defined radio front end. IQ data
are pretty cool, they contain actually the
59
00:06:54,070 --> 00:07:02,880
raw signal that is coming out of the air.
You could also record the raw signal. It's
60
00:07:02,880 --> 00:07:11,470
fastly getting huge. And for example do
then the demodulation later. If you put
61
00:07:11,470 --> 00:07:18,280
those IQ signals on a coordinate plane,
which you can see here on the right side,
62
00:07:18,280 --> 00:07:24,250
you can see also the phase shift of 90
degrees between the I, which is the
63
00:07:24,250 --> 00:07:32,220
inphase component, and the Q which is the
quadrature component of the signal. If you
64
00:07:32,220 --> 00:07:44,590
assigns some numbers, we can also combine
them with a vector. We can use Pythagoras
65
00:07:44,590 --> 00:07:49,780
for example to get the amplitude of the
resulting vector, we can do some
66
00:07:49,780 --> 00:07:57,330
trigonometry to get the angle.
Actually those two parameters like the
67
00:07:57,330 --> 00:08:04,270
angle and the amplitude are the main
parameters you can put information in. So
68
00:08:04,270 --> 00:08:09,460
in the example before, like the AM
modulation, you only use actually the
69
00:08:09,460 --> 00:08:15,740
amplitude of the signal. In contrast to
this an FM modulation for example has a
70
00:08:15,740 --> 00:08:21,590
constant amplitude and all the information
is put to the to the phase or the
71
00:08:21,590 --> 00:08:28,640
frequency. So no matter what kind of
modulation is used, these IQ data actually
72
00:08:28,640 --> 00:08:34,419
contain all the necessary information. A
nice example of a modulation which is
73
00:08:34,419 --> 00:08:40,578
often used nowadays and that also uses
both of those parameters is the QAM
74
00:08:40,578 --> 00:08:48,660
modulation. OK, I already told this. The
QAM modulation here for example is a
75
00:08:48,660 --> 00:08:54,650
constellation diagram out of the program
GNURadio.
76
00:08:54,650 --> 00:08:59,500
Oh it's a bit shifted everything, doesn't
matter. So here again we have our inphase
77
00:08:59,500 --> 00:09:07,310
component on the x axis and the quadrature
component on the vertical axis with the
78
00:09:07,310 --> 00:09:14,160
4-QAM we have four symbols, so we can put
in two bits per symbol. A 16-QAM for
79
00:09:14,160 --> 00:09:23,290
example you can put in four bits per
symbol. If we go further, 64-QAM we can
80
00:09:23,290 --> 00:09:32,140
put in six bits per symbol. This for
example is used in DVB-T or DAB like
81
00:09:32,140 --> 00:09:45,839
broadcasting systems or in Wi-Fi 802.11n
uses up to 64-QAM. LTE also uses up to
82
00:09:45,839 --> 00:09:57,161
64-QAM. When we go for father 802.11ac
uses 256-QAM, so even more dots. You can
83
00:09:57,161 --> 00:10:07,089
put in eight bits then per symbol and so
does LTE Advanced and so the more data you
84
00:10:07,089 --> 00:10:19,310
want to transmit, the more symbols you
need. 802.11ax uses up to ten 1024-QAM
85
00:10:19,310 --> 00:10:26,709
with 10 bits per symbol. And so does
successor of 4G like the 5G New Radio also
86
00:10:26,709 --> 00:10:37,720
uses up to 1024-QAM. Becomes interesting
when we add some noise.
87
00:10:37,720 --> 00:10:43,100
So you always, as I told you, always got
the channel you always got noise. This is
88
00:10:43,100 --> 00:10:48,709
what happens if we add some noise to the
64-QAM. You could still like estimate
89
00:10:48,709 --> 00:10:56,699
where the original symbol would be. This
becomes even more difficult if we go to
90
00:10:56,699 --> 00:11:06,540
the 1024-QAM. That's also why those
broadband systems always use an adaptive
91
00:11:06,540 --> 00:11:11,820
modulation like within the first data
exchange they communicate about the
92
00:11:11,820 --> 00:11:18,249
quality of the signal and only if you get
a really good signal level at the
93
00:11:18,249 --> 00:11:24,739
receiver, you choose the highest order
modulation. Otherwise it ramped down to
94
00:11:24,739 --> 00:11:30,129
lower orders. So these high order
modulations only work with really good
95
00:11:30,129 --> 00:11:41,600
signal levels. So let's go back to the IQ
data. Those IQ data are closely related to
96
00:11:41,600 --> 00:11:52,040
complex numbers. So to get the complex
number let's add some imaginary unit j. So
97
00:11:52,040 --> 00:12:01,390
we get our complex number actually a C = I
+ j * Q which are again our inphase and
98
00:12:01,390 --> 00:12:08,120
quadrature component.
So a complex number you can write them in
99
00:12:08,120 --> 00:12:12,490
the Cartesian form which I
showed. The mostly often used form is
100
00:12:12,490 --> 00:12:21,799
actually the polar form where are we add
Euler's number. So it becomes like C quals
101
00:12:21,799 --> 00:12:28,540
a multiplied by e, Euler's number, to the
power of j * phi which is our phase here
102
00:12:28,540 --> 00:12:40,240
again. So in this case like our real axis,
the inphase axis here becomes our real
103
00:12:40,240 --> 00:12:52,990
axis and the Q axis becomes our imaginary
axis. This property of this polar form,
104
00:12:52,990 --> 00:13:01,080
which is often needed in digital signal
processing, is the multiplication. Like if
105
00:13:01,080 --> 00:13:13,779
you multiply two polar formed complex
numbers this ends up in an addition of the
106
00:13:13,779 --> 00:13:18,600
elevated parts here. And this is often
used for example in Fourier
107
00:13:18,600 --> 00:13:24,990
transformations or if you mix signals to
get them from one frequency to the other.
108
00:13:24,990 --> 00:13:29,820
One this later it looks quite complex but
it's really worth using it at the end.
109
00:13:29,820 --> 00:13:38,889
So um the first step in the software
defined radio is then to get the right
110
00:13:38,889 --> 00:13:44,100
parts of the signal through the front end,
because if you don't get your IQ data
111
00:13:44,100 --> 00:13:51,420
actually properly, afterwards decoding in
software becomes very very difficult or
112
00:13:51,420 --> 00:13:58,019
even impossible. So let's have a look at
the different parts of our software
113
00:13:58,019 --> 00:14:05,970
defined receiver. After the antenna,
filtering and amplifier, we have this IQ
114
00:14:05,970 --> 00:14:14,279
mixer. To keep it a bit more simple for
now we just skip the IQ part and have a
115
00:14:14,279 --> 00:14:22,220
look what a mixer in general is doing. To
get the signal from the transmitted
116
00:14:22,220 --> 00:14:27,769
frequency to the IF, to the intermediate
frequency, it is multiplied with an LO
117
00:14:27,769 --> 00:14:33,790
signal and then filtered. This
multiplication actually ends up here in an
118
00:14:33,790 --> 00:14:42,059
addition. Here this higher part and in a
subtraction of the two frequencies we put
119
00:14:42,059 --> 00:14:49,839
in here. And with the filter we actually
get rid of of the higher part here. The
120
00:14:49,839 --> 00:14:57,509
mixer defines the frequency range the SDL
front end is working on. For example there
121
00:14:57,509 --> 00:15:06,389
are those quite cheap RTL SDR USB sticks
which were originally made for DVB-T
122
00:15:06,389 --> 00:15:14,370
reception. They work for example from 24
megahertz up to 1766 megahertz.
123
00:15:14,370 --> 00:15:24,769
Then there's the HackRF, which is also an
often used SDR font end, works from 1 MHz
124
00:15:24,769 --> 00:15:35,279
up to 6 GHz. And the radio badge from the
CCC camp 2015 works from 50 MHz up to 4
125
00:15:35,279 --> 00:15:43,930
GHz. As I told, the mixer here is a bit
simplified. Here is for example the the
126
00:15:43,930 --> 00:15:57,209
mixer chipset of the HackRF. Here you can
see the IQ mixing part here.
127
00:15:57,209 --> 00:16:02,869
Next step then, after again some filtering
amplification is the analog to digital
128
00:16:02,869 --> 00:16:11,269
converter. We get the analog signal in
here. And what the computer actually needs
129
00:16:11,269 --> 00:16:18,240
are samples of the signal. So they have to
be taken at dedicated times t here. We get
130
00:16:18,240 --> 00:16:24,519
the sampling rate here: 1 divided by T.
This sampling rate must comply with the
131
00:16:24,519 --> 00:16:29,769
Nyquist Shannon sampling theorem.
Otherwise your signal can't be
132
00:16:29,769 --> 00:16:36,139
reconstructed properly. You get effects
like aliasing where you have frequencies
133
00:16:36,139 --> 00:16:45,939
that actually are not there, but are
caused by the undersampling of the signal
134
00:16:45,939 --> 00:16:53,550
and for complying this Nyquist Shannon
theorem, like the the bandwidth of your
135
00:16:53,550 --> 00:16:58,759
signal, of the signal you want to
digitize, has to be smaller than one
136
00:16:58,759 --> 00:17:13,609
divided by 2*T. Here an example of an DAB+
signal. DAB+ is nice because it always has
137
00:17:13,609 --> 00:17:22,520
a bandwidth of 1.5 MHz, it has quite sharp
edges because it uses an OFDM modulation.
