0x00 Preface
GNSS is an abbreviation for the Global Navigation satellite system. Chinese is called: Global satellite navigation system, global navigation satellite system.
GNSS refers to all satellite navigation systems, including global, regional and enhanced, such as the U.S. GPS, Russian GLONASS, European Galileo, China's Beidou satellite navigation system, and related enhancement systems, such as the United States of WAAS (wide area enhancement system), Europe's EGNOS (European static navigation overlap system) and Japan's MSAs (multi-purpose Transport satellite enhancement system) are also covered by other satellite navigation systems under construction and later.
0X01 Summary
This article describes one of the cheapest ways to use GNSS-SDR to play around with wireless signals. Since this product is a result of the joint efforts of many people, can not be listed, here only mention the pioneer of this product, V4L/DVB kernel developer Antti Palosaari, he found based on Realtek Realtek (also known as crab) rtl2832u The chip 's USB TV Stick has an open mode of operation, which can be used as a front end of a cheap software radio. This important function is that the chip allows the device to send the original I/Q sampling signal to the host and then the host is responsible for demodulating the DAB/DVB+/FM signal. This is good news for GNSS software receivers because it covers the target frequency bandwidth.
The rtl2832u can output a 8-bit I/q sampling signal at up to 3.2 MSPs baseband sampling frequency with reference to the spec sheet. However, the highest sampling frequency tested to detect lossless is 2.8 MSPS. The frequency range is heavily dependent on the tuner used. A TV bar using the Elonics E4000 Tuner may provide the widest frequency range (64-1700mhz, while there is a blind spot between the 1100-1250mhz). The tuner can overwrite 50mhz-2.2ghz (including dead zones) when the specification is out of use. For more information on this device compatibility, refer to the osmocomsdr Wiki.
The central frequency of the global satellite navigation system (GNSS) Galileo-e1 and gps-l1 links is 1575.42MHz, while the E400 tuner chip can cover this band. We can configure the GNSS-SDR to use the rtl2832u as a real-time signal source, providing a low-cost option (dozens of blocks) for building GPS-L1 signal receivers. With regard to this new feature of GNSS-SDR, this article will cover operational details as well as some performance tests.
0x02 OSMOSDR Drive
To support the Realtek RTL2832U Chip TV Stick, GNSS-SDR needs to use the OSMOSDR GNU Radio Data source module (source block) and its driver. The researcher implements the new GNSS-SDR data source adapter, which is actually a class instance gr_hier_block2 on OSMOSDR, and the associated GNSS-SDR data source name is Osmosdr_signal_source. The source of the adapter is located at:
Trunk/src/algorithms/signal_source/adapters/osmosdr_signal_source.htrunk/src/algorithms/signal_source/adapters /osmosdr_signal_source.cc
Call the LIBGNURADIO-OSMOSDR function library by including the following header file:
#include <osmosdr_api.h> #include <osmosdr_source_c.h>
Adding GNSS-SDR support to rtl2832u at compile time is optional and requires the installation of the OSMOSDR library. For a step-by-step construction approach, consult the GNSS-SDR documentation in Trunk/readme.
0x03 setting GNSS-SDR turn on GPS-L1 Live mode
To be compatible with USB DVB-T devices, we must select Osmosdr_signal_source as the signal source module (Signalsource block) in the GNSS-SDR configuration file (gnss-sdr.conf). In addition, we also need to configure the following parameters:
Baseband sampling frequency //the baseband sampling frequency RF Center frequency //the RF Center frequency RF gain (IF gain) //the RF Gain Automatic Gain Control (AGC) mode//the AGC operation
The valid configuration for receiving GPS-L1 C/A signals is as follows:
[gnss-sdr];######### GLOBAL OPTIONS ################# #GNSS-sdr.internal_fs_hz=2000000;######### control_thread Config ########### #ControlThread. wait_for_flowgraph=false;######### signal_source CONFIG ############ Signalsource.implementation=osmosdr_signal_sourcesignalsource.item_type=gr_complexsignalsource.sampling_ Frequency=2000000signalsource.freq=1575420000signalsource.gain=60signalsource.agc_enabled= Truesignalsource.enable_throttle_control=false
Security researchers recommend setting the sampling frequency to 2 MSPS. In the case of the core 24 core Q9000 processor @2.66ghz and 4G memory hardware, this configuration enables real-time reception of 8 satellite channels. In addition, the automatic gain (AGC) of the E4000 is enabled to achieve the best results.
The problem of the accuracy and stability of the 0x04 rtl2832u oscillator
As Michele Bavaro on his GNSS blog , the precision of the crystal oscillator used in RTL2832U TV sticks is very low. The problem was confirmed by experiments on both devices (EzCap666 and generic P160). The author uses a high-precision signal generator to generate an GPS-L1 carrier signal on the link and then to measure the carrier frequency error in the captured signal. The deviation from the EZCAP device is 80KHz, and the deviation from the P160 device is 14.8KHz.
The error of the local crystal oscillator can cause two effects on the GNSS receiver:
1. The baseband signal is offset to an intermediate frequency (intermediate Frequency//if//medium high frequency; ), equivalent to the bias of the voltage-controlled oscillator (VCO deviation). It can also be seen as a significant Doppler shift. If the superimposed Doppler shift (the actual signal Doppler SHIFT + offset) exceeds the identifiable Doppler search spacing, the signal recognition will fail. 2. Since the analog-to-digital converter's sampling clock also references the local oscillator, the sampling frequency also deviates. This problem affects the delayed phase-locked loop (delay Locked loop DLL) that is traced because the theoretical sampling clock frequency set in the configuration file is biased against the actual sampling clock frequency. If the deviation is too large, the traced delay phase-locked loop (DLL) will also fail to lock.
