10 years of blogging

Today marks 10 years since I wrote the first post in this blog. It was a very basic and brief post about me decoding the European FreeDV net over a WebSDR. I mainly wrote it as a way of getting the ball rolling when I decided to start a blog back in October 2015. Over the 10 years that I have been blogging, the style, topics, length and depth of the posts have kept shifting gradually. This is no surprise, because the contents of this blog are a reflection of my interests and the work I am doing that I can share freely (usually open source work).

Since I started the blog, I have tried to publish at least one post every month, and I have managed. Sometimes I have forced myself to write something just to be up to the mark, but more often than not the posts have been something I really wanted to write down and release to the world regardless of a monthly tally. I plan to continue blogging in the same way, and no doubt that the contents will keep evolving over time, as we all evolve as persons during our lifetime. Who knows what the future will bring.

I wanted to celebrate this occasion by making a summary of the highlights throughout these 10 years. I have written 534 posts, and although Google search is often useful at finding things, for new readers that arrive to this blog it might be difficult to get a good idea of what kind of content can be found here. This summary will be useful to expose old content that can be of interest, as well as serve me to reflect on what I have been writing about.

2015

The blog started in October 2015, so there are not many posts in this year. The main topic this year was the Chinese Amateur LEO cubesat LilacSat-2, which was launched in 2015-09-19. Here is where I started learning how to use GNU Radio to decode satellite telemetry, basing my work on flowgraphs published by the Harbin Institute of Technology Amateur Radio Club. In a way this was the start of my career in satellite communications. See the post about decoding LilacSat-2 telemetry.

Another interesting topic from this year was a couple of posts with a short study about a quadrature oscillator algorithm. I find this curious because the posts were very mathy, similar to some other posts that I wrote well after. However there were notable differences in tools (I was using MATLAB rather than Python Jupyter notebooks), and I haven’t revisited this particular topic again.

2016

In retrospect 2016 was a great year where the blog really took off. I posted many things about a really diverse range of topics. The main themes this year were the following:

  • Satellites. I was quite active trying to decode any amateur satellites that launched during this year or that were already in orbit. Some examples are AAUSAT-4, GOMX-3, 3CAT-2 and BY70-1. In August I took all the satellite decoder work I had scattered in multiple places and started gr-satellites. I posted about this in a post called Introducing gr-satellites, which is the formal birth of this project, although the project really dates back to my earlier 2015 work that began with LilacSat-2.
  • Outernet. I posted about reverse engineering the Outernet L-band downlink. This work had a lot of impact. I was invited to present it at 33C3, where I gave a talk that was much larger than I anticipated, in terms of the size of the room and number of attendees.
  • Hardware building. I built a few hardware projects, either from kits or my own designs. This is a topic that would almost disappear from the blog in the following years. Some of the posts were about the Hardrock-50 HF power amplifier, an RF comb generator kit designed by G0MRF, a Minikits GALI-39 LNA kit, some FT-817ND repairs posts (fuse replacement and TX gain adjustment) to which people still come back occasionally and ask questions, my own 12V linear power supply design, and some other electronic projects not related to radio.
  • A couple posts that have turned out to be very useful documentation. People keep coming back to them regularly:
  • I started experimenting with 10 GHz reception. By 2016, the QO-100 amateur transponder in Es’hail 2 was already announced. This was the driving factor for these experiments, since I wanted to have a groundstation ready for when it launched (which happened two years later). I posted about Ku-band beacons, and phase noise of 27 MHz references for LNBs, among other things.
  • A project to use the CC1101 RF transceiver chip and a Beaglebone black for IP communications in UHF. This project worked reasonably, but I moved to other things and didn’t develop it further. I think that it had potential and it could have become more popular if I had continued working on it. However I think that the platform I chose was not the best (but it was one I was familiar with at the time). It basically bridged a TAP device on the Beaglebone Linux with the CC1101 by using the Beaglebone PRUs for real-time-ish SPI communications with the CC1101. The PRU code was written in assembly, so the thing was difficult to develop and debug. The Beaglebone was also somewhat expensive. If I had to start something like this today, I would probably choose a high-end ARM or RISC-V MCU, write the software in Rust and have lots of fun.
  • I recovered an RS92-SGP radiosonde and did some experiments with it. I wanted to get it to transmit in the 430 MHz amateur band, but I saw that this was basically impossible, as other people had discovered before me.
  • I became interested in HF over-the-horizon radars and implemented a pulse-compression receiver that I used for ionospheric sounding.
  • VHF/UHF amateur radio contests. I was quite active on the monthly contests this year and would do short posts of each contest showing a map with my contacts (see this one, for instance). This is a topic that disappeared completely from the blog in the following years. I haven’t participated in these contests for a long time now. I sometimes think about returning, but usually I’m busy whenever there is a contest.

2017

In 2017 I finished my PhD at the end of April (the PhD thesis is in this blog if anyone is interested) and started working full time as a GNSS engineer at GMV a couple months later. This meant that I had less time for projects and blogging, so I feel that the quantity and breadth of posts went somewhat down, but the technical complexity and quality probably increased.

I began the year by continuing my work in Outernet, including an LDPC decoder that someone implemented by reverse engineering the Outernet binaries.

I continued working in gr-satellites, adding support for more satellites and doing other related satellite projects. The highlights of this work are:

I also wrote some posts where I used my Hermes-Lite 2.0 beta2 HF SDR for different experiments. If I remember correctly, I built this radio at the beginning of 2017, and to date it is my go to radio for HF at home. As an example, I did some multi-band recordings during the total solar eclipse over North America.

I wrote a couple of posts from which I got quite some backlash, mainly online but also in person. Surprisingly, the first of them was purely technical. I had the bright idea of doing a recording of the EAPSK63 amateur radio contest to find and report which stations transmitted a signal with very high IMD levels. I believed that people needed to be more conscious about this problem, but apparently some people don’t like being told that their signal is heavily distorted, reacted with bad manners. PSK amateur radio modes are almost gone nowadays, as they have been replaced by FT8, but PSK63 contesting is still a thing.

The second post was political, so backlash wasn’t too surprising. I wrote a response to an article that gave reasons to become a member of URE, the Spanish amateur radio society. In my response I explained why I believed that the interests of URE were not aligned with those of people with a more technical mindset such as myself, and exposed some of the problems of amateur radio in Spain. This was intended as a mixture of constructive criticism (“here is a problem and some potential solutions”) and neutral criticism (“here is a problem, and maybe it is your job to figure out a solution”), but not destructive criticism (“here is a problem and it is your fault”). This post, and other similar opinions I expressed online got me a very bad reputation within the URE board of directors. I don’t follow URE very closely, but I believe that the board of directors has completely changed since then. Some of the points I mentioned in this post remain valid 8 years later.

There are another miscellaneous posts that I wrote which I think are worthy of a mention here:

  • Using CODAR for bistatic ionospheric sounding. This seems like a revival of my earlier over-the-horizon radar work. In contrast, this made really pretty pictures that showed that the ionosphere is a very complex thing.
  • JT9A signal detection. I find this post interesting because it was an in-depth long post in signal processing, including over-the-air tests. It feels more similar to other things I would write in the future than to the style of the other posts that I was writing during this year.
  • A post about a recording of Voyager 1 done at Green Bank Telescope by the Breakthrough Listen project. I don’t remember how I found this recording, but I remember I thought it was cool and decided to play with it. Out of this came a simple post in which I computed the Stokes parameters, showing that the signal was LHCP. This was also when I started using Jupyter and created my jupyter_notebooks repository, which has kept growing to this day. But the most interesting thing about this post is that when I wrote it I had no idea that some years later I would be collaborating with Breakthrough Listen and the very same people that made this recording and shared it online.
  • A proposal about how to use IPv6 for amateur radio. This became a TAPR article in 2019, but regardless it hasn’t seen much traction. I would say that IPv6 in amateur radio (regardless of how it is organized) is yet to take off.

2018

The most remarkable thing that happened this year was the launch in 2018-05-20 of the Longjiang-1 and -2 chinese lunar orbiting satellites, also known as DSLWP-A and DSLWP-B, of which only DSWLP-B made it to the moon. These satellites were built by the Harbin Institute of Technology, and they had an amateur radio payload. I collaborated closely with the team at HIT and frequently reported many updates about the mission and did all sorts of experiments. For the second half of 2018 my blog was mostly devoted to DSLWP-B. Here are some of the things I did.

Related to DSLWP-B, in March I participated in the data analysis of a VLBI experiment done with the LilacSat-2 LEO cubesat. This was intended as a proof of concept of the VLBI experiments that would be done with DSLWP-B later.

Another important thing in 2018 was the first edition of the STARcon Scientific and Technical Amateur Radio conference, which was held in Murcia. This conference was organized by a few friends and myself. It was intended as a means to bring together people in technical fields in amateur radio, academia and industry in Spain. We had a great time and had top-notch talks. There was a second edition of STARcon in Madrid in 2019. Organizing another edition in 2020 was becoming an ever increasing hurdle, and then COVID happened. After COVID we have not resumed this conference.

The launch of Es’hail 2, which carries the QO-100 amateur radio GEO transponder, happened in 2018-11-15. The transponder would not become active until February 2019, but in 2018 I could observe the amateur transponder commissioning and measure the Doppler of its beacon.

Regarding gr-satellites, I continued adding support for more satellites and occasionally posting about it. Some things worthy of mention are:

  • 1KUNS-PF, which was the first Kenyan satellite. At the time this seemed like decoding yet another amateur satellite. However, in 2019 this work got me an invitation to present gr-satellites at the UNOOSA symposium. 1KUNS-PF was launched as part of the UNOOSA/JAXA KiboCUBE program, so this was quite relevant to the symposium. The conference was unlike the technical conferences I am used to. It was a mixture of diplomatics, academics, and a few people from industry. It was a really interesting experience. The talk was well received, and people were amazed by a demo in which I played back the FSK telemetry as an audio signal while showing real-time image decoding of pictures of the Earth. This gave them a more tangible feedback of their investment in the KiboCUBE program.
  • An open letter that I wrote to ESA requesting the full specifications of the telemetry of ESEO to be released. ESEO was an educational micro-satellite that transmitted on amateur radio spectrum. There were some amateur payloads in this satellite, as well as other educational payloads. In part I was persuaded by some of these amateurs to write this letter, but I didn’t really need much persuasion. In this case the letter had some impact and the specifications we needed were released shortly after. However, to this date, satellites that transmit on amateur spectrum but either have not published full documentation or have a mission borderline compatible or incompatible with the amateur service continue being a problem. What I wrote in this open letter is still very relevant.

I also did some work about forward error correction.

  • As I was preparing a conference talk about my work in Outernet, I studied in more detail the decoding performance of the RFC5170 LDPC codes used there.
  • I studied the P25 half rate vocoder FEC, which is also used in DMR. This included some work about Golay codes. I did all this work basically because I was nerdsniped by a friend. The takeaway was that this FEC system is designed in a very clever way that takes into account the properties of the vocoder. Bits that have higher importance get more protection, and there is a system that makes decoding fail catastrophically if a decode with few enough bit errors cannot be obtained. In this case, the vocoder usually repeats or extrapolates the previous voice frame rather than playing back a horrible noise. This lesson is quite relevant for open source digital voice systems in amateur radio such as M17, because many of them lack this cleverness in the FEC.

Finally, another post that is worthy of mention is my study about aircraft reflections of a 2.3 GHz beacon. This is an example of how a relatively simple field recording or experiment would turn into a rather elaborate data analysis project.

2019

The main themes of 2018 carried over into 2019. The DSLWP-B mission ended in 2019-07-31 as the spacecraft was deliberately crashed on the moon to avoid leaving orbital debris. So for the first half of 2019, a good amount of my posts were dedicated to DSLWP-B. Some highlights of this are:

I also continued doing experiments with my QO-100 groundstation. The amateur radio transponder was inaugurated in February, and this opened the door to many more experiments. This included:

Regarding gr-satellites, in 2019 I continued adding support for satellites, occasionally blogging about it. I also decided to make a large refactor of gr-satellites into the form that it still has today, and I wrote about the progress of this refactor as I published a series of alpha versions of what would become gr-satellites v3.0.0.

Here are some other miscellaneous posts about satellites that are worthy of mention:

  • A proposal for the IARU R1 interim meeting about taking measures to prevent satellites transmitting in amateur spectrum using undocumented protocols. This was in the same line as the open letter to ESA that I wrote about ESEO on 2018. I would say that this proposal had some impact, since IARU satellite frequency coordination is now more strict, but misusage of amateur satellite spectrum is still a problem.
  • An STRF crash course that I wrote to show how to use STRF for Doppler and TLE analysis. To this date it is still probably the best documentation about STRF, and people keep coming back to it to learn how to use it.
  • A signal detection experiment of the Sprite chipsats deployed from KickSat-2. This was a quite complex signal detection project, and I remember leaving my laptop running correlations for a very long time (58 hours according to the post).
  • Precise orbit determination of the Lucky-7 satellite using on-board GPS measurements and GMAT. This was done with telemetry provided by the Lucky-7 team and with the batch estimator in GMAT. Nowadays GMAT has a Kalman filter estimator that usually works better for this application, but I have come back to this post whenever I have needed to do something similar, either professionally or for a hobby project.