138
00:17:22,520 --> 00:17:34,680
This here was received with an RTL SDR
DAB/DVB-T stick, with the software Gqrx
139
00:17:34,680 --> 00:17:41,450
which has a maximum sampling rate of 3.2
MHz. So let's check for Nyquist. We have
140
00:17:41,450 --> 00:17:49,410
our bandwidth of 1.5 MHz, we have the
sampling rate of 3.2 MHz. So 1 divided by
141
00:17:49,410 --> 00:18:02,050
2*T is 1.6 MHz and 1.5 MHz is smaller than
1.6 MHz. Great! We can receive a DAB+
142
00:18:02,050 --> 00:18:15,280
signal with a DAB receiver. You might ask
now, this is also for the DVB-T reception
143
00:18:15,280 --> 00:18:22,340
which has a bandwidth of 8 MHz. So you
would need a sampling rate of 60 MHz to
144
00:18:22,340 --> 00:18:28,890
receive or to digitize this. That's
actually a nice example of the usage of
145
00:18:28,890 --> 00:18:37,930
SDR in comparison to dedicated chipsets.
So DVB-T here doesn't use the SDR mode of
146
00:18:37,930 --> 00:18:46,210
this chipset, but it has a dedicated DVB-T
chipset in here. So chipset development is
147
00:18:46,210 --> 00:18:52,830
quite expensive, but if there is a mass
market and for television there is a mass
148
00:18:52,830 --> 00:19:00,170
market, they can be produced very cheap.
So actually the SDR mode was probably
149
00:19:00,170 --> 00:19:08,550
added for the DAB reception. Also with the
growing bandwidth the power consumption of
150
00:19:08,550 --> 00:19:15,640
the SDR mode becomes quite high, because
you have always to digitize the whole
151
00:19:15,640 --> 00:19:20,950
bandwidth of your signal.
So if it comes for example to LTE with 20
152
00:19:20,950 --> 00:19:31,640
or 40 MHz bandwidth this becomes quite
relevant. OK, we can get the DAB signal
153
00:19:31,640 --> 00:19:36,370
here.
The next relevant parameter here is the
154
00:19:36,370 --> 00:19:44,430
resolution of the ADC. With a 3 bit
resolution for example you would get 8
155
00:19:44,430 --> 00:19:53,640
discrete values from your signal. With an
8 bit resolution you get 256 values. With
156
00:19:53,640 --> 00:20:02,670
60 bit you get a lot of values and those
parts of the step here, you can see for
157
00:20:02,670 --> 00:20:11,560
example the 3 bit resolution and the 6 bit
resolution of a sine signal and all those
158
00:20:11,560 --> 00:20:18,260
parts of the steps, of the 3 bit
resolution, actually end up in noise,
159
00:20:18,260 --> 00:20:25,020
which is called quantization noise.
Here for example you see the spectral view
160
00:20:25,020 --> 00:20:31,480
of the signal. The first one with a 6 bit
resolution. You can see the noise floor
161
00:20:31,480 --> 00:20:41,970
here at -68 dB and below with the 8 bit
resolution, the noise floor falls down by
162
00:20:41,970 --> 00:20:52,200
12 dB. So we get a noise floor down at -80
dB. What we also see here is actually here
163
00:20:52,200 --> 00:21:03,520
are some examples. The RTL SDR has two 8
bit ADCs, the HackRF and the Rad1o have a
164
00:21:03,520 --> 00:21:11,450
dual 8 bit receive ADCs and, as they are
also transmitting purposes, they have a
165
00:21:11,450 --> 00:21:19,520
dual 10 bit transmit DAC, so the other way
round to get your digital signal in the
166
00:21:19,520 --> 00:21:28,400
analog domain again. The RTL SDR is only
for receiving purposes.
167
00:21:28,400 --> 00:21:32,880
What we also see here is on the right
side, we get our signal in the time
168
00:21:32,880 --> 00:21:40,990
domain, on the left side we get the
frequency domain. So how do we get the
169
00:21:40,990 --> 00:21:49,460
frequency view of our signal? Here for
example in the form of a spectral view and
170
00:21:49,460 --> 00:22:03,470
down here is this with a nice colors, this
part is called a waterfall diagram. Here
171
00:22:03,470 --> 00:22:09,560
in the spectrum view we see the level of
our signal components over the frequency
172
00:22:09,560 --> 00:22:18,860
and the waterfall diagram then shows the
different levels and different colors
173
00:22:18,860 --> 00:22:26,010
plotted over the time here.
