Calibrating HackRF One

Warning

There are many kalibrate forks but none does work with the default HackRF clock.

Plan A - kalibrate-hackrf

failing

apt install libtool autoconf automake m4

Get the fork from rxseger

git clone https://github.com/scateu/kalibrate-hackrf.git
cd kalibrate-hackrf/
./bootstrap
./configure 
make -j8

We need no heavy gains and want to get only the strongest channels. Eventually start with 16/16 and then 24/20 or even 32/20. No need to enable the pre-amplifier there unless you’re in a desert with no BTS at all near-by.

echo $hppm

src/kal -h
src/kal -s GSM900 -a -l 32 -g 32 -e $hppm | tee GSM900.HRF
src/kal -s DCS    -a -l 32 -g 32 -e $hppm | tee DCS.HRF
#-p 10

sort -rh -k7,7 GSM900.HRF
sort -rh -k7,7 DCS.HRF

LOOK AT THE OFFSETS - THIS DOES NOT MAKES SENSE - THOSE ARE TOO HIGH

THEREFORE THIS CANNOT WORK

arfcn=
src/kal -b GSM900 -c $arfcn -a -l 32 -g 32 -e $hppm -v

Plan B - LTE-Cell-Scanner

PPM seems to mean something else here – or at least it is used differently that in GQRX and kalibrate. Also it can only be positive, not negative. It rather refers to frequency uncertainty with a default of 120. Use --correction instead and eventually reduce PPM uncertainty down to 10.

install

https://github.com/rxseger/LTE-Cell-Scanner

Grab & build LTE-Cell-Scanner. LNA is hardcoded at 40 and you can only lower VGA, here down to 20.

apt install libitpp-dev liblapack-dev fftw-dev librtlsdr-dev
#sfftw-dev

#git clone git://github.com/Evrytania/LTE-Cell-Scanner.git
#git clone https://github.com/rxseger/LTE-Cell-Scanner.git
git clone https://github.com/JiaoXianjun/LTE-Cell-Scanner.git
cd LTE-Cell-Scanner/
mkdir build/
cd build/
cmake ../ -DUSE_HACKRF=1
make -j4

operations

src/CellSearch -h | less

Scan the whole DCS1800 downlink, which also contains LTE channels

src/CellSearch --gain=32 --ppm $hppm --freq-start 1805.2e6 --freq-end 1879.8e6 > detected.log

grep Detected detected.log

Or watch GQRX and find some LTE channels up there, which can be differenciated from 3G/UMTS pretty easily (see links in Resources section). Then look at a precise range – target center frequency

src/CellSearch --gain=32 --ppm $hppm -s 1814.8e6 -e 1815.0e6
src/CellSearch --gain=32 --ppm $hppm -s 1827e6 -e 1828e6
src/CellSearch --gain=32 --ppm $hppm -s 1842e6 -e 1843e6

Calculate PPM

python

>>> 1e6 * (1 - 1.0000101601567139564)
-10.160156713956425
>>> 1e6 * (1 - 1.0000089694805360807)
-8.96948053608071

>>> 1e6 * ( 1 - 1.0000105717393434901)
-10.571739343490094
>>> 1e6 * ( 1 - 1.0000105360060536075)
-10.536006053607494

However - don’t ask me why - it works best without any correction. PPM here is not what you think it is. For approx. 23 we give a larger PPM range e.g. 30 (default is 120).

src/LTE-Tracker -h | less

src/LTE-Tracker --gain 32 --freq 1814.9e6
src/LTE-Tracker --gain 32 --freq 1814.9e6 --ppm 30
src/LTE-Tracker --gain 32 --freq 1814.9e6 --correction 1.000010 --ppm 30

Resources

3G WCDMA https://www.sigidwiki.com/wiki/3G_WCDMA

4G LTE Network https://www.sigidwiki.com/wiki/4G_LTE_Network

kalibrate forks

https://github.com/scateu/kalibrate-hackrf/

https://github.com/rxseger/kalibrate-hackrf/

https://github.com/xorrbit/kalibrate-hackrf

https://github.com/ckuethe/kalibrate-hackrf/

You should really consider plugging a clock

External Clock Interface (CLKIN and CLKOUT) https://github.com/mossmann/hackrf/wiki/HackRF-One

Clocking https://github.com/mossmann/hackrf/wiki/Clocking

LTE cell scanner

LTE Cell Scanner http://www.evrytania.com/lte-tools/lte-tracker/77-lte-cell-scanner

LTE Cell Scanner http://www.evrytania.com/lte-tools/lte-cell-scanner

how to fix CMake Error at cmake/Modules/FindITPP.cmake:62 (MESSAGE): Could not find ITPP library #28 https://github.com/Evrytania/LTE-Cell-Scanner/issues/28


HOME | GUIDES | BENCHMARKS | html