Re: [Discuss-gnuradio] Question about reverse-engineering a new mode
FIPS compliant security, device security, network security, access controls, and application level security are all integral parts of Public Safety Network design and operation and AVL in particular. It is just not intended to be super duper APRS. I would not spend a lot money on equipment if this is your only goal and the amount of money I would spend would cover a RTL-SDR dongle and not much more until such time as I was certain that these serious impediments were surmountable. That said, hackers (the good definition) live for this, and I encourage it. Bob On Tue, May 19, 2015 at 3:04 PM, Mark Haun hau...@keteu.org wrote: This is a bit of an idle question, but I'm hoping some knowledgable folks on here can offer advice. Mostly I'm trying to understand better what I don't know, and the size of the challenge, before jumping in to a project: I'd like to try decoding some AVL traffic in the 700-MHz band (GPS locations broadcast by transit vehicles to a central collector, where predictors are used to generate the ETAs displayed on electronic bus-stop signs). The modulation is 4-FSK, similar to P25 except wider with a higher symbol rate, emission designator 20K0F1D. The particular frequency(s) should be easy enough to discover. Transmissions are short packets on shared channels with some kind of slotted aloha or CSMA MAC. A rate-3/4 convolutional code is used. The preceding is public information gleaned from the web. I haven't captured any signals yet. The known unknowns: preambles and framing stuff, symbol mapping, the particular rate-3/4 code used (only a couple of candidates though), and, the scrambler (whitener) and its initialization. AFAIK there is no encryption per se. The payload is supposed to be TCP/IP, so there could be some sort of header compression. My question, then, is given this information, are there reasonable odds of success? I have some digital comms background from grad school but little to no practical experience. Wondering if this might be an excuse to pick up a HackRF etc. and learn GNU Radio, or if it's likely to be a dead end. Thanks, Mark ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio -- Bob McGwier Co-Founder and Technical Director, Federated Wireless, LLC Research Professor Virginia Tech Senior Member IEEE, Facebook: N4HYBob, ARS: N4HY Faculty Advisor Virginia Tech Amateur Radio Assn. (K4KDJ) ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio
Re: [Discuss-gnuradio] Question about reverse-engineering a new mode
Well, I do not expect public safety standards for bus AVL, often enough they are nothing more than a pimped APRS system. Would be interesting how the standard is called, what manufacturer... I have built a system for an aviation authority (!), some years ago. They needed a system to transmit high precision location data from planes to ground station, for periodical recertification of ILS, radars, beacons and such stuff around airports. Their demand was, the new box must look exactly like the old one, in case somebody asks if the stuff is still the hardware mentioned in the license; I'm not kidding. So I have bought some 9k6 packet radio controllers with TRX on board, modified the filters for around 300 MHz, programmed their assigned frequencies into them, set them in some special mode to simulate a 4k8 RS232 cable...then took the sample of the old system, went to a milling shop, with the order make me six boxes like this one, but so that I can install this different PCB into it. We put the modified ham gear into the boxes, made the interfacing 100% compatible, so the drop-in replacement was perfect. If you find (in central Europe) 9k6 FSK packet radio bursts in MIL AV UHF band containing NMEA packets, it is very likely that it is my fault :) Quite often you can find simple stuff in places where really something highly sophisticated is expected. Ralph. From: discuss-gnuradio-bounces+ralph=schmid@gnu.org [mailto:discuss-gnuradio-bounces+ralph=schmid@gnu.org] On Behalf Of Robert McGwier Sent: Tuesday, May 26, 2015 12:27 PM To: Mark Haun Cc: GnuRadio Discuss GnuRadio Subject: Re: [Discuss-gnuradio] Question about reverse-engineering a new mode FIPS compliant security, device security, network security, access controls, and application level security are all integral parts of Public Safety Network design and operation and AVL in particular. It is just not intended to be super duper APRS. I would not spend a lot money on equipment if this is your only goal and the amount of money I would spend would cover a RTL-SDR dongle and not much more until such time as I was certain that these serious impediments were surmountable. That said, hackers (the good definition) live for this, and I encourage it. Bob On Tue, May 19, 2015 at 3:04 PM, Mark Haun hau...@keteu.org mailto:hau...