So how do we get the frequency view of our
174
00:22:26,010 --> 00:22:34,680
signal? Actually uh we use a Fourier
transformation to convert the time the
175
00:22:34,680 --> 00:22:42,260
main signal into the frequency domain.
Wikipedia actually had a nice animation
176
00:22:42,260 --> 00:22:49,710
about this in public domain, so we have a
square wave signal which is a linear
177
00:22:49,710 --> 00:22:55,590
combination of sines of different
frequencies here in blue. And the
178
00:22:55,590 --> 00:23:01,970
component frequencies of these sines then
are spread across the frequency spectrum
179
00:23:01,970 --> 00:23:07,030
and they are represented here as peaks in
the frequency domain.
180
00:23:07,030 --> 00:23:13,900
So mathematically this looks like this:
here we get the different components, the
181
00:23:13,900 --> 00:23:20,700
sine components of our square wave signal.
For the sake of simplicity, we just skip
182
00:23:20,700 --> 00:23:27,880
the harmonics here, just take the sine
signal, calculate the Fourier
183
00:23:27,880 --> 00:23:36,240
transformation which is an integral of our
function. The sine signal here multiplied
184
00:23:36,240 --> 00:23:48,810
by e^(-j2pift) and integrated over t.
We also use again the polar form here,
185
00:23:48,810 --> 00:23:59,170
which then ends up in a multiplication of
these components and the integral of this
186
00:23:59,170 --> 00:24:10,770
multiplication then ends up in delta
impulses at a frequency here of a and -a
187
00:24:10,770 --> 00:24:16,620
and we still have half of an inverse
imaginary unit here.
188
00:24:16,620 --> 00:24:25,160
If we have a look at the Fourier transform
of a complex constant wave signal, this
189
00:24:25,160 --> 00:24:35,600
actually simplifies to 1 delta impulse
here at the frequency of a. For practical
190
00:24:35,600 --> 00:24:43,960
purposes um computational purposes we use
a DFT, like a discrete Fourier
191
00:24:43,960 --> 00:24:55,170
transformation, so the integral ends up in
a summation of the signal components. And
192
00:24:55,170 --> 00:24:59,860
actually normally we use a fast Fourier
transformation which you also see in all
193
00:24:59,860 --> 00:25:09,530
the software, which is actually an
algorithm to efficiently calculate a DFT.
194
00:25:09,530 --> 00:25:16,921
So let's have a view again at the DAB
signal here with the Gqrx software. We
195
00:25:16,921 --> 00:25:23,100
have the waterfall view and because it's a
bit small, no here it's actually quite
196
00:25:23,100 --> 00:25:32,851
seen. Yeah it's a bit bigger. So on the
left side we have an FFT size of 32768 and
197
00:25:32,851 --> 00:25:41,890
on the right side an FFT size of 512 and
actually with the FFT length you define
198
00:25:41,890 --> 00:25:47,851
afterwards the resolution of the bandwidth
of the spectrum. So you can see here, it's
199
00:25:47,851 --> 00:25:58,110
much more coarser than with a higher radio
resolution bandwidth here on the left
200
00:25:58,110 --> 00:26:04,680
side.
Then the sliders down here, you can find
201
00:26:04,680 --> 00:26:14,100
those sliders and stuff here in the FTT
settings of Gqrx if you want to have a
202
00:26:14,100 --> 00:26:20,280
look at this software. The sliders here
down, I also have them a bit bigger here
203
00:26:20,280 --> 00:26:26,040
you can define the reference level. So if
you have a very low signal, you have to
204
00:26:26,040 --> 00:26:35,330
put it a bit down. And also the, range
like the range you see your signal. If you
205
00:26:35,330 --> 00:26:40,340
have a high dynamic signal, you need a
large range to see all the parts of the
206
00:26:40,340 --> 00:26:47,540
signal. If you have a very very low signal
power you need to switch it down to a
207
00:26:47,540 --> 00:26:57,490
smaller range to actually see anything of
your signal.
208
00:26:57,490 --> 00:27:03,190
So the possibility is actually to
efficiently calculate an FFT or IFFT, like
209
00:27:03,190 --> 00:27:09,230
the inverse Fourier transformation, also
gave the possibility to a wider use of
210
00:27:09,230 --> 00:27:15,360
multi carrier modulation methods as OFDM
here, orthogonal frequency division
211
00:27:15,360 --> 00:27:20,410
multiplex.
Nowadays this is often used in mobile
212
00:27:20,410 --> 00:27:27,270
communication systems such as LTE due to
its resistance to the effects of the
213
00:27:27,270 --> 00:27:34,220
propagation channel. For example multi-
path propagation um often causes
214
00:27:34,220 --> 00:27:46,420
destructive interferences so some of your
carriers actually are in an destructive
215
00:27:46,420 --> 00:27:53,100
interference part, so they are actually
attenuated a lot.
216
00:27:53,100 --> 00:27:58,990
And if you if you distribute your
information over several carriers, you
217
00:27:58,990 --> 00:28:06,040
still have the chance to receive some of
the carriers and then you can afterwards
218
00:28:06,040 --> 00:28:11,980
use some error correction mechanisms to
repair actually the data and get something
219
00:28:11,980 --> 00:28:20,830
out of the data. And so here the FFT or in
the TX case, in the the transmission case,
220
00:28:20,830 --> 00:28:31,000
an inverse FFT is used actually to
distribute the, for example the QAM data
221
00:28:31,000 --> 00:28:40,020
to the different frequencies to the
different carriers. Then it's again the
222
00:28:40,020 --> 00:28:52,220
regular IQ mixer and in the case of the
reception we use the FFT to get the
223
00:28:52,220 --> 00:29:01,780
symbols, the QAM symbols for example, out
of our different carriers. Here again you
224
00:29:01,780 --> 00:29:15,090
see I like DAB, again the DAB signal. Here
we have a DAB uses 1536 subcarriers and
225
00:29:15,090 --> 00:29:21,760
the number of subcarriers here actually is
also always a compromise of how close your
226
00:29:21,760 --> 00:29:28,270
subcarriers are, which defines how much
Doppler shifts, in case of mobile
227
00:29:28,270 --> 00:29:35,870
reception, your system is capable to scope
with and on the other hand it defines how
228
00:29:35,870 --> 00:29:44,110
long your signal is in the air. So the
more carrier you have the longer your
229
00:29:44,110 --> 00:29:52,230
signal is and that has an effect on how
much delay your signal can scope with.
230
00:29:52,230 --> 00:30:01,560
Additionall, often there is a guard
interval added to the symbol to scope with
231
00:30:01,560 --> 00:30:08,120
more delays, for example DAB is a
broadcasting system with a capability of
232
00:30:08,120 --> 00:30:13,380
single frequency networks, so you can run
different transmitters on the same
233
00:30:13,380 --> 00:30:20,220
frequency with the same program but
especially in the overlapping areas this
234
00:30:20,220 --> 00:30:26,600
results in very large delays So that's why
the broadcasting system has very much
235
00:30:26,600 --> 00:30:39,820
carriers. LTE in contrast only has in the
downlink with a 10 MHz bandwidth 601
236
00:30:39,820 --> 00:30:50,470
carriers, in the uplink 600. And 802.11ac
for example with 40 MHz bandwidth has 128
237
00:30:50,470 --> 00:30:57,420
carriers.
So now let's come back from this quite
238
00:30:57,420 --> 00:31:03,820
complex world of software defined radio to
the real world. So what SDR actually
239
00:31:03,820 --> 00:31:09,670
brings are quite cheap and flexible
solutions of formerly very expensive
240
00:31:09,670 --> 00:31:17,050
technology. That's why it's actually often
used in academia are also for prototyping
241
00:31:17,050 --> 00:31:25,740
purposes. But there's also a quite big
community developing open source software
242
00:31:25,740 --> 00:31:31,510
for software defined radio. I want to show
you now like two examples where those SDR
243
00:31:31,510 --> 00:31:40,540
technologies facilitated community driven
projects. One is digital radio which goes
244
00:31:40,540 --> 00:31:49,480
digital in Switzerland or Community Radio
goes digital In Switzerland. Like
245
00:31:49,480 --> 00:31:54,750
digitizing local community radio has
actually long been a problem, community
246
00:31:54,750 --> 00:32:00,170
radios are a non-profit making media
produced by a local community and serving
247
00:32:00,170 --> 00:32:05,160
a local community.
There's also one here in Leipzig which are
248
00:32:05,160 --> 00:32:10,200
also doing a program from the Congress
here. I think they are actually starting
249
00:32:10,200 --> 00:32:17,870
now for I think for 3 hours today. It's
called Fairydust.FM, so if you want to
250
00:32:17,870 --> 00:32:28,660
listen you can look at the wiki where to
receive them. They mostly do not have a
251
00:32:28,660 --> 00:32:35,321
huge budget for running a radio. The
development was facilitated by a low
252
00:32:35,321 --> 00:32:39,660
threshold cheap transmitter. So FM
transmitters are really cheap now or they
253
00:32:39,660 --> 00:32:48,710
can be built. With DAB now, digital audio
broadcast, the possibilities of running
254
00:32:48,710 --> 00:32:54,170
your own cheap transmitter became quite
difficult for a long long time. DAB was
255
00:32:54,170 --> 00:32:59,280
developed by the big broadcasting
corporations like BBC or the German public
256
00:32:59,280 --> 00:33:03,630
media.
And it's actually adapted to their needs.
257
00:33:03,630 --> 00:33:08,770
You can put in a lot of programs in
multiplexes, you can run huge single
258
00:33:08,770 --> 00:33:15,680
frequency networks. There is a national
SFN in Germany for example. Local
259
00:33:15,680 --> 00:33:22,640
community radios, so does local commercial
radios, need more like flexible cheap
260
00:33:22,640 --> 00:33:32,950
radio transmission. So you might argue
that digital radio isn't relevant anymore
261
00:33:32,950 --> 00:33:40,020
but actually there are countries that
start to switch off FM and only streaming
262
00:33:40,020 --> 00:33:46,140
through the Internet is also not an
appropriate solution. So what happened
263
00:33:46,140 --> 00:33:51,440
some years ago was, that people started to
write open source DAB SDR software to
264
00:33:51,440 --> 00:33:57,020
build up quite cheap DAB transmitters. You
can find the software here on
265
00:33:57,020 --> 00:34:04,500
opendigitalradio.org. They have this nice
penguin with a transmission tower as a
266
00:34:04,500 --> 00:34:14,230
logo and in Switzerland the FM switch-off
is set to 2024. So it's quite coming
267
00:34:14,230 --> 00:34:21,049
closer and a lot of communities are
already on the digital airwaves there with
268
00:34:21,049 --> 00:34:29,639
this solution of software defined radio
based transmitter technologies.
269
00:34:29,639 --> 00:34:35,770
The UK is also on the way to switch off FM
and there the Ofcom actually recently
270
00:34:35,770 --> 00:34:42,169
started a survey about the demand for
small scale DAB. Also based on this SDR
271
00:34:42,169 --> 00:34:51,429
solution which makes it affordable to
community radios. Another example is
272
00:34:51,429 --> 00:34:59,079
community-driven cellular telephone
telephony. In remote areas, for example in
273
00:34:59,079 --> 00:35:05,309
Mexico and probably in a lot of more
countries, often there is no cellular
274
00:35:05,309 --> 00:35:10,079
network connection at all as it's just not
a good business for mobile broadband
275
00:35:10,079 --> 00:35:19,390
providers if you have only a few hundred
clients to use it or customers who pay for
276
00:35:19,390 --> 00:35:24,930
it. I was some years ago in the south of
Mexico for an article about the first
277
00:35:24,930 --> 00:35:30,459
community driven cellular network which
was also built on open source SDR
278
00:35:30,459 --> 00:35:39,250
technology like OpenBSC and OpenBTS which
made it then quite affordable for the
279
00:35:39,250 --> 00:35:47,750
communities there. Today this "association
telecommunications inaudible comunitarias" has
280
00:35:47,750 --> 00:35:54,779
a license to run autonomous telephone
networks in different parts of Mexico as
281
00:35:54,779 --> 00:35:59,809
Chapels (inaudible Mexican region), Vera Cruz
and Puebla and nowadays they are already
282
00:35:59,809 --> 00:36:06,440
running nearly 20 cellular networks there
and they also do a lot of trainings and
283
00:36:06,440 --> 00:36:16,829
write a lot of manuals. So if you want to
learn how to run your own GSM networks,
284
00:36:16,829 --> 00:36:24,210
they are actually only, you can have a
look on their site. So these are only two
285
00:36:24,210 --> 00:36:33,669
examples of projects where SDR facilitated
low budget communication, so you might
286
00:36:33,669 --> 00:36:43,589
ask, if you now want to have a look on SDR
yourself, where to start. So for radio
287
00:36:43,589 --> 00:36:49,599
reception this cheap RTL SDR USB sticks
are your friend.
288
00:36:49,599 --> 00:36:58,400
They cost around 10 to 20 euros depending
on where you get it. And there's software
289
00:36:58,400 --> 00:37:06,730
like this Gqrx, which I already had a lot
of examples in my slides, which runs on
290
00:37:06,730 --> 00:37:15,119
Linux and Mac. Here's an example of Gqrx
for FM reception for example. It has also
291
00:37:15,119 --> 00:37:23,769
an built-in FM decoder, so you can really
listen to FM radio. There are also AM
292
00:37:23,769 --> 00:37:32,610
decoder and some others also. You can also
dump the IQ data with this Gqrx for
293
00:37:32,610 --> 00:37:43,210
decoding it later. There's also software
for Windows like SDR# or HSDR or WinSDR.
294
00:37:43,210 --> 00:37:50,220
Always keep in mind that listening to non-
public broadcasts is forbidden! The next
295
00:37:50,220 --> 00:37:59,260
level then would be GNURadio, I already
showed in between the talk plots from
296
00:37:59,260 --> 00:38:07,279
GNURadio, like the constellation plots of
QAM modulation. GNURadio actually offers a
297
00:38:07,279 --> 00:38:13,690
very large framework for software defined
radio functions. Also to build your own
298
00:38:13,690 --> 00:38:21,430
applications. There are sources. For
example here is a source where you can
299
00:38:21,430 --> 00:38:29,670
connect your RTL SDR USB stick, define
here the sampling rate, the frequency and
300
00:38:29,670 --> 00:38:36,339
different and other stuff here. Then you
have a lot of function here, for example
301
00:38:36,339 --> 00:38:43,619
the FM demodulation, you have a spectrum
viewer, here the FFT sink, different
302
00:38:43,619 --> 00:38:50,970
resamplers and then you have different
sinks here. You you connect it to your
303
00:38:50,970 --> 00:38:58,759
sound card with the audio sink and in this
case listen to FM radio. You can also
304
00:38:58,759 --> 00:39:08,319
define a sink to connect your HackRF to
transmit something. You can also write
305
00:39:08,319 --> 00:39:14,519
your own functions. So it's quite easy in
this graphical front, the GNU Radio
306
00:39:14,519 --> 00:39:22,380
Companion to add own functions.
There are many tutorials also in the
307
00:39:22,380 --> 00:39:29,829
Internet and very active community and
it's also very often used in academia. So
308
00:39:29,829 --> 00:39:34,950
if you are perhaps studying or are
planning to study, there are very often
309
00:39:34,950 --> 00:39:41,410
projects around GNURadio which you can
work on if you're interested. There is
310
00:39:41,410 --> 00:39:48,400
also a lot of different SDR hardware
available. So the HackRF I already
311
00:39:48,400 --> 00:39:53,670
mentioned, the Rad1o badge from the CCC
camp. So if you don't have one, you can
312
00:39:53,670 --> 00:40:01,030
ask around perhaps someone still have one
lying around. There are more expensive
313
00:40:01,030 --> 00:40:06,829
ones, which then have for example better
resolutions, the ADCs, DACs have better
314
00:40:06,829 --> 00:40:12,460
resolutions.
Um there is the USRP family which is much
315
00:40:12,460 --> 00:40:21,239
more expensive but, yeah you can do a lot
more with this and it's also very often
316
00:40:21,239 --> 00:40:30,020
used in academia. I also knew it from my
time I worked at the university. So
317
00:40:30,020 --> 00:40:34,170
further information, if you are now
becoming really interesting, there are
318
00:40:34,170 --> 00:40:39,900
lots of massive open online courses. For
example I saw one from the University of
319
00:40:39,900 --> 00:40:48,059
Madrid but in English. So there are video
tutorials for example from the makers of
320
00:40:48,059 --> 00:40:55,099
the HackRF at their website. There also
nice, free available books on SDR by
321
00:40:55,099 --> 00:41:03,109
Analog Devices for example, if you look
for "SDR4 engineers". And if you are now
322
00:41:03,109 --> 00:41:13,799
here, there is an SDR challenge at the
congress. They have a table in Hall 3 in
323
00:41:13,799 --> 00:41:20,339
the wastelands there. If we have a look at
the small brand(???) so there are various
324
00:41:20,339 --> 00:41:26,730
different SDR challenges from quite easy
to difficult. There's a game server to
325
00:41:26,730 --> 00:41:32,679
claim your flag in a team and if you don't
have an SDR you can borrow one, like these
326
00:41:32,679 --> 00:41:39,970
RTLS SDR sticks, for a deposit and there
also if you don't like all this GNURadio
327
00:41:39,970 --> 00:41:48,220
stuff, there are also Bluetooth
challenges. So thanks for your attention.
328
00:41:48,220 --> 00:41:52,360
And feel free to ask questions if you
want!
