Amateur radio – Page 5 – Daniel Estévez

Timing SDR recordings with GPS

Following a discussion on Twitter about how to use satellite signals to check that distributed receivers are properly synchronized, I have decided to write a post about how to use GPS signals to timestamp an SDR recording. The idea is simple: we do a short IQ recording of GPS signals, and then process those signals to find the GPS time corresponding to the start of the recording. This can be applied in many contexts, such as:

Checking if the 1PPS synchronization in an SDR receiver is working correctly.
Timestamping an SDR recording without the need of a GPS receiver or 1PPS input, by first recording GPS signals for some seconds and then moving to the signals of interest (this only works if you’re able to change frequency without stopping the sample stream).
Measuring hardware delays between the 1PPS input and the ADC of an SDR (for this you need to know the hardware delay between the antenna connector and 1PPS output of your GPSDO).
Checking if synchronization is repetitive across restarts or power cycles.

We will do things in a fairly manual way, using a couple of open source tools and a Jupyter notebook. The procedure could certainly be automated more (but if you do so, at some point you might end up building a full fledged GPS receiver!). The post is written with a walk-through approach in mind, and besides the usefulness of timestamping recordings, it is also interesting to see hands-on how GPS works.

Demodulation of LTE PUCCH

In a previous post I showed how to demodulate the LTE physical uplink shared channel (PUSCH) by using a recording of my phone and some Python code. This is a continuation of that post. Here we will look at the physical uplink control channel (PUCCH) transmissions in that recording, and use a similar approach to demodulate them. All the work is done in a Jupyter notebook, which is linked at the end of the post.

The PUCCH carries control information from the UE to the eNodeB, such as scheduling requests, ACK/NACK for HARQ, and the CQI (channel quality indicator). A PUCCH transmission lasts for one subframe (1 ms) and typically occupies a single 12-subcarrier resource block in each of the two 0.5 ms slots in the subframe (there are more recently introduced PUCCH formats which use more subcarriers).

PUCCH transmissions are allocated to the edges of the uplink bandwidth, so as to leave the centre clear as a contiguous segment to be used for PUSCH. On its first slot, the PUCCH transmission uses some particular resource block. On its second slot it uses the symmetric resource block with respect to the centre frequency. This gives some frequency diversity to the transmissions.

The figure below shows a portion of the waterfall of the LTE uplink recording that we will be using (the link to the recording is included in the previous post). It corresponds to a 10MHz-wide cell in the B20 band. The PUCCH transmissions are the narrow bursts. The wider stronger bursts are PUSCH.

Waterfall of an LTE uplink showing some PUCCH and PUSCH transmissions

This illustrates that the PUCCH subframes are allocated to the edges of the cell, and how each subframe jumps to the symmetric resource block on its second slot.

Demodulation of the LTE uplink

I have been playing with some LTE recordings to brush up my knowledge, since it isn’t a protocol I’m very familiar with. I’m specially interested in understanding the structure and properties of all the pilot signals. Textbooks and documentation are great, but nothing beats getting your hands dirty with some IQ recordings to be sure you understand all the details.

To have something to work with, I have done some recordings of my phone by holding it near a USRP B205mini without an antenna. While recording, I was playing a Youtube video or browsing the web, to have some traffic. A waterfall of one of the recordings can be seen below. In this post we will be looking at how to demodulate the highlighted section, which contains 7 ms of PUSCH (physical uplink shared channel) occupying 15 resource blocks, together with the corresponding DMRS (demodulation reference signal) symbols. The post assumes some familiarity with OFDM, but doesn’t require any previous knowledge of LTE, so it can be useful to people interested in a hands-on introduction to LTE.

Waterfall of LTE uplink signal (using inspectrum)

Radiometry for DELFI-PQ, EASAT-2 and HADES

On January 13, the SpaceX Transporter-3 mission launched many small satellites into a 540 km sun-synchronous orbit. Among these satellites were DELFI-PQ, a 3U PocketQube from TU Delft (Netherlands), which will serve for education and research, and EASAT-2 and HADES, two 1.5U PocketQubes from AMSAT-EA (Spain), which have FM repeaters for amateur radio. The three satellites were deployed close together with an Albapod deployer from Alba orbital.

While DELFI-PQ worked well, neither AMSAT-EA nor other amateur operators were able to receive signals from EASAT-2 or HADES during the first days after launch. Because of this, I decided to help AMSAT-EA and use some antennas from the Allen Telescope Array over the weekend to observe these satellites and try to find more information about their health status. I conducted an observation on Saturday 15 and another on Sunday 16, both during daytime passes. Fortunately, I was able to detect EASAT-2 and HADES in both observations. AMSAT-EA could decode some telemetry from EASAT-2 using the recordings of these observations, although the signals from HADES were too weak to be decoded. After my ATA observations, some amateur operators having sensitive stations have reported receiving weak signals from EASAT-2.

AMSAT-EA suspects that the antennas of their satellites haven’t been able to deploy, and this is what causes the signals to be much weaker than expected. However, it is not trivial to see what is exactly the status of the antennas and whether this is the only failure that has happened to the RF transmitter.

Readers are probably familiar with the concept of telemetry, which involves sensing several parameters on board the spacecraft and sending this data with a digital RF signal. A related concept is radiometry, where the physical properties of the RF signal, such as its power, frequency (including Doppler) and polarization, are directly used to measure parameters of the spacecraft. Here I will perform a radiometric analysis of the recordings I did with the ATA.

List of RF recordings

Happy New Year! To celebrate, I have put together a list of RF recordings. Over the last few years, and specially since the start of the collaboration between GNU Radio and SETI Institute, I have been publishing a number of RF recordings in Zenodo. The search function of Zenodo is not very good, and I thought that readers of this blog would find useful to have a list of all the recordings I have published. The list of recordings can be accessed here and in the website menu, under “Publications“.

I have also published an excerpt of the recording of James Webb Space Telescope that I did on December 26. This is just the first 25 minutes of the recording, so that both polarizations fit into maximum 50 GB of a Zenodo dataset. The sample rate is still 3.84 Msps, so the sequential ranging tones are present in these files. The dataset is called “James Webb Space Telescope S-band recording with Allen Telescope Array (wideband excerpt)“. In some days I will also publish a decimated version (containing the telemetry but not the ranging tones) of the full recording.

Update 2022-01-03: I have now published the full recording decimated to 320 ksps. This is available in the dataset “James Webb Space Telescope S-band recording with Allen Telescope Array (320 kHz bandwidth)“.

Waterfalls from the December 2021 eclipse frequency measurement

The HamSci Ham Radio Scienze Citizen Investigation community organized earlier this month the December 2021 Eclipse Festival of Frequency Measurement. The goal of this activity was to measure the frequency of HF time signals such as WWV and RWM over the course of ten days. The experiment lasted from December 1 to December 10, so it included the total eclipse over Antarctica of December 4, which happened between 5:29 and 9:37 UTC.

I participated in this activity with my HF station, which consists of a Hermes-Lite 2 beta2 DDC/DUC SDR transceiver and an end-fed random wire antenna about 17 metres long. I used a 10 MHz reference from a GPSDO as described in this post to lock the Hermes-Lite 2 sampling clock. Instead of measuring frequency in real time, I recorded IQ data at 200 sps for the WWV carrier at 5000, 10000 and 15000 kHz and for the RWM carrier at 4996, 9996 and 14996 kHz, so that the data could be post processed later with any kind of algorithms. I have published my recordings in the “December 2021 Eclipse Festival of Frequency Measurment IQ recording by station EA4GPZ” dataset in Zenodo.

In this post I process the IQ recordings to produce waterfalls that give us an overview of the data. The frequency measurement will be done in a later post.

Hermes-Lite 2 external 10 MHz reference

Interested by the forthcoming HamSci December 2021 eclipse festival of frequency measurement, I have decided to enable and test the external 10 MHz input of my Hermes-Lite 2 DDC/DUC HF transceiver. This will allow me to use a GPSDO (the Vectron MD-011 which has appeared in other posts) to reference the Hermes-Lite 2 in order to measure frequency accurately.

GNU Radio 3.9 in Buildroot

Recently I’ve had to cross-compile GNU Radio for an ARM embedded system. I have decided to use Buildroot to build GNU Radio and its dependencies, since I’m fairly familiar with using Buildroot to generate embedded Linux images. Earlier this year, Jean-Michel Friedt and
Gwenhaël Goavec-Merou presented in FOSDEM their work about adding a GNU Radio package in buildroot. They gave a talk called “Never compile on the target!“.

Unfortunately, the version they used was GNU Radio 3.8, and the package hasn’t been updated to GNU Radio 3.9 yet. I wanted to use GNU Radio 3.9, so I decided to try to update the Buildroot package. After some assorted problems, I have managed to get GNU Radio 3.9 running on my ARM target. The fixes I’ve done are really horrible, so I’ve been quite tempted not to share my changes. I’ve finally decide to share this even though it’s far from perfect, because it might save someone from having to replicate this work, and because if anyone wants to do this properly and update the upstream package, this could be useful as a starting point.

Decoding Voyager 1

Today is the 44th anniversary of the launch of Voyager 1, so I want to celebrate by showing how to decode the Voyager 1 telemetry signal using GNU Radio and some Python. I will use a recording that was done back in 30 December 2015 with the Green Bank Telescope in the context of the Breakthrough Listen project. Most of the data from this project is open data and can be accessed through this portal.

In contrast to other posts about deep space probes in this blog, which are of a very specialized nature, I will try to keep this post accessible to a wider audience by giving more details about the basics. Those interested in learning further can refer to the workshop “Decoding Interplanetary Spacecraft” that I gave in GRCon 2020, and also take a look at other posts in this blog.

Imaging Cygnus A at 8.45 GHz with ATA

Earlier this year, I published a post showing our results of the interferometric imaging of Cassiopeia A and Cygnus A at 4.9 GHz with the Allen Telescope Array. Near the end of July, I decided to perform more interferometric observations of Cygnus A at a higher frequency, in order to obtain better resolution. I chose a frequency of 8.45 GHz because it is usually a band clean of interference (since it is allocated to deep space communications), it is used by other radio observatories, so flux densities can be compared directly with previous results, and because going higher up in frequency the sensitivity of the old feeds at ATA starts to decrease.

This post is a summary of the observations and results. The code and data is included at the end of the post.