@keteu.org wrote: This is a bit of an idle question, but I'm hoping some knowledgable folks on here can offer advice. Mostly I'm trying to understand better what I don't know, and the size of the challenge, before jumping in to a project: I'd like to try decoding some AVL traffic in the 700-MHz band (GPS locations broadcast by transit vehicles to a central collector, where predictors are used to generate the ETAs displayed on electronic bus-stop signs). The modulation is 4-FSK, similar to P25 except wider with a higher symbol rate, emission designator 20K0F1D. The particular frequency(s) should be easy enough to discover. Transmissions are short packets on shared channels with some kind of slotted aloha or CSMA MAC. A rate-3/4 convolutional code is used. The preceding is public information gleaned from the web. I haven't captured any signals yet. The known unknowns: preambles and framing stuff, symbol mapping, the particular rate-3/4 code used (only a couple of candidates though), and, the scrambler (whitener) and its initialization. AFAIK there is no encryption per se. The payload is supposed to be TCP/IP, so there could be some sort of header compression. My question, then, is given this information, are there reasonable odds of success? I have some digital comms background from grad school but little to no practical experience. Wondering if this might be an excuse to pick up a HackRF etc. and learn GNU Radio, or if it's likely to be a dead end. Thanks, Mark ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org mailto:Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio -- Bob McGwier Co-Founder and Technical Director, Federated Wireless, LLC Research Professor Virginia Tech Senior Member IEEE, Facebook: N4HYBob, ARS: N4HY Faculty Advisor Virginia Tech Amateur Radio Assn. (K4KDJ) ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio
Re: [Discuss-gnuradio] Question about reverse-engineering a new mode
On 26 May 2015 03:28, Robert McGwier rwmcgw...@gmail.com wrote: [...] That said, hackers (the good definition) live for this, and I encourage it. Just wanted to emphasise this. Go for it! Worst case, you learn a lot of interesting things. Cheers, M Bob On Tue, May 19, 2015 at 3:04 PM, Mark Haun hau...@keteu.org wrote: This is a bit of an idle question, but I'm hoping some knowledgable folks on here can offer advice. Mostly I'm trying to understand better what I don't know, and the size of the challenge, before jumping in to a project: I'd like to try decoding some AVL traffic in the 700-MHz band (GPS locations broadcast by transit vehicles to a central collector, where predictors are used to generate the ETAs displayed on electronic bus-stop signs). The modulation is 4-FSK, similar to P25 except wider with a higher symbol rate, emission designator 20K0F1D. The particular frequency(s) should be easy enough to discover. Transmissions are short packets on shared channels with some kind of slotted aloha or CSMA MAC. A rate-3/4 convolutional code is used. The preceding is public information gleaned from the web. I haven't captured any signals yet. The known unknowns: preambles and framing stuff, symbol mapping, the particular rate-3/4 code used (only a couple of candidates though), and, the scrambler (whitener) and its initialization. AFAIK there is no encryption per se. The payload is supposed to be TCP/IP, so there could be some sort of header compression. My question, then, is given this information, are there reasonable odds of success? I have some digital comms background from grad school but little to no practical experience. Wondering if this might be an excuse to pick up a HackRF etc. and learn GNU Radio, or if it's likely to be a dead end. Thanks, Mark ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio -- Bob McGwier Co-Founder and Technical Director, Federated Wireless, LLC Research Professor Virginia Tech Senior Member IEEE, Facebook: N4HYBob, ARS: N4HY Faculty Advisor Virginia Tech Amateur Radio Assn. (K4KDJ) ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio
Re: [Discuss-gnuradio] Question about reverse-engineering a new mode
Thanks everyone for your responses. The funny thing is, I already concluded the way to go was to hook up an RTL-SDR dongle and start poking around. Should be here this week. I know the frequencies (based on FCC license search) and the hardware manufacturer (IPMN). AFAICT there are a variety of technologies available for AVL, so any given transit agency is likely using something different. I see no insurmountable barriers getting to the point of successful Viterbi decodes. After that, it seems quite difficult. First I have to guess the whitening polynomial and its initialization, then figure out packet framing, and possible source coding. And all of this assumes nothing is intentionally encrypted... Mark Andrew Clegg [andrew_w_cl...@hotmail.com] wrote: Sounds like an interesting project. I'd like to know more about the spectrum aspect -- do you know which band segments in 700 MHz are used for this in the U.S.? Me and my spectrum analyzer want to know :) Andy Date: Tue, 26 May 2015 06:28:44 -0700 From: martin.br...@ettus.com To: rwmcgw...@gmail.com CC: discuss-gnuradio@gnu.org Subject: Re: [Discuss-gnuradio] Question about reverse-engineering a new mode On 26 May 2015 03:28, Robert McGwier rwmcgw...@gmail.com wrote: [...] That said, hackers (the good definition) live for this, and I encourage it. Just wanted to emphasise this. Go for it! Worst case, you learn a lot of interesting things. Cheers, M Bob On Tue, May 19, 2015 at 3:04 PM, Mark Haun hau...