329
00:41:52,360 --> 00:42:01,770
Applause
330
00:42:01,770 --> 00:42:03,590
Herald: Thank you. We have at least 15
331
00:42:03,590 --> 00:42:08,799
minutes left for Q and A. So walk to a
microphone and let's see what you got
332
00:42:08,799 --> 00:42:21,230
questionwise. OK, microphone number five.
Question: Yeah. You mentioned that
333
00:42:21,230 --> 00:42:29,240
listening to a non-public broadcast is
forbidden. What's your basis for this.
334
00:42:29,240 --> 00:42:37,559
Because if I recall correctly the European
Convention of Human Rights has an article
335
00:42:37,559 --> 00:42:43,640
about being free to conduct journalism.
And there was a claim that journalism
336
00:42:43,640 --> 00:42:49,989
includes just listening to the entire FM
spectrum.
337
00:42:49,989 --> 00:42:54,830
Answer: Yeah. The FM spectrum is public so
there's no problem. But there are other
338
00:42:54,830 --> 00:43:00,170
services like that are not encrypted
because in former times this technology
339
00:43:00,170 --> 00:43:09,049
just wasn't available or affordable for
normal persons. So nowadays you have much
340
00:43:09,049 --> 00:43:14,630
more possibilities to receive other
frequencies for example quite easily which
341
00:43:14,630 --> 00:43:19,089
are not public. And so it's forbidden to
listen to them actually.
342
00:43:19,089 --> 00:43:27,040
Q: Yeah but by what? Is there a law?
A: The law? Oh I'm not a lawyer so I don't
343
00:43:27,040 --> 00:43:33,379
know exactly what law it is.
Q: Okay.
344
00:43:33,379 --> 00:43:40,869
H: Okay, any other questions? Does the
Internet have questions by now? If you
345
00:43:40,869 --> 00:43:45,210
have a question by the way just go to a
microphone.
346
00:43:45,210 --> 00:43:50,069
Signal: The Internet doesn't have any
questions but MCR of open digital radio
347
00:43:50,069 --> 00:43:53,369
would like to thank you for speaking with
them.
348
00:43:53,369 --> 00:43:59,310
H: OK. That's not a question.
A: Sorry, what? I didn't get it.
349
00:43:59,310 --> 00:44:05,160
S: No questions.
A: Okay. Okay great.
350
00:44:05,160 --> 00:44:10,420
H: Well that's a quick one then. Thank you
all for your attention. Oh sorry.
351
00:44:10,420 --> 00:44:16,679
Microphone number two.
Q: Yeah. It's not a question either. It's
352
00:44:16,679 --> 00:44:21,089
just a clarification of the legal
situation. So basically you're allowed to
353
00:44:21,089 --> 00:44:28,079
listen to non-public broadcasts or non-
public radio traffic for example like a
354
00:44:28,079 --> 00:44:37,170
aero nautical. But you're not allowed
to record it and to to publish the
355
00:44:37,170 --> 00:44:40,910
information that you gathered.
A: Ah OK, thanks.
356
00:44:40,910 --> 00:44:47,650
Q: So, theoretically sitting at home and
listening to, yeah, I mean the tower
357
00:44:47,650 --> 00:44:53,499
talking to the pilots or whatever or even
to to police is allowed. You're just not
358
00:44:53,499 --> 00:45:01,980
allowed to basically make a profit from
it. That's the legal situation in Germany.
359
00:45:01,980 --> 00:45:06,719
I don't know how it looks in other parts
of Europe.
360
00:45:06,719 --> 00:45:10,970
H: Since we are violating the protocol of
Q and A anyway by not asking questions.
361
00:45:10,970 --> 00:45:13,240
Laughter
H: I am a lawyer and various member states
362
00:45:13,240 --> 00:45:16,829
of member state you could question that as
attention if the European Convention of
363
00:45:16,829 --> 00:45:21,460
Human Rights or not. But it really varies
from member state to member state.
364
00:45:21,460 --> 00:45:23,680
Laughter
Q: Well, in that case.
365
00:45:23,680 --> 00:45:30,439
Applause
Herald: Now I really would like to have a
366
00:45:30,439 --> 00:45:33,359
genuine question. Something that starts
with a sentence, ends with a question
367
00:45:33,359 --> 00:45:45,660
mark. Do we have any takers? Oh in that
case, thank you so much for your
368
00:45:45,660 --> 00:45:46,862
attention.
369
00:45:46,862 --> 00:45:51,747
35c3 postroll music
370
00:45:51,747 --> 00:46:08,812
subtitles created by c3subtitles.de
in the year 2019. Join, and help us!