In 2019 I also wrote some posts about the Galileo GNSS. There was a major system outage in July, and I covered the technical aspect of this as best as I could, since technical information about what was happening was scarce. Because of this incident, I met Bert Hubert online. Bert would later start the Galmon project prompted by this incident. Galmon has triggered some interesting studies that I have done. For instance, in 2019 I would write about some oscillations that Galmon discovered in the clock terms of the Galileo INAV broadcast ephemerides. I haven’t revisited this topic, so I don’t know if it is still happening today. As usual with Galileo quirks, the cause of this was never explained.

Finally, in January and February I was in a scientific expedition to Antarctica as part of my work at GMV. I wrote about this trip in the blog, covering in detail some things related to RF and other of the blog’s topics.

2020

In 2020 the COVID pandemic began. This meant more time at home, and more time to work on projects, specially those that only involved software and data analysis. During this year I became interested in decoding and reverse engineering the telemetry of deep space missions, which is an activity I have maintained to this date. This all started in March, when I decoded some ESA Solar Orbiter recordings done by amateurs during its launch. This was followed by BepiColombo as it did an Earth flyby in April, and then three launches to Mars in the launch window at the end of July: Emirates Mars Mission, Tianwen-1, and Mars 2020.

Tianwen-1 was the main topic for the blog this year. The summary is that although state vectors were not publicly available for this mission, I managed to find state vectors in the telemetry (which is an unusual data in telemetry). This allowed us to keep tracking the mission as long as we were able to decode the telemetry, and with the help of the 20 m antenna at Bochum operated by AMSAT-DL, we could track it all the way to Mars. We still keep tracking this mission and decoding telemetry almost daily. During the second half of 2020, I kept posting regular mission updates in the blog. As a bonus, I also managed to reverse engineer the ADCS telemetry, which gave us a way of looking at the spacecraft’s attitude.

Another related topic I got involved with was reverse engineering the telemetry of old military satellites. I don’t remember exactly how or why this began, but I know that this was something that was mainly driven by Scott Tilley, whom I had met online during the DSLWP-B mission, as he was tracking the satellite in S-band and collaborating with data for Doppler tracking. I guess this was an interesting puzzle for me at the time. I worked with LES-5, LES-9, and DSCS-III. The most interesting outcome of this was reverse engineering the LES-5 RFI receiver telemetry, which was a primitive RF monitoring system.

In October I began collaborating with the Allen Telescope Array, as part of the collaboration between GNU Radio and SETI Institute. I did a lot of experiments with the ATA in the last quarter of the year, and learned a lot about antenna arrays, polarization and radio astronomy. I was literally doing things so fast that I didn’t have time to blog about all of it. But some of this work ended up in blog posts, including GNSS interferometry and polarimetry, and a polarimetric observation of the quasar 3C286. I find it interesting that, to this date, because of certain challenges and limitations, we don’t have a reliable way to do a polarimetric calibration of the full ATA, and I keep coming back to this post about 3C286 whenever the topic comes up, because the math is somewhat tricky. In December I was quite active tracking the Chang’e 5 chinese lunar sample return mission with the ATA, doing polarization studies and interferometric astrometry measurements.

In the gr-satellites front, I completed the rearchitecture in May, releasing v3.0.0. I also kept adding support for new satellites, and did some studies that improved its signal processing. This included a study of the TED gain for the Symbol Sync block and a BER simulation for FSK. Looking back at these BER curves I see that there was a large degradation in high-SNR performance, but this was fixed at some point before 2023 with the addition of a lowpass filter before quadrature demodulation.

I also wrote a few posts about GNSS:

  • A study about the geographical DOP distribution of the GPS and Galileo constellations. This was partly motivated because I kept hearing that Galileo was inherently better than GPS at high latitudes because of it slightly higher orbit. Not finding any data to back this up, I decided to run simulations and discovered that this is mostly a misconception.
  • A post regarding the Earth rotation corrections, often called Sagnac corrections. I wrote this because I needed to understand this better for a professional project, and I keep coming back to these formulas occasionally when I’m working on something similar.
  • A couple of posts inspired by Galmon discoveries. These were about some oddities with the Galileo E24 BGDs and RTCM clock corrections. The oddities were fixed after a few months, but we never got a good technical explanation what we observed.

I also continued doing experiments with my QO-100 groundstation. By monitoring the amateur beacon frequency, I found some unusual oscillations in the transponder local oscillator frequency, which I called wiggles. We never got a technical explanation for these, and I don’t know if it keeps happening. I also did a ranging experiment by sending a Galileo-like PN waveform through the wideband transponder. This was a proof of concept. It worked, but I never continued the project, which would have involved monitoring over time to do orbit determination.

Finally, there are a couple of miscellaneous posts that I find worthy of mention:

  • I participated in an ESA NEOCC riddle challenge, which was an interesting maths problem about orbital dynamics. There was a series of riddles, but I only really did the first, which was awesome. I vaguely remember that the second one was worded somewhat poorly, and then I lost interest.
  • Delta-range simulation and orbit estimation in GMAT for the VLBI observations of DSLWP-B. I extended GMAT to be able to deal with the delta-range and delta-range-rate observables that we were generating in the VLBI experiment. Things worked reasonably when running orbit estimation with simulated data, but I never had time to run this with the real data we collected during the mission.

2021

The main thing that happened in 2021 was Tianwen-1’s arrival to Mars. The Mars injection orbit was done in February, and the rover landed in May. I followed all this closely in the blog, posting about the mission phases, including the change to polar orbit, the phasing orbit, the reconnaissance orbit, the landing of the rover, and the communications relay orbit.

I also continued doing experiments with the Allen Telescope Array:

  • We used two USRP N32x and 11 antennas from the array to do interferometric imaging. This required a good amount of work, because we could only correlate two antennas at a time in certain combinations, as opposed to all at once, which is how an interferometric array works normally. This made our data somewhat unusual, which required more care during calibration. Also, everything except for CASA for calibration and imaging was software that we had built ourselves. Still, we got reasonably good images of Cassiopeia A and Cygnus A at 4.9 GHz. I later repeated a similar observation of Cygnus A at 8.45 GHz.
  • I managed to detect Voyager 1 using a single 6.1 m dish. This required being careful with the Doppler correction, since the FFT resolution bandwidth used for detection was around 1 Hz.
  • I received and decoded three deep space launches that happened at the end of 2021: Lucy, DART and JWST.

Regarding Voyager 1, for the 44th anniversary of its launch, in 2021-09-05, I decided to write a post about how to decode its telemetry signal. I used the same Green Bank telescope recording from 2015 that I had looked at in 2017. As opposed to other of my posts about decoding deep space missions, I intended this post to reach a broader audience, and wrote it in a more self-contained and detailed way, explaining how the signal is processed step by step. I think that today this is still a great reference for people interested in this topic. This recording was too short to contain a full telemetry frame, but some Breakthrough Listen people pointed me to longer Voyager 1 recordings done with Green Bank Telescope in 2020, and I could figure out that the telemetry uses Reed-Solomon and fully decode some telemetry frames. I wrote a post which mixed this with an explanation of why CCSDS uses a different Reed-Solomon code based on the dual basis. This is beautiful and clever math due to Berlekamp, who was the leading figure in Reed-Solomon codes at the time.

I developed a 32APSK modem for the QO-100 narrowband transponder, and tested it over the air with my QO-100 groundstation. The modem drew some ideas from DVB-S2 and DVB-S2X, but there were some more original ideas due to the low symbol rate. I did some research into LDPC code design for this modem, reading Sarah Johnson’s book, starting my ldpc-toolbox project and doing BER tests of some designs for this modem. I didn’t find a code that I really liked, and was left with the sensation that maybe I should use 64APSK with a lower rate code, but I never came back to this project. The ldpc-toolbox has continued growing and is still useful. It can now be used as a generic LDPC encoder/decoder in GNU Radio through gr-ldpc-toolbox, and I have used it to support the design and validation of DVB-S2 and CCSDS LDPC software (NEON) and FPGA decoder implementations professionally.

There are other miscellaneous posts that I find worthy of mention. The first of them has an involved backstory. In January, I collaborated with Scott Tilley on an investigation that he was doing of the Russian Meridian satellites. This whole thing actually started with SETI. There was a technosignature candidate received with Parkes at 982 MHz, and Scott thought that perhaps it might have come from an old military satellite transmitting in this band. So he decided to investigate the Meridian constellation, which has UHF bent-pipe transponders in this frequency. With the ATA and Scott’s station in Canada, we found all sorts of signals unintentionally being retransmitted by these transponders.

One such signal was a BPSK radar, about which I wrote a couple posts. I never worried about what this radar could be, because I was only interested in the signal analysis puzzle. However, when the Russia-Ukraine war began in 2022, it became increasingly clearer that this was an Ukrainian early warning radar. Scott began publicly monitoring these radars again through the Meridian transponders at the start of the war, which seemed irresponsible to me. I thought of taking down my posts about this radar, to avoid providing any intelligence to the Russians. However I decided that this was pointless because there is The Wayback Machine and other caches. So I just kept quiet. I have not mentioned the connection between these posts and the war until now. I figure that three years into the war it is harmless to say this, because I expect that now Russia knows much more about these and other radars than I ever did. However, I wouldn’t have done any research about these radars if I had known that they were military radars that would be involved in a war.

We received other interesting signals through the Meridian transponders. One of them made the rounds on Twitter but not on this blog, although I think that it is still fun to share as part of the story. We often saw a wideband FM signal being retransmitted for hours through the Meridian transponder. This signal mostly played instrumental music. The style sounded eastern to me, but I couldn’t place my finger on whether it was something as close to me as the Balkans, or something in the Middle East, or even further. We recorded hours and hours of this station, found some short voice announcements and shared them in Twitter, hoping that someone would be able to identify the language. We got conflicting information regarding the language, but eventually we had enough evidence that the station was in Turkmenistan and recorded an announcement mentioning their now former president (I should probably say dictator rather than president), and the anthem being played at 7 am local time. Eventually we realized that this FM signal was the audio subcarrier of a SECAM television station and found that the most likely transmitter was a huge radio tower that broadcasts TV to the whole country.

The two other posts I wanted to mention are the following:

  • In March some amateur satellite observers realized that the Falcon 9 upper stage telemetry was unencrypted and they could pull out amazing MPEG TS videos showing the inside of the propellant tanks. I also jumped on this bandwagon (pun intended) and basically replicated what others had done, but also looked in more detail to some of the telemetry. Seeing the video was great, but I was perhaps more interested in the log of the on-board GPS receiver. Not surprisingly, SpaceX launches started using encryption shortly after this.
  • In June there was a signal decoding challenge designed by Jean-Michel Friedt as part of the EU GNU Radio Days. The challenge was very well put together and quite interesting to solve. I participated in the challenge and won a USRP B205mini, which has been quite useful to this day, both for hobby projects and professionally.

2022

I began the year by realizing that I had collected a reasonably large amount of RF recordings over the years, and decided to list all of them in a page. I still keep adding new recordings to this list.

The main theme of the blog in 2022 was LTE. I made a recording of an LTE uplink signal using my phone and a downlink signal from a nearby base station, and wrote Jupyter notebooks where I decoded each of the physical channels starting from scratch. This took a lot of work, but I learned a lot and it would mark the style for other posts that would come in the following years. The posts are still quite popular, and people keep reaching out occasionally with questions about them.

I have never mentioned widely why I began working with LTE. Given that most of what I do is related to space, LTE would seem somewhat odd. The reason has to do with space, nevertheless. Nokia Bell Labs was going to include an LTE system in the Intuitive Machines IM-2 mission. The lander would carry an eNB, and the rover would carry a UE, allowing two-way communication between them. Interference to the radio astronomy service as new systems get deployed around the Moon is a hot topic, so there was a project to receive these LTE signals with the ATA to study the potential impact of an LTE network on the Moon. When we first ran the link budgets we saw that even detecting these signals by their power spectral density could be rather tricky, due to lunar thermal noise. I thought that we would need to use correlation with reference signals and other signal components that are known a priori, so I decided to study all the details about how the physical layer of LTE works.

The IM-2 mission had a failed landing on 2025-03-06, so this lunar LTE proof of concept could not be used. Nevertheless, I have learned a lot about LTE and 5G and had lots of fun. I would say that even if one has no interest in cellular communications per se, it is good to study these systems because there are lots of interesting ideas in their designs.

Throughout 2022 I continued decoding deep space missions, mainly by using the ATA to record telemetry soon after each launch. The missions I blogged about were:

I also did a number of experiments and projects with QO-100:

A new thing that I did in 2022 was to contribute challenges to the GRCon CTF. I sent some challenges about SETI (including one heavily inspired by Contact) and OFDM. I wrote a post about these and also included my solution to the NTSC challenges, which basically involved decoding NTSC by hand in a Jupyter notebook. Another challenge in the CTF used the Blockstream Satellite signal. I got quite interested about this, not because of Bitcoin, but because the technology used to broadcast the data is interesting, and I published a couple posts about it, getting as far as decoding the Bitcoin transactions with ad-hoc software.