@keteu.org wrote: This is a bit of an idle question, but I'm hoping some knowledgable folks on here can offer advice. Mostly I'm trying to understand better what I don't know, and the size of the challenge, before jumping in to a project: I'd like to try decoding some AVL traffic in the 700-MHz band (GPS locations broadcast by transit vehicles to a central collector, where predictors are used to generate the ETAs displayed on electronic bus-stop signs). The modulation is 4-FSK, similar to P25 except wider with a higher symbol rate, emission designator 20K0F1D. The particular frequency(s) should be easy enough to discover. Transmissions are short packets on shared channels with some kind of slotted aloha or CSMA MAC. A rate-3/4 convolutional code is used. The preceding is public information gleaned from the web. I haven't captured any signals yet. The known unknowns: preambles and framing stuff, symbol mapping, the particular rate-3/4 code used (only a couple of candidates though), and, the scrambler (whitener) and its initialization. AFAIK there is no encryption per se. The payload is supposed to be TCP/IP, so there could be some sort of header compression. My question, then, is given this information, are there reasonable odds of success? I have some digital comms background from grad school but little to no practical experience. Wondering if this might be an excuse to pick up a HackRF etc. and learn GNU Radio, or if it's likely to be a dead end. Thanks, Mark ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio -- Bob McGwier Co-Founder and Technical Director, Federated Wireless, LLC Research Professor Virginia Tech Senior Member IEEE, Facebook: N4HYBob, ARS: N4HY Faculty Advisor Virginia Tech Amateur Radio Assn. (K4KDJ) ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio
Re: [Discuss-gnuradio] Question about reverse-engineering a new mode
Sounds like an interesting project. I'd like to know more about the spectrum aspect -- do you know which band segments in 700 MHz are used for this in the U.S.? Me and my spectrum analyzer want to know :) Andy Date: Tue, 26 May 2015 06:28:44 -0700 From: martin.br...@ettus.com To: rwmcgw...@gmail.com CC: discuss-gnuradio@gnu.org Subject: Re: [Discuss-gnuradio] Question about reverse-engineering a new mode On 26 May 2015 03:28, Robert McGwier rwmcgw...@gmail.com wrote: [...] That said, hackers (the good definition) live for this, and I encourage it. Just wanted to emphasise this. Go for it! Worst case, you learn a lot of interesting things. Cheers, M Bob On Tue, May 19, 2015 at 3:04 PM, Mark Haun hau...@keteu.org wrote: This is a bit of an idle question, but I'm hoping some knowledgable folks on here can offer advice. Mostly I'm trying to understand better what I don't know, and the size of the challenge, before jumping in to a project: I'd like to try decoding some AVL traffic in the 700-MHz band (GPS locations broadcast by transit vehicles to a central collector, where predictors are used to generate the ETAs displayed on electronic bus-stop signs). The modulation is 4-FSK, similar to P25 except wider with a higher symbol rate, emission designator 20K0F1D. The particular frequency(s) should be easy enough to discover. Transmissions are short packets on shared channels with some kind of slotted aloha or CSMA MAC. A rate-3/4 convolutional code is used. The preceding is public information gleaned from the web. I haven't captured any signals yet. The known unknowns: preambles and framing stuff, symbol mapping, the particular rate-3/4 code used (only a couple of candidates though), and, the scrambler (whitener) and its initialization. AFAIK there is no encryption per se. The payload is supposed to be TCP/IP, so there could be some sort of header compression. My question, then, is given this information, are there reasonable odds of success? I have some digital comms background from grad school but little to no practical experience. Wondering if this might be an excuse to pick up a HackRF etc. and learn GNU Radio, or if it's likely to be a dead end. Thanks, Mark ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio -- Bob McGwier Co-Founder and Technical Director, Federated Wireless, LLC Research Professor Virginia Tech Senior Member IEEE, Facebook: N4HYBob, ARS: N4HY Faculty Advisor Virginia Tech Amateur Radio Assn. (K4KDJ) ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio
[Discuss-gnuradio] Question about reverse-engineering a new mode
This is a bit of an idle question, but I'm hoping some knowledgable folks on here can offer advice. Mostly I'm trying to understand better what I don't know, and the size of the challenge, before jumping in to a project: I'd like to try decoding some AVL traffic in the 700-MHz band (GPS locations broadcast by transit vehicles to a central collector, where predictors are used to generate the ETAs displayed on electronic bus-stop signs). The modulation is 4-FSK, similar to P25 except wider with a higher symbol rate, emission designator 20K0F1D. The particular frequency(s) should be easy enough to discover. Transmissions are short packets on shared channels with some kind of slotted aloha or CSMA MAC. A rate-3/4 convolutional code is used. The preceding is public information gleaned from the web. I haven't captured any signals yet. The known unknowns: preambles and framing stuff, symbol mapping, the particular rate-3/4 code used (only a couple of candidates though), and, the scrambler (whitener) and its initialization. AFAIK there is no encryption per se. The payload is supposed to be TCP/IP, so there could be some sort of header compression. My question, then, is given this information, are there reasonable odds of success? I have some digital comms background from grad school but little to no practical experience. Wondering if this might be an excuse to pick up a HackRF etc. and learn GNU Radio, or if it's likely to be a dead end. Thanks, Mark ___ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio
