Sivan and his collaborators developed inexpensive 434 MHz band tracking tags for bats that emit radio pings every few seconds. These pings do not contain any location data, however the location is accurately tracked by several USRP SDRs with high accuracy GPSDO oscillators set up around the target tracking area. A radio direction finding technique known as "time difference of arrival" or TDoA is used to pinpoint the location of each tag. Sivan writes:
A wildlife tracking system called ATLAS, developed by Sivan Toledo from Tel-Aviv University in collaboration with Ran Nathan from the Hebrew university, enabled a science breakthrough reported in an article in Science that was published yesterday.
The system uses miniature tracking tags that transmit radio pings in the 434 MHz bands and SDR receivers (Ettus USRP N200 or B200). Software processes the samples from receivers to detect the pings and to estimate their time of arrival. The overall system is a "reverse-GPS" system, in the sense that the principles and math are similar to GPS, but the role of transmitters and receivers is reversed. A youtube video explains how the system works. SDR-RTL dongles can certainly detect the pings, but their oscillators are not stable enough to accurately localize the tags.
The system has been used to track 172 wild bats (in batches, some consisting of 60 simultaneously-tagged bats). The results showed that bats can make novel shortcuts, which indicates that they navigate using a cognitive map, like humans. The system, and other ATLAS systems in the Netherlands, England, Germany, and Israel are also tracking many different animals, mostly small birds and bats.
The video below shows the bats being tracked on a map accelerated to 100x.
434 MHz Tracking Devices that Attach to Wild Bats
The Science article itself is mostly about the discoveries on bat behaviour that were made by the system. However the YouTube video embedded below explains a bit more about how the technical radio side works.
A Technical Overview of the ATLAS Wildlife Tracking System
Jan Hrach of the Faculty of Mathematics and Physics at Univerzita Karlova in the Czech Republic recently defended his Masters thesis titled "Passive emitter tracking". The main theme of the thesis was the use of RTL-SDRs for tracking transmitters via the Time Difference of Arrival (TDoA) technique. TDoA works by having multiple receivers spread out over a region. As long as the receivers are synchronized in time, we can calculate the difference in time that a signal took to arrive at each receiver, which allows us to pinpoint the location of a transmitter. The challenge is in the timing synchronization, and receiver placement. The thesis abstract reads:
We have implemented a TDOA multilateration of transmitters on an unmodified rtl-sdr receiver using transmitters with known location as a timing reference. We present a brief theoretical background and describe the measurement process which includes several approaches that correct the timing and frequency errors between the receivers. Additionally, we have implemented an angle of arrival direction finder using coherent rtl-sdr.
The thesis and associated code is available on the universities website at this link and it is written in English. Jan also does have a presentation available on YouTube, however it is presented in Czech and automated subtitles do not appear to be available. The video and results section of the thesis shows some good results that indicate that transmitters were able to be pinpointed with very good accuracy, however, localization only worked well on signals with good cross-correlation properties, like DVB-T. Only about half the tested broadcast FM stations could be located due to interference, FM being low bandwidth and FM being transmitted at lower frequencies which suffer from reflections and multipath all of which result in poorer correlation.
TDoA results achieved with RTL-SDRs distributed around Prague.
Thank you to John ZL/KF6VO (creator of the KiwiSDR) for submitting some interesting KiwiSDR related conference talks that might be of interest to some readers. If you were unaware the KiwiSDR is a US$299 HF SDR that can monitor the entire 0 - 30 MHz band at once. It is designed to be web-based and shared, meaning that the KiwiSDR owner, or anyone that they've given access to can tune and listen to it via a web browser over the internet. Many public KiwiSDRs can be found and browsed from the list at sdr.hu or by signal strength and location on this website. One of the most interesting KiwiSDR features is it's TDoA capabilities, which allow users to geographically locate HF transmitters.
Introduction to the KiwiSDR and Bodnar GPSDO
Rob Robinett, AI6VN, gave a talk at the HamSCI Workshop 2019 (USA) “Introduction to the KiwiSDR and Bodnar GPSDO”. In addition to Kiwi basics he shows a live demo of the performance advantages in using an external GPSDO as the Kiwi ADC clock. A line-of-sight measurement of frequency/time station WWV in Colorado using the Kiwi’s internal GPS-compensated crystal oscillator (XO) is compared against using an external Bodnar GPSDO. The Kiwi’s IQ display extension shows the frequency/phase difference between the ADC clock, internal or external, and WWV. Rob also discusses the publicly available (kphsdr.com:8074) eight Kiwi installation he made at coastal radio station KPH north of San Francisco.