Finally, there are a bunch of miscellaneous posts that I wanted to highlight:

  • An error in a circuit description of a Reed-Solomon encoder in the DSN Telecommunications Link Design Handbook. I discovered this error when writing an FPGA implementation of a CCSDS Reed-Solomon encoder following this circuit. The error is minor, but annoying if it makes you waste time debugging. This error is rather curious, because it is likely that it dates back to a typo error in a document from the 1980s. I tried to get in touch with the people responsible for the Handbook, but I never managed, and to this date the error persists even though this Handbook module has been updated in 2025.
  • In March I presented my Rust implementation of Galileo OSNMA. Although I keep maintaining this project and have posted updates and kept it up to date with the ICD changes, I think this project hasn’t taken off fully yet. It is still one of the best open source OSNMA implementations, so maybe the problem is that OSNMA itself hasn’t taken off fully yet.
  • I posted about how to use GPS signals in an SDR recording to timestamp accurately the recording. I wrote this because I was getting questions from different people about how to do this, and because all the details of the technique were not too well known. This post is still useful documentation, and I have even used the code for professional projects.
  • In July I wrote a real-time Doppler correction block for GNU Radio. This block is quite useful, and it is currently being used in production in LEO satellite groundstations. The block has an interesting backstory that I never shared widely. I wrote this block during my first visit to the ATA. Wael Farah, the head scientist, told me that he was having issues to detect the Voyager 1 signal with the whole array (recall that I had been able to detect it with a single dish by doing Doppler correction carefully). I thought that having a good real-time Doppler correction block would be useful to troubleshoot this, so I coded it during part of a jet-lagged morning. In the end the issues about detecting Voyager 1 had more to do with plotting than with any signal processing, and eventually Wael wrote a blog post about the detection of Voyager 1 with the whole array, for which Doppler correction is not even necessary.
  • In September I wrote a post about how to connect a Pluto SDR to an Android phone over USB ethernet. The reason I wrote this is that at that time I had begun working on Maia SDR. I kept Maia SDR pretty much in secret until February 2023, because I wanted to have a fresh mind about the project and avoid influence by external ideas, and I also wanted to announce Maia SDR with a somewhat flashy release of a minimum viable product (potentially at FOSDEM, except that the radio room for FOSDEM 2023 was cancelled), rather than having people looking at a Github repository that is in a partially working state for months.

2023

The main event in 2023 was the release of Maia SDR in February. However, in the blog this was just an announcement. The main theme for the blog in 2023 was decoding deep space missions, as there were many launches and other events during this year. Around March 2023 I started working full time as a contractor. Looking back at the posts in this and the following years, I feel a decrease in the time and energy that I had to work on these hobby projects. But maybe this is not true, because some of the posts about reverse engineering telemetry of deep space missions took a large amount of work. So maybe the total number of posts decreased, but the average amount of work per post increased. This is a trend that has continued.

The deep space and lunar missions that I covered in 2023 were:

  • The Japanese lunar lander Hakuto-R M1
  • The cubesat Lunar Flashlight, which was launched together with Hakuto-R M1
  • The ESA JUICE mission to the Jupiter icy moons
  • The Indian Aditya-L1 solar observatory
  • The ESA Euclid telescope
  • During the summer, STEREO-A was quite close to Earth. This enabled amateur observers to decode the space weather beacon with small dishes, and decoding SECCHI images became popular. I also wrote some software to do this.
  • The asteroid sample return mission OSIRIS-REx as it delivered the sample capsule
  • The NASA Psyche mission that will explore the asteroid of the same name

With my QO-100 groundstation I made a study about the wideband transponder power budget and usage. This sparked some comments in the QO-100 DATV community, and in fact some of those comments were right and I had to review parts of the study. The main conclusion of the study was that the transponder was always operated close to saturation, which is not a good thing to do. There have been no configuration changes as a consequence of the study to this date. As part of this project I recorded transponder waterfall data for many months. I intended to do some analysis on this data, but I never found the time.

Something else I did in 2023 was to start working on the 5G NR physical layer. This started somewhat as a joke idea in Twitter. Someone had done a simple recording of a 5G downlink and had questions about some of the physical signals. Since I was familiar with LTE but not with 5G, it felt a good moment to learn about 5G. I had to take a Madrid-San Francisco flight soon, so I decided to take the IQ recording and all the 3GPP documents (and no internet) to work on decoding throughout the flight and see how far I could get. When I was in Antarctica in 2019, I had an LTE eNB and UE, and also a USRP as part of the project, so I took all the 3GPP documents with me thinking that if I got really bored during the trip I could use this to learn about LTE. I never got bored enough to do this (more on the contrary, I was usually quite busy), but the idea of trying to fight my way through IQ recordings and 3GPP documents remained on the back of my mind.

The outcome of this Madrid-San Francisco flight was a Jupyter notebook that had some mistakes regarding the phase compensation, since this is new in 5G and is explained very poorly in the 3GPP documents, but still demodulated most of the physical signals. I fixed these problems later on and published a post about the 5G downlink. I wouldn’t come back to 5G until 2024, however.

As in 2022, I submitted a challenge to the GRCon CTF and published a post about it. This one was a DVB-S2 challenge. I got this idea because professionally I was working with DVB-S2 and GSE, but regardless I think the challenge was pretty cool, and I think some people managed to get all the flags, despite the complexity.

Regarding GNSS, I reported on an anomaly in the GST-UTC offset in the Galileo constellation. The offset reached up to 20 ns, and the anomaly lasted for months. The reason behind this problem was never published.

Finally, I also did some work in FEC. I designed an application-level erasure FEC based on using Reed-Solomon as a fountain-like code. The idea is far from original, but I adapted this idea to SSDV in a way in which it could be implemented even in small microcontrollers. I first published a description of the algorithm and a Python prototype implementation, and then a Rust implementation suitable for microcontrollers. The main reason why I wrote the Rust implementation was so it could be used in the AMSAT-DL ERMINAZ mission, although it turned out that there was not enough time to integrate this with the flight software. Still, I think that my SSDV FEC idea was picked up by the people at Harbin Institute of Technology (part of the motivation for designing an SSDV erasure FEC was that requesting retransmissions for lost packets in the DSLWP-B mission became a huge chore), and eventually used in an amateur radio payload in the Chinese space station and in the cubesat ASRTU-1, although I’ve never checked out the details of these implementations.

I added an LDPC decoder and BER simulation to my ldpc-toolbox. The reason for doing this is that I was working professionally on an FPGA implementation of a CCSDS LDPC decoder, and I wanted to benchmark the decoding performance of different numerical algorithms before committing to one of them for the FPGA design.

2024

In 2024, deep space missions continued being a major theme in the blog, and LTE and 5G made a come back. These are the deep space missions that I covered:

In March I resumed my work on 5G by demodulating the downlink reference signals, which was a simple thing to do. I then switched back to LTE, because there were still things that I wanted to decode in the recordings that I had no time to do in 2022. I demodulated the PDSCH and PUSCH, getting all the way from IQ to PCAP captures of MAC PDUs that I could analyze in Wireshark. I even did some clever things such as decoding some MIMO transmissions with a single receive antenna. When I was done with these LTE recordings, I returned to 5G and decoded the PBCH.

Around spring I had some time to work on Maia SDR, and I decided to build a good DDC. For this I decided to first build a good implementation of the Parks McClellan algorithm (Remez algorithm), and I decided to stop there, but I was even considering building an implementation of an algorithm to compute eigenvalues (which this particular Remez algorithm needs) too. My Remez implementation is now my go to approach whenever I need to design a FIR, and I really recommend its detailed documentation.

During part of this year I was contracting for GNU Radio, building a full packet-based modem as an example application of GNU Radio 4.0, in order to kick the tires of the GNU Radio 4.0 runtime. A fun experiment got out of this in collaboration with ESA, as I got the chance to test my modem through a commercial GEO C-band transponder that ESA had rented by using a small 5.9 GHz transmitter that I hastily put together at home.

As in previous years, I submitted a challenge to the GRCon CTF. This time it was inspired by chirp signals similar to LoRa.

During the summer I felt that all my hobby work had turned into data processing and software, so I thought of a field recording project that involved constructing a simple antenna. I recorded DME signals transmitted by aircraft and the corresponding groundstation replies, and I did data analysis to measure the relative delay between the aircraft interrogations and the groundstation replies, and match this to the aircraft trajectories. This felt reminiscent of my 2018 2.3 GHz beacon reflections Doppler work.

Finally, another post that I want to highlight is one about computing PLL coefficients. I had been using the formulas and tables from a great paper by Stephen and Thomas since around 2020 or so, but finally it occurred to me that the second order case, which is the most common, admits closed-solution formulas. When in doubt, you should go to this post and use the formulas there.

2025

The trend of writing fewer posts that are generally longer and take more work to make has continued in 2025. The themes during this year have been rather varied:

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.