Multi-RTL for Hopping

multirtl | hackrf-sox & channelize | hopping

Introduction

If you are new to GSM, start without hopping

I de-hopped an SDDCH/8 by using mutlirtl_rx_to_cfile_2chan.py and editing hopping/grgsm_hopping_example.grc accordingly.

Why do some packets pass through without hopping? Before looking for hopping sequences, I first checked the SDDCH/8 without it. Surprise, I can see some rare Ciphering Mode Command over there, already. How can this be?

It can work even without soldering. Multi-RTL is supposed to work with a soldered clock source, but I was able to decode a hopping SDDCH/8 with non-soldered dongles as well: the PPM need to be close enough, that’s all (and use a center value in the grgsm_hopping_example.grc settings).

Requirements

apt install gr-osmosdr gnuradio-dev cmake swig build-essential doxygen python-scipy
apt install python-numpy python-matplotlib python-tk

ppm=-23
arfcn=XX

kalibrate-rtl/src/kal -c $arfcn -g 40 -d 1 -e $ppm
kalibrate-rtl/src/kal -c $arfcn -g 40 -d 0 -e $ppm

ppm=-15

Identify hopping

watch out live

wireshark -k -Y gsmtap -i lo &
grgsm_livemon_headless -h
grgsm_livemon_headless --args=rtl=0 -g 40 -p $ppm -f `arfcncalc -a $arfcn -d`

look for hopping friends (SI1)

tshark -Y 'gsm_a.dtap.msg_rr_type == 0x19' -i lo -T text -V

then define the second arfcn (assuming only two)

arfcn2=XX

look for IAs and check the Mobile Allocation bitmap

tshark -Y 'gsm_a.dtap.msg_rr_type==0x3f && gsm_a.rr.hopping_channel_maio == 0' -i lo -T text -V
# && gsm_a.rr.hsn == 49

Installation

git clone https://github.com/ptrkrysik/multi-rtl.git
cd multi-rtl/
mkdir build/
cd build/
cmake ../
make install
ldconfig

Capture

multi-rtl/examples/mutlirtl_rx_to_cfile_2chan.py -h

#rate=1083333.3333333333
#rate=1.2e6
rate=1.8e6
date; date=`date +%s`; multi-rtl/examples/mutlirtl_rx_to_cfile_2chan.py \
--ch0-id-string="00000001" \
--ch1-id-string="00000002" \
-r $rate \
--sync-freq `arfcncalc -a $arfcn -d` \
--sync-gain-ch0 40 \
--sync-gain-ch1 40 \
--freq-ch0 `arfcncalc -a $arfcn -d` \
--freq-ch1 `arfcncalc -a $arfcn2 -d` \
--gain-ch0 40 \
--gain-ch1 40 \
--fname-ch0 /data/gsm/$date.$arfcn.$rate.$ppm.cfile \
--fname-ch1 /data/gsm/$date.$arfcn2.$rate.$ppm.cfile
#-p THIS IS NOT PPM \
#--ch0-id-string="+52" \
#--ch1-id-string="+44" \

ls -lhF /data/gsm/$date.*.cfile
df -hT /data/

De-hopping

see hopping

Resources

Multi-RTL

Piotr Krysik’s webpage https://ptrkrysik.github.io/

Multi-channel receiver with use of RTL-SDR dongles https://github.com/ptrkrysik/multi-rtl

$16 dual-channel coherent digital receiver http://kaira.sgo.fi/2013/09/16-dual-channel-coherent-digital.html

RTL2832u based coherent multichannel receiver http://yo3iiu.ro/blog/?p=1450


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun