Tagged: GPS

Using an RTL-SDR on a high powered rocket to capture GPS data

Over on the SDRGPS blog Philip Hahn and fellow aerospace engineer Paul Breed have been working together to try and use an RTL-SDR to help get accurate GPS data for tracking small high powered rockets. They write that their end goal is to be able to “track high power rockets in high acceleration / speed / altitude environments”.

In their latest attempt they launched a rocket with an RTL-SDR on board with it capturing GPS data to be later processed with GNSS-SDR. The goal was to get a GPS fix throughout the flight. Unfortunately they found that a good fix was only obtained while the rocket was on the ground, and not much data was obtained while it was in the air. They write that they suspect that the fault lies in the vibration in the rocket which can affect the frequency stability of the crystal oscillator, or in the GPS satellite tracking loop algorithm.

They still hope to be able to get some usable information from the flight by trying other algorithms on the data, but they are also seeking advice from anyone who might know how to help them, so please contact them if you know anything that may help.

If you are interested in this, then see our previous post about how Philip showed us how to use an RTL-SDR to receive and plot GPS data.

RTL-SDR + GPS antenna plus an Intel NUC computing platform.
RTL-SDR in aluminum case + GPS antenna + an Intel compute stick and IMU.
The rocket carrying the RTL-SDR.
The rocket carrying the RTL-SDR.

Finding GPS Signals from within the Noise Floor with an RTL-SDR

If you were to try to simply spot a GPS signal at 1.575 GHz in the spectrum on a waterfall in a program like SDR# you would probably fail to see anything. This is because GPS signals are very weak, and operate below the thermal noise floor. Only through clever processing algorithms can the actual signal be recovered.

Previously GPS and SDR enthusiast “e.p.” showed us on his blog how to use an RTL-SDR and the GNSS-SDRLIB and RTKLIB software to receive GPS and get a position lock.

Now more recently e.p. has uploaded a post that explains a bit about how GPS signals are actually detected from below the noise floor. In his post he uses GPS data collected by his RTL-SDR dongle, and a fairly simple GNU Radio program consisting of a Fast AutoCorrelation Sink block.

With real data passed through the fast autocorrelation block he is able to observe GPS signal peaks that occur every millisecond. E.p. explains the reason for this:

Why every millisecond? The coarse/acquisition code for GPS (C/A) has a period of 1023 chips which are transmitted at a rate of 1.023 MBit/s. This results in period of 1 millisecond. BAM!

In a later post e.p. has also uploaded some sample GPS data collected with his RTL-SDR so anyone can play around with GPS decoding.

Autocorrelation of a GPS signal resulting in peaks every millisecond.
Autocorrelation of a GPS signal resulting in peaks every millisecond.

Receiving and acquiring GPS positions with an RTL-SDR dongle and GPS antenna

GPS experimenter and blog author e.p. has recently been posting about his experiments in which he uses an RTL-SDR dongle to receive GPS satellite signals and acquire a position lock. 

To receive GPS e.p. uses one of our RTL-SDR blog units (back in stock soon!) with the bias tee enabled which is used to power a cheap 5V active GPS antenna. For software he uses GNSS-SDRLIB and RTKLIB which runs on Windows. Using the RTL-SDR, GPS antenna and the decoding software he was able to get his current position to within about 5 meters of accuracy.

In his blog post e.p. shows a step by step guide on how to install and use the Windows software. In later posts he also shows how to install and use another program called GNSS-SDR which runs in Linux and can also be used to acquire GPS fixes with an RTL-SDR dongle.

The GNSS-SDRLIB GUI setup screen.
The GNSS-SDRLIB GUI setup screen.

To illustrate the software in action e.p. has also uploaded a video to YouTube which is shown below.

Spoofing GPS Locations with low cost TX SDRs

At this years Defcon 2015 conference researcher Lin Huang from Qihoo 360 presented her work on spoofing GPS signals. Qihoo 360 is a Chinese security company producing antivirus software. Lin works at Qihoo as a security researcher where her main job is to prevent their antivirus software and users from becoming vulnerable to wireless attacks. Her research brought her to the realm of GPS spoofing, where she discovered how easy it was to use relatively low cost SDRs like a USRP B210/BladeRF/HackRF to emulate GPS signals which could allow a wireless attacker to manipulate the GPS on smartphones and cars.

Previous attempts at GPS spoofing have all used more expensive custom hardware. One attempt in 2013 allowed university researchers to send a 213-foot yacht off course, and it is suspected that hackers from the Iranian government have used GPS spoofing to divert and land an American stealth drone back in 2011.

In Lin’s presentation she shows how she was able to trick a smartphone into thinking it was in a different location. In addition she writes how this method could be used to trick the phone into changing it’s time, as many smartphones will periodically refresh the clock accuracy by using GPS satellites. She also shows how she was able to bypass a DJI drones forbidden area no fly zone policy. DJI drones come with a feature where the engines will not power up if the on board GPS detects that it is in a no drone fly zone. By spoofing the GPS she was able to get the drone to power up inside a no fly zone in Beijng.

Lin Huangs presentation can be downloaded from the defcon media server (pdf). An article on Lin and her research into GPS spoofing has also been run on Forbes.com.

Spoofed GPS logs on a smartphone
Spoofed GPS logs on a smartphone

A Crude Skew Planar Wheel Antenna for Receiving GPS L1 with an RTL-SDR

Over on his blog /dev/thrash RTL-SDR experimenter Elia has been attempting to build an antenna to receive Global Positioning System (GPS) signals with his RTL-SDR. After doing some research he decided to build a Skew Planer Wheel antenna which he tuned for the GPS L1 frequency at 1575.42 MHz. A Skew Planar Wheel antenna is circularly polarized omnidirectional antenna which can be built out of wire. It is well suited to receiving signals from low earth orbiting (LEO) satellites such as the GPS satellites.

Elia later tested his antenna with a commercial GPS receiver circuit and was able to obtain a GPS fix.

Skew Planar Wheel Antenna on the RTL-SDR for receiving GPS.
Skew Planar Wheel Antenna on the RTL-SDR for receiving GPS.

Video Showing Decoding of DGPS Beacons with SDR# and MultiPSK

Following on from our last post where dewdude showed how to decode DGPS signalsFrank K2NCC has uploaded a video on YouTube showing DGPS decoding in action. In his video Frank uses an Airspy plus ham-it-up upconverter, a Sirio discone antenna and for software he uses SDR# with audio piped into MultiPSK for decoding.

In the video you can clearly see the decoded DGPS messages showing the pseudorange corrections and station numbers. To decode DGPS with MultiPSK you will need to use the paid version which costs approximately $50 USD, however in the free version the DGPS will run for 5 minutes each time MultiPSK is opened before expiring.

Below is an example of a decoded message.

24/03/2015 02:06:09
Message type        : 9 (GPS partial correction set)
Station number      : 172 (Appleton WA USA 300.0 Khz TXID 871 100bps)
Z-count             : 4215 ( 42 mn 9.0 s )
Sequence count      : 2le factor=0.3)

Sat. ID|SF|UDRE|Pseudorange corr.  |Range rate corr.|IOD|CRC
25     |0 |1-4m|      -7.68 m      |   0.000 m/s    |62 |OK
31     |0 |1-4m|       1.54 m      |   0.000 m/s    |27 |OK
32     |0 |1-4m|       0.70 m      |   0.000 m/s    |99 |Error

Decoding Differential GPS Beacons with an RTL-SDR, Speclab and SDR#

Over on his blog “RTL-SDR DX” dewdude has been exploring the reception and decoding of Differential GPS (DGPS) signals. DGPS signals are transmitted by government authorities in the long wave band at around 300 kHz. These beacons are used to dramatically improve the accuracy of GPS (Global Positioning System) devices from their default accuracy of about 15 m down to about 10 cm. Unlike GPS signals which originate from satellites, the DGPS signal is terrestrial based and is broadcast from multiple known fixed positions. The signal itself contains information about the difference between the DGPS stations received GPS position and it’s known exact position. These differences can be used to correct other GPS receivers that receive DGPS signal.

By using his RTL-SDR (with upconverter or HF modification) dewdude was able to receive the DGPS beacon in SDR#. Then by piping the output audio into SpectrumLab’s DGPS decoder he was able to decode the data contained within the DGPS signal. His post contains a tutorial showing how to set up SpectrumLab to decode DGPS. If you’re interested in hearing what a DGPS signal sounds like, dewdude has uploaded a sound sample at the bottom of another post of his.

Decoding Differential GPS (DGPS) signals in SpectrumLab
Decoding Differential GPS (DGPS) signals in SpectrumLab

Signal Mapping using RTLSDR Scanner and GPS on an iOS Device

Recently we posted how RTLSDR Scanner has been updated to allow interfacing with a GPS device. This allows you to make signal strength maps by driving around and recording both signal strength and GPS location together.

As most people don’t have a dedicated GPS device, Reddit user soooooil has put together a short guide on how he was able to use his iPhone as the GPS device and interface it with RTLSDR Scanner.

RTLSDR Scanner with iOS GPS device.
RTLSDR Scanner with iOS GPS device.