Introduction to the KiwiSDR
KiwiSDR as a new GNURadio source and TDoA geo-location
Christoph Mayer, DL1CH, is the author of the Kiwi’s TDoA algorithm. His talk “KiwiSDR as a new GNURadio source and TDoA geo-location” was given at the Software Defined Radio Academy (SDRA) as part of HAM Radio 2019 in Friedrichshafen, Germany. He includes a very technical description of the TDoA process used by the Kiwi including a live demo of direction finding a 16 MHz over-the-horizon-radar (OTHR) signal from Cypress.
Christoph Mayer, DL1CH: KiwiSDR as a new GNURadio Source
Earlier this month we posted about the KiwiSDR direction finding update, which now allows anyone with internet access to utilize public KiwiSDR's for the purpose of pinpointing the physical location of a transmitter that transmits at a frequency below 30 MHz.
A few people have had trouble understanding how to use the direction finding feature, so KiwiSDR fan Nils Schiffhauer (DK8OK) has written up a KiwiSDR direction finding usage guide. Nils' guide explains the basic technical ideas behind the TDoA (Time Difference of Arrival) direction finding technique used, and highlights some important considerations to take into account in order to get the best results. For example he discusses best practices on how to choose receiver locations, how many receivers to choose, and how to properly take into account the time delaying effects of ionospheric propagation with HF signals.
Finally at the end of the document he shows multiple case studies on HF signals that he's managed to locate using the discussed best practices. Looking through these examples should help make it clear on how receiver locations should be chosen.
A few weeks ago we posted about some experimental work going on with Time Difference of Arrival (TDoA) direction finding techniques on KiwiSDR units. The idea is that public KiwiSDRs distributed around the world can be used to pinpoint the physical locations of any 0 - 30 MHz transmitter using the TDoA technique. This feature has recently been activated and can be accessed for free via any KiwiSDR.
The KiwiSDR is a US$299 HF SDR that can monitor the entire 0 - 30 MHz band at once. It is designed to be web-based and shared, meaning that the KiwiSDR owner, or anyone that they've given access, can tune and listen to it via a web browser over the internet. Many public KiwiSDRs can be found and browsed from the list at sdr.hu or by signal strength and location on this website.
One thing that KiwiSDRs have is a GPS input which allows the KiwiSDR to run from an accurate clock, as well as providing positional data. Time Difference of Arrival (TDoA) is a direction finding technique that relies on measuring the difference in time that a signal is received at over multiple receivers spread out over some distance. In order to do this an accurate clock that is synchronized with each receiver is required. GPS provides this and is able to accurately sync KiwiSDR clocks worldwide.
Just recently all KiwiSDRs were pushed with a beta update (changelog) that enables easy TDoA direction finding to be performed with them. Since many KiwiSDRs are public, this means that right now anyone can browse to a KiwiSDR web interface and start a direction finding computation. You don't even need to own a KiwiSDR to do this so this is the first freely accessible RF direction finding system available to the public. This could be useful for locating signals like numbers stations, military transmissions, pirate stations, jammers and unknown sources of noise.
KiwiSDR TDoA Interface. Locating a STANAG Signal Source.
Usage
Running a TDoA job is as simple as using the KiwiSDR OpenWebRX GUI interface to select a signal and choose two or more receivers to use in the calculation.
If you want to try this out then it's easiest to start with VLF/LF or MW stations (less than 1.6 MHz) as these signals tend to propagate to receivers only via direct ground wave. HF sky wave signals are a bit more difficult to locate as they tend to travel longer distances by skipping, bouncing and refracting around the ionosphere, so it is difficult to determine exactly where they are coming from since the bounces result in a difficult to predict time delay. But if you know the rough location of the transmitter, you can try and select nearby KiwiSDR receivers, which will hopefully ensure that the signals are received directly via ground wave, and not via sky wave. More advanced users could try using receivers spaced further away, but at similar distances from the expected transmitter location. This will hopefully ensure that all the receivers have identical skip distances, and thus identical delays.
Sky wave and ground wave propagation. Ground wave is received directly vs sky wave which is received via ionospheric bounces
To get started follow these steps (and we also recommend reading the Help text, which is available by clicking the 'Help' button on the TDoA extension):
Open a KiwiSDR that can receive some signals that you are interested in locating. You can browse KiwiSDRs by map and signal strength quality on this website.
With the 'extension' drop down menu in the bottom right controls window choose TDoA and double check that the receiver modulation mode is set to 'IQ'.
You should now see a map on the top half of the screen. This map displays all KiwiSDRs in the world that have GPS enabled and thus can be used for TDoA.
The map also displays several known transmitters in white with green markers that can be used as TDoA practice. Clicking on a known transmitter will automatically tune the KiwiSDR to that station.
Tune to the signal that you are interesting in locating. Make sure that the receiver bandwidth covers the signal.
Now you need to find two or more KiwiSDRs on the map that can receive the signal that you're interested in locating. (Two will give you a line of possible locations, whilst three may allow you to pinpoint the signal. But we recommend starting with only two or three first as more receivers can cause the calculation to fail).
To test and see if a KiwiSDRs from the map can receive the signal, double click on its marker. This will open the selected KiwiSDR in a new browser window, with it tuned to the station of interest. If you have a rough idea on where the transmitter is located, try to select KiwiSDRs such that they surround the transmitter.
Once you've found a KiwiSDR that receives your signal of interest, close the second KiwiSDR receiver window that you just opened, and go back to the original KiwiSDR window. Now instead of double clicking just click once on the KiwiSDR pin on the map that you confirmed reception with. This will add that KiwiSDR to the window in the bottom left. This window displays the KiwiSDRs that will be used in the TDoA calculation.
Make sure that it shows "XX GPS fixes/min" beside a selected KiwiSDR. If you get an error, remove that KiwiSDR and choose another.
When you've found two or more KiwiSDRs that receive the signal of interest, position the map to where you'd like the TDoA result heat map to be displayed. The positioning of the KiwiSDR map will determine where the TDoA heat map plot is displayed.
Click the 'submit' button to begin the TDoA calculations. The KiwiSDR server will gather 30 seconds of samples from each of your selected KiwiSDRs, and then run the TDoA algorithm on the KiwiSDR server. The whole process should take about 1-3 minutes to complete.
Once completed you can view the results by using the drop down menu next to the submit button to choose the 'TDoA Map'
KiwiSDR TDoA Heat Map Results. Located a Military STANAG Signal Source in France.
The KiwiSDR TDoA feature is still in testing and can be a little buggy. If you get "Octave Error", try refreshing the KiwiSDR page and trying again with different receivers. Sometimes you'll also get an error saying that the GPS of a KiwiSDR hasn't updated in a while. In this case just remove that receiver and choose another one. We also find that if you're zoomed too far out on the map, the TDoA algorithm will sometimes return 'Octave error'. Try zooming in a bit closer to the approximately expected location. KiwiSDRs can also only support four simultaneous users at a time, so during peak periods it's possible that some may become busy.
Over on the KiwiSDR forums Martin G8JNJ has also provided a list of helpful tips that he's discovered. For example he recommends choosing KiwiSDRs that are spaced evenly around the estimated transmitter location (if known). Ideally they should also be chosen an opposing pairs (e.g. one pair north and south of the transmitter, and one east and west of it).
Results
We tested the new TDoA feature a few times. Below are some examples of the results we achieved.
USA: NLK @ 24.6 kHz.
This is a Naval transmitter located in Seattle, Washington. With three receivers surrounding the transmitter, we were able to get a pretty close location marker, that is confirmed with the known location.
USA NLK
Europe: DCF77 Time Beacon @ 77.5 kHz.
This is a German long wave time beacon transmitter. Again with three receivers we were able to pinpoint the signal fairly accurately.
DCF77 Located with KiwiSDR TDoA
Australia: Local MW Radio Station @ 549 kHz.
Here we tried to locate an Australian MW station. Unfortunately in Australia there is a lack of KiwiSDRs, and of the ones that are there, only three had GPS enabled and could receive the MW station, and two of those were right next to each other. With only effectively two stations we could only obtain a line of possible locations. Comparing with the known location plotted on Google Maps we confirmed that the transmitter is indeed located on the line.
ABC Western Plains Australian MW Radio Station
We also tested a few signals at higher frequencies. As mentioned previously, anything above VLF/LF/MW (ie the HF bands) is a lot more difficult to locate since the signal can bounce around the atmosphere and can case extra delays to occur in the signal arrival time. The extra delays can cause problems with the time of arrival measurements. Thus for these signals it's important to find receivers close to the transmitter, or receivers spaced further away at the same distance so they each have identical skip distances, and thus identical delays.
When locating an HF signal that is in a completely unknown location we recommend starting with only two or three receivers, checking the heat map, and slowly adding more receivers in the hot parts of the heat map and removing receivers that turn out to be in the cooler areas. This way you can slowly narrow down the receivers to ones that are closer to the signal source, and are thus more likely to receive the signal directly, rather than via ionosphere bounces.
The Buzzer (UVB-76)
Using the just previously mentioned technique we attempted to locate the source of the Buzzer (UVB-76), a Russian numbers station at 4.625 MHz. Eventually we came to the results shown below. According to the heat map the buzzer appears to be located somewhere in the vicinity of St. Petersburg. Back in 2014 the numbers station researchers at priyom.org received an anonymous tip from a member citing a transmitter location just north of St. Petersburg. The TDoA heat map results seem to confirm that the anonymous tipper is correct.
The Buzzer (UVB-76) TDoA Heatmap compared against the known location
Final Words
Right now the biggest problem appears to be the lack of active KiwiSDRs around the world. The more active KiwiSDRs there are, the better the direction finding results can be. At the moment Northern Europe and the USA are fairly well represented, but the rest of the world is not. Asia, Africa, Russia and South America are especially lacking. Also not all KiwiSDRs are utilizing the GPS feature. If you are running a KiwiSDR please do consider activating the GPS option. Another issue is that many KiwiSDRs suffer from poor reception and bad antenna setups, so not all active receivers are actually useful.
In the future we expect this feature to only improve, with the people behind it, John Seamons and Christoph Mayer, working hard to improve results. For example one possible future improvement is utilizing ray-tracing techniques to try and take into account delays caused by sky-bounce propagation. Update (15 July 2018): You can now also plot results over Google Maps.
If you want to purchase a KiwiSDR and contribute to the worlds first freely accessible TDoA system, you can purchase it immediately on Amazon or Seeed Studios for $299, or wait for a sale to occur on massdrop.com, where it is often discounted by up to US$100.
If you weren't already aware, the KiwiSDR is a US$299 HF SDR that can monitor the entire 0 - 30 MHz band at once. It is designed to be web-based and shared, meaning that the KiwiSDR owner, or anyone that they've given access, can tune and listen to it via a web browser over the internet. Many public KiwiSDRs can be found and browsed from the list at sdr.hu.
One thing that KiwiSDRs have is a GPS input which allows the KiwiSDR to run from an accurate clock, as well as providing positional data. Time Difference of Arrival (TDoA) is a direction finding technique that relies on measuring the difference in time that a signal is received at over multiple receivers spread out over some distance. In order to do this an accurate clock that is synchronized with each receiver is required. GPS provides this and is able to accurately sync KiwiSDR clocks worldwide.
In one post from late last year Christoph shows that he was able to pinpoint the location of the German DCF77 longwave time station by using three KiwiSDRs spread out around Europe. The actual location of DCF77 is already known, so this shows that the technique actually works. Other posts show him locating transmitters for STANAG 4285, some unknown frequency hopping signals, OTH radar from Cyprus, CODAR, DRM, VOLMET and more.
Christophs' code can be found at https://github.com/hcab14/TDoA. According to users gathering the data and running the code is still a fairly elaborate process. But there is talk over on the KiwiSDR forums about eventually creating a server that would allow users to more easily request a location computation for a particular signal.
Pinpointing DCF77 with KiwiSDRs (Bottom right image shows pinpointed location)
Also related to this topic, priyom.org has been using KiwiSDRs to try and locate numbers stations. Numbers stations are mysterious voice stations on the HF bands that when transmitting read out a string of numbers. Most speculate that the numbers are some sort of code intended for international spy agents. Using a simpler method of just noting which KiwiSDRs in the world receive a particular numbers station more strongly, they've been able to determine the likely country of some well known stations.
Over on Hackaday.io, project logger Humpelstilzchen has been writing about his attempts to create an autonomous RF direction finding robot RC car with an RTL-SDR. The goal is to set up an ISM band transmitter as a beacon, and use the RTL-SDR on the robot as the receiver. It will then use direction finding techniques to drive towards the beacon. The robot is a 4WD RC toy car with some autonomous navigational features like GPS, ultrasonic, IMU and vision sensors.
In his latest project log Humpelstilzchen describes his first semi-successful attempt at getting RF direction finding working. In the experiment he uses a 433 MHz module to send out an FSK beacon. On the robot two antennas are used for the time difference of arrival/pseudo-doppler direction finding technique, and PIN diodes are used to rapidly switch between the antennas. A GNU Radio script running on a HummingBoard single board computer computes the TDOA/pseudo-doppler algorithm.
Psuedo-doppler direction finding works by rapidly switching between several antennas. The difference in the time that the signal arrives at each antenna can be used to calculate the transmitter's direction.
With the current set up he's been able to get the robot to distinguish if the beacon is closer to the left, or closer to the right, or equidistant. However, he notes that there are still problems with reflections of the beacon signal which can cause the robot to drive in the wrong direction.
This is still a work in progress and we look forward to his future results.
In a previous post back in September 2017 Stefan Scholl (DC9ST) treated us to a very interesting write up about how to localize transmitters to within a few meters using time difference of arrival (TDOA) techniques with multiple RTL-SDR dongles spread out over an area.
- What signal parameters influence the quality of the correlation? - Which type of correlation calculations are available (four) - Which are suitable with RTL-SDRs, considering noise and phase and frequency offset?
Stefan writes that his findings could be interesting to people interested in the following techniques:
- TDOA localization - Synchronizing several RTL-SDRs - Passive Radar
Comparing various bandwidth sizes on correlation quality
