Monday, November 19, 2018

Basic Overview: Tracking Radio Signals

Finding the source of a radio signal is sort of a fun thing to do for the modern electronics hobbyist.

Confirming the location of a local FM band music broadcaster, amateur radio station or even your cell phone and maybe your car keys is possible with relatively inexpensive equipment since they all transmit RF energy!


With the much anticipated KerberosSDR nearing availability, which will provide unique radio based location capabilities.

Something unrelated recently reminded me to go back to have a look at RTLSDR_Scanner and its latest developments since it offers a lot of great functionality for those interested in radio signal location options available today.
Both solutions use a software defined radio or SDR rather than a traditional radio. This is one reason that makes both of these solutions really exciting!
The conclusion of this article will show you how to generate a map such as the one below that will show signal/power measurements called an "RF Heat Map" using RTLSDR_Scanner.


Kerbo What?

The well funded IndieGoGo campaign of the phase coherent software defined radio that Carl Laufer of the excellent RTL-SDR.com blog, the design team behind the now named Othernet Project and Tamás Pető who is studying electrical engineering at Budapest University.

This trio has created something that will be able to do some amazing things, but let's first take a look at basic radio signal location theory and another modern radio signal location tool.



What is phase coherence?

Let's first look at some basics of radio signal location through some easy to understand math.



If two people (1 &2) knew exactly how far apart they were  (A) and had directional antennas that could help find the maximum signal strength of a transmitter (3), they can use the angles of the signal direction and the known distance between them (A) to guess pretty closely on the approximate direction and distance (B&C) of the signal source (3).
This method of signal location is called triangulation.Radio signals travel at about the speed of light which is about 982 million feet per minute. 
If our two friends standing at location 1 and 2 had identical and synchronized clocks and had radios tuned to the frequency of the transmitter at 3, they could also determine the direction of the signal by moving around a little to see how the signal strength fluctuates, they could also determine the general location of the transmitter with a little more help by use of doppler theory.

Doppler works by sensing how a received signal's frequency (2) fluctuates up or down based on the speed it is traveling and how long it takes to go from source to receiver (1). with multiple antennas (A,B, C, D) .

If multiple receivers/antennas are used at the same time, the difference in time it takes to be received at each can be used to calculate a direction of the signal.

Some form of very fast analog or digital computing and comparison that is part of the receiver is needed since we are talking about nano or millisecond differences.


Phase coherence combines theory behind the speed of which radio signals travel against a known time source along with triangulation in order to find where a signal is coming from.



Police departments have been using a phase coherence system to locate stolen cars for many years called LoJack.  

If you look closely at the roof of the New York State Police cruiser above,  the four antennas on the roof spaced in a square pattern roughly about a foot apart help perform the triangulation and time difference of arrival (TDOA) measurements to quickly locate the stolen vehicle. 

All the police officer generally needs to do is view a display not too different from a no longer in  business company that offered a device called the Ramsey DDF-1 Doppler Direction Finder.


The doppler method of signal location involves the ability to visualize the arrival angle of signals relative to one another of equally spaced antennas through the use of a series of LED lights spaces in a circle pattern.
A special circuit compares the received signal strength at each of four antennas relative time or direction of travel in order to give the direction towards the signal
As the police car travels, the LED lights would blink in the direction where the signal is coming from, if it is in one location. This would tell the officer (or amateur radio operator) which way a signal was coming from and they could try to get close to its location.

Once close enough to a signal, other methods could be used such as a field strength meter to find the smallest of hidden transmitters or chopped out hidden LoJack units. 
Twenty or more years ago, doppler based analog solutions were almost as fancy as one could get in locating transmitters.

In 2018, however, things have come a long way thanks to SDR and even embedded computing devices like the raspberry pi, which can also be used to run RTLSDR_Scanner and the KerberosSDR.

Heat Maps and GPS

The RTLSDR_Scanner application is a little more simple than KerberosSDR. An inexpensive software defined radio (SDR) receiver along with a GPS USB dongle can be purchased together for less than $40 USD.

KerberosSDR, is essentially four SDR's combined into one unit, so should also be able to use the RTLSDR_Scanner software too.

The SDR and GPS along with one antenna, a computer (laptop or Raspberry Pi) and the appropriate software can perform some interesting signal location applications.

GPS provides the function of providing accurate location of the receiver along with a stable time reference.

The locations coordinates, exact time and signal strength of the signal can be combined to provide stunning visualizations of how strong or weak a signal is on mapping programs such as Google Earth

Lets get SDR_Scanner working

In 2016, this program was only operational under a linux computing environment, so was not easy to set up unless you were very involved in computer "stuff".

This program has been available as a much easier to install Microsoft Windows version since last year and is finally what this article is about!

You will need the following hardware and software along with a little patience and clear mind.

Hardware
  • SDR dongle (Suggest the RTL-SDR v3, but pretty much any will work)
  • USB GPS with NMEA output (Suggest the uBlox7 Gmouse)
  • Modern Windows Computer (Meant to run Win7 or later!!)
  • Antenna for frequencies of interest (Most SDR come with a basic antenna or add on options)
Software
First, lets make sure your SDR receiver is functional.  The best tutorial on this can be found here.  
Step 1:  Get your SDR working:  https://www.rtl-sdr.com/rtl-sdr-quick-start-guide/ 
Try listening to some FM broadcast music between 87-108MHz,  weather broadcasts in the 162.4 to 162.6 MHz range or for local amateur radio or business/first responder activity between 420-500 MHz.

Now, let's get your GPS working

The USB GPS should automatically recognize and install drivers for most people on a Windows 7 or 10 computer.

After installing the ublox center program and just playing around with it to show it can receive location data, make a note of what COM port the GPS has decided it will use. 
Note:  The GPS obtains a virtual serial port over USB. You DO NOT need any outdated USB to 9 Pin serial adapter.

The instructions for getting RTLSDR_Scanner are cracking fantastic, so give them a read here and you should be up and running fairly quickly
Step 2:  RTFM = RTLSDR_Scanner Instruction Manual




Try tuning to local weather or music broadcasts to see what activity looks like in a one megahertz wide segment would look like.

The above image shows from 162 to 163 MHz, with a very powerful signal located at 162.475 MHz (Local weather broadcast) and how the signal fades slightly over just a few seconds from 12:04:19 to 12:15:50 due to driving around at a slightly variable speed.

A pinch of GPS and a cup of Google Earth

Now that you have a feel for how the GPS and SDR with RTLSDR_Scanner function, lets combine the two now by enabling GPS data to get combined with RTLSDR_Scanner output.

Below is what exporting the RF signal data looks like over the same 11 minute period when combined with GPS location data as output against Google Earth map.

Step 3: Use this opportunity to install Google Earth if you do not have it already. 

You will need to enable GPS under the "Edit" menu of RTLSDR_Scanner and ensure you change GPS type to "NMEA (Serial)" and select the COM port your USB GPS has.



When everything is configured correctly, you can use RTLSDR_Scanner to show what GPS satellites are being received and also when you get a location lock, your GPS coordinates and altitude will appear in lower right part of the application.



All that is left now is to go drive (or walk?) around with your laptop and start taking some measurements.

Depending on the refresh rate (dwell setting) and resolution (FFT Size setting), the output image on Google earth may vary.
Helpful Note:  Be sure to set mode to "continuous" and not try to sweep too wide a frequency range. Keep it to the smallest based on the signal you are looking for.  YOu also need to indicate how many sweeps to perform or otherwise, it will just keep overwriting the previous sweep which is not very valuable. The minimal setting is 1 MHz. This will help create the best results viewed on the map. To generate an the images in this article required 115 continuous sweeps.

Major benefits with RTLSDR_Scanner 

Here is a list of possible real life user cases that this application will enable:
  • Creating a coverage map for amateur radio repeaters in the 144, 220, 440, 900, 1200 bands
  • Determining general radiation patterns of a mobile or home amateur radio antenna installation
  • General location awareness of commercial radio or broadcasters
  • Interference source location finding
  • Figuring out the range of your garage door opener or other pulsed mode transmissions
  • Basic passive radar system
Sadly, RTLSDR_Scanner is not really designed as a Wi-Fi mapping tool, but by playing around with the dwell setting and using a device like a LimeSDR MiniHackRF One or ADALM Pluto which are more expensive could give interesting results.

These other SDR options can go to about 6 GHz and not covered by the inexpensive SDR dongles that usually do not go too far past 1.9 GHz plus monitor wider bandwidth of up to 30 MHz wide at one time compared to the 3 MHz wide capable RTL SDR v3.

So what is special about KerberosSDR?

For the price of under $150 USD, users will be able to use the hardware and software along with four antennas to generate a heat maps just like RTLSDR_Scanner and also show signal direction using phase coherence theory through new software that Tamás Pető is focused on where an early version is demonstrated here:





Hope you found this article about basics of radio signal location interesting and something to keep you occupied while HVDN awaits its pre order of the KerberosSDR which will then be reviewed here later this winter.

2 comments:

  1. Hi,Looking for someone to help with Heatmaps. I followed your steps but can't get the same results as you.
    Marc

    ReplyDelete
  2. Hi, Nice tutorial. But unfortunately the heatmap overlay generated through rfs file of rtlsdr_scanner is always inaccurate due to the reason that the heatmap image interpolates extra false and stretched colormaps to fill the inner zone of the curve of waypoints. A russian guy made his own scripts in ruby to upload the rfs files which plot heatmaps on google maps online form. But I am still unable to make an offline server to run his scripts. :(

    ReplyDelete

We really do not want to moderate comments, so lets keep it easy to use until it becomes an issue.