1 00:00:00,110 --> 00:00:17,690 *35C3 preroll music* 2 00:00:17,690 --> 00:00:20,040 Friederike: I will give you a short introduction to 3 00:00:20,040 --> 00:00:25,279 software defined radio. So some basics about this technology and some modulation 4 00:00:25,279 --> 00:00:34,289 technology which your also always need if you want to transmit something. First of 5 00:00:34,289 --> 00:00:39,590 all before we come to the software defined radio let's first have a look about what 6 00:00:39,590 --> 00:00:44,890 generally happens in a radio transmission, so the parts you always need to get 7 00:00:44,890 --> 00:00:51,039 something over the air. Normally you have some input signal you want to transmit, an 8 00:00:51,039 --> 00:00:59,629 audio signal, a radio for example, a video signal or just any data. Then you do some 9 00:00:59,629 --> 00:01:06,570 compression. Mostly you do this if you have some digital stuff in analog. You 10 00:01:06,570 --> 00:01:11,579 don't do this so much, some error correction, modulation and then the 11 00:01:11,579 --> 00:01:17,140 frequency assignment to the frequency you want to use for the transmission. 12 00:01:17,140 --> 00:01:24,940 Then you have a radio channel. Sometimes you have mobility if you move. You have a 13 00:01:24,940 --> 00:01:30,810 multi-path propagation. You always have some noise added and often there are also 14 00:01:30,810 --> 00:01:36,420 like other signals in the air which also share the channel. And then at the other 15 00:01:36,420 --> 00:01:42,080 side it goes the other way round. You get the demodulation, error correction if 16 00:01:42,080 --> 00:01:49,540 there are errors and the decompression and hopefully outcomes here original audio or 17 00:01:49,540 --> 00:01:57,810 video signal or the data you had transmitted. A bit to the frequency 18 00:01:57,810 --> 00:02:05,049 assignment: there are frequency plans. Here you can see a frequency plan of the 19 00:02:05,049 --> 00:02:11,400 US. They had a nice chart like this here for example you can see the frequency band 20 00:02:11,400 --> 00:02:20,040 from 88 to 108 megahertz then some aeronautical services and other stuff at 21 00:02:20,040 --> 00:02:26,250 the other frequencies for Europe. They have a really huge table. You can find it 22 00:02:26,250 --> 00:02:34,720 on the website of the ECO - the European Communications Office. Yeah it's quite 23 00:02:34,720 --> 00:02:40,349 large. But if you want to look what's probably on this frequency in the air you 24 00:02:40,349 --> 00:02:51,439 can have a look there. So now let's start with a not software defined radio to get a 25 00:02:51,439 --> 00:02:58,069 bit more used to the principles. What does happen there. Here's for example an old AM 26 00:02:58,069 --> 00:03:02,240 receiver in this on this side. So we get the signal in the air, the AM 27 00:03:02,240 --> 00:03:06,969 transmission. There are still some but they are actually switched off at the 28 00:03:06,969 --> 00:03:16,419 moment. Here now we have a superheterodyne receiver, it's called like this. So what 29 00:03:16,419 --> 00:03:22,099 we have, we have where is my mouse, here is my mouse. So we have here at the 30 00:03:22,099 --> 00:03:28,450 antenna, here is the antenna, we have our signal S1. That's the signal we want to 31 00:03:28,450 --> 00:03:35,010 receive. Then we have some filtering to get rid of all the other signals which are 32 00:03:35,010 --> 00:03:44,190 farther away. Then we have our mixer here. So the LO 33 00:03:44,190 --> 00:03:50,640 frequency of this mixer, like the local oscillator frequency here, is always 34 00:03:50,640 --> 00:03:57,310 chosen in the way that the wanted signal always falls in the same intermediate 35 00:03:57,310 --> 00:04:05,170 frequency. With this you can have a very sharp filter here. The IF filter. So at 36 00:04:05,170 --> 00:04:11,620 your IF fillter output you only get the wanted signal which then, after the 37 00:04:11,620 --> 00:04:18,130 filtering, again some amplification, goes to the demodulator and in the case of AM 38 00:04:18,130 --> 00:04:26,720 now all your information is actually in the amplitude of the signal. So for 39 00:04:26,720 --> 00:04:32,530 decoding and listening the easiest way would be just an envelope detector which 40 00:04:32,530 --> 00:04:38,190 could look like this. You have a diode which actually puts the negative part of 41 00:04:38,190 --> 00:04:44,530 the signal to the positive side. And then here we just use a low pass to get rid of 42 00:04:44,530 --> 00:04:50,830 the intermediate frequency which you can still see here. And afterwards you can 43 00:04:50,830 --> 00:04:57,440 just listen to your audio signal. So in the case of software defined radio we stay 44 00:04:57,440 --> 00:05:05,570 to the to the RX front end in these examples. The TX path would be nearly 45 00:05:05,570 --> 00:05:13,280 similar the other way around. So again, we have the antenna. Antennas are also really 46 00:05:13,280 --> 00:05:21,010 important. Always take a good well adapted antenna to the frequency you want to 47 00:05:21,010 --> 00:05:26,330 receive or the frequency you want to transmit, because otherwise you won't get 48 00:05:26,330 --> 00:05:34,450 any signal out of the air or only a very low part of the signal. I gave a talk on 49 00:05:34,450 --> 00:05:42,110 antennas at 31C3. So if you're interested in antennas you can have a look on 50 00:05:42,110 --> 00:05:52,780 media.ccc.de. Then again we again have some filteirng, an amplifier, and now we 51 00:05:52,780 --> 00:05:59,680 have an IQ mixer. Here you can see it actually consists of 52 00:05:59,680 --> 00:06:05,800 two mixers and this local oscillator signal is shifted by 90 degrees to the 53 00:06:05,800 --> 00:06:14,350 lower part here of our signal. Then again some filtering, amplification and then we 54 00:06:14,350 --> 00:06:24,480 get the analog to digital converters here to get our IQ signal then to the computer 55 00:06:24,480 --> 00:06:32,240 for decoding and software. We still have actually a big analog part 56 00:06:32,240 --> 00:06:38,620 here. So most of the front end is still an analog and the digital part actually is 57 00:06:38,620 --> 00:06:44,440 only this after the analog to digital converter. In this case of a classical 58 00:06:44,440 --> 00:06:54,070 software defined radio front end. IQ data are pretty cool, they contain actually the 59 00:06:54,070 --> 00:07:02,880 raw signal that is coming out of the air. You could also record the raw signal. It's 60 00:07:02,880 --> 00:07:11,470 fastly getting huge. And for example do then the demodulation later. If you put 61 00:07:11,470 --> 00:07:18,280 those IQ signals on a coordinate plane, which you can see here on the right side, 62 00:07:18,280 --> 00:07:24,250 you can see also the phase shift of 90 degrees between the I, which is the 63 00:07:24,250 --> 00:07:32,220 inphase component, and the Q which is the quadrature component of the signal. If you 64 00:07:32,220 --> 00:07:44,590 assigns some numbers, we can also combine them with a vector. We can use Pythagoras 65 00:07:44,590 --> 00:07:49,780 for example to get the amplitude of the resulting vector, we can do some 66 00:07:49,780 --> 00:07:57,330 trigonometry to get the angle. Actually those two parameters like the 67 00:07:57,330 --> 00:08:04,270 angle and the amplitude are the main parameters you can put information in. So 68 00:08:04,270 --> 00:08:09,460 in the example before, like the AM modulation, you only use actually the 69 00:08:09,460 --> 00:08:15,740 amplitude of the signal. In contrast to this an FM modulation for example has a 70 00:08:15,740 --> 00:08:21,590 constant amplitude and all the information is put to the to the phase or the 71 00:08:21,590 --> 00:08:28,640 frequency. So no matter what kind of modulation is used, these IQ data actually 72 00:08:28,640 --> 00:08:34,419 contain all the necessary information. A nice example of a modulation which is 73 00:08:34,419 --> 00:08:40,578 often used nowadays and that also uses both of those parameters is the QAM 74 00:08:40,578 --> 00:08:48,660 modulation. OK, I already told this. The QAM modulation here for example is a 75 00:08:48,660 --> 00:08:54,650 constellation diagram out of the program GNURadio. 76 00:08:54,650 --> 00:08:59,500 Oh it's a bit shifted everything, doesn't matter. So here again we have our inphase 77 00:08:59,500 --> 00:09:07,310 component on the x axis and the quadrature component on the vertical axis with the 78 00:09:07,310 --> 00:09:14,160 4-QAM we have four symbols, so we can put in two bits per symbol. A 16-QAM for 79 00:09:14,160 --> 00:09:23,290 example you can put in four bits per symbol. If we go further, 64-QAM we can 80 00:09:23,290 --> 00:09:32,140 put in six bits per symbol. This for example is used in DVB-T or DAB like 81 00:09:32,140 --> 00:09:45,839 broadcasting systems or in Wi-Fi 802.11n uses up to 64-QAM. LTE also uses up to 82 00:09:45,839 --> 00:09:57,161 64-QAM. When we go for father 802.11ac uses 256-QAM, so even more dots. You can 83 00:09:57,161 --> 00:10:07,089 put in eight bits then per symbol and so does LTE Advanced and so the more data you 84 00:10:07,089 --> 00:10:19,310 want to transmit, the more symbols you need. 802.11ax uses up to ten 1024-QAM 85 00:10:19,310 --> 00:10:26,709 with 10 bits per symbol. And so does successor of 4G like the 5G New Radio also 86 00:10:26,709 --> 00:10:37,720 uses up to 1024-QAM. Becomes interesting when we add some noise. 87 00:10:37,720 --> 00:10:43,100 So you always, as I told you, always got the channel you always got noise. This is 88 00:10:43,100 --> 00:10:48,709 what happens if we add some noise to the 64-QAM. You could still like estimate 89 00:10:48,709 --> 00:10:56,699 where the original symbol would be. This becomes even more difficult if we go to 90 00:10:56,699 --> 00:11:06,540 the 1024-QAM. That's also why those broadband systems always use an adaptive 91 00:11:06,540 --> 00:11:11,820 modulation like within the first data exchange they communicate about the 92 00:11:11,820 --> 00:11:18,249 quality of the signal and only if you get a really good signal level at the 93 00:11:18,249 --> 00:11:24,739 receiver, you choose the highest order modulation. Otherwise it ramped down to 94 00:11:24,739 --> 00:11:30,129 lower orders. So these high order modulations only work with really good 95 00:11:30,129 --> 00:11:41,600 signal levels. So let's go back to the IQ data. Those IQ data are closely related to 96 00:11:41,600 --> 00:11:52,040 complex numbers. So to get the complex number let's add some imaginary unit j. So 97 00:11:52,040 --> 00:12:01,390 we get our complex number actually a C = I + j * Q which are again our inphase and 98 00:12:01,390 --> 00:12:08,120 quadrature component. So a complex number you can write them in 99 00:12:08,120 --> 00:12:12,490 the Cartesian form which I showed. The mostly often used form is 100 00:12:12,490 --> 00:12:21,799 actually the polar form where are we add Euler's number. So it becomes like C quals 101 00:12:21,799 --> 00:12:28,540 a multiplied by e, Euler's number, to the power of j * phi which is our phase here 102 00:12:28,540 --> 00:12:40,240 again. So in this case like our real axis, the inphase axis here becomes our real 103 00:12:40,240 --> 00:12:52,990 axis and the Q axis becomes our imaginary axis. This property of this polar form, 104 00:12:52,990 --> 00:13:01,080 which is often needed in digital signal processing, is the multiplication. Like if 105 00:13:01,080 --> 00:13:13,779 you multiply two polar formed complex numbers this ends up in an addition of the 106 00:13:13,779 --> 00:13:18,600 elevated parts here. And this is often used for example in Fourier 107 00:13:18,600 --> 00:13:24,990 transformations or if you mix signals to get them from one frequency to the other. 108 00:13:24,990 --> 00:13:29,820 One this later it looks quite complex but it's really worth using it at the end. 109 00:13:29,820 --> 00:13:38,889 So um the first step in the software defined radio is then to get the right 110 00:13:38,889 --> 00:13:44,100 parts of the signal through the front end, because if you don't get your IQ data 111 00:13:44,100 --> 00:13:51,420 actually properly, afterwards decoding in software becomes very very difficult or 112 00:13:51,420 --> 00:13:58,019 even impossible. So let's have a look at the different parts of our software 113 00:13:58,019 --> 00:14:05,970 defined receiver. After the antenna, filtering and amplifier, we have this IQ 114 00:14:05,970 --> 00:14:14,279 mixer. To keep it a bit more simple for now we just skip the IQ part and have a 115 00:14:14,279 --> 00:14:22,220 look what a mixer in general is doing. To get the signal from the transmitted 116 00:14:22,220 --> 00:14:27,769 frequency to the IF, to the intermediate frequency, it is multiplied with an LO 117 00:14:27,769 --> 00:14:33,790 signal and then filtered. This multiplication actually ends up here in an 118 00:14:33,790 --> 00:14:42,059 addition. Here this higher part and in a subtraction of the two frequencies we put 119 00:14:42,059 --> 00:14:49,839 in here. And with the filter we actually get rid of of the higher part here. The 120 00:14:49,839 --> 00:14:57,509 mixer defines the frequency range the SDL front end is working on. For example there 121 00:14:57,509 --> 00:15:06,389 are those quite cheap RTL SDR USB sticks which were originally made for DVB-T 122 00:15:06,389 --> 00:15:14,370 reception. They work for example from 24 megahertz up to 1766 megahertz. 123 00:15:14,370 --> 00:15:24,769 Then there's the HackRF, which is also an often used SDR font end, works from 1 MHz 124 00:15:24,769 --> 00:15:35,279 up to 6 GHz. And the radio badge from the CCC camp 2015 works from 50 MHz up to 4 125 00:15:35,279 --> 00:15:43,930 GHz. As I told, the mixer here is a bit simplified. Here is for example the the 126 00:15:43,930 --> 00:15:57,209 mixer chipset of the HackRF. Here you can see the IQ mixing part here. 127 00:15:57,209 --> 00:16:02,869 Next step then, after again some filtering amplification is the analog to digital 128 00:16:02,869 --> 00:16:11,269 converter. We get the analog signal in here. And what the computer actually needs 129 00:16:11,269 --> 00:16:18,240 are samples of the signal. So they have to be taken at dedicated times t here. We get 130 00:16:18,240 --> 00:16:24,519 the sampling rate here: 1 divided by T. This sampling rate must comply with the 131 00:16:24,519 --> 00:16:29,769 Nyquist Shannon sampling theorem. Otherwise your signal can't be 132 00:16:29,769 --> 00:16:36,139 reconstructed properly. You get effects like aliasing where you have frequencies 133 00:16:36,139 --> 00:16:45,939 that actually are not there, but are caused by the undersampling of the signal 134 00:16:45,939 --> 00:16:53,550 and for complying this Nyquist Shannon theorem, like the the bandwidth of your 135 00:16:53,550 --> 00:16:58,759 signal, of the signal you want to digitize, has to be smaller than one 136 00:16:58,759 --> 00:17:13,609 divided by 2*T. Here an example of an DAB+ signal. DAB+ is nice because it always has 137 00:17:13,609 --> 00:17:22,520 a bandwidth of 1.5 MHz, it has quite sharp edges because it uses an OFDM modulation. 138 00:17:22,520 --> 00:17:34,680 This here was received with an RTL SDR DAB/DVB-T stick, with the software Gqrx 139 00:17:34,680 --> 00:17:41,450 which has a maximum sampling rate of 3.2 MHz. So let's check for Nyquist. We have 140 00:17:41,450 --> 00:17:49,410 our bandwidth of 1.5 MHz, we have the sampling rate of 3.2 MHz. So 1 divided by 141 00:17:49,410 --> 00:18:02,050 2*T is 1.6 MHz and 1.5 MHz is smaller than 1.6 MHz. Great! We can receive a DAB+ 142 00:18:02,050 --> 00:18:15,280 signal with a DAB receiver. You might ask now, this is also for the DVB-T reception 143 00:18:15,280 --> 00:18:22,340 which has a bandwidth of 8 MHz. So you would need a sampling rate of 60 MHz to 144 00:18:22,340 --> 00:18:28,890 receive or to digitize this. That's actually a nice example of the usage of 145 00:18:28,890 --> 00:18:37,930 SDR in comparison to dedicated chipsets. So DVB-T here doesn't use the SDR mode of 146 00:18:37,930 --> 00:18:46,210 this chipset, but it has a dedicated DVB-T chipset in here. So chipset development is 147 00:18:46,210 --> 00:18:52,830 quite expensive, but if there is a mass market and for television there is a mass 148 00:18:52,830 --> 00:19:00,170 market, they can be produced very cheap. So actually the SDR mode was probably 149 00:19:00,170 --> 00:19:08,550 added for the DAB reception. Also with the growing bandwidth the power consumption of 150 00:19:08,550 --> 00:19:15,640 the SDR mode becomes quite high, because you have always to digitize the whole 151 00:19:15,640 --> 00:19:20,950 bandwidth of your signal. So if it comes for example to LTE with 20 152 00:19:20,950 --> 00:19:31,640 or 40 MHz bandwidth this becomes quite relevant. OK, we can get the DAB signal 153 00:19:31,640 --> 00:19:36,370 here. The next relevant parameter here is the 154 00:19:36,370 --> 00:19:44,430 resolution of the ADC. With a 3 bit resolution for example you would get 8 155 00:19:44,430 --> 00:19:53,640 discrete values from your signal. With an 8 bit resolution you get 256 values. With 156 00:19:53,640 --> 00:20:02,670 60 bit you get a lot of values and those parts of the step here, you can see for 157 00:20:02,670 --> 00:20:11,560 example the 3 bit resolution and the 6 bit resolution of a sine signal and all those 158 00:20:11,560 --> 00:20:18,260 parts of the steps, of the 3 bit resolution, actually end up in noise, 159 00:20:18,260 --> 00:20:25,020 which is called quantization noise. Here for example you see the spectral view 160 00:20:25,020 --> 00:20:31,480 of the signal. The first one with a 6 bit resolution. You can see the noise floor 161 00:20:31,480 --> 00:20:41,970 here at -68 dB and below with the 8 bit resolution, the noise floor falls down by 162 00:20:41,970 --> 00:20:52,200 12 dB. So we get a noise floor down at -80 dB. What we also see here is actually here 163 00:20:52,200 --> 00:21:03,520 are some examples. The RTL SDR has two 8 bit ADCs, the HackRF and the Rad1o have a 164 00:21:03,520 --> 00:21:11,450 dual 8 bit receive ADCs and, as they are also transmitting purposes, they have a 165 00:21:11,450 --> 00:21:19,520 dual 10 bit transmit DAC, so the other way round to get your digital signal in the 166 00:21:19,520 --> 00:21:28,400 analog domain again. The RTL SDR is only for receiving purposes. 167 00:21:28,400 --> 00:21:32,880 What we also see here is on the right side, we get our signal in the time 168 00:21:32,880 --> 00:21:40,990 domain, on the left side we get the frequency domain. So how do we get the 169 00:21:40,990 --> 00:21:49,460 frequency view of our signal? Here for example in the form of a spectral view and 170 00:21:49,460 --> 00:22:03,470 down here is this with a nice colors, this part is called a waterfall diagram. Here 171 00:22:03,470 --> 00:22:09,560 in the spectrum view we see the level of our signal components over the frequency 172 00:22:09,560 --> 00:22:18,860 and the waterfall diagram then shows the different levels and different colors 173 00:22:18,860 --> 00:22:26,010 plotted over the time here. So how do we get the frequency view of our 174 00:22:26,010 --> 00:22:34,680 signal? Actually uh we use a Fourier transformation to convert the time the 175 00:22:34,680 --> 00:22:42,260 main signal into the frequency domain. Wikipedia actually had a nice animation 176 00:22:42,260 --> 00:22:49,710 about this in public domain, so we have a square wave signal which is a linear 177 00:22:49,710 --> 00:22:55,590 combination of sines of different frequencies here in blue. And the 178 00:22:55,590 --> 00:23:01,970 component frequencies of these sines then are spread across the frequency spectrum 179 00:23:01,970 --> 00:23:07,030 and they are represented here as peaks in the frequency domain. 180 00:23:07,030 --> 00:23:13,900 So mathematically this looks like this: here we get the different components, the 181 00:23:13,900 --> 00:23:20,700 sine components of our square wave signal. For the sake of simplicity, we just skip 182 00:23:20,700 --> 00:23:27,880 the harmonics here, just take the sine signal, calculate the Fourier 183 00:23:27,880 --> 00:23:36,240 transformation which is an integral of our function. The sine signal here multiplied 184 00:23:36,240 --> 00:23:48,810 by e^(-j*2*pi*f*t) and integrated over t. We also use again the polar form here, 185 00:23:48,810 --> 00:23:59,170 which then ends up in a multiplication of these components and the integral of this 186 00:23:59,170 --> 00:24:10,770 multiplication then ends up in delta impulses at a frequency here of a and -a 187 00:24:10,770 --> 00:24:16,620 and we still have half of an inverse imaginary unit here. 188 00:24:16,620 --> 00:24:25,160 If we have a look at the Fourier transform of a complex constant wave signal, this 189 00:24:25,160 --> 00:24:35,600 actually simplifies to 1 delta impulse here at the frequency of a. For practical 190 00:24:35,600 --> 00:24:43,960 purposes um computational purposes we use a DFT, like a discrete Fourier 191 00:24:43,960 --> 00:24:55,170 transformation, so the integral ends up in a summation of the signal components. And 192 00:24:55,170 --> 00:24:59,860 actually normally we use a fast Fourier transformation which you also see in all 193 00:24:59,860 --> 00:25:09,530 the software, which is actually an algorithm to efficiently calculate a DFT. 194 00:25:09,530 --> 00:25:16,921 So let's have a view again at the DAB signal here with the Gqrx software. We 195 00:25:16,921 --> 00:25:23,100 have the waterfall view and because it's a bit small, no here it's actually quite 196 00:25:23,100 --> 00:25:32,851 seen. Yeah it's a bit bigger. So on the left side we have an FFT size of 32768 and 197 00:25:32,851 --> 00:25:41,890 on the right side an FFT size of 512 and actually with the FFT length you define 198 00:25:41,890 --> 00:25:47,851 afterwards the resolution of the bandwidth of the spectrum. So you can see here, it's 199 00:25:47,851 --> 00:25:58,110 much more coarser than with a higher radio resolution bandwidth here on the left 200 00:25:58,110 --> 00:26:04,680 side. Then the sliders down here, you can find 201 00:26:04,680 --> 00:26:14,100 those sliders and stuff here in the FTT settings of Gqrx if you want to have a 202 00:26:14,100 --> 00:26:20,280 look at this software. The sliders here down, I also have them a bit bigger here 203 00:26:20,280 --> 00:26:26,040 you can define the reference level. So if you have a very low signal, you have to 204 00:26:26,040 --> 00:26:35,330 put it a bit down. And also the, range like the range you see your signal. If you 205 00:26:35,330 --> 00:26:40,340 have a high dynamic signal, you need a large range to see all the parts of the 206 00:26:40,340 --> 00:26:47,540 signal. If you have a very very low signal power you need to switch it down to a 207 00:26:47,540 --> 00:26:57,490 smaller range to actually see anything of your signal. 208 00:26:57,490 --> 00:27:03,190 So the possibility is actually to efficiently calculate an FFT or IFFT, like 209 00:27:03,190 --> 00:27:09,230 the inverse Fourier transformation, also gave the possibility to a wider use of 210 00:27:09,230 --> 00:27:15,360 multi carrier modulation methods as OFDM here, orthogonal frequency division 211 00:27:15,360 --> 00:27:20,410 multiplex. Nowadays this is often used in mobile 212 00:27:20,410 --> 00:27:27,270 communication systems such as LTE due to its resistance to the effects of the 213 00:27:27,270 --> 00:27:34,220 propagation channel. For example multi- path propagation um often causes 214 00:27:34,220 --> 00:27:46,420 destructive interferences so some of your carriers actually are in an destructive 215 00:27:46,420 --> 00:27:53,100 interference part, so they are actually attenuated a lot. 216 00:27:53,100 --> 00:27:58,990 And if you if you distribute your information over several carriers, you 217 00:27:58,990 --> 00:28:06,040 still have the chance to receive some of the carriers and then you can afterwards 218 00:28:06,040 --> 00:28:11,980 use some error correction mechanisms to repair actually the data and get something 219 00:28:11,980 --> 00:28:20,830 out of the data. And so here the FFT or in the TX case, in the the transmission case, 220 00:28:20,830 --> 00:28:31,000 an inverse FFT is used actually to distribute the, for example the QAM data 221 00:28:31,000 --> 00:28:40,020 to the different frequencies to the different carriers. Then it's again the 222 00:28:40,020 --> 00:28:52,220 regular IQ mixer and in the case of the reception we use the FFT to get the 223 00:28:52,220 --> 00:29:01,780 symbols, the QAM symbols for example, out of our different carriers. Here again you 224 00:29:01,780 --> 00:29:15,090 see I like DAB, again the DAB signal. Here we have a DAB uses 1536 subcarriers and 225 00:29:15,090 --> 00:29:21,760 the number of subcarriers here actually is also always a compromise of how close your 226 00:29:21,760 --> 00:29:28,270 subcarriers are, which defines how much Doppler shifts, in case of mobile 227 00:29:28,270 --> 00:29:35,870 reception, your system is capable to scope with and on the other hand it defines how 228 00:29:35,870 --> 00:29:44,110 long your signal is in the air. So the more carrier you have the longer your 229 00:29:44,110 --> 00:29:52,230 signal is and that has an effect on how much delay your signal can scope with. 230 00:29:52,230 --> 00:30:01,560 Additionall, often there is a guard interval added to the symbol to scope with 231 00:30:01,560 --> 00:30:08,120 more delays, for example DAB is a broadcasting system with a capability of 232 00:30:08,120 --> 00:30:13,380 single frequency networks, so you can run different transmitters on the same 233 00:30:13,380 --> 00:30:20,220 frequency with the same program but especially in the overlapping areas this 234 00:30:20,220 --> 00:30:26,600 results in very large delays So that's why the broadcasting system has very much 235 00:30:26,600 --> 00:30:39,820 carriers. LTE in contrast only has in the downlink with a 10 MHz bandwidth 601 236 00:30:39,820 --> 00:30:50,470 carriers, in the uplink 600. And 802.11ac for example with 40 MHz bandwidth has 128 237 00:30:50,470 --> 00:30:57,420 carriers. So now let's come back from this quite 238 00:30:57,420 --> 00:31:03,820 complex world of software defined radio to the real world. So what SDR actually 239 00:31:03,820 --> 00:31:09,670 brings are quite cheap and flexible solutions of formerly very expensive 240 00:31:09,670 --> 00:31:17,050 technology. That's why it's actually often used in academia are also for prototyping 241 00:31:17,050 --> 00:31:25,740 purposes. But there's also a quite big community developing open source software 242 00:31:25,740 --> 00:31:31,510 for software defined radio. I want to show you now like two examples where those SDR 243 00:31:31,510 --> 00:31:40,540 technologies facilitated community driven projects. One is digital radio which goes 244 00:31:40,540 --> 00:31:49,480 digital in Switzerland or Community Radio goes digital In Switzerland. Like 245 00:31:49,480 --> 00:31:54,750 digitizing local community radio has actually long been a problem, community 246 00:31:54,750 --> 00:32:00,170 radios are a non-profit making media produced by a local community and serving 247 00:32:00,170 --> 00:32:05,160 a local community. There's also one here in Leipzig which are 248 00:32:05,160 --> 00:32:10,200 also doing a program from the Congress here. I think they are actually starting 249 00:32:10,200 --> 00:32:17,870 now for I think for 3 hours today. It's called Fairydust.FM, so if you want to 250 00:32:17,870 --> 00:32:28,660 listen you can look at the wiki where to receive them. They mostly do not have a 251 00:32:28,660 --> 00:32:35,321 huge budget for running a radio. The development was facilitated by a low 252 00:32:35,321 --> 00:32:39,660 threshold cheap transmitter. So FM transmitters are really cheap now or they 253 00:32:39,660 --> 00:32:48,710 can be built. With DAB now, digital audio broadcast, the possibilities of running 254 00:32:48,710 --> 00:32:54,170 your own cheap transmitter became quite difficult for a long long time. DAB was 255 00:32:54,170 --> 00:32:59,280 developed by the big broadcasting corporations like BBC or the German public 256 00:32:59,280 --> 00:33:03,630 media. And it's actually adapted to their needs. 257 00:33:03,630 --> 00:33:08,770 You can put in a lot of programs in multiplexes, you can run huge single 258 00:33:08,770 --> 00:33:15,680 frequency networks. There is a national SFN in Germany for example. Local 259 00:33:15,680 --> 00:33:22,640 community radios, so does local commercial radios, need more like flexible cheap 260 00:33:22,640 --> 00:33:32,950 radio transmission. So you might argue that digital radio isn't relevant anymore 261 00:33:32,950 --> 00:33:40,020 but actually there are countries that start to switch off FM and only streaming 262 00:33:40,020 --> 00:33:46,140 through the Internet is also not an appropriate solution. So what happened 263 00:33:46,140 --> 00:33:51,440 some years ago was, that people started to write open source DAB SDR software to 264 00:33:51,440 --> 00:33:57,020 build up quite cheap DAB transmitters. You can find the software here on 265 00:33:57,020 --> 00:34:04,500 opendigitalradio.org. They have this nice penguin with a transmission tower as a 266 00:34:04,500 --> 00:34:14,230 logo and in Switzerland the FM switch-off is set to 2024. So it's quite coming 267 00:34:14,230 --> 00:34:21,049 closer and a lot of communities are already on the digital airwaves there with 268 00:34:21,049 --> 00:34:29,639 this solution of software defined radio based transmitter technologies. 269 00:34:29,639 --> 00:34:35,770 The UK is also on the way to switch off FM and there the Ofcom actually recently 270 00:34:35,770 --> 00:34:42,169 started a survey about the demand for small scale DAB. Also based on this SDR 271 00:34:42,169 --> 00:34:51,429 solution which makes it affordable to community radios. Another example is 272 00:34:51,429 --> 00:34:59,079 community-driven cellular telephone telephony. In remote areas, for example in 273 00:34:59,079 --> 00:35:05,309 Mexico and probably in a lot of more countries, often there is no cellular 274 00:35:05,309 --> 00:35:10,079 network connection at all as it's just not a good business for mobile broadband 275 00:35:10,079 --> 00:35:19,390 providers if you have only a few hundred clients to use it or customers who pay for 276 00:35:19,390 --> 00:35:24,930 it. I was some years ago in the south of Mexico for an article about the first 277 00:35:24,930 --> 00:35:30,459 community driven cellular network which was also built on open source SDR 278 00:35:30,459 --> 00:35:39,250 technology like OpenBSC and OpenBTS which made it then quite affordable for the 279 00:35:39,250 --> 00:35:47,750 communities there. Today this "association telecommunications *inaudible* comunitarias" has 280 00:35:47,750 --> 00:35:54,779 a license to run autonomous telephone networks in different parts of Mexico as 281 00:35:54,779 --> 00:35:59,809 Chapels (*inaudible* Mexican region), Vera Cruz and Puebla and nowadays they are already 282 00:35:59,809 --> 00:36:06,440 running nearly 20 cellular networks there and they also do a lot of trainings and 283 00:36:06,440 --> 00:36:16,829 write a lot of manuals. So if you want to learn how to run your own GSM networks, 284 00:36:16,829 --> 00:36:24,210 they are actually only, you can have a look on their site. So these are only two 285 00:36:24,210 --> 00:36:33,669 examples of projects where SDR facilitated low budget communication, so you might 286 00:36:33,669 --> 00:36:43,589 ask, if you now want to have a look on SDR yourself, where to start. So for radio 287 00:36:43,589 --> 00:36:49,599 reception this cheap RTL SDR USB sticks are your friend. 288 00:36:49,599 --> 00:36:58,400 They cost around 10 to 20 euros depending on where you get it. And there's software 289 00:36:58,400 --> 00:37:06,730 like this Gqrx, which I already had a lot of examples in my slides, which runs on 290 00:37:06,730 --> 00:37:15,119 Linux and Mac. Here's an example of Gqrx for FM reception for example. It has also 291 00:37:15,119 --> 00:37:23,769 an built-in FM decoder, so you can really listen to FM radio. There are also AM 292 00:37:23,769 --> 00:37:32,610 decoder and some others also. You can also dump the IQ data with this Gqrx for 293 00:37:32,610 --> 00:37:43,210 decoding it later. There's also software for Windows like SDR# or HSDR or WinSDR. 294 00:37:43,210 --> 00:37:50,220 Always keep in mind that listening to non- public broadcasts is forbidden! The next 295 00:37:50,220 --> 00:37:59,260 level then would be GNURadio, I already showed in between the talk plots from 296 00:37:59,260 --> 00:38:07,279 GNURadio, like the constellation plots of QAM modulation. GNURadio actually offers a 297 00:38:07,279 --> 00:38:13,690 very large framework for software defined radio functions. Also to build your own 298 00:38:13,690 --> 00:38:21,430 applications. There are sources. For example here is a source where you can 299 00:38:21,430 --> 00:38:29,670 connect your RTL SDR USB stick, define here the sampling rate, the frequency and 300 00:38:29,670 --> 00:38:36,339 different and other stuff here. Then you have a lot of function here, for example 301 00:38:36,339 --> 00:38:43,619 the FM demodulation, you have a spectrum viewer, here the FFT sink, different 302 00:38:43,619 --> 00:38:50,970 resamplers and then you have different sinks here. You you connect it to your 303 00:38:50,970 --> 00:38:58,759 sound card with the audio sink and in this case listen to FM radio. You can also 304 00:38:58,759 --> 00:39:08,319 define a sink to connect your HackRF to transmit something. You can also write 305 00:39:08,319 --> 00:39:14,519 your own functions. So it's quite easy in this graphical front, the GNU Radio 306 00:39:14,519 --> 00:39:22,380 Companion to add own functions. There are many tutorials also in the 307 00:39:22,380 --> 00:39:29,829 Internet and very active community and it's also very often used in academia. So 308 00:39:29,829 --> 00:39:34,950 if you are perhaps studying or are planning to study, there are very often 309 00:39:34,950 --> 00:39:41,410 projects around GNURadio which you can work on if you're interested. There is 310 00:39:41,410 --> 00:39:48,400 also a lot of different SDR hardware available. So the HackRF I already 311 00:39:48,400 --> 00:39:53,670 mentioned, the Rad1o badge from the CCC camp. So if you don't have one, you can 312 00:39:53,670 --> 00:40:01,030 ask around perhaps someone still have one lying around. There are more expensive 313 00:40:01,030 --> 00:40:06,829 ones, which then have for example better resolutions, the ADCs, DACs have better 314 00:40:06,829 --> 00:40:12,460 resolutions. Um there is the USRP family which is much 315 00:40:12,460 --> 00:40:21,239 more expensive but, yeah you can do a lot more with this and it's also very often 316 00:40:21,239 --> 00:40:30,020 used in academia. I also knew it from my time I worked at the university. So 317 00:40:30,020 --> 00:40:34,170 further information, if you are now becoming really interesting, there are 318 00:40:34,170 --> 00:40:39,900 lots of massive open online courses. For example I saw one from the University of 319 00:40:39,900 --> 00:40:48,059 Madrid but in English. So there are video tutorials for example from the makers of 320 00:40:48,059 --> 00:40:55,099 the HackRF at their website. There also nice, free available books on SDR by 321 00:40:55,099 --> 00:41:03,109 Analog Devices for example, if you look for "SDR4 engineers". And if you are now 322 00:41:03,109 --> 00:41:13,799 here, there is an SDR challenge at the congress. They have a table in Hall 3 in 323 00:41:13,799 --> 00:41:20,339 the wastelands there. If we have a look at the small brand(???) so there are various 324 00:41:20,339 --> 00:41:26,730 different SDR challenges from quite easy to difficult. There's a game server to 325 00:41:26,730 --> 00:41:32,679 claim your flag in a team and if you don't have an SDR you can borrow one, like these 326 00:41:32,679 --> 00:41:39,970 RTLS SDR sticks, for a deposit and there also if you don't like all this GNURadio 327 00:41:39,970 --> 00:41:48,220 stuff, there are also Bluetooth challenges. So thanks for your attention. 328 00:41:48,220 --> 00:41:52,360 And feel free to ask questions if you want! 329 00:41:52,360 --> 00:42:01,770 *Applause* 330 00:42:01,770 --> 00:42:03,590 Herald: Thank you. We have at least 15 331 00:42:03,590 --> 00:42:08,799 minutes left for Q and A. So walk to a microphone and let's see what you got 332 00:42:08,799 --> 00:42:21,230 questionwise. OK, microphone number five. Question: Yeah. You mentioned that 333 00:42:21,230 --> 00:42:29,240 listening to a non-public broadcast is forbidden. What's your basis for this. 334 00:42:29,240 --> 00:42:37,559 Because if I recall correctly the European Convention of Human Rights has an article 335 00:42:37,559 --> 00:42:43,640 about being free to conduct journalism. And there was a claim that journalism 336 00:42:43,640 --> 00:42:49,989 includes just listening to the entire FM spectrum. 337 00:42:49,989 --> 00:42:54,830 Answer: Yeah. The FM spectrum is public so there's no problem. But there are other 338 00:42:54,830 --> 00:43:00,170 services like that are not encrypted because in former times this technology 339 00:43:00,170 --> 00:43:09,049 just wasn't available or affordable for normal persons. So nowadays you have much 340 00:43:09,049 --> 00:43:14,630 more possibilities to receive other frequencies for example quite easily which 341 00:43:14,630 --> 00:43:19,089 are not public. And so it's forbidden to listen to them actually. 342 00:43:19,089 --> 00:43:27,040 Q: Yeah but by what? Is there a law? A: The law? Oh I'm not a lawyer so I don't 343 00:43:27,040 --> 00:43:33,379 know exactly what law it is. Q: Okay. 344 00:43:33,379 --> 00:43:40,869 H: Okay, any other questions? Does the Internet have questions by now? If you 345 00:43:40,869 --> 00:43:45,210 have a question by the way just go to a microphone. 346 00:43:45,210 --> 00:43:50,069 Signal: The Internet doesn't have any questions but MCR of open digital radio 347 00:43:50,069 --> 00:43:53,369 would like to thank you for speaking with them. 348 00:43:53,369 --> 00:43:59,310 H: OK. That's not a question. A: Sorry, what? I didn't get it. 349 00:43:59,310 --> 00:44:05,160 S: No questions. A: Okay. Okay great. 350 00:44:05,160 --> 00:44:10,420 H: Well that's a quick one then. Thank you all for your attention. Oh sorry. 351 00:44:10,420 --> 00:44:16,679 Microphone number two. Q: Yeah. It's not a question either. It's 352 00:44:16,679 --> 00:44:21,089 just a clarification of the legal situation. So basically you're allowed to 353 00:44:21,089 --> 00:44:28,079 listen to non-public broadcasts or non- public radio traffic for example like a 354 00:44:28,079 --> 00:44:37,170 aero nautical. But you're not allowed to record it and to to publish the 355 00:44:37,170 --> 00:44:40,910 information that you gathered. A: Ah OK, thanks. 356 00:44:40,910 --> 00:44:47,650 Q: So, theoretically sitting at home and listening to, yeah, I mean the tower 357 00:44:47,650 --> 00:44:53,499 talking to the pilots or whatever or even to to police is allowed. You're just not 358 00:44:53,499 --> 00:45:01,980 allowed to basically make a profit from it. That's the legal situation in Germany. 359 00:45:01,980 --> 00:45:06,719 I don't know how it looks in other parts of Europe. 360 00:45:06,719 --> 00:45:10,970 H: Since we are violating the protocol of Q and A anyway by not asking questions. 361 00:45:10,970 --> 00:45:13,240 *Laughter* H: I am a lawyer and various member states 362 00:45:13,240 --> 00:45:16,829 of member state you could question that as attention if the European Convention of 363 00:45:16,829 --> 00:45:21,460 Human Rights or not. But it really varies from member state to member state. 364 00:45:21,460 --> 00:45:23,680 *Laughter* Q: Well, in that case. 365 00:45:23,680 --> 00:45:30,439 *Applause* Herald: Now I really would like to have a 366 00:45:30,439 --> 00:45:33,359 genuine question. Something that starts with a sentence, ends with a question 367 00:45:33,359 --> 00:45:45,660 mark. Do we have any takers? Oh in that case, thank you so much for your 368 00:45:45,660 --> 00:45:46,862 attention. 369 00:45:46,862 --> 00:45:51,747 *35c3 postroll music* 370 00:45:51,747 --> 00:46:08,812 subtitles created by c3subtitles.de in the year 2019. Join, and help us!