Tagged: GPS

Detecting GPS Jammers In Augmented Reality

The NT1065 is an all-in-one 4-channel global navigation satellite system (GNSS) receiver chip. It is highly versatile and can receive and decode multiple navigation satellites such as GPS, GLONASS, Galileo, BeiDou, IRNSS and QZSS. Being able to receive so many satellites, it is capable of centimeter level positioning.

The team at Amungo Navigation have taken this chip and have created a product called the NUT4NT+ which is essentially a development board for the NT1065, and all the software for signal processing with it is provided as open source software. In the near future they are planning to begin fundraising for the product over on the crowd funding site CrowdSupply.

One very interesting application that they have been developing with a device similar to the NUT5NT+ is a GPS Jammer/Spoofer detector system which they call the Amungo XNZR. This is a combined 4-channel GNSS receiver and 4-antenna GNSS antenna system built into a small package that fits onto the back of an Android tablet. When connected to the software it uses augmented reality (AR) to show you exactly where GPS jammers are in the vicinity by using coherent signal processing. If you're not familiar with AR, this is the technique of overlaying digital data/images on top of a live real world camera view.

Detecting a Kremlin GPS Spoofer in Augmented Reality
Detecting a Kremlin GPS Spoofer in Augmented Reality

In the video below they take their XNZR detector to Varvarka Street in Moscow Russia and determine the location of a GPS spoofer in the vicinity. 

More information about their product can be found on their homepage, and on various interesting forum posts by someone from the company that detail some of their experiments. Note that the forum posts are in Russian, but Google Translate can be used to translate the text.

XNZR is searching for Moscow GPS Spoofing Anomaly
XNZR is searching for Moscow GPS Spoofing Anomaly

Developing an Alternative To GPS with a HackRF

The Aerospace Sextant System
The Aerospace Sextant System

The LA Times recently ran a story that discussed how vulnerable GPS is to malicious spoofing. This has been well known for a number of years now with researchers having been successful at diverting a 80-million dollar yacht off it's intended course 5 years ago. We've also seen GPS spoofing performed with low cost TX capable SDRs like the HackRF. For example we've seen researchers use GPS spoofing to cheat at "Pokemon Go" an augmented reality smartphone game and to bypass drone no-fly restrictions.

The article in the LA times also discusses how a group of researchers at Aerospace Corp. are testing GPS alternatives and/or augmentations, that improve resilience against spoofing. The system being developed is called 'Sextant', and it's basic idea is to use other sources of information to help in determining a location.

Other sources of information include signals sources like radio, TV and cell tower signals. It also includes taking data from other localization signals like LORAN (a long range HF based hyperbolic navigation system), and GPS augmentation satellites such as the Japanese QZSS which is a system used to improve GPS operation in areas with dense tall buildings, such as in many of Japans cities. More advanced Sextant algorithms will possibly also incorporate accelerometer/inertial data, and even a visual sensor that uses scenery to determine location.

Most likely a key component of Sextant will be the use of a software defined radio and from the photos in the article the team appear to be testing Sextant with a simple HackRF SDR. While we're unsure of the commercial/military nature of the software, and although probably unlikely, hopefully in the future we'll see some open source software released which will allow anyone to test Sextants localization features with a HackRF or similar SDR.

Aerospace Corp. Testing Sextant with a HackRF
Aerospace Corp. Testing Sextant with a HackRF

Upcoming Book “Inside Radio: An Attack and Defense Guide”

Unicorn team are information security researchers who often also dabble with wireless security research. Recently they have been promoting their upcoming text book titled "Inside Radio: An Attack and Defense Guide".

Judging from the blurb and released contents the book will be an excellent introduction to anyone interested in today's wireless security issues. They cover topics such as RFID, Bluetooh, ZigBee, GSM, LTE and GPS. In regards to SDRs, the book specifically covers SDRs like the RTL-SDR, HackRF, bladeRF and LimeSDR and their role in wireless security research. They also probably reference and show how to use those SDRs in the  chapters about replay attacks, ADS-B security risks, and GSM security.

The book is yet to be released and is currently available for pre-order on Amazon or Springer for US$59.99. The expected release date is May 9, 2018, and copies will also be for sale at the HITB SECCONF 2018 conference during 9 - 13 April in Amsterdam.

The blurb and released contents are pasted below. See their promo page for the full contents list:

This book discusses the security issues in a wide range of wireless devices and systems, such as RFID, Bluetooth, ZigBee, GSM, LTE, and GPS. It collects the findings of recent research by the UnicornTeam at 360 Technology, and reviews the state-of-the-art literature on wireless security. The book also offers detailed case studies and theoretical treatments – specifically it lists numerous laboratory procedures, results, plots, commands and screenshots from real-world experiments. It is a valuable reference guide for practitioners and researchers who want to learn more about the advanced research findings and use the off-the-shelf tools to explore the wireless world.

Authors:
Qing YANG is the founder of UnicornTeam & the head of the Radio Security Research Department at 360 Technology. He has vast experience in information security area. He has presented at Black Hat, DEFCON, CanSecWest, HITB, Ruxcon, POC, XCon, China ISC etc.

Lin HUANG is a senior wireless security researcher and SDR technology expert at 360 Technology. Her interests include security issues in wireless communication, especially cellular network security. She was a speaker at Black Hat, DEFCON, and HITB security conferences. She is 360 Technology’s 3GPP SA3 delegate.

This book is a joint effort by the entire UnicornTeam, including Qiren GU, Jun LI, Haoqi SHAN, Yingtao ZENG, and Wanqiao ZHANG etc.

 

December High Powered Rocket Flight with RTL-SDR used for GPS Measurements

The rocket carrying the RTL-SDR.
The rocket carrying the RTL-SDR.

Back in April and July of last year we posted about Philip Hahn and Paul Breed's experiments to use an RTL-SDR for GPS logging on their high powered small rockets. Basically they hope to be able to use an RTL-SDR combined with a computing platform like a Raspberry Pi or Intel Compute stick and software like gnss-sdr to record GPS data on their rocket. Using an RTL-SDR would get around the COCOM limits that essentially stop GPS from working if it measures faster than 1,900 kmph/1,200 mph and/or higher than 18,000 m/59,000 ft.

In the past they've been able to get usable data from the flights, but have had trouble with reliability and noise. That said they also tried commercial GPS solutions which have also failed to work properly even on flights travelling under the COCOM limits, whereas the RTL-SDR actually got data that could still be post processed.

On their latest flight they still had trouble with the RTL-SDR GPS solution working live during flight, but RF GPS data was still recorded and post-processing the data with SoftGNSS yielded results again as in their previous trials. The post goes over the more details and provides the raw RF data to play with if you want to have a go at extracting the data yourself.

If you are interested in a full summary of Phillip and Paul's experiments, then the GNU Radio blog has a nice summary written by Phillip that explains their full journey of trying to get a working RTL-SDR based GPS system for their rockets.

Rocket Trajectory as measured by the RTL-SDR based GPS receiver.
Rocket Trajectory as measured by the RTL-SDR based GPS receiver.

RTL-SDR Tutorial: GPS Decoding and Plotting

The RTL-SDR can be used to receive, decode and plot Global Positioning System (GPS) data in real time. To do this the RTL-SDR must be connected to a GPS antenna.

Extremely cheap $5 or less active GPS antennas with SMA connectors can be found on eBay, Amazon or Aliexpress. These GPS antennas contain a small ceramic patch antenna, a low noise amplifier and a GPS filter. In order to power the LNA in the antenna, you’ll need to have an RTL-SDR with bias tee. Our RTL-SDR.com V3 dongles have this feature built in, but if you don’t have a V3 you could also use a homebrew 5V external bias tee module or hack it into a standard RTL-SDR if you desired.

Also note that most standard R820T/2 RTL-SDRs fail to receive after a few minutes at frequencies above about 1.3 GHz due to heat issues. Our RTL-SDR.com V3 dongles don’t have this problem in most climates thanks to the metal case cooling and improved thermal design on the PCB. If you experience this problem it can also be alleviated by using the special L-Band RTL-SDR drivers.

A typical $3 GPS antenna
A typical $3 GPS antenna

The main GPS frequency is 1.575420 GHz, but most of this signal is very weak and below the noise floor. If you were try to view the spectrum of GPS in SDR# you will find that you won’t see much other than perhaps a very weak hump. Only through clever signal processing is such a weak signal actually recovered. Below we show screenshots of the GPS spectrum as seen by an RTL-SDR and more wideband Airspy R2 SDR.

GPS RTL-SDR

GPS RTL-SDR

GPS Airspy

GPS Airspy

The following tutorial shows how to receive and decode GPS signals and get a coordinate on a map of your location, using only an RTL-SDR dongle (with bias tee) and GPS antenna. This tutorial is based heavily on Philip Hahn’s blog post at sdrgps.blogspot.com/2015/12/first-proof-of-concept-gps-fix-in.html.

  1. Download GNSS-SDRLIB from github.com/taroz/GNSS-SDRLIB. On GitHub click on the green “Clone or download” button on the right and then click “Download ZIP”. Extract the zip file into a convenient folder on your PC. If you want to use the modified L-band drivers, copy the modified rtlsdr.dll into the the bin folder.
     
  2. Download the latest version of RTK-NAVI from rtklib.com. If you like, you can also try their beta version at github.com/tomojitakasu/RTKLIB_bin/tree/rtklib_2.4.3. Extract the zip into a convenient folder on your PC.
     
  3. Make sure your RTL-SDR is plugged in, and that the bias tee has been activated (V3 software for activating the bias tee, see feature 2).
     
  4. In the GNSS-SDRLIB folder, open gnss-sdrgui.exe. This will be stored in the bin subfolder.
     
  5. Now set the following parameters:
    1. Change the Input Type to RTL-SDR
    2. Place a check next to RTCM MSM , and set the Port to 9999.
    3. Ensure that “Output Interval” is set to 10Hz.
    4. Ensure that “Plot Acquisition” and “Plot Tracking” are both checked.
    5. Under “MISC” optionally enter your approximate latitude and longitude to help with getting an initial lock..
    6. Under the GPS, GLONASS and Galileo headings ensure that the “ALL”
Apply appropriate settings in GNSS-SDRLIB GUI
Apply appropriate settings in GNSS-SDRLIB GUI
  1. Press Start. A bunch of command windows will begin opening and closing for a few seconds. After that, a bunch of gnuplot graph windows will open up. These can be ignored.
     
  2. Next go to the extracted RTK-NAVI folder, and enter the bin directory. Open the rtlnavi.exe file.
     
  3. Click on the “I” button in the upper right region.
     
  4. Place a check mark next to (1) Rover, and change the “Type” to TCP Client, and the “Format” to RTCM3. Click on the button with three dots under the leftmost “Opt” and set the “TCP Server Address” to localhost, and the “Port” to 9999. Press the OK button to exit the two windows.
Set the input stream
Set the input stream
  1. Now press Start in RTK-NAVI.
     
  2. You should now see several bars in the top graph. These bars show GPS signal strengths for satellites. After a short time you should see a solution in the left panel which will be your current coordinates. If no solution ever comes, try respositioning your GPS antenna for a better view of the sky, and double checking that the bias tee is activated. Sometimes simply restarting GNSS-SDRLIB can fix no solution being found.
Check reception and wait for GPS lock solution.
Check reception and wait for GPS lock solution.
  1. In RTK-NAVI click on the “Plot” button. This will open a positional plot of the recorded coordinates. To view your position on a Google map, click View → Google Map View. If everything is working correctly you should now be seeing an accurate marker of your current location.
View your GPS position on a map.
View your GPS position on a map.

Detecting GPS Jammers In Augmented Reality

The NT1065 is an all-in-one 4-channel global navigation satellite system (GNSS) receiver chip. It is highly versatile and can receive and decode multiple navigation satellites such as GPS, GLONASS, Galileo, BeiDou, IRNSS and QZSS. Being able to receive so many satellites, it is capable of centimeter level positioning.

The team at Amungo Navigation have taken this chip and have created a product called the NUT4NT+ which is essentially a development board for the NT1065, and all the software for signal processing with it is provided as open source software. In the near future they are planning to begin fundraising for the product over on the crowd funding site CrowdSupply.

One very interesting application that they have been developing with a device similar to the NUT5NT+ is a GPS Jammer/Spoofer detector system which they call the Amungo XNZR. This is a combined 4-channel GNSS receiver and 4-antenna GNSS antenna system built into a small package that fits onto the back of an Android tablet. When connected to the software it uses augmented reality (AR) to show you exactly where GPS jammers are in the vicinity by using coherent signal processing. If you're not familiar with AR, this is the technique of overlaying digital data/images on top of a live real world camera view.

Detecting a Kremlin GPS Spoofer in Augmented Reality
Detecting a Kremlin GPS Spoofer in Augmented Reality

In the video below they take their XNZR detector to Varvarka Street in Moscow Russia and determine the location of a GPS spoofer in the vicinity. 

More information about their product can be found on their homepage, and on various interesting forum posts by someone from the company that detail some of their experiments. Note that the forum posts are in Russian, but Google Translate can be used to translate the text.

XNZR is searching for Moscow GPS Spoofing Anomaly
XNZR is searching for Moscow GPS Spoofing Anomaly

Developing an Alternative To GPS with a HackRF

The Aerospace Sextant System
The Aerospace Sextant System

The LA Times recently ran a story that discussed how vulnerable GPS is to malicious spoofing. This has been well known for a number of years now with researchers having been successful at diverting a 80-million dollar yacht off it's intended course 5 years ago. We've also seen GPS spoofing performed with low cost TX capable SDRs like the HackRF. For example we've seen researchers use GPS spoofing to cheat at "Pokemon Go" an augmented reality smartphone game and to bypass drone no-fly restrictions.

The article in the LA times also discusses how a group of researchers at Aerospace Corp. are testing GPS alternatives and/or augmentations, that improve resilience against spoofing. The system being developed is called 'Sextant', and it's basic idea is to use other sources of information to help in determining a location.

Other sources of information include signals sources like radio, TV and cell tower signals. It also includes taking data from other localization signals like LORAN (a long range HF based hyperbolic navigation system), and GPS augmentation satellites such as the Japanese QZSS which is a system used to improve GPS operation in areas with dense tall buildings, such as in many of Japans cities. More advanced Sextant algorithms will possibly also incorporate accelerometer/inertial data, and even a visual sensor that uses scenery to determine location.

Most likely a key component of Sextant will be the use of a software defined radio and from the photos in the article the team appear to be testing Sextant with a simple HackRF SDR. While we're unsure of the commercial/military nature of the software, and although probably unlikely, hopefully in the future we'll see some open source software released which will allow anyone to test Sextants localization features with a HackRF or similar SDR.

Aerospace Corp. Testing Sextant with a HackRF
Aerospace Corp. Testing Sextant with a HackRF

Upcoming Book “Inside Radio: An Attack and Defense Guide”

Unicorn team are information security researchers who often also dabble with wireless security research. Recently they have been promoting their upcoming text book titled "Inside Radio: An Attack and Defense Guide".

Judging from the blurb and released contents the book will be an excellent introduction to anyone interested in today's wireless security issues. They cover topics such as RFID, Bluetooh, ZigBee, GSM, LTE and GPS. In regards to SDRs, the book specifically covers SDRs like the RTL-SDR, HackRF, bladeRF and LimeSDR and their role in wireless security research. They also probably reference and show how to use those SDRs in the  chapters about replay attacks, ADS-B security risks, and GSM security.

The book is yet to be released and is currently available for pre-order on Amazon or Springer for US$59.99. The expected release date is May 9, 2018, and copies will also be for sale at the HITB SECCONF 2018 conference during 9 - 13 April in Amsterdam.

The blurb and released contents are pasted below. See their promo page for the full contents list:

This book discusses the security issues in a wide range of wireless devices and systems, such as RFID, Bluetooth, ZigBee, GSM, LTE, and GPS. It collects the findings of recent research by the UnicornTeam at 360 Technology, and reviews the state-of-the-art literature on wireless security. The book also offers detailed case studies and theoretical treatments – specifically it lists numerous laboratory procedures, results, plots, commands and screenshots from real-world experiments. It is a valuable reference guide for practitioners and researchers who want to learn more about the advanced research findings and use the off-the-shelf tools to explore the wireless world.

Authors:
Qing YANG is the founder of UnicornTeam & the head of the Radio Security Research Department at 360 Technology. He has vast experience in information security area. He has presented at Black Hat, DEFCON, CanSecWest, HITB, Ruxcon, POC, XCon, China ISC etc.

Lin HUANG is a senior wireless security researcher and SDR technology expert at 360 Technology. Her interests include security issues in wireless communication, especially cellular network security. She was a speaker at Black Hat, DEFCON, and HITB security conferences. She is 360 Technology’s 3GPP SA3 delegate.

This book is a joint effort by the entire UnicornTeam, including Qiren GU, Jun LI, Haoqi SHAN, Yingtao ZENG, and Wanqiao ZHANG etc.

 

December High Powered Rocket Flight with RTL-SDR used for GPS Measurements

The rocket carrying the RTL-SDR.
The rocket carrying the RTL-SDR.

Back in April and July of last year we posted about Philip Hahn and Paul Breed's experiments to use an RTL-SDR for GPS logging on their high powered small rockets. Basically they hope to be able to use an RTL-SDR combined with a computing platform like a Raspberry Pi or Intel Compute stick and software like gnss-sdr to record GPS data on their rocket. Using an RTL-SDR would get around the COCOM limits that essentially stop GPS from working if it measures faster than 1,900 kmph/1,200 mph and/or higher than 18,000 m/59,000 ft.

In the past they've been able to get usable data from the flights, but have had trouble with reliability and noise. That said they also tried commercial GPS solutions which have also failed to work properly even on flights travelling under the COCOM limits, whereas the RTL-SDR actually got data that could still be post processed.

On their latest flight they still had trouble with the RTL-SDR GPS solution working live during flight, but RF GPS data was still recorded and post-processing the data with SoftGNSS yielded results again as in their previous trials. The post goes over the more details and provides the raw RF data to play with if you want to have a go at extracting the data yourself.

If you are interested in a full summary of Phillip and Paul's experiments, then the GNU Radio blog has a nice summary written by Phillip that explains their full journey of trying to get a working RTL-SDR based GPS system for their rockets.

Rocket Trajectory as measured by the RTL-SDR based GPS receiver.
Rocket Trajectory as measured by the RTL-SDR based GPS receiver.

RTL-SDR Tutorial: GPS Decoding and Plotting

The RTL-SDR can be used to receive, decode and plot Global Positioning System (GPS) data in real time. To do this the RTL-SDR must be connected to a GPS antenna.

Extremely cheap $5 or less active GPS antennas with SMA connectors can be found on eBay, Amazon or Aliexpress. These GPS antennas contain a small ceramic patch antenna, a low noise amplifier and a GPS filter. In order to power the LNA in the antenna, you’ll need to have an RTL-SDR with bias tee. Our RTL-SDR.com V3 dongles have this feature built in, but if you don’t have a V3 you could also use a homebrew 5V external bias tee module or hack it into a standard RTL-SDR if you desired.

Also note that most standard R820T/2 RTL-SDRs fail to receive after a few minutes at frequencies above about 1.3 GHz due to heat issues. Our RTL-SDR.com V3 dongles don’t have this problem in most climates thanks to the metal case cooling and improved thermal design on the PCB. If you experience this problem it can also be alleviated by using the special L-Band RTL-SDR drivers.

A typical $3 GPS antenna
A typical $3 GPS antenna

The main GPS frequency is 1.575420 GHz, but most of this signal is very weak and below the noise floor. If you were try to view the spectrum of GPS in SDR# you will find that you won’t see much other than perhaps a very weak hump. Only through clever signal processing is such a weak signal actually recovered. Below we show screenshots of the GPS spectrum as seen by an RTL-SDR and more wideband Airspy R2 SDR.

GPS RTL-SDR

GPS RTL-SDR

GPS Airspy

GPS Airspy

The following tutorial shows how to receive and decode GPS signals and get a coordinate on a map of your location, using only an RTL-SDR dongle (with bias tee) and GPS antenna. This tutorial is based heavily on Philip Hahn’s blog post at sdrgps.blogspot.com/2015/12/first-proof-of-concept-gps-fix-in.html.

  1. Download GNSS-SDRLIB from github.com/taroz/GNSS-SDRLIB. On GitHub click on the green “Clone or download” button on the right and then click “Download ZIP”. Extract the zip file into a convenient folder on your PC. If you want to use the modified L-band drivers, copy the modified rtlsdr.dll into the the bin folder.
     
  2. Download the latest version of RTK-NAVI from rtklib.com. If you like, you can also try their beta version at github.com/tomojitakasu/RTKLIB_bin/tree/rtklib_2.4.3. Extract the zip into a convenient folder on your PC.
     
  3. Make sure your RTL-SDR is plugged in, and that the bias tee has been activated (V3 software for activating the bias tee, see feature 2).
     
  4. In the GNSS-SDRLIB folder, open gnss-sdrgui.exe. This will be stored in the bin subfolder.
     
  5. Now set the following parameters:
    1. Change the Input Type to RTL-SDR
    2. Place a check next to RTCM MSM , and set the Port to 9999.
    3. Ensure that “Output Interval” is set to 10Hz.
    4. Ensure that “Plot Acquisition” and “Plot Tracking” are both checked.
    5. Under “MISC” optionally enter your approximate latitude and longitude to help with getting an initial lock..
    6. Under the GPS, GLONASS and Galileo headings ensure that the “ALL”
Apply appropriate settings in GNSS-SDRLIB GUI
Apply appropriate settings in GNSS-SDRLIB GUI
  1. Press Start. A bunch of command windows will begin opening and closing for a few seconds. After that, a bunch of gnuplot graph windows will open up. These can be ignored.
     
  2. Next go to the extracted RTK-NAVI folder, and enter the bin directory. Open the rtlnavi.exe file.
     
  3. Click on the “I” button in the upper right region.
     
  4. Place a check mark next to (1) Rover, and change the “Type” to TCP Client, and the “Format” to RTCM3. Click on the button with three dots under the leftmost “Opt” and set the “TCP Server Address” to localhost, and the “Port” to 9999. Press the OK button to exit the two windows.
Set the input stream
Set the input stream
  1. Now press Start in RTK-NAVI.
     
  2. You should now see several bars in the top graph. These bars show GPS signal strengths for satellites. After a short time you should see a solution in the left panel which will be your current coordinates. If no solution ever comes, try respositioning your GPS antenna for a better view of the sky, and double checking that the bias tee is activated. Sometimes simply restarting GNSS-SDRLIB can fix no solution being found.
Check reception and wait for GPS lock solution.
Check reception and wait for GPS lock solution.
  1. In RTK-NAVI click on the “Plot” button. This will open a positional plot of the recorded coordinates. To view your position on a Google map, click View → Google Map View. If everything is working correctly you should now be seeing an accurate marker of your current location.
View your GPS position on a map.
View your GPS position on a map.

Simulating GPS with LimeSDR and Receiving it with an RTL-SDR

In previous posts we showed how Phillip Hahn had been trying to use his RTL-SDR as a GPS receiver on a high powered rocket in order to overcome the COCOM limits which prevent commercial GPS devices from operating when moving faster than 1,900 kmph/1,200 mph and/or higher than 18,000 m/59,000 ft.

In order to test future flights with the RTL-SDR GPS receiver, Phillip has been simulating GPS rocket trajectory signals and using his LimeSDR. The RTL-SDR then receives the simulated GPS signals which are then fed into SoftGNSS for decoding. The simulation simulates the Japanese SS-520-4 rocket which is a 32′ long, 2′ diameter small high powered rocket capable of putting loads like cubesats into orbit affordably. Using the simulated data Phillip is able to calculate the trajectory and see all the motor burns in the velocity profile.

While Phillip intends to use the RTL-SDR on a similar rocket in the future, he notes that the simulation does not take into account problems such as thermal noise, or RF interference, rocket jerk, satellite occlusion and vibration problems.

LimeSDR Simulated GPS Rocket Trajectory Received with RTL-SDR.
LimeSDR Simulated GPS Rocket Trajectory Received with RTL-SDR.

Updates on using an RTL-SDR for GPS on a High Powered Rocket

Back in April we posted about Philip Hahn and Paul Breed’s experiments to use an RTL-SDR for GPS logging on their high powered small rockets. As GPS is owned by the US military, a standard GPS module cannot be used on a rocket like this, as they are designed to fail if the GPS device breaches the COCOM limit, which is when it calculates that it is moving faster than 1,900 kmph/1,200 mph and/or higher than 18,000 m/59,000 ft. The idea is that this makes it harder for GPS to be used in non-USA or home made intercontinental missiles. As SDR GPS decoders are usually programmed in open source software, there is no need for the programmers to add in these artificial limits.

In their last tests they managed to gather lots of GPS data with an RTL-SDR, but were only able to decode a small amount of it with the GNSS-SDR software. In this post Philip discovers a flaw in the way the GNSS-SDR performs acquisition and retracking that GNSS-SDR decodes in such a way that makes it difficult to obtain a location solution with noisy high-acceleration data. By using a different GPS implementation coded in MATLAB, he was able to get decoded GPS data from almost the entire ascent up until the parachutes deploy. Once the parachutes deploy the GPS has a tough time keeping a lock as it sways around. His post clearly explains the differences in the way the code is implemented in GNSS-SDR and in the MATLAB solution and shows why the GNSS-SDR implementation may not be suitable for high powered rockets.

In addition, they write that while the flight was just under the artificial COCOM GPS fail limits for speed and height, the commercial GPS solution they also had on board failed to collect data for most of the flight too. With the raw GPS data from the RTL-SDR + some smart processing of it, they were able to decode GPS data where the commercial solution failed.

GPS data acquired from the RTL-SDR on the rocket.
GPS data acquired from the RTL-SDR on the rocket (blue line shows solution from MATLAB code, yellow shows GNSS-SDR solution, and red shows commercial GPS receiver solution).

Using an RTL-SDR on a high powered rocket to capture GPS data

Over on the SDRGPS blog Philip Hahn and fellow aerospace engineer Paul Breed have been working together to try and use an RTL-SDR to help get accurate GPS data for tracking small high powered rockets. They write that their end goal is to be able to “track high power rockets in high acceleration / speed / altitude environments”.

In their latest attempt they launched a rocket with an RTL-SDR on board with it capturing GPS data to be later processed with GNSS-SDR. The goal was to get a GPS fix throughout the flight. Unfortunately they found that a good fix was only obtained while the rocket was on the ground, and not much data was obtained while it was in the air. They write that they suspect that the fault lies in the vibration in the rocket which can affect the frequency stability of the crystal oscillator, or in the GPS satellite tracking loop algorithm.

They still hope to be able to get some usable information from the flight by trying other algorithms on the data, but they are also seeking advice from anyone who might know how to help them, so please contact them if you know anything that may help.

If you are interested in this, then see our previous post about how Philip showed us how to use an RTL-SDR to receive and plot GPS data.

RTL-SDR + GPS antenna plus an Intel NUC computing platform.
RTL-SDR in aluminum case + GPS antenna + an Intel compute stick and IMU.
The rocket carrying the RTL-SDR.
The rocket carrying the RTL-SDR.