Wide-band capture with HackRF One

multirtl | hackrf-sox & channelize | hopping

Single ARFCN

WARNING: cs8 FILE EXTENSION DOES MATTERS!

    echo $arfcn
    freq=`arfcncalc -a $arfcn -d`
    echo $freq
    echo $ppm
    invppm=$(( 0 - ppm ))
    echo $invppm

capture for 10 seconds (10 x times more sambles than bandwidth)

    hackrf_transfer -r $arfcn.hrf.cs8 -f $freq -a 1 -l 40 -g 24 -s 2e6 -n 20000000 -C "$invppm"
inspectrum --rate 2e6 $arfcn.hrf.cs8

    sox -t raw -b 8 -e signed-integer -c 2 -r 2000000 $arfcn.hrf.cs8 \
            -t raw -b 32 -e floating-point -c 2 $arfcn.hrf.sox
    # rate 1000000
    # -v 2
inspectrum --rate 2e6 $arfcn.hrf.sox

grgsm_channelize -s 2e6 -f $freq -i $arfcn.hrf.sox $arfcn
inspectrum $arfcn.hrf/out_$arfcn.cfile

Let’s try to decode the captured signals

# does not work
    grgsm_decode --mode=BCCH --timeslot=0 --cfile=$arfcn.hrf.sox -v --arfcn=$arfcn --samp-rate=2e6

# does not work either
    grgsm_decode --mode=BCCH --timeslot=0 --cfile=$arfcn.hrf/out_$arfcn.cfile -v --arfcn=$arfcn

Multiple ARFCNs

Let’s say we need to target those two ARFCNs

23 ---> 939.6 bcast 939600000
26 ---> 940.2 hop 940200000

673 ---> 1837400000 (broadcast)
725 ---> 1847800000 (traffic)

and check there is something going-on at those frequencies with GQRX

The minimum bandwidth we need would be

>>> ( 940200000 + 100e3 ) - ( 939600000 - 100e3 )
800000.0

>>> ( 1847800000 + 100e3 ) - ( 1837400000 - 100e3 )
10600000.0

but since the channel bandwidth becomes 1M as for channelize

>>> ( 940200000 + 500e3 ) - ( 939600000 - 500e3 )
1600000.0

>>> ( 1847800000 + 500e3 ) - ( 1837400000 - 500e3 )
11400000.0

wide=2000000
wide=12000000

and the center frequency would be

>>> ( 940200000 + 939600000 ) / 2
939900000

>>> ( 1837400000 + 1847800000 ) / 2
1842600000

center=

check that normal 2M wide capture works and inspect the result

invppm=-22
hackrf_transfer -r air.cs8 -f $freq -a 1 -l 32 -g 24 -s 2e6 -n 10000000 -C "$invppm"
inspectrum --rate 2e6 air.cs8

we can now proceed and capture that wider band. Also inspect the result (you should notice both channels in there - each one being close to every end of the band)

hackrf_transfer -r $arfcn.hop.hrf.cs8 -f $center -a 1 -l 32 -g 24 -s $wide -n $(( wide * 10)) -C "$invppm"
inspectrum --rate $wide $arfcn.hop.hrf.cs8

here we do not need to re-sample, as channelize will do the job later on

sox -t raw -b 8 -e signed-integer -c 2 -r 12000000 $arfcn.hop.hrf.cs8 \
    -t raw -b 32 -e floating-point -c 2 $arfcn.hop.hrf.sox
ls -lhF $arfcn.hop.hrf.*

you are now ready to channelize then de-hop


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun