Harald Welte's blog


Harald's Web




Other Bloggers
David Burgess
Dieter Spaar
Michael Lauer
Stefan Schmidt
Rusty Russell
David Miller
Martin Pool
Jeremy Kerr
Tim Pritlove (German)
fukami (German)
fefe (German)
Bradley M. Kuhn
Lawrence Lessig
Kalyan Varma


Ohloh profile for laforge
Linked in

Creative Commons License
Articles on this blog/journal are licensed under a Creative Commons Attribution-NoDerivs 2.5 License.



Tue, 17 Jun 2008
DVB-T transmit in pure PC software

I recently discovered this paper about Soft-DVB, a full PC-software DVB-T transmitter, it apparently is now possible on a 1.8GHz Celeron M based system to do a full software encode/modulation of a MPEG2 transport stream onto a DVB-T compliant carrier that can be received by off-the-shelf consumer DVB-T receivers. And all this on Linux, using gnuradio and the USRP.

This is really great news, and an incredible achievement by the authors of the software, particularly Vincenzo Pellegrini.

There is one (at this time still) moot point, though: The code has not been released yet. It has been demoed at SDR related conferences, so it really exists. Vincenzo has announced on the gnuradio-discuss mailinglist that eventually it will be public - without stating some kind of date, though.

I suppose he probably has to wait until his master thesis has been finalized and approved. That should be in the order of months, not years...

[ /linux/gnuradio | permanent link ]

Tue, 03 May 2005
12h trials of RFID sniffing with no success

Milosch and me were trying for the better part of last Saturday to passively receive and demodulate the ISO 14443 signal sent from a tag/icc to the reader on the 847,5kHz subcarrier that is load modulated onto the 13,56MHz main carrier.

This proves to be more difficult than we thought. Well, we both only have limited experience in practical RF design, so somebody with better skills would probably have helped a lot.

So what did we do? We've built a h-field magnetic loop antenna tuned to 13.56MHz, and tried to get hold of the subcarrier, either by hardware mixing/demodulation or software demodulation using USRP and Gnuradio.

The digital (software) demodulation seemed easy enough, but actually it is limited by the dynamic range of the A/D converter. The subcarrier is only 475kHz away from the main carrier, and it has at least 60 dB less signal. So by doing a FFT on the input signal, you can very nicely see the 13.56MHz carrier, but no subcarrier :(

We've then tried to put a impedance matcher (the opamp way) between the antenna and the USRP (which has roughly 50Ohms input impedance at the BasicRX board). However, apart from lots of distortion, the AD822 based solution didn't make any difference. The subcarrier just seems to be covered by noise.

Our hardware approach was to mix the input signal (especially the subcarrier's upper sideband) with a local oscillator of 3.8486MHz, which should result in an IF of exactly 10.7221MHz. This allows the usage of stock ceramical 10.7MHz IF filters with 280kHz bandwidth. However, we got no noticeable signal at the IF amplifier output of our SA615 based circuit.

So something went really wrong, and probably something that we didn't consider as much as we should have. Probably our test setup using a MTCOS based 14443A ICC and a RC632-based Omnikey CardMan 5121 reader was not a good choice. It was basically running an endless loop with the "Select MF" ISO 7816-4 command. Probably the response to that command was just too short (as compared wit the gap until the next command response is received), and thus we actually had a signal, but not long enough to show up in the FFT. or on the scope screen at the IF output.

Next step will be to build a 14443A card replica, basically a piece of hardware that does a constant load modulation at the right subcarrier frequency. This way we can eliminate too many variables. So when we run our next RFID playground session, we MUST be able to see the subcarrier...

The whole issue has one advantage: I've now actually modelled a 14443A signal (13.56MHz carrier with 847.5kHz AM subcarrier which is in turn ASK'd by a 106kHz signal) in gnuradio. I can TX that signal on the BasicTX output... we'll see if that simulated spectrum actually produces any reasonable result with the SA615based mixer..

[ /linux/gnuradio | permanent link ]

Thu, 14 Apr 2005
Just received my TVRX fronted for the USRP

TVRX is the first real HF frontend by Ettus Research for the USRP. It is based on a microtune tuner and covers 50 to 850 MHz RF.

I'm still intending to build a couple of frontends on my own. One of the most important ones would be a 15.6MHz frontend for ISO 14443 and 15693. Also, I have already obtained a number of tuner samples with I/Q output, which would make perfect match to the USRP.

Meanwhile, I'm still experiencing a lot of problem with gnuradio. While the USRP communication seems to work fine, gnuradio segfaults all over the place. Maybe this is related to x86_64, but I cannot say more about it at the moment.

[ /linux/gnuradio | permanent link ]

Sun, 13 Mar 2005
Still learning about DSP algorithms

Really bad timing. The USRP is sitting on my desk for about ten days now, but I still haven't really done anything useful with it. This is because I'm still reading up the theoretical background in digital signal processing.

That DSP book I'm reading is a real revelation, though. At the moment I've finished the discussion of LTI systemes and IIR filters, making my way through the z-Transform. It's really exciting, and I'm sure I need more of that kind of stuff :)

[ /linux/gnuradio | permanent link ]

Thu, 03 Mar 2005
USRP has finally arrived - what next?

The regular reader of this blog already knows what the USRP is. The infrequent reader is referred to this blog entry.

So it has finally arrived, although I really don't have too much time of playing with it at the moment. I guess I'll do some basic functionality tests and then have to put it aside for some time.

One of the important issues remains the lack of readily available RF frontends. With the BasicRX frontend, you can basically sample amplified signals of up to 32MHz bandwidth below 200MHz.

I've investigated a lot of options with regard to RF frontends, and none of them is really promising:

  • A commercially available 20-3000Mhz tuner/down-converter WiNRADIO WR-G526e. That's what we all want. Unfortunately horribly expensive, I've read USD6k somewhere :(
  • Using a commercially available radio scanner with 10.7MHz IF output. This sounds like a good idea. The problem is that most of them seem to have ridiculously small IF bandwidths:
    • Yaesu VR-5000 (+- 100kHz IF bandwidth): ~ 500-600 EUR
    • AOR AR3000A (IF bandwith unknown): 780 EUR
    • AOR AR8600MK2 (IF bandwith +- 2 MHz): 710 EUR
    • AOR AR5000A (IF bandwith +- 5MHz): 1600EUR
    So if you want to go for high-bandwith signals such as DVB or 802.11, only the AR5000A would be usable... again quite pricey.
  • Using a DVB-{T,S,C} tuner to build your own USRP RF frontend. That sounds reasonably priced, but requires quite some amount of work. Issues include
    • Obtaining tuner samples from vendors like Sharp or Microtune
    • Designing the support circuitry (voltages, matching)
    • Writing software for tuning (mostly i2c bit banging)
    Possible Tuner Modules I've found so far

[ /linux/gnuradio | permanent link ]