Thanks to the flexibility of the GNSS-SDR, security researchers can eliminate both of these negative effects by modifying the software receiver configuration. On the one hand, you can use the signal conditioning module (Signal conditioner block) to neutralize the IF (IF) by enabling the following frequency conversion FIR filter:
;######### Signal_conditioner CONFIG ############ signalconditioner.implementation=signal_conditionerdatatypeadapter.implementation=pass_through;######### INPUT_ FILTER CONFIG ########### #InputFilter. implementation=freq_xlating_fir_filterinputfilter.input_item_type=gr_ complexinputfilter.output_item_type=gr_complexinputfilter.taps_item_type=floatinputfilter.number_of_taps= 5inputfilter.number_of_bands=2inputfilter.band1_begin=0.0inputfilter.band1_end=0.85inputfilter.band2_begin= 0.90inputfilter.band2_end=1.0inputfilter.ampl1_begin=1.0inputfilter.ampl1_end=1.0inputfilter.ampl2_begin= 0.0inputfilter.ampl2_end=0.0inputfilter.band1_error=1.0inputfilter.band2_error=1.0inputfilter.filter_type= bandpassinputfilter.grid_density=16inputfilter.sampling_frequency=2000000inputfilter.if=14821;######### Resampler CONFIG ########### #Resampler. implementation=pass_throughresampler.dump=falseresampler.item_type=gr_ Complex
On the other hand, by setting the estimated sampling clock frequency of the GNSS-SDR internal sampling frequency parameter, the sampling frequency error can be measured and considered.
gnss-sdr.internal_fs_hz=corrected_valueinputfilter.sampling_frequency=corrected_valueresampler.sample_freq_in= Corrected_valueresampler.sample_freq_out=corrected_value
0x05 GPS Active Antenna
Security researchers use a low noise amplifier (Noise amplifier LNA) antenna with ceramic patch days as an active GPS antenna to reduce overall noise. Showing the Garmin ga27c GPS antenna, we can see a piece of ceramic patch on its PCB board:
Garmin GA-27 active antenna with plastic shell removed
To connect an antenna to a DVT-T TV stick, the security researcher needs to do some hardware modifications:
1. Assuming that the GPS antenna is configured with an SMA connector, in order for the GPS antenna to be able to connect with the DVB-T TV Stick, we need to make our own RF (RF) cable to convert the SMA connector into a MCX connector. 2. A low Noise amplifier (LNA) is required to feed (feed) using the BIAS-T Network (BIAS-T networks).
0X06 Performance Measurement and conclusion
To receive and process GPS signals in real time, security researchers evaluated two different configurations.
The first approach: security researchers use homemade 20dB amplification and filtering circuitry to connect a DVB TV Stick to an active patch antenna. The gain module (gain block) provides a 5 volt DC voltage to power the low noise amplifier (LNA) inside the active antenna.
A combination of a DVB TV Stick (generic P160), a low noise amplifier (LNA), and an active antenna:
The GA-27 antenna to which the universal P160 DVB-T TV Stick is connected using an external LNA circuit
Another approach: Security researchers use BIAS-T networks (Standard BIAS-T Network) to connect an active GPS antenna directly to a DVB TV stick. This setting is as follows:
Connect the Universal P160 DVB-T TV Stick to the GA-27 antenna using the BIAS-T network
In these experiments, the security researcher uses the Dell XPS M1530 notebook, configured as:
Intel Core 2 Dual Core T9300 CPU (Intel 2 Duo T9300 CPU) Memory: 4 GB Operating system: Ubuntu 12.04 GNU Radio Version 3.6.0
At the time of writing (SVN Rev. 227), the above devices can support the real-time operation of 4 satellite channels by reducing the sampling frequency of the rtlsdrsignalsource from 2MSPS to 1MSPS. Although the supported bandwidth is limited, the GNSS-SDR can be used to obtain, track, and determine the location of these two configurations. The antenna is placed on the roof of the building in the CTTC (complex thermal time constant) and remains stationary during the experimental process.
Tracking.dump=truetracking.dump_filename=./tracking_ch_
In subsequent analytical processing, the researchers used the MATLAB script for the Integrity check (sanity check) with the following script location:
Trunk/src/utils/matlab/gps_l1_ca_dll_pll_plot_sample.m
The picture clearly shows the GPS C/A navigation signal. The output of the PLL and DLL phase detector is very messy.
Tracking data analysis
Finally, the obtained KMV location file is depicted directly through Google Maps, as shown in. The Yellow Line code represents the change in position within the 10-second interval, while the red arrow indicates where the antenna is actually located. In addition, we have also plotted the height of the change situation. Using 4 satellites and a very low sampling frequency -1.2msps, the researchers can estimate the time and velocity time curve of the position (Position velocity and timing PVT), where the estimated positioning error is within 200 meters.
Using Google Maps to analyze the location of GNSS-SDR estimates
0X07 Summary
Summing up this preliminary experiment, the researchers concluded that the use of low-cost Realtek DVB-T TV sticks to achieve GNSS positioning is feasible. It is said that this is the first time that a GNSS software receiver is using a RTLSDR device for a realtime location operation. This milestone allows us to use notebooks and very low-cost hardware to acquire the potential of GNSS services. Researchers are planning to further test and improve support for RTLSDR devices.
* Original address: gnss-sdr.org
Geek diy: Cheap TV Stick Play turn gnss-sdr, realize GPS real-time positioning